April 17, 2000-- Newsletter #76
Application Security Testing: An Integral Part of DevOps
Goodies to Go (tm)
April 17, 2000--Newsletter #76
Please visit http://www.htmlgoodies.com
Greetings, Weekend Silicon Warriors,
Did you see the iWon.com commercials? Well, that 10 million bucks was given away on an episode of the Leeza Gibbons Show on April 15th. There were three other winners of smaller prizes.
Did you hear...
Have you seen the Microsoft public relations advertisements with Bill Gates yet? They're not bad, actually. Microsoft has become a punching bag for a lot of people. I watched a show on early morning television where a guy played the accordion and sang against Bill Gates. There's high quality programming at that time of the morning, let me tell you.
I'm in favor of the spots myself. Microsoft had to do something. Anybody who's anybody got their chance to go on the air and speak out against the company. Microsoft didn't think it was getting a fair shake on any news programs, so it went this route.
Guess who made a million by investing in a dot-com? Queen Elizabeth! Really. She bought a stake, pre-IPO, in a site called Getmapping.com, which is taking aerial photographs of the whole of Britain. She put in 100,000 pounds, the site went public, and she made a profit valued at 1.5 million U.S. dollars. Cool.
Now onto today's topic...
I remember when the movie "Enemy of the State" came out. I went to see it the weekend it opened. I thought it was a pretty good film, well worth the $3.50 matinee price. The film revolved around the government using high-tech methods to covertly track a person's movements . It was a little far-fetched in parts, but it was a movie, so that was fine.
There's a scene where Gene Hackman's and Will Smith's characters talk about the government's capacity to tap the nation's phone calls. Hackman said that, in the 60s, government agencies had computers that could "listen" for certain phrases that suggested the caller posed a threat to the national security or the President. The idea was that if that was done back then, imagine what could be done now.
I may not be remembering the scene exactly right, but that was the gist of it. Government computers could listen for specific words and alert agents when someone had made a provocative statement.
Now, I'm not much of a conspiracy theorist, but I thought the idea was somewhat plausible, at least for a film. Would it work in real life? Maybe, but voice recognition is difficult simply because people speak in so many different voices, accents, and volume levels, not to mention the fact that a telephone line would only carry the mid-range frequencies of the voice.
I brought up the movie because the U.S. Securities and Exchange Commission (SEC) has proposed a method of checking for fraud that works much the same way.
SEC chairman Arthur Levitt has suggested that a series of servers be set up to continually search the Web for phrases like "get rich quick", or "buy low, sell high". The concept is to get a jump on people committing stock fraud.
See the parallel with the movie? Computers would constantly search for sites with certain phrases and return the site's URL to the Feds, who could then decide if a case should be built. The SEC claims the process is only to free up people. He's right. No individual person could search anywhere near as fast as a series of servers with an up-to-date database.
Of course, once a site was found, then a human being would take over. He or she would make the decision if the site should be brought under investigation for stock fraud. It's a good idea, right?
I guess, but I don't think it quite hits the mark. I don't know about you, but the vast majority of the seemingly phony stock pitches I get aren't on the Web, but rather through my email, and, oh man, do I get a lot of them.
The American Civil Liberties Union (ACLU) doesn't like the plan at all, for many of the same reasons that make me wonder if it'll work at all. They suggest that the only way for this system to succeed is to start looking at email.
"No, we won't," says the SEC. They claim that their proposal is like someone searching for a newspaper article. In fact, the only real difference between a human doing this and a computer doing it is that we'd have to pay a person. The server will use search engines and a database to automate the search. Who could be against that?
Two members of Congress, for one...er...two. Mike Oxley and Edolphus Towns, both senior members of the U.S. House Commerce Committee, have posed some questions to the SEC and say they might call for public hearings.
Then, just to add insult to injury, the SEC is also under pressure from the government to step up their stock fraud investigations. Right now, the SEC has filed over 125 cases over the past 18 months.
Maybe I'm missing the ACLU argument here. They don't seem to have a problem with a human sitting and searching the Web for stock fraud cases, but they do have a problem with a computer doing it. I don't get that. The server would do a far more complete job of searching than would a human. The searchable database for the server would be made up only of pages already in the public realm of the Web.
What IS the problem??? (Capitalization and Extra question marks added for emphasis. If you read last week's letter, you'll get this.)
The problem has to be just what I said way up at the top of this letter: searching Web pages simply won't garnish enough fraud cases to garner success. Public hearings will alert bad guys that practicing stock fraud on the Web will get them caught. Now that this plan is out in the open, they might as well drop it. It's a dead issue. If I were committing stock fraud, I'd pull off the Web and go to the area that the SEC said they wouldn't attack: email.
Again, it is my opinion that the majority of stock fraud items arrive over email or some other form of person-to-person contact. But the SEC can't delve into email, right?
Well, what if the email was sent directly to them?
Instead of setting up servers to search the Web, set them up to subscribe to every newsletter out there. Have them download every piece of software they can get their hands on. Buy at least one item from every online store they can find. Divulge all the information requested. If there's a little box that asks if your personal information can be shared with others, click YES! with glee.
Of course you don't identify yourself as the SEC and use a mailing address in Washington, DC. You sign up as someone who fits the profile of a person that a stock fraud artist would want to go after. Say you live in a small town somewhere in the Midwest. Make yourself a retiree with a nice nest egg.
The purpose is to get every spam mailing possible. Now have a server search through the messages to look for the words "stock," "bond," "get rich quick".
Is that illegal? Might the ACLU claim that's entrapment? I don't know, but doesn't that sound like the way to go? I bet you'd find more fraud in one day of checking email than you would in a week of searching the Web.
Maybe this is already being done. Maybe the SEC is doing it and just not telling anyone. Hopefully they are, and hopefully they won't tell anyone. If they do, maybe email fraud will dry up too.
Of course, that's just my opinion. I could be wrong.
That's that. Joe "Friday" Burns signing off. Just the facts, ma'am.
Joe Burns, Ph.D.
Last week I wrote about poor English and grammar use in email letters. Many of you took the opportunity to inform me that I had made my own error in grammar. I wrote: "I would think that the emails sent to those in a position of power would have less typos." For the sentence to be correct, the final two words should have read "fewer typos". My book on grammar (which I need to return to more often) states: "Use 'fewer' when referring to the number of items or persons. Use 'less' when referring to a single amount". For instance: There was less space [a single amount] on the floor, yet there were fewer [number of persons] dancers. Never let it be said that I could care less about "fewer"!
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...