Wednesday, October 31, 2007

Benefits to Globalization

In his weblog for May 7, 2007, Dani Rodrik (pictured) takes us to task for exaggerating the benefits of globalization in raising US household income and GDP. Professor Rodrik long ago established his reputation as a globalization skeptic; today he is the favorite Harvard economist among the backlash crowd. Eight years ago, Francisco Rodriguez and Rodrik (1999) notched their academic guns against Jeffrey Sachs and Andrew Warner (1995), expressing a skeptical view of the benefits of liberal trade policy to developing countries. As targets of Rodrik's latest outburst of skepticism, we share good company.

To debunk globalization proponents, Rodrik uses ...
read more here.

P.S. Dani has a great sense of humor. The picture of him is taken off his blog and states, "This is what the WSJ thinks I look like." When you visit his blog, you'll see the real Dani.

Monday, October 29, 2007

Podcast: Solutions For Your Small Business

Listen (or read all about) a new -- thanks to UPS -- customs clearance and international returns solutions for small businesses.

Here's a clip from the beginning of it:
Gardner: Let’s start with Laurel. Help us understand some of the issues facing small businesses, those seeking to expand their addressable markets and how they can start doing more business overseas.

Delaney: Actually, there are two forces at work right now for small businesses. One has to do with the issue of globalization. I think we all know the buzz that’s going on about going global that has been driven largely by Thomas Friedman with his book, "The World is Flat." He’s caused mainstream America and all small businesses to step up to the plate and consider the world as your market. The second force is technology, and technology is making it easier now to go global.
Visit here if you want to listen to the podcast or read the transcript. Go here if you want to simplify international trade.

Separately but related, we are about to unveil our redesign on GlobeTrade.com. Watch for it shortly! We hope you like it.

RBN - More of the RBN's fake anti-spyware and anti-malware tools (2 of 3).

As requested this article (2 of 3) continues from the Russian Business Network (RBN’s) Top 20 “fake” or “rogue software” series concerning the RBN’s Retail Division. The first article provided details of 20 such products focused on the delivery method and the need for dynamic CYBERINT (cyber intelligence) to encompass the multiplicity of other mirrored hosts and servers. This article provides further exposure of 21 to 40, but to extend the theme to a historical awareness of these ongoing and active threats. The third article will focus on the question, “Are these entire 40 fake products all RBN?” – The brief answer here is a quantifiable - yes!

A further example in this 21 – 40 group is AntiVirGear,again the same user exploit mode is used is stealth based malware, and according to McAfee’s Site Advisor provides a host of bad downloads for the unsuspecting user. AntiVirGear makes a fairly recent entrance to this scene, and appears within spyware forums and other security sources e.g. Symantec (September 13, 2007), but AntiVirGear is not new. The exploit variety here is based upon the Trojan Zlob or variant, well known in earlier names such as spysherriff, antispyware-gold, etc., with recorded sightings form 2004 and 2005.



The further batch 21 – to – 40 is shown here in Table 4.







Again many are alive and well and doing good business for the RBN despite most of the core IP addresses are blacklisted. However when compared with the 1st article again there is the common thread of interrelated hosts or mirror servers, see Table 5.




The tables in the 1st article and the tables here, and RBN related information helps to provide two important observations:

(a) The most important $$$ earning or key activities e.g. Malwarealarm, AntiVirGear, within the “fakes” category, but also as shown with the current PDF and Gozi attack are directly served with AS 40989 = RBNetwork (RBN).


(b) 36 out of 40 of the RBN fakes are hosted or mirrored via AS 27596 = Intercage


Intercage (US) AKA; Inhoster (xbox.dedi.inhoster.com - Ukraine), Atrivo (US), (Note: interestingly Broadwing Communications a backbone internet operation now owned by Level 3 Communications, Inc - NASDAQ: LVLT- appears to be the core mail carrier and mirrored hosting for AS 27596 - level of responsibility?). Intercage has a history relating to the RBN “fakes” as noted back as early as 2005 / 2006 for example Spyware Warrior forum. In February 2006 there was an online debate where ZDnet questioned ISC Sans suggestion to drop the blocking of all of Intercage, their arguement being there were “some” legitimate customers there.


