Posts Tagged ‘Federal Trade Commission

05
Oct
09

FTC Cracks Down On The Shills Of The Blogosphere

thou shalt not shill

Image by duncan via Flickr

Very little irritates me more about online life than undisclosed consideration. This is the practice of marketers passing out free products, services or money to bloggers who then favorably review the product without disclosing the freebie. It poisons conversation, distorts history and lends precious credence to the braying of marketing chumps and others who treat everything on the Internet as an exercise in “brand building”. Those of us who’d rather not adopt the habits of bullshit purveyors as we conduct our own lives and pursue our own tastes and interests don’t play around with our reputations by omitting potentially coloring circumstances from our writing. The problem is, undisclosed consideration makes it difficult to identify who is crapping in the well and who isn’t.

This practice wasn’t invented in the blogosphere. I saw it for years, albeit with more transparency, working behind the counter at Pravda Records in the late 1980s. Every month, writer after writer for local and national music magazines came into the store to unload their promo CDs to us for a couple of dollars apiece. It was widely known that the records they reviewed weren’t something they paid for, and that the extra dollars we paid them for their Guadalcanal Diary and Slammin’ Watusis CDs were part of the perks of their job. The arrangement didn’t necessarily ensure positive reviews (who could suffer through Concrete Blonde and not cry for help in print?) but neither was the process presented as “I’m a guy who bought this and this is what I think”.

Today’s blogosphere has compelled trillions of words and indulged hundreds of millions of motivations for those words, not all of which can be trusted, but practically all of which enjoy a benefit of the doubt purely because they’re on blogs and blogs are individuals writing opinions, right?

The Federal Trade Commission seems to think so, and have moved to do something about the problem of undisclosed consideration on blogs. Starting December 1, the FTC will fine bloggers up to $11,000 for failing to reveal material connections to what they write:

“The revised Guides also add new examples to illustrate the long standing principle that ‘material connections’ (sometimes payments or free products) between advertisers and endorsers–connections that consumers would not expect–must be disclosed. These examples address what constitutes an endorsement when the message is conveyed by bloggers or other ‘word-of-mouth’ marketers. The revised Guides specify that while decisions will be reached on a case-by-case basis, the post of a blogger who receives cash or in-kind payment to review a product is considered an endorsement. Thus, bloggers who make an endorsement must disclose the material connections they share with the seller of the product or service.

Of course this won’t catch 90% of what goes on out there, but that’s not the point.  It’s a bulwark against a burgeoning shillocracy and it will turn some heads that need turning.  Any move to bring greater media literacy is a move welcome in these parts, even if it comes almost  twenty years too late to disclose, say, Bill Wyman at the Chicago Reader’s “material connections”.

Reblog this post [with Zemanta]
07
Jul
09

Three-Day Long DDOS Attack From North Korea?

Diagram of a Stachledraht DDos Attack
Image via Wikipedia

Is North Korea pwning teh intertubes?

According to Associated Press reports here and here, both US Federal websites and South Korean governmental websites are undergoing constant denial of service attacks, which has effectively removed these sites from the Internet.   Affected are the websites for the US Treasury Dept, Federal Trade Commission and Transportation Department.

Further, South Korea reports the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, Korea Exchange Bank and top Internet portal Naver have undergone DOS attacks for the same period.

The attacks have been sustained over three days, which is unusual for this kind of internet attack. Network World reports the list of IP addresses sending out bogus traffic numbers 50,000 and according to a quoted security expert is using 10-20 GB of bandwidth per second, or ten times greater an amount than the average DDOS attack.

Although there is no evidence at this time of the attack’s source, the seemingly simultaneous targeting of US and South Korean sites brings to mind the common political enemy of both countries, North Korea.  Even though Internet infrastructure in that country is poor, mounting a DDOS attack using a botnet does not use local bandwidth and doesn’t need widespread local infrastructure.

