UKIP – Powered By Foreign Technology

The United Kingdom Independence Party (UKIP) have launched a new advertising campaign. It hinges on 2 key messages:

  1. Foreign labour is damaging the UK.
  2. Much of UK law is controlled from overseas.

Here are two of their posters covering these issues:

 

Based on this, you may think they’d be keen on UK technology. Yet here’s the technology behind UKIP’s website:

 

Even their domain name is not from the UK: the “.org” in UKIP.org is governed from the USA.

The Mirror’s Crying Child Photo – Not All That it Seems

Here’s the front cover of the Daily Mirror. A haunting image of a starving British child, crying their eyes out.

Only… the child is from the Bay Area, and the photo was purchased from Flickr via Getty Images…

Embedded image permalink

Here’s the source of the original image: https://www.flickr.com/photos/laurenrosenbaum/4084544644/ (Here’s a happier one taken the following day: https://www.flickr.com/photos/laurenrosenbaum/4086511962/. Apparently she was crying over an earthworm.)

An excellent photo, taken by the excellent Lauren Rosenbaum in November 2009, share犀利士
d on a US website (Flickr), sold by an American photo agency (Getty Images), used to illustrate poverty in Britain.

  • Does it matter that the photo is not really a starving child?
  • Does it matter that the photo wasn’t even taken in the UK?
  • Is there an ethical issue in buying a stock photo of a child – not in poverty – and using it to illustrate poverty?
  • Does it matter that the headline begins “Britain, 2014”, but the photo is actually “USA, 2009”?

I’m not sure on the answers to any of the above, but interesting to think about.

What do you think?

 


How the US Airways Tweet Happened

If you’re reading this, you will know that US Airways sent an incredibly lewd photo to one of their passengers in response to a complaint.

Here is the massively censored version of the Tweet:

The 2 Key Events:

  1. Very shortly before the US Airways tweet, the @ARTxDEALER Twitter account posted ‘the photo’, addressing the Tweet to @AmericanAir. (side-note: American Air & US Airways recently merged)
  2. US Airways posted a response to user @ElleRafter: “We welcome feedback, Elle. If your travel is complete, you can detail it here for review and follow up: pic.twitter.com/vbeYgXXXXX” (I’ve del樂威壯
    iberately changed that URL to protect the innocent).

The Actual Explanation:

  • US Airways recently merged with American Air.
  • Whoever is in control of the US Airways twitter account also monitors American Air’s brand on Twitter.
  • Having seen the lewd photo sent to American Air, the social media exec copied the URL (perhaps emailing it to someone to report it, for example)
  • When they responded to @ElleRafter, instead of pasting the URL of their complaints form, they accidentally pasted the twitter image URL. In doing that, it reattached the image to their tweet.

The key piece of information is that if you copy & paste a ‘pic.twitter.com…’ Twitter photo URL into your tweet, it reattaches that photo to your tweet.

Summary: Mystery solved. The twitter account ‘@ARTxDEALER’ accidentally caused the whole thing. (I wouldn’t recommend visiting their account – not safe for work!)

Very good luck to the poor person in charge of the US Airways/American Air twitter accounts. A tough job and – from the looks of things – an honest mistake.

How to Beat 2-Factor Authentication

You may have noticed these fake ‘Log into Google’ pages appearing more and more. They (and equivalents for other services) have very quickly become one of the main ways hackers use to steal other users’ accounts: (look carefully at the URL)

fake google login screen

The usual solution put forward to avoid falling for these is to ‘use 2-factor authentication’. 2-Factor Authentication is very, very good, and everyone should enable it where possible. But… it does not necessarily protect you from attacks using systems like the above. Here’s how a hacker could get around it if they were determined:

  1. The hacker sends an email to someone that redirects them to a fake ‘log in to Google’ page.
  2. At the point the user enters their login details, the hacker’s program automatically attempts to log into Google itself.
  3. If the hacker is presented with a ‘Please enter your code…’ screen, Google will have automatically sent a code directly via SMS to the user. The hacker should therefore present the user with their own ”Please enter your code’ box.
  4. The hacker would then wait for the user to receive the code that Google has sent, and typed it into the hacker’s own “enter your code” box.
  5. The hacker would then use that code to immediately log into Google as the user, defeating the 2-step authentication.

That’s all sneaky, and horrible, but it’s so straightforward that I’m sure it will start happening soon.

3 Factor Authentication? Or ‘Confirmed’ 2 Factor Authentication?

The obvious next step is ‘3-step authentication’ which is: After Google have sent the login code and the user has logged in, they should then text another message to the user’s phone, simply saying ‘Login successful. If you have not just successfully logged in, please reply STOP to this message’.