Warnings and Hoaxes

Surprised I didn't put this out there earlier...

Freeparking (a large domain name registrar in New Zealand) have been using Cyber Security for marketing purposes, pushing the .kiwi tld.

Today I got the following within (yet another) marketing plug from them:

"Cyber threats are on the rise in New Zealand and many small to medium business are leaving themselves vulnerable by not securing the core domains recognised in New Zealand. At Freeparking, we want to help you protect your brand which is why we had these domains put on hold for you - but time is running out, your .KIWI domains are expiring soon, so ensure you claim and renew your domains now!"

What they actually did was pre-emptively register the .kiwi variations of domain names registered by their customers, a year ago, and the annual renewal is coming due.

Editors Note: This page originally cited that Reddit was the source of the popup ads. Having closed Reddit down for a while it happened again - see amendment - and the only common factor was Memory Alpha (The Star Trek Wiki) - which rings true as I had suspected similar some time ago. I've been re-watching Star Trek via Netflix and following the production notes on Memory-Alpha as I go, so there's been a tab floating on one of their content pages for a while. :(

Mobile browser has been popping up with fake ads proporting to be flogging large-value Countdown supermarket vouchers (but only if you fill it in real fast, 2 minutes!)...

The content is hosted on cloudfront (AWS) and when I later reopened the URL to investigate it I got redirected to www.kiwiprizes.com - a domain hosted by Cloudflare, and apparently registered to:

Domain Name: kiwiprizes.com
Registry Domain ID: 1941599927_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.psi-usa.info
Registrar URL: http://www.psi-usa.info
Updated Date: 2017-08-13T14:21:02Z
Creation Date: 2015-06-24T13:02:50Z
Registrar Registration Expiration Date: 2018-06-24T13:02:50Z
Registrar: PSI-USA, Inc. dba Domain Robot
Registrar IANA ID: 151
Registrar Abuse Contact Email: domain-abuse@psi-usa.info
Registrar Abuse Contact Phone: +49.94159559482

Registrant Name: Jimmy Nguyen
Registrant Organization: AP Marketing Asia Pacific Pte Ltd
Registrant Street: Unit 706 7/F South Sea Centre Tower 2, 75 Mody Road
Registrant City: Hong Kong
Registrant State/Province: Kowloon
Registrant Postal Code: 852
Registrant Country: HK
Registrant Phone: +49.615185080
Registrant Phone Ext:
Registrant Fax: +49.61518508111
Registrant Fax Ext:
Registrant Email: domains@spark5.de

Registry Tech ID:
Tech Name: Department Systemadministration

So... it's been a while since I blogged - and i'll detail more on that elsewhere - but I felt singularly inspired after a story my wife told me tonight, about NZ Couriers. Again.

She arrived home yesterday afternoon shortly after 4pm to find some courier-delivered packages on the doorstep.
This on it's own wouldn't be a problem except that at least one of them was 'signature required'. That is, it's not meant to be delivered unless someone signs for it.

So Liz hits up the NZ Couriers website and does a track-trace on the delivery ID - to discover that it was signed for at 2.25pm - when she wasn't home!! (I know this as she was in the CBD with me... !)

Seriously, what the hell?

So... Delivery guy forges the addressee's signature and just leaves it on the doorstep. Today Liz gets a response from NZ Couriers to say that this is "industry standard practisr". Err... Wut?

Not the first time we've had problems with NZ Couriers, to be honest. Late last year Liz ordered an item from a company based in Penrose and was to have it couriered to to our home in Birkdale. The company tried to tell us that if we wanted delivery during the month of December we'd be best to pick it up from their depot (in Mt Wellington). (For those who aren't aware, Mt Wellington and Penrose are immediately adjacent, on the wrong side of the Harbour Bridge from Birkdale!) Track-and-tracing of the item at the time showed that it never got beyond being picked up by the courier. Then they couldn't find it. Then after much nagging on our part, the courier finally found it and delivered it... but had to get his teenage daughter to come to our door as he couldn't face up to us!!

There's a certain resonant truth in this "LulzSec" article by Patrick Grey, the man behind Risky Business, a Security Blogger and Podcaster known to the NZ 'scene'.

It's hilarious. Hilarious because it's so true.

In my opinion it is possible to build a 'secure' system - but there's a couple of caveats.

1) Security comes in many layers; electronic security is just one. If someone can get physical access to your gear, your network, your workstations or servers... you're toast.
2) Any system with external connectivity is reduced in security, Firewalls or no Firewalls. IPSEC or no IPSEC.
3) Any system with Internet connectivity is worse again.

Note that 2 and 3 are different. Ultimately the Internet has to be looked at as a 'wild, wild west of computers' and one has to accept that by being online, you've got a big target painted on you. All you can do is reduce your profile. Much like dodging criminals in our fine city's dodgier neighbourhoods. Nod to Metlstorm's 'low hanging fruit' presentation from Kiwicon 2009.... if your fruit hang low they will be harvested, along with all the goodness contained therein.

So if you want a truly secure environment, connectivity to the Internet should be seen as a) optional, and b) risky. And if you're on the Internet, accept that there's definate limitations to the level of security you can expect.

This goes double, and perhaps even triple, for anyone actively using Facebook or its ilk. How much of your personal data is on there? How much faith are you putting in a megacorp who's in the 'we're so big the individual doesn't matter' camp?

I draw folks attention to the comment i've just tagged onto my previous entry about Aerial Impressions.