In a denial-of-service (DOS) attack, a website is targeted with millions of false requests for web pages until the targeted website can no longer respond to legitimate requests for pages, effectively removing that website from service.   A plain DOS attack has a single vector – that is, the fake traffic comes from a single or small range of IP addresses, and as such can be stopped by the targeted web site’s owner blocking all requests that come from the offending IP addresses.

But the three-day length of the attacks strongly suggests that the attacks are in fact distributed DOS (DDOS) attacks, from which there is no effective defense. Under a DDOS attack, the false traffic requests come from hundreds or thousands of machines located physically all over the world.  Due to the high number of machines that are the source of the false requests, blocking all the IP addresses to stem the flow of bogus traffic becomes nearly impossible.

Often, these machines comprise a botnet, a name given to an ad hoc network of machines – personal, work, school – that have had their own security compromised,  and who follow instructions from the party that compromised the security in the first place.

Large botnets capable of sustained DDOS attacks have been a reality since ever since huge numbers of consumer operating system machines around the world such as those running Microsoft Windows have been left attached to the Internet full-time on DSL or cable modem.  An attacker can compromise the security of such a machine and leave upon it a “bot” process, which is software that quietly and invisibly waits for instructions from the controller of the botnet.

Botnets have been sold on the black market, used in DDOS attacks, used to spread worms and viruses and remain a real feature of the Internet that leverages consumer ignorance and the Internet technical architecture into a potentially devastating weapon that threatens whatever sites it wants whenever it wants.

UPDATE 1

A post at Comodo.com identifies a targeted host list as well as the Windows malware that is used in the botnet attack: Additionally, the poster says the IP addresses that the attacks are coming from are located inside China.

DDOS attack files.

filename: msiexec2.exe
size:33,841 bytes
When msiexec2.exe being excuted, it creates ‘uregvs.nis’ file.
There are many target addresses inside of msiexec2.exe code.

Following files attack those web sites.

filename:perfvwr.dll
size: 65,536 bytes

filename: wmiconf.dll
size: 67,072 bytes

some evidences about this attack.

1. attacker’s IPs came from China.
2. Using Botnet.
3. Using Zombie PC.
4. spreaded by internet.
5. it changes it’s code automatically.
6. addresses can be changed by attackers.

It has following Target Addresses.
Following addresses are related with South Korea gov and USA gov.
The attacker’s IPs came from China.

[Target addresses]
Some of websites still can’t be connected or slow.

<Korea>
banking.nonghyup.com – bank
blog.naver.com -portal
ebank.keb.co.kr – bank
ezbank.shinhan.com  -bank
mail.naver.com  -mail service
www.assembly.go.kr -gov
www.auction.co.kr
www.chosun.com -journal
www.hannara.or.kr -a political party
www.mnd.go.kr -gov
www.mofat.go.kr -gov
www.president.go.kr -gov
www.usfk.mil -US military website in korea

<USA>
finance.yahoo.com -portal
travel.state.gov -gov
www.amazon.com
www.dhs.gov -gov
www.dot.gov -gov
www.faa.gov -gov
www.ftc.gov -gov
www.nasdaq.com -stocks
www.nsa.gov -gov
www.nyse.com -gov
www.state.gov -gov
www.usbank.com -bank
www.usps.gov -US postal service
www.ustreas.gov -gov
www.voa.gov -voice of america
www.voanews.com
www.whitehouse.gov -gov
www.yahoo.com -portal
www.washingtonpost.com -journal
www.usauctionslive.com
www.defenselink.mil -military
www.marketwatch.com -stocks
www.site-by-site.com

Reblog this post [with Zemanta]



Categories

Email

rob [at] warmowski [dot] com

@warmowski on twitter

Rob’s Bands

Rob Warmowski entry at Chicago Punk Database
1984-89: Defoliants
1991-94: Buzzmuscle
2001-05: San Andreas Fault
2008- : Sirs
2008- : Allende

Rob at Huffington Post

December 2019
M T W T F S S
« May    
 1
2345678
9101112131415
16171819202122
23242526272829
3031