A Man, Who Does Not Exist , Profy.com

Mike2.0

Michael Knight — Thu, 03 Apr 2008 22:02:00 -0700

Well, here’s a little about me.

I’m a former Microsoft Consultant. I worked in the MSN & Windows Technical departments providing support to end users and training internal Microsoft staff. I've been in IT for over 20 years now, I have various certifications from MCSE, MCT, MCDST and more.

I have since left Microsoft Corporation and now work as a Forensic IT Consultant and Web / Graphic Designer. One by day, the other by night, (Or whenever I’m needed). I have been into computers since I got the first ever electronic game that you plugged into your TV called Pong. Not much later I was bought the Sinclair ZX81 1k Home Personal Computer. It was a powerful bit of kit (not). I had a little tape deck and a printer, that looked like a till roll. After that I had a Commodore 64. This was the best thing ever. I had great times with the C64 and have fond memories of playing the games and programming the thing. Mostly though, you typed in hundreds of lines of code, I typed Run and hit enter, only to be greeted with:

I now spent another 3 days looking for what id done wrong. It was usually a . instead of a , grrr.

With the Commodore, I had my first taste of the Internet. I had an Acoustic Coupler Modulator/Demodulator (Modem to you). This connected me to BBS sites (Bulletin Board Service) like Prestel and Micronet. These were interactive pages, not much different than the early Teletext pages like Ceefax and Oracle.

Anyway, after all this I got a PC in the early 90’s with Windows for DOS on it, some call it Windows for Workgroups. Then came Windows 3.x then Windows 95, you know the rest.

Anyway, by this time I was having my name laughed at because of a cool TV Show called Knight Rider. 20+ years later and Its still happening, each person that remembers Knight Rider think that they are the first person to say ‘hey where’s KITT?’ or ‘Not out crime fighting?’ or doing KITT’s scanner noise whoosh whoosh.

Anyway, now I’m all grown up and work for myself. I write as much as I can, listen to just about every piece of music I can. I’m a huge Movie fan and love Scary Movies and geeky Sci-Fi .

I try to get out as much as I can, which really isn’t a lot. So, that’s me in a nutshell.

Feel free to message me, add me to Skype or contact me anyway you can. I’m always looking to make new friends. Thanks for reading.

Mike

P.S. For those of you who would like to relive (or try) the Commodore 64, you can download an Emulator Here & and some Commodore Games Here.

V: The Second Generation

Michael Knight — Thu, 03 Apr 2008 06:21:00 -0700

In 1983, Aliens pretending to be friendly come to Earth and are received openly. The aliens have masqueraded themselves to look just like humans. When it is discovered that the aliens' planet is dying and that they have come to rape the Earth of its natural resources, the war for Earth begins.

In the early 80's I was enthralled with the mini series of V. Nothing came close to the awe that the series had on many people, not even Star Trek. V was totally new and had viewers hooked with its invasion storyline. Not since HG. Wells' The War Of The Worlds radio broadcast had a Sci-Fi series hold its watchers captive.

V started as a mini series, spread over 5 night 2 hourly slots. The first 2 episodes saw over 50 giant saucer shaped disks appear through the clouds across most of the major cities in the world. They came in peace, looking for our help, and befriended the most powerful and influential people in government and technical fields.

Only a handful of people noticed that something was wrong. Half of the town is going missing, strange things happening that others seem not to notice...

The last 3 episodes were called The Final Battle, and you found out the truth about why the Visitors (aliens) came to our planet. We battle the aliens and win, sending them fleeing with their scaly tails between their legs.

After this came a 21 episode series that continued from the original mini-series, but I'm not going to talk about that.

Its almost 26 years since the visitors came to earth, but now they are back. 2009 will see V: The Second Generation. This is a brand new mini-series, again like the 21 part series, will continue the theme of the Visitors on earth.

There are a few things I have really looked forward to, like the War of the Worlds Movie, Spiderman 2,3 and 4. Knight Rider the new series and movie (I know my name is Michael Knight, but hey, I can still be interested). But out of all the things that I have waited for, none holds more interest than the new V Mini-Series. I bought the book, but refuse to read it until I have seen the TV series, I want to see if it keeps me as hooked as it did back in 1983. I really can't wait.

What's more, quite a few of the Original Cast, Marc Singer, Faye Grant, Robert Englund (Freddy Kruger), Michael Ironside & Blair Tefkin have all signed on to revive their characters from the 83' series. Its just going to be great.

