October 15, 2001-- Newsletter #152
Application Security Testing: An Integral Part of DevOps
Goodies to Go (tm)
October 15, 2001--Newsletter #152
This newsletter is part of the internet.com network.
Please visit http://www.htmlgoodies.com
Greetings, Weekend Silicon Warriors,
Have you noticed all of the videophones that news personnel are using to cover the war? It's turned even a single newscaster into a crew of his or her own. Technology just continues to amaze me again and again.
Did you hear...
Remember I reported that the U.S. House was ready to extend the moratorium on Internet taxation? The thinking now is that the extension may only go two more years instead of five. October 20th is the due date for a decision. That's when the current moratorium runs out. I'll post it here if the three extra years are lost.
Survivor is back on and I already dislike most of the contestants. If you're like me and can't get enough, then RealNetworks and CBS have a deal for you. A one-time $19.99 fee gets you a "Gold Pass" to watch tons of extra behind-the-scenes footage of people sitting around half bored out of their skulls. What a deal.
Now on to today's topic...
No, Britney is not dead.
I mean Britney Spears of course. I think she's popular enough now that she's jumped into the "Cher" realm of persons known only by their first names. If you're wondering what this is all about, obviously you weren't part of the experiment, or you don't really care about the fate of our current most famous Louisiana native. Here's the deal.
It seems a computer wizard named Tim Fries exploited a long-known browser bug. Tim first set to creating a mock-up of the CNN site. The page was equal in every way even in that the headlines were current and linked back to the actual site. His Britney Spears story, however, was sitting on a server in Saginaw, Michigan.
Next, he sent out a message to three persons running the AOL Instant Messenger chat software. Remember that. He sent it to only three people. The trick was that the address he gave for the story had http://www.cnn.com as the first section of the address, then an "@" sign, and then the actual URL of the hoax page.
When the Instant Messenger users clicked on the link, the browser bug came into play. It ignored everything to the left of the "@" and sent people directly to the hoax page. Those who clicked on the link saw the CNN domain and were tricked into thinking they were looking right at a CNN-sanctioned page. Heck, it looked like a CNN page.
Now, that may have been clever enough, but it gets better.
Tim is not a hacker. Tim is a cartoonist. Furthermore, Tim is a concerned cartoonist who was interested in how fast misinformation could be spread around the Web in light of the news climate following the September 11th bombings. He claims he did it in the name of science in order to test how quickly news spreads around the Internet.
He found enough data to write a doctorate-level paper.
On the fake Britney Spears page, there was a link that allowed a person to send the story to a friend. Those are fairly popular these days. The thing is that Tim had attached the sending button to use the CNN system to forward the fake page URL.
When someone sent the page to a friend, that "send" was counted by CNN.com. In fact, it was counted over 150,000 times during one 12-hour period last Sunday. It was one of the site's most popular pages that never appeared on the site.
If I'm not mistaken, those 150,000 hits were the number of times the story was forwarded. That could very well mean that triple or quadruple that number actual saw the story.
Now, some of you might be upset that I find this funny, but I do. If you find it terrible that Tim used a hoax death of Britney Spears to prove a point, I kind of agree with you, but then I don't. As a researcher, I wish I had thought of it. Of course, the ethics committee here on campus wouldn't have let me go through with it, but Tim wasn't restrained by such rules. He was out to prove a point and gather data. He needed a story that would blow people's minds and the latest Martha Stewart recipe wouldn't have cut the mustard. Furthermore, offering up an Anthrax scare might have itself produced fear instead of remaining simply at the experiment level. In all honesty, I think the Britney story was a pretty good pick.
It proves some points I've been ranting on about for years. The Web is an unregulated grouping of phone lines and whatever you get from those lines must always be taken with a grain of salt. This is paramount when something arrives via email. Still, every week I get questions about how Representative Sherman could even think about adding a 5-cent tax to every email.
Sure, you could argue with me that the use of the Britney Spears story targeted a young group of users and that they would be more rabid about getting the information from fan to fan. That might have accounted for the high number of forwards and possible may have skewed the results.
Let's say you're right and Tim had used a "lesser" or more "adult" story. Let's say he proclaimed a company was about to report lousy third quarter profits. Remember that one? It happened. Maybe that story would only have been forwarded half the time and maybe seen by only a quarter million people through personal reference. Do you believe that's any better or worse?
Well done, Tim. Hopefully your experiment will make you famous rather than a criminal. CNN should be thanking you, not condemning you. The news media should look to this experiment as something to trumpet rather than just another story.
Hopefully as many people will read the story of what you did as read the faux story of Britney's death, but I doubt it. The story of your experiment isn't as exciting as Britney's death.
...or a five-cent tax on all email.
...or an anthrax scare at Disney World.
...or the need for all persons to stay out of shopping malls on Halloween.
...or that I could make $46,000 in the next six weeks
...none of which have any foundation other than they arrived in my email box.
The problem is that, much like a Nostradamus quatrain, if even one of these thousands of emailed urban myths comes even close to being perceived as a correct prediction, all of them are breathed new life, someone proclaims the Web to be the only mouthpiece for the truth, and the email begins to fly all over again.
A 5-cent tax on email? How dare they even consider such a thing!
I'd better forward this to my friends.
That's that. Thanks so much for reading. I truly appreciate it every week.
Joe Burns, Ph.D.
And remember: Do you know why Marines are sometimes called "leathernecks?" It has nothing to do with sunburn, as I have heard before. It's a name given to them by Navy personnel. Marines used to have a piece of leather sewn into the back of their uniform collars to deflect sword strokes.
Here's another military fact. The name of the "Jeep" automobile came from the fact that the original versions were delivered to the Army with the letters "G.P." painted on the side. The letters stood for "General Purpose." It was simply shortened to Jeep.
And one more...the acronym SNAFU is a military term. At least that's where it originated. It stands for "Situation Normal, All Fouled Up."
Of course, young men in the military tend to change out one of the words on occasion.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...