CRTC: never-ending madness

Easing of standards proposed

'In the wake of the Arizona shootings, it seems especially insensitive to suggest that we should lower the bar on media obligations as long as no one is directly threatened or killed:' NDP MP Charlie Angus.

Earlier, Angus told reporters the public has just three days to comment on a proposed regulatory change at the CRTC that would ease standards for radio and TV networks in terms of broadcasting false or misleading news.

A motion by Angus to have the Commons committee on Canadian heritage call witnesses and study the proposed changes passed late Monday. Witnesses may be called as early as next week.

Under the proposed changes, licence-holders would have more latitude in their reporting as long as comments do not directly put human life in danger.

Broadcasters would face penalties if it could be proved the licence-holder had prior knowledge that information was inaccurate.

Angus said the proposed changes directly contradict section 3.1 of the Broadcast Act obligating Canadian media to maintain high standards of objectivity.

“It seems astounding that the CRTC would consider such a move at a time when we see the growing backlash in the United States to the poisoned levels of political discord in the American media,” he said, referring to the debate over what might have influenced someone to shoot U.S. Congresswoman Gabrielle Giffords and 18 others in Tucson last month.

“In the wake of the Arizona shootings, it seems especially insensitive to suggest that we should lower the bar on media obligations as long as no one is directly threatened or killed.”

Read more of this article at cbc.ca

Pretty much, they’re changing

5. (1) A licensee shall not broadcast
(d) any false or misleading news.

to

5. (1) A licensee shall not broadcast
(d) any news that the licensee knows is false or misleading and that endangers or is likely to endanger the lives, health or safety of the public.

Posted via email from Frederick’s posterous

How would you shorten your name?

Happy New Year!

We’re now in the year 2011 — which I propose is “twenty-eleven” as opposed to “two thousand eleven”. It’s time to answer some serious questions.

I’ve been bothered recently (very recently, perhaps a few minutes ago) by a daunting challenge. Why do I abbreviate my name to “Frederick D.” instead of “F. Ding”?

I don’t know. What do you do, and why?

Random PHP/MySQL discovery: time differences

I had been plagued by a nagging question while developing a PHP application: how do I calculate the difference between two timestamps, to check whether the timestamps are within x minutes of each other?

My initial solution wasn’t at all perfect, although it was still better than developing an algorithm from scratch to decipher timestamps into hour/minute/second objects and coding math.

Solution 1: MySQL’s TIMESTAMPDIFF()

My first solution was to use a function native to MySQL, TIMESTAMPDIFF(). This function takes in three parameters: the unit of time in which the return value will be, and two datetime expressions.

To query whether a given timestamp was within 15 minutes (either +/-) of the current UTC timestamp, I used this statement:

SELECT ABS(TIMESTAMPDIFF(MINUTE, *********, UTC_TIMESTAMP())) < 15

It worked, but I wasn’t satisfied with having an extra query just to verify a timestamp. Besides, I was concerned about speed; that one query takes about 0.004 seconds to execute, which was too much for me.

Then I discovered the native Date/Time extension, built-in on PHP 5.2 and above.

See the better solution after the jump »

Beware phishing e-mails

Spam (1000).
© Allan Reyes. CC BY-NC-ND.

I’m sure seeing our Spam folder (or Junk, or Junk E-mail, and so on) fill up with useless e-mails is a common occurrence. I’ve learned to ignore it, and I almost never go into it to see if any important e-mails have been mistakenly identified as spam. Fortunately, most of my e-mail accounts don’t get much spam (< 5 a month), perhaps because I switched my main account last year.

Phishing

Today, I checked my Junk E-mail folder in Outlook to find a phishing e-mail, which, like many others before it, obviously tried to steal login information by posing as the service provider.

Unlike most spam mail about pills, millions of $$$ waiting to be transferred in overseas bank accounts, or pleas for donations for some dying patient, phishing e-mails are often well-crafted and even flawless in grammar and spelling.