This is a Fan Made trailer - I will update this when the Official one gets released.

Chain Mail & Hoaxes

Michael Knight — Wed, 02 Apr 2008 07:59:00 -0700

Its simple, Rule No. 1 Don't pass the mails to everyone in your address book... Why? I hear you say, Read on...

What Are Internet Hoaxes and Chain Letters?

Internet hoaxes and chain letters are e-mail messages written with one
purpose; to be sent to everyone you know. The messages they contain are
usually untrue. A few of the sympathy messages do describe a real
situation but that situation was resolved years ago so the message is
not valid and has not been valid for many years. Hoax messages try to
get you to pass them on to everyone you know using several different
methods of social engineering. Most of the hoax messages play on your
need to help other people. Who wouldn't want to warn their friends
about some terrible virus that is destroying people's systems? Or, how
could you not want to help this poor little girl who is about to die
from cancer? It is hard to say no to these messages when you first see
them, though after a few thousand have passed through your mail box you
(hopefully) delete them without even looking.

Chain letters are lumped in with the hoax messages because they have
the same purpose as the hoax messages but use a slightly different
method of coercing you into passing them on to everyone you know.

Chain letters, like their printed ancestors, generally offer luck or
money if you send them on. They play on your fear of bad luck and the
realization that it is almost trivial for you to send them on. The
chain letters that deal in money play on people's greed and are illegal
no matter what they say in the letter.

The Risk and Cost of Hoaxes

The cost and risk associated with hoaxes may not seem to be that high,
and isn't when you consider the cost of handling one hoax on one
machine. However, if you consider everyone that receives a hoax, that
small cost gets multiplied into some pretty significant costs. For
example, if everyone on the Internet were to receive one hoax message
and spend one minute reading and discarding it, the cost would be
something like:

50,000,000 people * 1/60 hour * £50/hour = £41.7 million

Most people have seen far more than one hoax message and many people
cost a business far more than £50 per hour when you add in benefits and
overhead. The result is not a small number.

Probably the biggest risk for hoax messages is their ability to
multiply. Most people send on the hoax messages to everyone in their
address books but consider if they only sent them on to 10 people. The
first person (the first generation) sends it to 10, each member of that
group of 10 (the second generation) sends it to 10 others or 100
messages and so on.

As you can see, by the sixth generation there are a million e-mail
messages being processed by our mail servers. The capacity to handle
these messages must be paid for by the users or, if it is not paid for,
the mail servers slow down to a crawl or crash. Note that this example
only forwards the message to 10 people at each generation while people
who forward real hoax messages often send them to many times that
number.

Recently, we have been hearing of spammers (bulk mailers of unsolicited
mail) harvesting e-mail addresses from hoaxes and chain letters. After
a few generations, many of these letters contain hundreds of good
addresses, which is just what the spammers want. We have also heard
rumors that spammers are deliberately starting hoaxes and chain letters
to gather e-mail addresses (of course, that could be a hoax). So now,
all those nice people who were so worried about the poor little girl
dying of cancer find themselves not only laughed at for passing on a
hoax but also the recipients of tons of spam mail.

How to Recognize a Hoax

Probably the first thing you should notice about a warning is the
request to "send this to everyone you know" or some variant of that
statement. This should raise a red flag that the warning is probably a
hoax. No real warning message from a credible source will tell you to
send this to everyone you know.

Next, look at what makes a successful hoax. There are two known factors that make a successful hoax, they are:

(1) technical sounding language.

(2) credibility by association.

If the warning uses the proper technical jargon, most individuals,
including technologically savvy individuals, tend to believe the
warning is real. For example, the Good Times hoax says that "...if the
program is not stopped, the computer's processor will be placed in an
nth-complexity infinite binary loop which can severely damage the
processor...". The first time you read this, it sounds like it might be
something real. With a little research, you find that there is no such
thing as an nth-complexity infinite binary loop and that processors are
designed to run loops for weeks at a time without damage.

When we say credibility by association we are referring to who sent the
warning. If the janitor at a large technological organization sends a
warning to someone outside of that organization, people on the outside
tend to believe the warning because the company should know about those
things. Even though the person sending the warning may not have a clue
what he is talking about, the prestige of the company backs the
warning, making it appear real. If a manager at the company sends the
warning, the message is doubly backed by the company's and the
manager's reputations.