There are two conclusions that could be made from this:


1. It has been suggested to the authors of this blog, it will not be until some of the victims of these fakes and RBN begin and successfully pursue legal actions against such server enterprises the legitimate ones will ensure they consider a level of due diligence in accepting or continuing to be the vehicle for such illegal activities.


2. Clearly IP blocking in a fast, responsive and comprehensive “OpenDNS” CYBERINT format as a method for ISPs and users is long overdue. There is a big difference between say iPower when they are careless victims themselves in getting 10,000 web sites hacked, and such an obvious case as Intercage - AKA RBN.


Finally as a reminder that this is a “now” problem and large scale see a sample in Table 6 from 21- 40, this would show about 3-4 million users as visitors worldwide to the 40 sites, per month “NOW”.




Thursday, October 25, 2007

Sixth Court of Appeals....11/1

What is taking place now is the consideration of this case as well as the possible ramifications. While I would like to feel that this is exclusively based on the situation at hand, the legal system does not operate in a vacuum. One has to consider the worst case scenario that might transpire under any ruling.

The easy decision would be that of tossing out the case because my lawyer has no standing in the court. (John Does are in somewhat of a quandary, as well as the representation of such in Texas.) A harder decision is whether the judge's disclosure order can stand review.

Should it stand, it makes a mockery of the Cable Communications Act, and any semblance of privacy. Virtually anything that you regard as private can be disclosed on the basis of a civil suit, with out any proof. That's what the Essent lawyer argued.

But, should a far more over-the-top anonymous blog be allowed free rein without fear of repercussion? Legislation should be enacted to plug the hole.

It comes down to the immediate rights of the individual, and the possible distress placed in a worst case senario.

There is national attention being devoted to this case.

Right Click on Case 06-07-00123-CV, and select open in new tab or window depending on your version of Internet Explorer. Users of Macs, Linux, and Firefox are on your own.

Five Practical Strategies for Building a Chinese Workforce

Wanted: Talented people in China.

There is a severe shortage of senior managers in China.

Read more here.

RBN - PDF email Exploit

Thanks to the input from Honeyblog.Org providing detailed confirmation related to the earlier ZDNet article, concerning the latest Gozi Trojan exploit involving PDF files attached to email courtesy of the RBN.


The PDF file attached to an email contains an exploit for the recently disclosed vulnerability involving Adobe PDF and the Microsoft reported security advisory (
here). As stated within this blog earlier the exploit is being distributed as a PDF file in spam and downloads a variant of the Gozi Trojan
The exploit which contains shellcode to download a binary from the RBN, the downloaded binary injects itself into several MS Windows processes and collects personal information from the infected PC and sends it to the RBN.


To confirm:






Download binary from IP address 81.95.146.130






Then send your personal data for ID theft to 81.95.147.107



Both 81.95.146.130 and 81.95.147.107 is served by Autonomous System AS 40989 = RBN AS RBusiness Network,


Perhaps more ISPs and users should simply blocklist the whole IP range, in and out?


Wednesday, October 24, 2007

Suddenlink Pipes Up....11/6


Received this as a comment, thought it deserved a top billing:
I apologize for the anonymous label. I don't have a Blogger account for work purposes.

In short, I’m with Suddenlink. Please don’t be alarmed by that: I’m friendly (at least I try to be).

I just wanted to drop a comment in here to try and set the record straight. Our company has spent (and continues to spend) time and money to protect this blogger’s interests. For instance, early on – when we were first ordered by the court to disclose the identity of the blogger – we informed the court that, before any disclosure could be made, the law required that the blogger be notified and have an opportunity to object.

Our bottomline position is to protect our customers’ interests while also complying with the law, in this case, the court’s final order. Net: We’re in a tough position, too, and simply trying to do the right thing. I hope that counts for something.

Pete Abel
Vice President, Community Relations
Suddenlink Communications
pete.abel@suddenlink.com

Pete,
My heartburn is that Suddenlink has not filed any objections, especially early on, despite there being no actual Texas legislation requiring the company to turn over records except in criminal matters.

Most of what has been cited has been out of state, because of that simple reason.

And, you don't need a blogger account. Click other and fill in whatever you wish.