World of Warcraft

In this case, I got an e-mail, purportedly from Blizzard Entertainment, regarding an account lockout. Tech-savvy users immediately look at it with suspicion, but I’m not so sure about the millions of people who have fallen for phishing scams and paid towards a million-dollar industry.

Phishing e-mail purportedly from Blizzard Entertainment
Notice the links to a fraudulent domain

Of course I wouldn’t fall for something like this. First, I don’t play World of Warcraft, nor any video games, really. This makes no sense to me because I don’t have, and never had, a Battle.net account.

Giveaway headers

Additionally, the headers were revealing:

X-AUTH-Result: NONE
...
X-Originating-Email: [xxcipherxx@hotmail.com]
Return-Path: xxcipherxx@hotmail.com
...
Received: from ri ([222.69.163.30]) by BLU0-SMTP81.blu0.hotmail.com over
TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
...
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512

This would explain why Outlook, or Hotmail’s SmartScreen junk filtering feature, placed it in the Junk E-mail folder; it originated from a Hotmail user, using Outlook Express, posing as a user @blizzard.com. Most likely it comes from a botnet or otherwise malware-infected PC.

Bad link

On top of all that, the links don’t point to Battle.net; they link to a domain (restoreaccount.us — visit at your own risk) that is not, at the moment of publishing, recognized by Firefox or Chrome as a phishing site. (I’ve submitted the link to Google’s Safe Browsing system.) This means that most users won’t be automatically protected against losing their accounts to this phishing attack.

I dug deeper to look at the domain registration information for this domain. What if restoreaccount.us was some generic service used by large companies to facilitate user management? (Yeah, right.)

Domain registration information for restoreaccount.us
The registrant claims to be the Government of India. ???

Since phishing is considered fraud, I wasn’t expecting the domain registrant to post his real contact information. To misrepresent oneself, however, on WHOIS contact information is cause for revocation of the domain. While it may be difficult to track down and prosecute fraudsters for phishing (or for impersonating the Government of India), it may be far easier to shut down such operations by disabling their domains through ICANN.

.us domain registration rules

The .us TLD has specific rules restricting registration to permanent residents of the United States, corporations in the United States, and foreign entities pursuing lawful activities in the United States. Supposing the above registrant information to be true (which I doubt very highly), it would not meet the requirements of the .us TLD rules, and could be terminated quickly. If it’s not true, then false registrant information is still a cause for termination.

Why am I even bothering to post about this?

First, you’re still reading this, so it doesn’t really matter why I decided to write it. Secondly, I wanted to dig deeper and reveal the (poorly) hidden workings of a phishing scam. Thirdly, there are, unfortunately, a lot of people out there who simply don’t understand these attacks and are defenceless against them.

I posted last year about another scam: the Domain Registry of Canada. That has proven to be one of the few posts that attracted a lot of hits from search engines alone, because people are searching about scams (or things they suspect to be scams). (Just to justify that post, I proudly point at the Better Business Bureau’s rating of F for the Domain Registry of Canada.)

In the same sense, I despise phishing and spam. Unsolicited commercial e-mails make up a huge portion of all e-mail traffic — 78%, as a matter of fact. It’d be great if the Internet could be cleaned up, yet at the same time I recognize the difficulties with doing so.

Since government regulation is unlikely to prevent citizens from falling prey to phishing attacks, it’s better to get these things on record and make it possible for people to find out whether they’re being scammed with a quick Google search. (I used such searches recently to avoid: 1) a telemarketing scam, and 2) a career recruitment scam.) There are sites out there dedicated to user-submitted fraud-testimonials.

It doesn’t help that most of the money lost to fraud comes from people who would probably never think to Google the e-mails they receive, or the letters they get. There will always be victims of fraud. We require awareness and education to protect everyone against fraud. I’m simply contributing, like hundreds of thousands of other tech-savvy users, to this struggle.