Both of these items make it very difficult to claim a warning is a hoax
so you must do your homework to see if the claims are real and if the
person sending out the warning is a real person and is someone who
would know what they are talking about. You do need to be a little
careful verifying the person as the apparent author may be a real
person who has nothing to do with the hoax. If thousands of people
start sending them mail asking if the message is real, that essentially
constitutes an unintentional denial of service attack on that person.
Check the person's web site or the person's company web site to see if
the hoax has been responded to there. Check these pages or the pages of
other hoax sites to see if we have already declared the warning a hoax.

Hoax messages also follow the same pattern as a chain letter (see below).

Recognizing a Chain Letter

Chain letters and most hoax messages all have a similar pattern. From
the older printed letters to the newer electronic kind, they all have
three recognizable parts:

A hook.

A threat.

A request.

The Hook

First, there is a hook, to catch your interest and get you to read the
rest of the letter. Hooks used to be "Make Money Fast" or "Get Rich" or
similar statements related to making money for little or no work.
Electronic chain letters also use the "free money" type of hooks, but
have added hooks like "Danger!" and "Virus Alert" or "A Little Girl Is
Dying". These tie into our fear for the survival of our computers or
into our sympathy for some poor unfortunate person.

The Threat

When you are hooked, you read on to the threat. Most threats used to
warn you about the terrible things that will happen if you do not
maintain the chain. However, others play on greed or sympathy to get
you to pass the letter on. The threat often contains official or
technical sounding language to get you to believe it is real.

The Request

Finally, the request. Some older chain letters ask you to mail a dollar
to the top ten names on the letter and then pass it on. The electronic
ones simply admonish you to "Distribute this letter to as many people
as possible." They never mention clogging the Internet or the fact that
the message is a fake, they only want you to pass it on to others.

Chain letters usually do not have the name and contact information of
the original sender so it is impossible to check on its authenticity.
Legitimate warnings and solicitations will always have complete contact
information from the person sending the message and will often be
signed with a cryptographic signature, such as PGP to assure its
authenticity. Many of the newer chain letters do have a person's name
and contact information but that person either does not really exist or
does exist but does not have anything to do with the hoax message. As
mentioned in the previous section, try to use other means than
contacting the person directly to find out if the message is a hoax.
Try the person's web page, the person's company web page, or this and
other hoax sites first to see if the message has already been declared
a hoax.

For example, the PENPAL GREETINGS! hoax shown below appears to be an
attempt to kill an e-mail chain letter. This chain letter is a hoax
because reading a text e-mail message does not execute a virus nor does
it execute any attachments; therefore the Trojan horse must be self
starting. Aside from the fact that a program cannot start itself, the
Trojan horse would have to know about every different kind of e-mail
program to be able to forward copies of itself to other people. We have
had to modify this statement slightly for the newer html mail readers.
If a mail message is formatted with html and contains scripts, those
scripts will run when the e-mail message is read. Active scripting
should always be turned off for a mail reader so that malicious code
like the KAK worm cannot automatically run.

Notice the three parts of a chain letter, which are easy to identify in this example.

The Hook

FYI!

Subject: Virus Alert

Importance: High

If anyone receives mail entitled: PENPAL GREETINGS! please delete it WITHOUT reading it. Below is a little explanation of the message, and what it would do to your PC if you were to read the message. If you have any questions or concerns please contact SAF-IA Info Office on 697-5059.

The Threat

This is a warning for all internet users - there is a dangerous virus

propogating across the internet through an e-mail message entitled "PENPAL GREETINGS!". DO NOT DOWNLOAD ANY MESSAGE ENTITLED "PENPAL GREETINGS!"

This message appears to be a friendly letter asking you if you are interested in a penpal, but by the time you read this letter, it is too late. The "trojan horse" virus will have already infected the boot sector of your hard drive, destroying all of the data present. It is a self-replicating virus, and once the message is read, it will AUTOMATICALLY forward itself to anyone

who's e-mail address is present in YOUR mailbox!

This virus will DESTROY your hard drive, and holds the potential to DESTROY the hard drive of anyone whose mail is in your inbox, and who's mail is in their inbox, and so on. If this virus remains unchecked, it has the potential to do a great deal of DAMAGE to computer networks worldwide!!!! Please, delete the message entitled "PENPAL GREETINGS!" as soon as you see it!

The Request

And pass this message along to all of your friends and relatives, and the other readers of the newsgroups and mailing lists which you are on, so that they are not hurt by this dangerous virus!!!!