I know you have had a legal presence at the proceedings. My contention is that your company should be the ones petitioning the Writ, instead of me. Rather than that, an agreement with Essent was reached for a disclosure. Had I not retained James, some very bad law might have been written from the bench, and had a precedent....frank


Note: Was looking for a "Pipes Up" tie in and ran into this accidentally. Crossroads seemed fitting....frank

Tuesday, October 23, 2007

Something to Ponder....10/24

One of the areas that we forget to take into account when we transmit records is the fax. Merely stating that "if you weren't supposed to get the fax, you should destroy it" doesn't meet HIPAA standards of PHI protection.

Who is responsible for any breach? The sender.

Received a comment about the circumstances involving the North Campus patient that PRMC accused me of violating HIPAA about. Then I realized: The only way someone could identify the patient was if they had been given information by the family. Or if someone had access to the PHI. I still don't know the patient's name, nor do I want to.

And, yes, it came as an anonymous comment.

Tomorrow, oral arguments will be given in Texarkana as to forcing Suddenlink to disclose my identity. That is all it is for. It has no bearing on the accusations that PRMC has, it only says that the court can or cannot compel the internet provider to disclose without proof of an actual offense, merely by accusation.

Should the court rule in my favor, Essent still has the option of attempting to prove their accusations to a sufficient standard for disclosure. The bar will just have been raised a bit higher. And, rather than making an end run around the system, the means and the goal will be in their proper order.

Is this over? Probably not.

Monday, October 22, 2007

RBN – The Top 20, fake anti-spyware and anti-malware Tools

In a continuation of the discovery of the RBN’s “Retail Division” one of the most important exploit delivery methods is the fake; anti-spyware and anti-malware for PC hijacking and personal ID theft, this is a source of revenue for the RBN also from a direct sale.

For example, MalwareAlarm is a dangerous fake anti-spyware software and it is an update version of Malware Wiper. MalwareAlarm is stealth based malware, according to McAfee’s Site Advisor they tested 279 “bad” downloads. The methodology is to get the user to use a “free download”, MalwareAlarm then displays a warning message to purchase the paid version of MalwareAlarm, and of course the damage is done with the initial action.


The purpose of this article is to demonstrate the multiplicity of nodes, connections and delivery routes. However, it is a prompt for the community of the need for real-time CYBERINT (see blog here) based blocking and shield services. As is shown below, many are either or both SBL and XBL blacklisted, but this is only the core IP address and not the multiplicity of other mirrored hosts and servers.


There are several well known “RBN retail brands” shown below (Table 1) we show the “Top 20”;






All of these are blacklisted elsewhere in some form, but still highly active at this time, as in any product marketing model some are entering into a mature phase and others are newer variants.. As seen within Table 1, this can produce some confusion, due to the apparent array of domains and IP addresses. Table 2 provides a simplification to the ten actual hosts and servers involved. As is a common theme of this blog again it has to be noted the several major US based servers involved, we hope unwittingly? Also note the potential for MITM “inside the server” website exploits of a further 1 million + web sites. For RBN blocking purposes 4/5 of the below would prevent access by the majority. The RBNetwork - AS 40989, encompasses AS28866 (AKIMON AS Aki Mon Telecom) and AS41173 (SBT AS SBT Telecom) as previously mentioned within this blog.







In answer to a few readers’ queries and one of the major problems with an analysis of the RBN’s activities is “What is the scale of this, how do we quantify?” In Table 3 below shows a limited sample and is provided in this brief form to deliberately demonstrate the numbers. It should be understood that luckily not every site visitor will download the exploits. A simple “Google” of some these examples will show the numerous forum and queries of how to remove the resultant infections. Included is the “Alexa” rank; to demonstrate jellyfish.com an auction site recently acquired by Microsoft, has about the same rank as MalwareAlarm.


As requested there will be a more detailed follow up on this topic, plus the requested RBN IP block information. Also a forthcoming article will shed light on the RBN’s payment and secure data transmissions.

Why Global Brands Work

Harvard Business School professor John Quelch writes a blog on marketing issues, called Marketing KnowHow, for Harvard Business Online. Join in on the debate on whether Ford will make a comeback on their global brand. The post is reprinted on HBS Working Knowledge here.

Friday, October 19, 2007

This Week in Brief....10/22

The big issue is the appeal's oral arguments in Texarkana next Wednesday. Hopefully we'll have a definitive view of the subject of privacy in Texas.

I had a commenter that was doing a fair amount of threats, name calling, and bad grammar. So, I made a point of tracking the IPs he used (I can download a report, time sequenced, so I matched the times with the comments. I deleted all the other listings, since that would give the data to Essent, should they win.) The only one they'll have a record of is their stooge. Like I do.

