I debated long and hard with myself whether I wanted to write about it or not. I finally decided that I should. Before even going further, if I were a customer of AT&T, I would cancel my subscription with AT&T. That is the moral of the story.

We have been brought up with the notion that our personal information was, well... personal and private and nobody could disclose it without our explicit permission. Not anymore. AT&T has changed the rules of the game and have revised their privacy policy stating that they now own the customer data as reported by Reuters. Understandably it has created a huge furore among privacy advocates (including yours truly). Given this revision AT&T would be under no obligation to inform us as their customers if they sold the data or handed it over to the government for "National Security".

But really, do we have a choice here? I am sure AT&T has set a precedent and other companies will follow suit. Those who won't will face the full wrath of the government and maybe be forced out of business. Unless you and I come up with another means of communicating securely and privately, I think we should all get used to the notion of not having anything private. We can go on debating about this to no end, but I think this is an irreversible chain reaction.

Its hard to imagine this sort of thing happening in times of globalisation and especially in America which I heard is the catalyst and propenant of globalisation. I think I should start looking for a phone service which does not have office in the US, though I think it will be a futile search.

I was browsing the internet over the weekend and logged on to Yahoo! mail site to check my email. Instead of getting the regular website I was redirected to another Yahoo website (https://protect.login.yahoo.com/login/set_pref/) which prompted me to create my own digital seal for my computer to discourage / prevent phishing attacks.

You have an option to create a text based seal or you can upload your favorite image to create the seal. Another interesting fact is that this seal is computer and browser specific. So if you use multiple computers and multiple browsers like I do, you will have to create it for each one of them.

I think this is an excellent step that Yahoo! has taken in addition to their new look Outlookish mail client beta which I will write about in a later post. At this point Yahoo! does not guarantee that their service is fool-proof and is still in testing phase. All the same it is a very good starting point.

Having said that, I would rather have that the financial services organisations (both banking and non-banking) should do a similar kind of initiative on their websites. This idea has not been validated yet, but it seems to me that this is a very good and cost effective way to thwart phishing and identity theft scams as compared to some of the schemes like two factor authentication using a hardware token.

These things are supposed to happen only to others. My website has been harvested and is now under attack from SPAMBots. I don't know how and why they are doing this to my website. I know SPAM is bad, but this is like totally vile. Every day, the SPAMBot visits my website and enters comments with links to adult / porn websites to entries in my weblog. I have to then go in and delete those entries one by one. While doing that, I accidently deleted one of the legitimate comments from one of my friends. It's becoming to be a nuisance and a problem.

On researching I found out that spambots are quoting directly from Wikipedia

"A spambot is a program designed to collect e-mail addresses from the Internet in order to build mailing lists for sending unsolicited e-mail, also known as spam. A spambot is a type of web crawler, that can gather e-mail addresses from Web sites, newsgroups, special-interest group (SIG) postings, and chat-room conversations. Because e-mail addresses have a distinctive format, spambots are easy to write.

A number of legislators in the U.S. are reported to be devising laws that would outlaw the spambot. A number of programs and approaches have been devised to foil spambots. One such technique is known as address munging, in which an e-mail address is deliberately modified so that a human reader (and/or human-controlled Web browser) can decode it but a spambot cannot. This has led to the evolution of sophisticated spambots that can recover e-mail addresses from character strings that appear to be munged.

The term spambot is sometimes used in reference to a program designed to prevent spam from reaching the subscribers of an Internet service provider (ISP). Such programs are more often called e-mail blockers or filters. Occasionally, such a blocker may inadvertently prevent a legitimate e-mail message from reaching a subscriber. This can be prevented by allowing each subscriber to generate a whitelist, or a list of specific e-mail addresses the blocker should let pass.

Another type of spambot surfs the web, looking for forms to submit, and it submits spam e-mails to these web forms, often with OCR technology to bypass any CAPTCHAs."

Thinking back to events / changes I did to my website, the only thing I did was to register my weblog into blogsoldiers. After that this menace has started. I have some thoughts / ideas to block the SPAMBots originating from my research on how to block them which I will be implementing soon. Till then I guess I will have to live with this.

If anyone has any ideas on how to combat this threat, please drop me a line.

As noted in my earlier post on the same subject I made changes to the comment structure so that the comments are now moderated. Which means that any comment posted on my weblog would require my review and approval before they appear on the website. After I made the change on 29 September I had not received any spam comments on my weblog and I thought I had finally scared them away. But today I got some more spam comments on my website and it appeared on my Review list as soon as I logged in to the website as myself. But now, the beauty of the solution is that this is completely transperant to my readers and I can see all the comments in one screen in a table and can select all and delete all at once instead of going through each one of them separately which was very tedious. Of course it is going to add to my work, but looking at the readership of my blog, I don't think that's going to be an issue at least in the short run ;).