Validating a Warning

CIAC recommends that you DO NOT circulate warnings without first
checking with an authoritative source. Authoritative sources are your
computer system security administrator, your computer incident handling
team, or your antivirus vendor. Real warnings about viruses and other
network problems are issued by computer security response teams (CIAC,
CERT, ASSIST, NASIRC, etc.) and are digitally signed by the sending
team using PGP. If you download a warning from a team's web site or
validate the PGP signature, you can usually be assured that the warning
is real. Warnings without the name of the person sending the original
notice, or warnings with names, addresses and phone numbers that do not
actually exist are probably hoaxes. Warnings about new malicious code
are also available at the antivirus vendors sites and at the operating
system's vendor site.

Companies like Microsoft will not send out mass emails explaining
Bidwieser frog screensavers or possible virus threats and they certanly
do not give out money for Beta Testing.

What to Do When You Receive a Warning

Upon receiving a warning, you should examine its PGP signature to see
that it is from a real response team or antivirus organization. To do
so, you will need a copy of the PGP software and the public signature
of the team that sent the message. The CIAC signature is available at
the CIAC home page: http://ciac.llnl.gov/ You can find the addresses of other response teams by connecting to the FIRST web page at: http://www.first.org.
If there is no PGP signature, check at this and other hoax sites to see
if the warning has already been declared as a hoax. If you do not find
the warning at the hoax sites, it just may mean that we have not yet
seen this particular hoax.

See if the warning includes the name of the person submitting the
original warning. If it does, see if you can determine if the person
really exists. If they do, don't send them an e-mail message. It is
likely that they have nothing to do with this hoax and thousands of
people sending them questions will be just as damaging to them as
sending around the hoax message. Instead, check their personal or
company web site. Often if a person has been the brunt of a hoax, that
hoax message will be debunked on the person's company web site. If you
still cannot determine if a message is real or a hoax, send it to your
computer security manager, your ISP, or your incident response team and
let them validate it.

When in Doubt, Don't Send It Out

In addition, most anti-virus companies have a web page containing
information about most known viruses and hoaxes. You can also call or
check the web site of the company that produces the product that is
supposed to contain the virus. Checking the PKWARE site for the current
releases of PKZip would stop the circulation of the warning about
PKZ300 since there is no released version 3 of PKZip. Other useful
virus and hoax sites are listed on our Other Hoax Sites pages. In most
cases, common sense would eliminate Internet hoaxes.

Why People Send Chain Letters and Hoax Messages

Only the original writer knows the real reason, but some possibilities are:

To gather Email addresses to go on a Spam List.

To see how far a letter will go.

To harass another person (include an e-mail address and ask everyone to send mail to, e.g. Michael Knight).

To bilk money out of people using a pyramid scheme.

To kill some other chain letter (e.g. Make Money Fast).

To damage a person's or organization's reputation.

History of Virus Hoaxes

Since 1988, computer virus hoaxes have been circulating the Internet.
In October of that year, according to Ferbrache ("A pathology of
Computer Viruses" Springer, London, 1992) one of the first virus hoaxes
was the 2400 baud modem virus:

SUBJ: Really Nasty Virus

AREA: GENERAL (1)

I've just discovered probably the world's worst computer virus

yet. I had just finished a late night session of BBS'ing and file

treading when I exited Telix 3 and attempted to run pkxarc to

unarc the software I had downloaded. Next thing I knew my hard

disk was seeking all over and it was apparently writing random

sectors. Thank god for strong coffee and a recent backup.

Everything was back to normal, so I called the BBS again and

downloaded a file. When I went to use ddir to list the directory,

my hard disk was getting trashed again. I tried Procomm Plus TD

and also PC Talk 3. Same results every time. Something was up so I

hooked up to my test equipment and different modems (I do research

and development for a local computer telecommunications company

and have an in-house lab at my disposal). After another hour of

corrupted hard drives I found what I think is the world's worst

computer virus yet. The virus distributes itself on the modem sub-

carrier present in all 2400 baud and up modems. The sub-carrier is

used for ROM and register debugging purposes only, and otherwise

serves no other purpose. The virus sets a bit pattern in one

of the internal modem registers, but it seemed to screw up the

other registers on my USR. A modem that has been "infected" with

this virus will then transmit the virus to other modems that use a

subcarrier (I suppose those who use 300 and 1200 baud modems

should be immune). The virus then attaches itself to all binary

incoming data and infects the host computer's hard disk. The only

way to get rid of this virus is to completely reset all the modem

registers by hand, but I haven't found a way to vaccinate a modem

against the virus, but there is the possibility of building a

subcarrier filter. I am calling on a 1200 baud modem to enter this

message, and have advised the sysops of the two other boards

(names withheld). I don't know how this virus originated, but I'm

sure it is the work of someone in the computer telecommunications

field such as myself. Probably the best thing to do now is to

stick to 1200 baud until we figure this thing out.