Almost exactly 12 months ago, we went through the same business. And here we go again. And again folks in NZ are facilitating the 'faux-business' operated out of a 'faux-address' in Wellington.

I came across http://vilain.net/blog/2010/12/93-vilain-v-vodafone.html via Twitter yesterday. I've met Sam Vilain, though I don't know him well - but I know him by reputation as a clever guy. That, and this being an issue I have strong interest in, had me keeping my ear to ground for the outcome of events.

In short, Sam was taking Vodafone to the Disputes Tribunal over the cost of international roaming on his Vodafone cellphone.
For anyone who travels frequently, you'll be aware of the facts involved - that roaming is horrendously expensive and that there's no way that the end-user costs associated with roaming data are in any way proportional to the actual operating costs of the service. Indeed there's plenty of media coverage about the insane costs of roaming (despite Vodafone making such a big deal about it's worldwide service).

A simple Google Search reveals headlines like:

So I share in Sam's dissapointment at the ruling but will also be interested in the followup. From my perspective:

- Vodafone have been far too inspecific about the costs of data use in their billing system; if a customer wants by-session information they should be able to have it!! Landline broadband can already do this.
- The rates are expensive; the fact it's cheaper to buy a local sim card than use your own number is actually a bit of a joke when it's usually pretty obvious that at a network level, costs are barely above local data costs. The host networks own local charging rates should sent the benchmark for a roaming guest. This case is serving to give yet more exposure to what many consider is a rort.

As previously blogged our company (the one Liz and I operate privately) has received unsolicited advertising from 'Pieroth Wines NZ' at least once before. They gain our details via the Companies Office Register.

This has been further validated; Last week Liz updated our details with the Companies Office now we've relocated to Auckland.
It didn't take long to receive more junk from Pieroth, addressed to 'Dear Lover of Fine Wines' at our registered address.

DO NOT EVER TRADE WITH PIEROTH WINES! This sort of harrassment-style direct marketing is rude and obnoxious. I'm not a wine lover, no matter how many times you try to suck me in with your faux-manners!

Most of my previous rant on this subject remains entirely valid. It's postal direct marketing, so it doesn't fall under the UEM Act... It could potentially be argued that using the Companies Register for purposes other than for which it is provided, is in breach of its terms of use. Yeah, that'll stand up to scruitiny... ??

Are people stupid enough to actually respond to these mailouts with enough frequency to make the cost of doing them worth the grief?

Why do I have to live with the fact there's absolutely no way to protect myself from this sorta crap?

By all accounts the PublicACTA event held in Wellington on Saturday was a roaring success. Sadly, I was unable to attend, and it sounds like I missed a great event. That said, we now have a bunch of smart folks who've had opportunity to discuss at length the issues that the so-called Anti Counterfeiting Trade Agreement is generating, and to produce the 'Wellington Declaration'. This is to be presented to the Government in less than 2 days - and hopefully made available to the ACTA negotiators.

Everyone who cares about the ongoing rights and freedoms of citizens of NZ - in particular regarding the Internet but also regarding the ways Government creates law - should be paying careful attention to ACTA. If the contents of the declaration ring true with you, show your support and Sign the Petition.

I Plugged it on NZLUG, and AuckLUG as well. It goes a little way toward explaining the background of this, largely ripped directly from the PublicACTA website.

Big Kudos to InternetNZ (hat-tip Jordan Carter), Nat Torkington, Don Christie, Peter Harrison and all of those who've been involved in both PublicACTA and from my personal perspective, the NZOSS's arguments against ACTA - NZOSS have been very proactive in responding to ACTA's potential risk to the FLOSS community and i'm proud to be involved with such upstanding folks.

So yeah, anyway, get signing! And stay tuned, I have no doubt we've in no way heard the end of this.

Warning: Once you incorporate a company and provide your details to the Companies Registry, you're doomed to receive unsolicited junk mail on a periodic basis.

I won't go into the electronic kind; the Companies office don't require you to provide electronic contact means (though when the forms are submitted, contact numbers are provided...) What i'm talking about here is plain old unsolicited postal junk.

Today we received a windowed envelope with our street address (per the companies office) in the window. Above that was no name; instead it was addressed to 'Dear Lover of Fine Wines'.

Enclosed was a self-addressed envelope (with 'Affix Stamp Here'; obviously they're not interested in supplying postage!), a glossy brochure advertising the firm 'Pieroth Wines (NZ) Limited' with an address at North Harbour Industrial Estate (Auckland); and a 'Consumer Survey' which then asks 'Are your name and address printed correctly?' Please check, so you are sure to receive your Thank-you-gift and the free 6 bottle International Wine Sampling without any delay.' To the right are three boxes with contact detail options and a title 'Details of Interested Friends!'

On the reverse is the survey, which starts with 'Your support is very important. With the help of your answers we may better adapt to the friends of Premium Wines and improve our services in future'. Goes on to ask questions for demographics and a bunch of wine preferences. It then asks for contact phone numbers (home and work) in order to arrange for the free gift and 6 bottle wine tasting.'

What's the bet that the free gift isn't 6 bottles of wine!

This is the 'please forward this to all your friends!' of the 20th century.

It's funny, when you keep a relatively close eye on the places your details are filed, and on your buying habits, you can get a good idea for all the dirty, dirty tactics out there.

Noted a couple of simultaneous subscriptions to NZLUG mailing lists this morning from different addresses @zeusmail.org - this immediately looked suspicious, and a Google confirms my fears.

A warning for those others dealing with mailing lists, forums and such; that's one domain with a baaaad rep.

Syndicate content