Hal Andrews, former Senior Vice President of Development for Essent (fired by Hud) was made CEO of Data Advantage Corp. Just indicates that being fired from Essent is not one of the worst things that can happen. Actually, it might be the best.....

The second PRMC IT person suspected of being me was fired. Kevin probably didn't want to stay anyway, since Race was sold. Christus ought to pick him up, knowing their system as well as he does. Actually, this is a perfect way of getting rid of an IT person that might be superfluous, since the consolidated data center was created, rather than paying benefits. Even the RIF policy wouldn't have cut those.

We found out that a community can take back its healthcare with Bonham's announcement. And, Hud still thinks that PRMC is a $100M proposition. Too bad no one else does....

Thursday, October 18, 2007

(Global) Marketing Moves to a Digitally Focused Business System

Marketers and their agencies must change as the convergence of media and technology, combined with the fragmentation and personalization of media, changes the connection between marketers and end users.
As the media environment becomes increasingly complex and rooted in the digital space, the existing marketing agenda and capabilities need to be re-tooled and marketing organizations, agencies and media companies are having to change at an unprecedented pace. A new cross industry study details how marketers and their agencies must change as the convergence of media and technology, combined with the fragmentation and personalization of media, changes the connection between marketers and end users.
Download the 15-page study produced by ANA (Association of National Advertisers), IAB (Interactive Advertising Bureau), AAAA (American Association of Advertising Agencies), and management consulting firm Booz Allen Hamilton here.

And we first wrote about this new media revolution here with a story about Mel.

Then McKinsey & Company conducted serious analysis of the phenomena here.

It's about using social networking and social media to build a global presence or what the more traditional folks call global marketing.

Tuesday, October 16, 2007

RBN - The Good, Bad and the Ugly


An interesting story in Wired.com by Ryan Singel, based on email correspondence from a representative claiming to be from the Russian Business Network (RBN). As reported, the RBN's man said current reports about the organization “..... is subjective opinion based on guesswork." In keeping with this blog's "quantitative" format we make an attempt to shed some light on this.



Figure 1. Shows a representation of the RBN from the perspective of web infrastructure, it provides three levels of operation:


1. “Good” & "Bad" - RBN Autonomous System (AS) – backbone internet structure (see diagram 2)


2. “Bad” - RBN Global – Core server hosting operations, e.g. RU, UA, BR, DE (Denic.de, crew-gmbh.de), CH (rbnetwork.biz), IT, NL, Panama, UK (Too coin via – Ripe representation – sbttel), Seychelles.


3. “Ugly” - RBN Retail –Specific exploit, ID theft, MPack. e.g. iFrameCash, 76Service.


For the purpose of the Wired.com article there needs to be focus on the RBN Autonomous System – Figure 2.




The problem is the RBN's Autonomous System is integrated within the whole of the Russian , Eastern European, and Eastern Scandinavian internet system overall. For example three of the following:

  • AS41181 RUSTELECOM, = AS4589 EASYNET, AS20597 ELTEL (general internet for Russia as a whole)
  • AS34596 CONNECTCOM ConnectCom Ltd Autonomous System, – included within are # AS8426(CLARANET AS ClaraNET UK AS of European ISP)# AS20597(ELTEL AS ELTEL net Autonomous System) any # AS34596 & # AS24919(CUBIO AS Cubio Communications Ltd Helsinki Finland)
  • AS39848 DELTASYS Delta Systems network – included within # AS20597(ELTEL AS ELTEL net Autonomous System) any AS39848, # AS24919(CUBIO AS Cubio Communications Ltd Helsinki Finland)


Although they are in the RBN Autonomous System they are within other Autonomous Systems. These should be discounted from the RBN "bad" or "ugly" groups.

Therefore, CONNECTCOM’s spokesman to Wired.com is either:

(a) Another innocent caught in the bad and ugly RBN’s maelstrom, they may actually own the RBN, but not the one we know.

(b) A RBN (bad or ugly) stooge trying to misdirect

As with earlier posts here, re; RBN hiding within US hosts, we have to recognize the RBN does the same in Russia and elsewhere. The requirement is to focus on the RBN "ugly" Retail Division. The specific source for website exploits, ID theft, etc.