Mike RoChenle

This bogus virus description spawned a humorous alert (even in my own inbox) by Robert Morris III :

Date: 11-31-88 (24:60) Number: 32769

To: ALL Refer#: NONE

From: ROBERT MORRIS III Read: (N/A)

Subj: VIRUS ALERT Status: PUBLIC MESSAGE

Warning: There's a new virus on the loose that's worse than

anything I've seen before! It gets in through the power line,

riding on the powerline 60 Hz subcarrier. It works by changing the

serial port pinouts, and by reversing the direction one's disks

spin. Over 300,000 systems have been hit by it here in Murphy,

West Dakota alone! And that's just in the last 12 minutes.

It attacks DOS, Unix, TOPS-20, Apple-II, VMS, MVS, Multics, Mac,

RSX-11, ITS, TRS-80, and VHS systems.

To prevent the spread of the worm:

1) Don't use the power line.

2) Don't use batteries either, since there are rumours that this

virus has invaded most major battery plants and is infecting the

positive poles of the batteries. (You might try hooking up just

the negative pole.)

3) Don't upload or download files.

4) Don't store files on floppy disks or hard disks.

5) Don't read messages. Not even this one!

6) Don't use serial ports, modems, or phone lines.

7) Don't use keyboards, screens, or printers.

8) Don't use switches, CPUs, memories, microprocessors, or

mainframes.

9) Don't use electric lights, electric or gas heat or air-conditioning, running water, writing, fire, clothing or the wheel.

I'm sure if we are all careful to follow these 9 easy steps, this

virus can be eradicated, and the precious electronic flui9ds of

our computers can be kept pure.

---RTM III

Since that time virus hoaxes have flooded the Internet.With thousands
of viruses worldwide, virus paranoia in the community has risen to an
extremely high level. It is this paranoia that fuels virus hoaxes. A
good example of this behaviour is the "Good Times" virus hoax which
started in 1994 and is still circulating the Internet today. Instead of
spreading from one computer to another by itself, Good Times relies on
people to pass it along.

If you need to forward anything to more than 1 person, Please use the
BCC field, thus breaking the chain. I hate getting these mails from
people, and when I tell them they are fake they never beleive me thus
always having to prove it.

The Furure Of Identity

Michael Knight — Wed, 02 Apr 2008 07:44:00 -0700

The Internet has shown that reputations are important but don't have to
be tied to specific real individuals. The entire banking system is
built on top of the idea of reputation, but tries hard to tie them to
real identities. The problem of identity theft is likely to break this
connection. We will see a greater disconnect between individuals and
their reputations.

Identity theft has been a big hit with the purveyors of fear in recent
years. We all now live in terror of waking up one morning and finding
that someone has stolen our identity, and we can’t even remember who we
are.

Well, maybe not. But identity theft is a real problem. If someone
manages to construct a copy of your identity, you don’t stop being you,
you just stop being the owner of all of your money (unless you can
persuade your bank it’s their fault). You might get back from vacation
to find that your house has been stolen...

Identity is closely tied to the concept of reputation. We are now
trying to apply ideas from villages of a few hundred people to a global
scale and (not surprisingly) finding that they don’t quite work.

In a small community, everyone knows—or knows of—everyone else.
Reputations are very important. If you want to borrow something from a
neighbour, or ask them for a favour, then you will have some idea of
how much you trust them.

When banks started, they would use this sort of model. They would be
willing to lend you money based on letters of recommendation from
people they trusted, or based on their prior dealings.

Now banks have grown so big that they use a much less personal system, but still deal in the idea of reputations.

The Social Security Scam

Some time ago, the UK and the U.S. governments introduced the concept
of a Social Security number (SSN). This was a unique identifier
assigned to every taxpaying citizen, allowing their tax records to be
connected together.

Having a unique identifier for people was useful to a lot of
institutions. It’s pretty hard to know whether you can trust John
Smith, but it’s much easier to find out information about a specific
John Smith.