Of course this is not the most elegant solution for this problem, but is sufficiently effective for people who don't know much programming or don't have time to really implement some of the better solutioins out there as mentioned here as told to me by my good friend Santosh Tamhane (Thanks Santosh!!). Some of the solutions mentioned there talk about changing settings on web server (presumed Apache) and some are just too much technical for me to really spend time on it and try it without breaking my setup. Maybe I will try it out sometime when I will have more time on my hands.

My in-laws have applied for US visitor visa and I am tracking their VISA appointment to see if we can prepone it so that they can come early to the US. I was at first impressed with the VFS (http://www.vfs-usa.co.in) website that caters to the US Visa requests from India for the controls that they had in place to ensure correctness and security. It would have never occurred to me to test those as I would have expected that any government website would tested and re-tested against vulnerabilities.

I guess I was wrong. All I did was to enter my father-in-laws details on the website. While doing so I somehow entered the last three digits of his visa fees receipt number wrong and VIOLA!!! I was presented with records of three apparently related people who were totally unrelated to me or my father-in-law. I could have canceled their appointment or done all kind of mischief. Needless to say, I closed the web-page promptly after taking this screen-shot.

Whether I should inform the US Visa department or not, I am not sure. But I thought I should publish this.

I thought I had the SPAM comment issue under control by moderating the comments. By moderating the comments, I could review the comments and decide whether to publish them or not. But spammers were a step ahead of me and they started spamming on trackbacks. I didn't mind as none of those comments / trackbacks were getting published and it was easy to delete them at once.

Lately those spammers started spamming so heavily that at times there were approximated 450 SPAM comments / trackbacks on my website and I was spending 10 minutes every 1 hour just clearing the SPAM. I had enough of it.

I searched around the internet for solutions when I stumbled across one discussion forum which guided administrators to block the SPAM trackbacks programmatically by not allowing certain key words. This looks like a promising solution, but we all know the number of variations or even words that can be used as a SPAM. I thought that if I blocked the SPAM programmatically by comparing it against a list of keywords, I would seriously hamper the website performance and degrade the visitor experience.

Instead I have chosen to disable trackbacks altogether except for authenticated users. I am sorry for the inconvenience that this will cause my readers, but I feel that this is the best course of action keeping security and sanctity of the website in mind. As we all know it is very difficult to keep unwanted things out because we don't know what is unwanted or bad, but we definitely know what is good and what we want and its easy to keep a track of it.

For the record, I use COREBlog2.0 version 0.8 on Plone running on Zope.

From now on, every time you update your computer using automatic updates, Windows Update or Microsoft Update you will be forced to validate whether your copy of Windows is genuine or not. I thought it was a one time activity that Microsoft is doing to verify whether I am using a non-pirated copy of Windows. But it seems that every time I update my computer, I will be forced to validate my copy of Windows.

I noticed this first time when I updated my computer to download and install IE7.0 and didn't think much of it that time. Last month Microsoft released an update to Windows Media player by releasing Windows Media Player 11. I tried to download it today and after the download it showed me the screen showed here to validate my copy of Windows XP. I downloaded and installed IE7.0 quite recently and at that time also it asked me to validate the copy of Windows.

I am using a enterprise volume license for Windows XP and Microsoft software. So why does this bug me? For the simple reason that I don't know what information Microsoft is collecting while doing this. Granted that their privacy policy states that no identifiable information is collected, but the fact remains that they have the capability to collect this information. What if they discover that the copy of Windows key that I am using is compromised and they unilaterally decide to inform the law enforcement agencies. What then?

I am a great fan of Yahoo! messenger and I use it to keep in touch with my friends and family. I was delighted when Yahoo! introduced an auto update feature to update the messenger software which would help me keep my messenger updated with the latest release and all the great features that Yahoo introduces. But the auto update feature has a long way to go to be a good one and not annoying.

My settings:

• I don't use any of the browser toolbars provided by so many software vendors. I just don't like it and don't see the value in using it.
• I use Google as my search engine as I like the results provided by Google as compared to other search providers.
• I use either blank or my company's intranet page as my home page for browser on Internet explorer and the personalised Google home page for my Firefox browser as it gives me option to add various content of my choice.

Yahoo! Settings:

Yahoo! first asked me my permission whether I wanted to enable auto update or not. So far so good. But it nowhere mentioned what it will do once the auto-update feature is enabled. Yahoo! installer did not record my existing settings and install just that part of the software that I had installed. I guess it would not be too hard to read that without storing them anywhere (to allay concerns of privacy) and install just that part which a particular user had originally selected.

On completing the installation, Yahoo!

• Installed the Yahoo! Browser toolbar
• Reset my home page to Yahoo! home page
• Reset my default search provider (the one that comes in the Browser search bar)

I again had to go and uninstall those components manually. Looking at what it installed, I figure that Yahoo! auto update feature installs software with its default settings. And comparing this behaviour of the software with the definition of Badware from the independent watchdog organisation stopbadware.org, it does behave like a badware.

Suggestions for Yahoo:

Yahoo! should take feedback such as this and try to make their software less intrusive. Software should help people do their jobs (or hobbies) and not make people change their habits and it definitely should not be putting things on the user's computer without permission.