Andrews to head Data Advantage as CEO....10/17


Hal Andrews has been named chief executive officer of Data Advantage Corp., the company announced.

Andrews, 40, served previously as senior vice president of corporate development of Irvine, Calif.-based Cogent Healthcare, which manages hospitalist programs in healthcare facilities. He has a law degree from the University of Tennessee College of Law, Knoxville, and a bachelor's degree from Southern Methodist University, Dallas.

Data Advantage, Louisville, provides healthcare information services to more than 500 hospitals and healthcare facilities across the country. -- by Jean DerGurahian/ HITS staff writer


Nice to know that there is life after Essent.....

Detroit at the 2007 Regional Chamber Small Business Conference Report

The 2007 Detroit Regional Chamber Small Business Conference was a huge success. What impressed me the most was the number of small business owners in attendance and how driven, enthusiastic and passionate they are about using Web 2.0 media to build a global presence. More information on the Detroit conference, including many of the speaker's PowerPoint slides, can be viewed here.

After my talk, I had folks from UPS, Google and Crain's Detroit Business come up to me to discuss additional opportunities. Eager to keep moving in this new global media direction. Everyone should.

Monday, October 15, 2007

Twelve local investors to buy Bonham hospital....10/17


From a comment:

By Vicki Graves

BONHAM — Twelve local doctors and investors recently took on the venture to acquire Red River Regional Hospital and it will be locally owned and operated.

Their $3.2 million offer was accepted Thursday by Attentus Healthcare of Nashville, Tennessee, CEO Dave Conejo said Friday. Officials at Attentus Healthcare couldn’t be reached Friday for comment. Hospital officials now move toward “doing the due diligence” and getting the loan completed. Their goal is to have that done by year’s end.

The majority of involvement is from area physicians. Now, they just have to do the work that will consummate the transaction, Conejo said.

The closing process will involve getting the property inspected, having a title search done and making sure there are no problems.

All contributions are held in an escrow account at Bonham State Bank.

When the local investors take ownership, they said they will completely remodel the emergency room and all patient rooms.

“The way the hospital is set up, we decided not to try to squeeze two patients into one room,” Conejo said. “When this hospital was built 38 years ago, two patients were kind of tight in those rooms, so we decided to make them all private.”

Patient rooms also will be equipped with comfortable recliners for family members who want stay at the hospital with their loved ones.

The enterprise began when the idea came up just two months ago.

“We’ve got a lot of people that are really getting behind this,” Conejo said.

The group doesn’t have all the money yet but has pledges lined up for a large portion of it and is confident that by month’s end, the rest will be in. All contributions and investors are welcome, he added.
One has to wonder, why the local docs haven't joined forces with other local moneymen to regain control of PRMC from Essent.....or is the price too high?

Now, my take: Interesting that I was being taunted by one of the Essent hanger-ons, and he had the following to say:
Like I said in my earlier note to you, since you are so good at hospital management, you should go raise some buckaroos and buy the hospital that Community Health ditched in Bonham. Why I betcha as smart as you are, you could jes' suck Paris Regional in no time flat. In fact, I bet you could bring Essent to its knees.
He might actually be right. Clarksville has seen an increase in utilization, as had Bonham. With the troubles we've had here, it would appear that some shrewd investors saw an opportunity to not only take more control of their destiny, but to leverage an advantage out of Essent’s troubles. It isn't the big threats, it's the chipping away of the healthcare dominance that Paris once had. Essent has provided the opportunity, and now it's being taken advantage of. Hopefully they do more “due diligence” than Essent did.

The shame of it is, by the time Essent is forced to sell, there might not be anything that is worth buying.... I heard that the taunt came from a lawyer...maybe he should be advising his clients, as prophetic as he is, rather than me!

Sunday, October 14, 2007

RBN - iFrame Cash Update - The Enemy Within the Gates

A great article and associated blog articles on the Russian Business Network (RBN) from Brian Krebs in the Washington Post. However, the puzzle and a theory for a few of us has always has been, where are the RBN's; external communications, web site exploit, and ID theft divisions, let us call it the RBN retail division. These have to be outside their conventional Nevacon / RBNnetwork / Aki Mon, those are becoming well blocked on SBL XBL etc., thanks to Spamhaus et. al.