The problem began when people started regarding knowing someone’s
Social Security number as proof (or, at least, strong evidence) that
you were that person.

This attitude isn’t limited to SSNs, by the way. One of my banks has an
ultra-secure login where, in addition to my password, they also require
that I tell them the following information:

My mother’s maiden name
My house number
My date of birth

All these responses are public knowledge and can be looked up by anyone who wanted to find them out.

The most surreal experience I’ve had with a bank was one based in the
United States. I phoned them to try to set up Internet banking. The
conversation went something like this:

Me: Hi, I’d like to know my password for Internet banking, please.

Them: Certainly. We just need to confirm your identity. Can you tell me the size of the last transaction in your account, please?

Me: No, I want to log into Internet banking to look that up.

Them: Oh, we can tell you that over the phone.

Me: Okay...

Them: £n

Me: Thanks. The answer to your question is £n.

Them: Oh, I can’t ask you things I’ve just told you as a security question.

Me: Well, that’s sensible.

Them: Let me transfer you to someone who can.

Me: !

The next person I talked to asked me for the number that the first
representative had given me, and was then happy to pass on my Internet
banking password.

The illusion of security seems very popular with banks at the moment.

Reputation versus Identity

Part of the problem with this system is that it associates your
reputation with your identity. If you are going to buy a house and are
looking for a mortgage, then it is not unreasonable for a potential
lender to want to know about the house you are thinking of buying, your
current income, earning potential, outstanding debts, and so on.

If, on the other hand, you are looking to take out a credit card with a
£1,000 credit limit, the only thing they need to know is whether you
can service a debt of £1,000.

Either do you have £1,000 in liquid assets, or do you have enough
disposable income to service interest payments at the horrendous rates
that credit card companies charge?

Unfortunately, the way the system is set up at the moment, there is no
fine-grained control. Someone who uses a £1,000 credit card application
to steal your identity gets enough to take out a £500,000 mortgage
backed by your reputation.

A bigger problem is what to do after your identity has been stolen.
Fingerprint locks are pretty cheap now, but most people still prefer to
use pass codes. The reason is, if someone steals a pass code, you can
change it.

If someone steals a copy of your fingerprint, it’s very difficult to
grow a new finger. The current situation with identities is similar to
the fingerprint lock. So much of the information associated with your
virtual identity is tied to the real you that building a new one that
the thief does not have access to is very hard.

Multiple Personalities

One solution to this problem would be to have multiple virtual
identities. This is already quite common outside of financial circles.

I have an account on Slashdot,
for example, where I post under a pseudonym. Someone who cared enough
could probably link that virtual identity to me fairly easily, but most
of the time it can be treated as a separate persona. It has an
independent reputation, based on Slashdot’s karma system.

Since I post more informative comments than troll posts (or, at least,
most of my attempts at trolling go unnoticed), that persona has a good
reputation. That reputation, however, is in no way related to the
reputation I have as a result of writings published in other places.

The idea of multiple personalities would make sense for financial
markets, too. Going back to the earlier example, if I wanted to apply
for a credit card, then I would not have to use my real identity to do
so. I could create a new identity and have my real identity guarantee
it up to a certain limit that would be sensible for the credit
application.

From the credit card company’s perspective, the identity would have a
fixed income of some proportion of my income and a fixed capital of
some proportion of my capital. They would be isolated from my real
identity and only see the subset of my assets that were required to
construct an identity that was a safe risk for lending money to.

This kind of game isn’t particularly new. Corporations do it all the
time. They set up shell companies, spin-offs, or joint ventures for a
variety of purposes. Some have to do with combining resources from
different companies; some have to do with shielding the parent
organization from liability.

Both of these would be useful for individuals. Couples sharing a house,
for example, might want to create a phantom shared identity rather than
having individual responsibility for various payments. Limiting
liability is the more important one, however.

The concept of limited liability has to do with limiting the amount of
money you can lose. In simple terms, if a limited liability company
goes bust, the investors don’t lose any money beyond that which they
had invested already. Banks know this, and will not take the investors’
assets into account when assessing the risk involved with lending the
limited company money.

Putting this in terms of identity theft, someone who could pose as the
limited company would be able to do only a small amount of damage to
the investors.

This kind of structure would be ideal for limiting the effects of
identity theft. When applying for small loans, you could create a
limited liability identity, and an identity thief who took it would not
gain any more than a thief who took a credit card.

