Phishing attack or dodgy marketing

I just received an email purportedly from an academic publisher offering me the chance to win an iPod simply for taking part in a survey of my usage of their products. Fair enough.

But, when I click the survey link, the anti-phishing filter in my email program is tripped revealing the message to be a potential security risk. The reason? When one clicks the link to the survey, the link is apparently to “xyz321.con”, but the actual link is pointed to “uvw123.nob”. In other words, they don’t match, a discrepancy that is usually indicative of an internet fraud. Similar things happen with those “Validate your account” messages that appear to be from your bank, eBay, or Paypal, viz, click on something that looks like www.paypal.com and end up at a phishing page on www.abcxyz123.info or whatever.

To an inexperienced user, there is no quick and easy way to validate that the Springer email is genuine, so most would, I’d hope, follow their IT deparments didacts and simply delete the message as a phish.

If I were running such a marketing mail out, then I’d ensure the URL and anchor pointed to the same domain, in this case it would look far “safer” if both pointed to “publishersite.com” rather than some other obscure domain that is unrelated to the company’s genuine domain. This looks and is much safer for the end users and so would ensure a much high percentage take-up of the offer.

For more information on phishing and other computer security issues, I’d recommend you check out http://www.sciencetext.com where I host a stack of tech and security tips, just in case you haven’t got an IT department to offer the software and knowledge to back up those didacts.

Taking the P

Pnicogen. Silent “p” or sounded? The Oxford English Dictionary (OED) people just contacted me, wanting a definitive answer.

Partly because they found my Molecule of the Month on the subject at Paul May’s excellent site and suspected I was some kind of expert. Sadly I’m not, so I’ve resorted to asking a couple of contacts who might actually have a clue. I’d like it to be p’nuh but suspect the p should be silent, as in pneumatic. However, the OED entry currently claims otherwise, and my first contact agrees that it should be “p’ni”

Robots in the Military

The idea of robots in the military brings about thoughts of a sci-fi nightmare, probably starring Arnie and most definitely not R2. The military does, nevertheless, already use robotics to help members of the armed forces protect themselves against a wide range of dangers. But, the idea of a robot fighter shooting at the enemy is not that far from reality.

Read about this and the latest robotics news on our scenta robots news page.

Lancet Calls for Open Access to TGN-1412 Trial Investigation

British medical journal, The Lancet, has called for an open and independent investigation of what went wrong with the small phase I clinical trial of TGN-1412 that had six men in intensive care within hours of the trial beginning.

“Commercial confidentiality should not obstruct independent scrutiny of the drug trial that led to six men becoming seriously ill in Northwick Park Hospital in London, UK,” states an Editorial in the Journal, “Both TeGenero and The Medicines and Healthcare products Regulatory Agency (MHRA) – who authorised the trial – denied The Lancet’s request to see the protocol stating that it is ‘commercially sensitive’.”

News has been terse to say the least since the initial media frenzy regarding the trial. Quite bizarrely, Northwick Park Hospital in north west London, is where eccentric UK medical comedy Green Wing is recorded.

Password Sitter

P30%_gha! or p0%3ghA!?

If you’ve ever resorted to scribbling your assigned computer password on a Post-It and sticking it to the side of your monitor because it was too cryptic to remember, then research at the Fraunhofer Institute for Secure Information Technology in Germany, could be just what you’ve been waiting for.

The scientists there have developed a new program — PasswordSitter. “Using it, you only need to remember a single password. The program provides all the other passwords on any device, whenever you need them”, explains team leader Markus Schneider, “A special procedure based on state-of-the-art encryption technology provides the necessary security.”

Despite new security mechanisms, requesting a password is the most common method of checking a user’s identity. Most of us have so many passwords for websites, databases, email etc, that remembering which one goes with what is a major headache. The problem is doubled by company IT managers who often force users (quite sensibly) not only to choose non-obvious passwords with mixed alphanumerics and even punctuation marks but also to change it on a regular basis.

According to the annual Safenet survey, half of all professional computer users write down their passwords, and around a third even divulge their passwords to colleagues. It almost defeats the object of having a password in the first place. A lot of people go for weak passwords, such as the name of a spouse, or don’t think twice about using the same password for everything. “These kinds of practices harbour potential security risks”, says Schneider, “On the other hand, it’s virtually impossible for you to follow the security advice from the experts without any help.”

PasswordSitter bolsters security because it generates strong passwords, while the level of security can be set to allow different password guidelines to be followed and passwords can be changed quickly and easily.

But, you may be wondering why not opt for one of those neat USB fingerprint reader? gadgets? Well, they’re fine if you’re at your own PC, but what happens if you’re working at someone else’s workstation or in a cybercafe?

PasswordSitter provides users with access to their passwords from any device at any time they need them.

So, how does it work? Well, it seems that Fraunhofer aren’t so keen to reveal details, although Schneider told Sciencebase that, “PasswordSitter is available as signed Java applet. If you are in a cybercafe in Peru, then you can download PasswordSitter, type in your Master Password and PasswordSitter generates your ebay password for you every time you need it. Note that your ebay password is not stored in the PasswordSitter system.”