Despite what some researchers may think about domestic PCs, the logic for the RBN has to base these operations within accessible hosts. Also from inside any server it is much easier to use "Man-in-the-Middle" (MITM) techniques to exploit neighboring web sites and for personal ID theft. Where better than within a low cost US host that only cares about the credit card used for not what the web site does, and you have over 1 million web sites and their users to prey on?

So here is the "good news" - the RBN have moved some key domains as of today, and luckily every time they do this it reveals more of their bases. Below is just a sample of many, if you put them on the outside of the major hosting hubs, you will starve the main body.


"The Enemy Within the Gates" - all "within" major US hosts, also note every one has fictitious domain registrants and is breaking the TOS (terms of service) for hosting:


iframecash com = 38.97.225.135 = Hiding within Cogent Communications (DC, US) moved back onshore to the US from Aki Mon Telecom

iframecash net = 66.29.87.11 = Hiding within Net Access Corporation (NJ, US) - along with many (what look like) bank phishing domains

anonymous-service (dot) com = 67.19.24.170 = within ThePlanet com (US) & proxy registered via Global Net Access (US) - also key domains
adulthosting (dot) ru, aspmedia (dot) net, sexbomba (dot) ru. webmoney-hosting (dot) net

76service com = 66.232.122.239 = still within Noc4hosts Inc (FL, US) and proxy registered via Global Net Access - also key domains:
firstoceanicbank (dot) net, gamesboard (dot) ru, hydrometeocenter (dot) net, newpulses (dot) com, odeku (dot) net, putany (dot) net, sosnovsky (dot) net

If we can persuade these major US hosts / servers to act voluntarily and quickly, as we did with Layered Technologies (iframe cash com) then at least we could prevent a great deal of web site exploits from "within" the major US hosting servers.

Just to re-emphasize listed above provides RBN direct access to over 1 million web sites and their users.

Friday, October 12, 2007

Are You Missing Out On Global Trade?

Most of America's small- and mid-sized businesses have failed to explore the significant growth opportunities offered by an increasingly global economy. Indeed, a new survey conducted for UPS shows 67 percent of the nation's small-to-mid-sized enterprises (SMEs) are still chaining themselves to the U.S. economy.
Is that you? If it is, I encourage you to read this press release and get ready to dive into the UPS Business Monitor United States 2007 Report when it is released November 1st. I will post more about it then.

Analysis of the Court....10/19

I was flipping through the Googled hits, and happened across the "Citizen Media Law Project":
The Citizen Media Law Project (CMLP) is jointly affiliated with Harvard Law School’s Berkman Center for Internet and Society, a research center founded to explore cyberspace, share in its study, and help pioneer its development, and the Center for Citizen Media, an initiative to enhance and expand grassroots media.
What they had to say about the case was interesting, to say the least, and may help on the 24th, when arguments are presented:
Not surprisingly, Judge McDowell's September 14 letter ruling in the Essent case makes a muddle of all this. First of all, it is bizarrely formatted -- the legal analysis is contained in two paragraphs that are italicized and indented from the rest of the letter, giving the impression that these paragraphs are quoted material, but without any indication of their source. Some independent researched turned up the following observations:

The first paragraph comes almost verbatim from Polito v. AOL Time Warner, Inc., 2004 WL 3768897, at *5 (Jan. 28, 2004), a case involving a subpoena to uncover the identities of anonymous AOL subscribers who allegedly sent the plaintiff harassing e-mail messages. The language that Judge McDowell quotes from Polito, however, relates exclusively to another case, In re Subpoena Duces Tecum to America Online, Inc. (noted above). Specifically, Judge McDowell appears to be invoking the standard applied by that court -- namely, that "the pleadings or evidence" satisfy the court "that the party requesting the subpoena has a legitimate, good faith basis to contend that it may be the victim of conduct actionable in the jurisdiction where suit was filed." In re Subpoena Duces Tecum to America Online, 2000 WL 1210372, at *8. In that case, the court considered evidence outside the plaintiff's complaint, but it did not make clear whether that was required by its standard.

The second paragraph comes verbatim from Alvis Coatings, Inc. v. Does, 2004 WL 2904405, at *3 (W.D.N.C. Dec. 2, 2004), a case which applied an especially weak version of the "prima facie" standard. There, the court was content that the plaintiff had "averred that the statements are both false and damaging to the Plaintiff's trademark and to its business generally." Id. at 4.