Fluidity of Identity

The Internet has shown time and time again that reputations are
important, but don’t have to be tied to specific real individuals. The
entire banking system is built on top of the idea of reputation, but
tries hard to tie them to real identities.

The problem of identity theft is likely to break this connection. We
will see a greater disconnect between individuals and their reputations.

Corporations already do this with different branding for different
market segments, and it’s only a matter of time before the facilities
become more widely available.

The designers of the Secure Internet Live Chat (SILC) protocol realized
this some years ago. SILC does not provide a mechanism for tying an
online personality to a real person (although you can do this out of
band).

Instead, it provides something more valuable; a way of telling whether
a particular online identity corresponds to the same person today as it
did yesterday. This is valuable in an online chat setting, because the
only contact you are likely to have with a particular person in an
Internet chat room is via that chat room. The reputation is based
entirely on their behaviour in that context.

The same is true in many other contexts; the behaviour of individuals
in a specific context is important and their actions in others are
misleading.

Skype Spam is gettig worse

Michael Knight — Wed, 02 Apr 2008 07:03:00 -0700

How long before Skype Ltd. ends up as an item for bid on eBay? Ever since its acquisition by the Internet auction site,
Skype has been a rudderless boat — and without a captain, following the
departure of cofounder Niklas Zennstrom, who took £2.8 billion of
Skype’s £5.2 billion value with him. Now, after a wave of complaints regarding Skype’s complete lack of real-time customer service, comes a new trend: Skype spam.

There’s always been some spam on Skype. Beyond VoIP blogger Marc Robins identified Skype spam as “an alarming trend” nearly a year ago. Skype user message boards devoted to spam go back well into 2006; the spammers back then ranged from online casinos to Chinese jibberish.

Robins suggested in February 2007 that Skype should create a Do Not
Spam list with heavily sanctioned fines for offenders, in the model of
the national Do Not Call list for telemarketers. Instead, it seems the
opposite has happened. Skype’s user database has been mined and turned
into a To Call list that includes you.

Perhaps it was a desperate gambit by eBay to squeeze some blood from
its costly turnip, or possibly lazy oversight by Skype’s corporate
overlord that’s now damaging its product’s good standing
in the wired marketplace. What one blogger noted as an “alarming trend”
a year ago is now taking sharper focus, and more people are paying
attention.

Meet Veronica

In December Jeremy Wagstaff, a tech columnist for The Wall Street Journal and blogger at Loose Wire, received his first Skype spam
from “Veronica Sexy,” who billed herself as the “REAL MISS WEB CAM” and
couldn’t wait to “get real nasty and show off.” When Wagstaff tried
chatting with Veronica, her sex-bot automation directed him to her
site, SkyperSex, which is headquartered in — you guessed it — Moscow.

Andy Melton wrote on his blog TechButter
that he’s felt the change recently, too. “What is the deal with all
this Skype spam?” Melton wrote early this month. “I have never been
inundated like this before.” While he had received some calls from
Chinese people in the past, he said lately there was an “influx.”

Now not only do the Chinese keep calling, they are leaving him voice
mail. He even received one cryptic spam call that said, “Hello, FBI.”
Melton advised his readers that there isn’t much you can do to avoid
the spam, except to make sure you don’t click the links they send you.

Tech blogger Larry Borsato
has been receiving similar calls. His Skype spammers tell him that
“Windows Requires Immediate Attention” and that “Security Center has
detected malware on your computer!” These Windows-based scare spams are
even more transparent than usual when they pop up on a Mac (like
Borsato uses) or a PC running Fedora (which Melton has). “Is this how
eBay intends to monetize Skype?” Borsato asked. Apparently so.

No End in Sight

Given that Skype spam appears to be a widespread trend, there isn’t
much any one person can do to stop it, other than blocking the
offending user. But that defense is akin to swatting mosquitoes in a
swamp: You’ll run out of swat before the swamp runs out of mosquitoes.

You could try using one of these 10 alternatives to Skype.
But, if you’d rather stick it out, you might be forced to batten down
your Skype hatches and only allow messages from people you know. Go to
Preferences > Privacy and set “allow instant messages from” to “only
people whom I have authorized to start.” You won’t get any pleasant
Skype surprises anymore, but maybe you won’t get any unpleasant
surprises either.

And of course, like its complete lack of real-time customer service,
Skype has no “report this user” function. So, us Skypers are on our own.