There are other password-minding systems out there – including PassPack and LastPass and if you’re stuck for ideas for how to come up with a password try my passwords for scientists idea.

Beaming up a Blind Date

Personally, I’m way past the dating game, having been happily married for several years. But, as an angsty teen with a passion for the more nerdy things in life – many of which begin with the prefixes astro-, star-, and chem- Trek Passions would have been a lifesaver. If you’re looking for love and haven’t yet found your Lieutenant Uhura, your Han Solo, or even your Ford Prefect, then this site could be the place to go. Essentially, it’s an off the dial free dating site for sci fi fans and it does exactly what it says on the tin. It interfaces lonely hearts, enables matter transportation of an amorous kind, and basically presses all the right buttons among the millions of Trekkies, Starwarsies, Clarkies, and perhaps even Wyndhamies out there.

McCoy: [to Spock] You see, I feel sorrier for you than I do for him [referring to Kirk] because you’ll never know the things that love can drive a man to. The ecstasies, the miseries, the broken rules, the desperate chances, the glorious failures and the glorious victories. All of these things you’ll never know, simply because the word “love” isn’t written into your book. Good night, Spock.

So, sign up, but watch out it’s a scary worlds out there…

Detox Kits

A sciencebase visitors attempted to spam the blog recently with an advert for his detox kits. Needless to say, this blog automatically adds a rel=nofollow tag to all comment URLs, so it’s a waste of time spamming us anyway, but moreover, all comments are moderated so that cr*pfloods are easily averted.

Anyway, if you want to find out what a detox kit is check this Google search: detox kits – Google Search

It seems that the marketing spiel claims that these kits can clear out the tell-tale signs of any drug of abuse and so help users pass drugs tests. Looks like bunk to me, nothing can “detox” your body. Metabolites have to be excreted eventually and chemical analysis would reveal the presence of even modified metabolites in your urine.

One thing that does worry me about these kits though. If they do “mop up” drugs and drug metabolites from your bloodstream then they’re going to have to be incredibly selective so as not to interfere with prescription drugs, surely.

I’d be very wary of using them (they’re rather pricey too!) to try and pass a drugs test. Much easier just to avoid those drugs of abuse in the first place.

Censorship

Check out Indiana University’s Censearchip. It allows you to see how search engine censorship (on Google or Yahoo) in various countries affects the search engine results pages (SERPs) you see depending on where you search from (well if you’re in China, France, Germany, and the USA. It’s quite fascinating to see the tag clouds it generates to show the differences between searching in different countries.

The tool’s developers, Mark Meiss and Filippo Menczer at the Indiana University School of Informatics, caution that ‘In order to give as accurate a comparison as possible, we’ve disabled the ‘SafeSearch’ feature that search engines use to block images with explicit violent or sexual content from their search results. Some of the images returned may be quite graphic and inappropriate for children. Please exercise caution in your searches!’

You have been warned.

Chemical Reference Searching

An excellent new resource is now available through the ChemSpy chemical search site thanks to a collaboration with William Griffiths. Will runs ChemRefer.com a site dedicated to the Open Access chemical literature and allowing users to trawl for current and archival research papers from a wide range of publications. To search ChemRefer and the other direct access search engines at ChemSpy, simply enter your keywords and click the appropriate search engine. Available alongside ChemRefer are Chemindustry.com search, Chmoogle and Pubchem name searching, Google Scholar, ChemFinder, and the NIST WebBook

Da Vinci Debate

It’s quite bizarre isn’t it that Dan Brown’s novel should cause such a stir? It’s not even named properly. “Da Vinci” is not how the great polymath was known, no one knows his surname or whether he was known as anything but “Leonardo” in his lifetime. The “Da Vinci” monicker was tacked on later, simply because he came from Vinci, Italy.

Anyway, Brown is currently embroiled in a legal debacle with the authors of another book (The Holy Blood and the Holy Grail) who claim that he plagiarised their purportedly non-fictional history of the alleged marriage to Mary Magdelene of Jesus Christ and the continuation of his blood line to modern times. Quite bizarre. It’s like someone trying to sue Michael Crichton for writing about dinosaurs (there must be thousands of non-fiction authors holding their breath right now), or nanotechnology, or global warming or emergency rooms…

As far as I recall, Brown cites the HB&HG in his book, so I’m not even sure how it could possibly be plagiarism, but then that’s English law for you.

The really odd (I don’t think) thing about this whole legal case is that both the dVC and the HB&HG are actually published by the same publisher. And, could it also be pure coincidence that it’s reached the courts in the same month as the film of dVC hits the big screens in the UK? I suspect not. Either way, the plot is pretentious and puerile and I really wish I hadn’t bothered reading the book. I can only recommend that if you haven’t yet, don’t bother. Jurassic Park is more likey, to be honest.