McDowell's letter never explains which standard he is choosing to apply -- Polito, In re Subpoena Duces Tecum, Alvis -- they're all different standards, especially if you look at them closely. Worse, McDowell never even tries to apply the (as yet unknown) standard to the facts of the case. The letter ruling says only:

After considering the above [i.e., the two paragraphs taken nearly verbatim from different decisions], the Court hereby concludes that good cause has been shown and the burden by the plaintiff has been met to meet the requirements of the exceptions to the [Cable] Communication[s] Act to grant the request by Plaintiff for the Internet service provider to furnish the name and address of the subscriber.

Apparently, Judge McDowell believes that no evidence to support Essent's claim is required. That is bad enough, but it is a debatable proposition under the case law. He apparently also believes that no analysis of the allegations in the complaint for facial sufficiency is required. Whatever the standard, this is surely wrong.

Thursday, October 11, 2007

RBN - 76service, Gozi, HangUp Team, and US hosting

The recent detailed and fascinating reports within CIO written by By Scott Berinato in conjunction with SecureWorks researcher Don Jackson was focused on the technical analysis of form-grabbing software, via access to 76service (dot)com. Subscribers to 76 service could log in, pull down the latest drops, i.e. data deposits from the Gozi-infected machines they subscribed to sent to the servers, like the 3.3 GB one Jackson had found containing more than 10,000 online credentials (ID theft) taken from 5,200 PCs.

Within the analysis and articles there is reasonable logic as to the 76service servers being based in Panama, but unfortunately they are or were based within the US. The Mpack DIY exploit package involving the "HangUp Team” which Jackson had found a coder who posted the news of 76service’s demise, all of these players have connections to the Russian Business Network (RBN), according to several researchers, including Jackson, ref: CIO.


In a long term watch analysis of DNS for 76service (dot) com (66.232.122.239) and related, reveals a detailed hosting history and CBL / SBL blacklisting (see below), but apparently is still currently hosted by "coolservecorp (dot) net" i.e. Noc4hosts Inc, with their servers stated as being in Lykes Building, Tampa, FL, USA. Although 76service appears closed, they may still be dwelling the hive of associated domains i.e. Key related domains @ 66.232.122.239 - carbon coolservecorp net: 76service.com, gamesboard.ru, newpulses.com, odeku.net, putany.net, sosnovsky.net (see below for further domains for interested researchers).


This is similar to another RBN retail outfit "iFrame Cash", where hosting was shown until recently by another US based web host Layered Technologies. The "carbon coolservecorp net" server is not the only one involved also; host33.coolservecorp.net, and aa.18.1343.static.theplanet.com.


Any reasonable conclusion again asks the question; are the RBN’s “bullet proof” servers operating with apparent impunity from within large low cost shared and dedicated hosting services within the US at coolservecorp / Noc4Hosts, Global Net Access (GNAX), The Planet or similar?

Even more concerning is the fact that there are reports of website hacking, iFrame exploits and hijacking at these hosts, not quite reported yet on the scale of the recent iPower (10,000+ sites exploited) problem but significant and growing. However the potential "internal" target for the RBN here is staggering, if correlating the potentially “infectable” IP domains from AS29802, AS3595, and AS29802 is a total of 1,296,640 IP addresses.

For the authors here, this analysis similarly proves the color of the credit card is more important than any due diligence concerning the activities of the client webmaster to most hosting outfits. Perhaps when hacked webmasters or those individuals who have been subject to ID theft eventually sue the hosts responsible for housing the cause, perhaps some due diligence may ensue.

The final conclusion is it would appear the RBN does not have to hack into servers to gain access to websites and a major hosts legitimate customers, they are already inside.

(Authors note: thanks to Scott Berinato, Don Jackson, and CIO for publishing the core information.)


