October 30, 2007
Zopa and Listed Loans
Zopa has a new service that looks like you can post your ideal loan and get people to contribute. I'm not sure how this makes it different to its previous offerings (which would be probably obvious if I followed the site more closely) but it is curious to look at.
Apparently, being an Elvis fan is a key advantage in getting loans. One muses that social anthropologists are going to have fun comparing the public's preferences to those of banks.
From an FC perspective, we can see the same thing as over at other leading edge offers of payment systems and applications such as Second Life. By aggregating enough of the FC space within the offering, the cohesive application emerges, but the limits to scaleability are clear. OTOH, the emergence of strong pure-play FC players pretty much failed due to the various barriers, so it may be that this is the way forward.
Today's pop quiz: knowing what we know today, would we start again with a pure-play FC provider or a totally aggregated and simplified top-to-bottom application? A simplified way of looking at this question is whether we would go for a pure payments system, say for games, or rather build a game with integrated accounts?
Back to Zopa's market. Another issue (and many such remote microfinance concepts) is that although it can benefit from the Internet's disintermediation of banks, it can't necessarily compete against the banks' superior knowledge of the borrower. This was a core advantage of Grameen's _5 local women_ approach, something also seen in the social insurance industry (getting health insurance for a group is much easier than for an individual). Even though the risk is shared across the lenders, in theory at least, the borrower knowledge is an advantage that the banker maintains.
October 25, 2007
My fake passports and me
Rasika pointed to a serious attempt to research false passports for all of EUs countries by Panorama, a British soft-investigation TV series:
I am attending an informal seminar led by a passport dealer, along with six hopefuls who are living illegally in the UK. We are told that all our problems can be solved by a "high quality" Czech passport. It will take just two weeks to obtain and cost a mere £1,500.This may already sound surreal enough, but it was just the beginning of my journey across Europe in search of fake passports from all 25 EU member states.
What's lacking here is hard costs of the passports she actually did obtain. That's why it is soft investigation.
I am directed to somebody who introduces me to somebody else, and finally I end up face to face with two innocent-looking pensioners. They say that for just 300 euros they can get me a Polish passport in less than 24 hours.This deal falls through, but another dealer has delivered Polish and Lithuanian passports, complete with my own photos and two different identities.
But the breadth of the success makes it worthy of reporting:
It took me just five months to get 20 fake EU passports. Some of them were of the very best quality and were unlikely to be spotted as fakes by even the most stringent of border controls.
This is probably a good time to remind FC readers that you can find a long running series on the cost of false identity, taken from news articles that specify actual costs, here in the blog. Also note that on the Panorama show there is a video segment, but it is in a format that I cannot read for some reason.
Update: in one of the accompanying articles:
They ranged in price from just #250 to more than #1,500. Some were provided within several days, while others took weeks.
(Currency is unclear, it was shown as #.) Also, from one of the accompanying articles:
Police believe they were on the brink of producing 12,000 fake EU passports - potentially earning them £12m, when they were arrested in November 2005. .... Det Insp Nick Downing, who led the investigation, said the passports could have sold for up to £1,000 each.
Same as FC.
October 16, 2007
Your online Identity supplier
Vlad Miller, our source in Russia, sent:
This is an online fake-document shop. Here's the price list:
- Lithuanian or Latvian passport: €2500 without advance and €2000 with 50% advance payment.
- UK or German passport: €3500 without advance and €3000 with 50%.
- Driver's licenses of these same countries cost €600 and €800 euros, depending on the advance payment as above.
- Russian passports cost $1000 USD with advance and $1300 without.
An additional $500 is required to put the person's name into the gov't database so that the passport checks out online as well.
They use WU and bank transfers for collecting payment, as WebMoney Arbitration has already banned them. For communication (orders, etc. they use email and ICQ, also SMS with returning customers)
Together with fake documents, as a bonus, they offer consulting on crossing borders "in the green", schedules of border patrols, etc.
October 05, 2007
Storm Worm signals major new shift: a Sophisticated Enemy
I didn't spot it when Peter Gutmann called it the world's biggest supercomputer (I thought he was talking about a game or something ...). Now John Robb pointed to Bruce Schneier who has just published a summary. Here's my paraphrasing:
Bruce Schneier reports that the anti-virus companies are pretty much powerless, and runs through a series of possible defences. I can think of a few too, and I'm sure you can as well. No doubt the world's security experts (cough) will spend a lot of time on this question.
But, step back. Look at the big picture. We've seen all these things before. Those serious architects in our world (you know who you are) have even built these systems before.
But: we've never seen the combination of these tactics in an attack .
This speaks to a new level of sophistication in the enemy. In the past, all the elements were basic. Better than script kiddie, but in that area. What we had was industrialisation of the phishing industry, a few years back, which spoke to an increasing level of capital and management involved.
Now we have some serious architects involved. This is in line with the great successes of computer science: Unix, the Internet, Skype all achieved this level of sophistication in engineering, with real results. I tried with Ricardo, Lynn&Anne tried with x9.59. Others as well, like James and the Digicash crew. Mojo, Bittorrent and the p2p crowd tried it too.
So we have a new result: the enemy now has architects as good as our best.
As a side-issue, well predicted, we can also see the efforts of the less-well architected groups shown for what they are. Takedown is the best strategy that the security-shy banks have against phishing, and that's pretty much a dead duck against the above enemy. (Banks with security goals have moved to SMS authentication of transactions, sometimes known as two channel, and that will still work.)
But that's a mere throwaway for the users. Back to the atomic discussion of architecture. This is an awesome result. In warfare, one of the dictums is, "know yourself and win half your battles. Know your enemy and win 99 of 100 battles."
For the first time in Internet history, we now have a situation where the enemy knows us, and is equal to our best. Plus, he's got the capital and infrastructure to build the best tools against us.
Where are we? If the takedown philosophy is any good data point, we might know ourselves but we know little about the enemy. But, even if we know ourselves, we don't know our weaknesses, and our strengths are useless.
What's to be done? Bruce Schneier said:
Redesigning the Microsoft Windows operating system would work, but that's ridiculous to even suggest.
As I suggested in last year's roundup, we were approaching this decision. Start re-writing, Microsoft. For sake of fairness, I'd expect that Linux and Apple will have a smaller version of the same problem, as the 1970s design of Unix is also a bit out-dated for this job.