Law

Law and legislation

Ignorance as a human (business?) right?

Rogers Communications Inc. is a company providing cable, cellular, and other services in Canada.

Rogers has a discount brand, Chatr, which they advertise as being “more reliable and less prone to dropped calls.”  Canada’s Competition Bureau, after what it called “an extensive review of technical data,” found no discernible difference in dropped-call rates between Rogers/Chatr and new entrants.

Apparently, Rogers will argue that the court should strike down a section in Canada’s Competition Act that requires companies to undergo “adequate and proper” tests of a product’s performance before making advertising claims about it.  In other words, Rogers is saying that forcing the company to find out if claims are true is unfair, because that means they can’t lie with a straight face.

Q: What is the difference between a computer salesman and a used-car salesman?

A: The used-car salesman knows when he’s lying to you …

Trust me, I didn’t look right as I typed this …

‘Lying eyes’ are a myth – looking to the right DOESN’T mean you are fibbing.

“Many psychologists believe that when a person looks up to their right they are
likely to be telling a lie.  Glancing up to the left, on the other hand, is said to
indicate honesty.

“Co-author Dr Caroline Watt, from the University of Edinburgh, said: ‘A large
percentage of the public believes that certain eye movements are a sign of lying,
and this idea is even taught in organisational training courses. … The claimed link
between lying and eye movements is a key element of neuro-linguistic
programming.

“According to the theory, when right-handed people look up to their right they
are likely to be visualising a ‘constructed’ or imagined event.  In contrast when
they look to their left they are likely to be visualising a ‘remembered’ memory.
For this reason, when liars are constructing their own version of the truth, they
tend to look to the right.”

“Psychologist Prof Wiseman, from the University of Hertfordshire, said: ‘The
results of the first study revealed no relationship between lying and eye
movements, and the second showed that telling people about the claims made by
NLP practitioners did not improve their lie detection skills.’

However, this study raises a much more serious question.  These types of “skills” are being extensively taught (and sought) by law enforcement and other agencies.  How many investigations are being misdirected and delayed by false suppositions based on NLP “techniques”?  More disturbingly, how many people are being falsely accused, dismissed, or charged due to the same questionable “information”?  (As I keep telling my seminars, when you get sidetracked into pursuing the wrong suspect, the real culprit is getting away free.)

(I guess we’ll have to stop watching “The Mentalist” now …)

Submarine patent torpedoed …

For some years I have been peripherally involved (hired to research prior art, etc.) in some of the submarine patent/patent troll cases in the AV world.

I’ve got plenty of prior art.  Programs demonstrating and using technologies that were granted patents years after those programs were available.  Email discussions showing that concepts were obvious and well-known years before patent applications were filed.

Of course, as the “expert” I’m not privy to the legal strategy.  Bt I can figure it out.  US patent office issues patent that never should have been granted.  Troll sues Big Firm for $100M.  BF’s lawyers go to IP law firm.  IP lawyers find me.  IP lawyers ask me for the weirdest (and generally weakest) evidence.  IP lawyers go back to BF’s lawyers.  BF’s lawyers go back to BF.  (At this point I’m not privy to the discussions, so I’m guessing.  But I suspect that …)  IP and BF lawyers advise that evidence available, but patent fight expensive.  BF offers troll $100K to go away.  Troll happy with $100K, which is all he wanted anyway.  BF lawyers happy with large (and now more secure) salaries.  IP lawyers happy with $1M fees.  BF happy to have “saved” $99M.  The only person not happy is me.

Well, Kaspersky got sued.  Kaspersky fought.  Kaspersky won.

So, today I’m happy.  (I just wish I’d been part of *this* fight …)

(By the way, patent trolls cost money …)

Using Skype Manager? no? Expect incoming fraud

I have been using Skype ever since it came out, so I know my stuff.

I know how to write strong passwords, how to use smart security questions and how to – most importantly – avoid Phishing attempts on my Skype account.

But all that didn’t help me avoid a Skype mishap (or more bluntly as a friend said – Skype f*ckup).

It all started Saturday late at night (about 2am GMT), when I started receiving emails in Mandarin from Skype, my immediate thought was fraud, a phishing attempt, so I ignored it. But then I noticed I got also emails from Paypal with charges from Skype for 100$ 200$ 300$, and I was worried, was my account hacked?

I immediately went to PayPal and disconnected my authorization to Skype, called in Transaction Dispute on PayPal and then went on to look at my Skype account.

I looked into the recent logons to my account – nothing.

I looked into email changes, or passwords – nothing.

I couldn’t figure out how the thing got to where it was, and then I noticed, I have become a Skype Manager – wow I was promoted and I didn’t even send in my CV.

Yeah, joke aside, Skype Manager, is a service Skype gives to businesses to allow one person to buy Skype Credit and other people to use that Credit to make calls. A great idea, but the execution is poor.

The service appears to have been launched in 2012, and a few weeks after that, fraud started popping up. The how is very simple and so stupid it shameful for Skype to not have fixed this, since it was first reported (which I found) on the 21st of Jan 2012 on the Skype forum.

Apparently having this very common combinations of:
1) Auto-charge PayPal
2) Never used Skype Manager
3) Never setup a Work email for Skype

Makes it possible for someone to:
1) Setup you as a Skype Manager
2) Setup a new work email on some obscure service (mailinator was used in my case), and have all Skype emails for confirmations sent there

Yes, they don’t need to know anything BESIDE the Skype Call name of your account – which is easy to get using Skype Search.

Once you have become a Skype Manager, “you” can add users to the group you are managing – they don’t need to logon as all they need to do is use the (email) link you get to the newly assigned Work Email, yes, it doesn’t confirm the password – smart ha?

The users added to your Skype Manager can now take the Credit (its not money, it just call credits) and call anywhere they want.

Why this bug / feature not been fixed/addressed since the first time it was made public on the Skype Forum (probably was exploited before then), is anyone’s guess, talking to the Fraud department of Skype – he mainly stated that I should:
1) Change my password for Skype – yes, that would have helped nothing in this case
2) Make sure I authorize Skype only on trustworthy devices

The bottom line, Skype users, make sure:
1) You have configured your Skype Manager – if you are using Auto-Charge feature – I have disabled my Auto-Charge and PayPal authorization since then, and don’t plan on enabling it anytime (ever)
2) You have configured your Skype Work email – yes, if its unset, anyone can change it – without needing to know your current password – is this company a PCI authorized company? 😀

If you have more insight on the matter, let me know

– Noam