Specific details:


BAD .... Listed on : 2 dnsbl services:

66.232.122.239 YES - LISTED BY cbl.abuseat.org
66.232.122.239 YES - LISTED BY t1.dnsbl.net.au

Further potentially related domains:

76 service domains sharing nameservers

5ballov.net, adulthosting.ru, alnar.net, alt.by, anemia-working-group.net, anemia-working-groups.net, anemiaworkinggroup.net, anemiaworkingroup.net, anonymous-service.com, apps4.net, aspmedia.net, azgar.by, beldrug.org, belpatent.net, belreferatov.net, beltorg.com, bvf.by

carbon.coolservecorp.net

charadziej.org, chukov.net, contour-lamn.com, coolservecorp.net, coolwebserve.net, daugiasaigon.net, fromby.net, gamesboard.ru, glamoura.net, gomeloboi.com, goro.by, greentrans.net, hope-casadue.net

host33.coolservecorp.net

iiseps.org, jewelry-fashion.net, k6tv.com, krimea.net, lysandrasoft.com, magomedov.net, maltofer.ru, medprom.com, multydom.crimea.ua, newpulses.com, odeku.net,pegasas.net, pogotski.com, priceby.net, priceru.net, priceua.net, putany.net, respekt-plus.com, sexbomba.ru, shemalesru.net, sit93.com, sosnovsky.net, syabry.com, venofer.ru, vodkaescort.com, wdl.ru, webmoney-hosting.net, znaesh.net

AS29802

Number of unique AS-peers:1 - Number of prefixes:7 -Number of ip numbers:28,928

AS3595 AS GNAXNET AS Global Net Access

Number of unique AS-peers:7 - Number of prefixes:35 -Number of ip numbers:145,920

AS21844 THEPLANET AS2 ThePlanet com

Number of unique AS-peers:5 -Number of prefixes:22 - Number of ip numbers:1,121,792

Total = 1,296,640




Wednesday, October 10, 2007

World Bank's Doing Business 2008

The World Bank's annual "Doing Business 2008" has just been released. It provides ojbective measures of business regulations and their enforcement across 178 countries. The team works closely with thousands of professionals around the world.
Highlights from Doing Business 2008: As countries reform their business regulation, more businesses are starting up. Eastern Europe has witnessed a boom in new business entry that rivals the rapid growth in East Asia in the past. Large emerging markets such as India, China, Egypt, Turkey, and Indonesia, are reforming fast and investors are taking notice. This year Egypt is the top reforming country worldwide, while Singapore is #1 on the ease of doing business for the second consecutive year.
Download report here.

P.S. Separately, just returned moments ago from the 2007 Detroit Regional Chamber Small Business Conference (where at the VIP breakfast, I sat next to Joe Dumars, famed Detroit Pistons player, businessman and current president of the Detroit Pistons' Basketball Operations (I did not even know this!) and will report on all of it soon! Amazing conference.

Blogger to remain unknown for now....10/12

For an update:
By Bill Hankins
The Paris News

Published October 10, 2007
TEXARKANA — The identity of an unknown blogger named in the Essent-Paris Regional Medical Center lawsuit will not be revealed today.

The 6th Court of Appeals in Texarkana Tuesday issued a stay of 62nd District Court Judge Scott McDowell’s order for internet service provider SuddenLink to reveal the identity to the court by 10 a.m. today.

Attorney James Rodgers of the Moore Law Firm in Paris said the Court of Appeals granted a stay of the disclosure until Wednesday, Oct. 24. At that time oral arguments from both sides are to be heard to determine whether the information should be revealed.

Rodgers Monday filed a writ of mandamus asking the court to look at the disclosure issue.

The hospital filed the lawsuit June 19, accusing the unknown blogger of wrongful conduct in publishing “false and misleading” information detrimental to the hospital and asking he be silenced.

In its lawsuit, the hospital alleged some of the information on the blog was obtained illegally.

It said the blogger “published statements with malice, with a reckless disregard for truth or falsity and with negligence in failing to ascertain the truth of the statements.”

McDowell ordered SuddenLink to reveal the name of the blogger, but SuddenLink said the blogger must first be notified and given the right to lodge a protest to the disclosure.

Rodgers countered, telling the court the Cable Communications Act prevents such disclosure.

McDowell, citing a Circuit Court of Virginia case, then said the identity could be revealed if evidence satisfies the court the party requesting it has a legitimate, good faith basis to contend that it may be the victim of conduct actionable in the jurisdiction where the suit was filed.

Rodgers then filed the writ of mandamus asking the appeals court to intercede. It issued the stay order Tuesday.

Tuesday, October 9, 2007

Greetings from Asha in India

Dear Laurel,

We at Kashmir Handicrafts (websites www.Kashand.com and www.Kashand.org) wish to thank you for your nice and informative Blog which we regularly visit and read. We are India based manufacturers and exporters of handicrafts and intricate Pietra dura tabletops, medallions and Taj Mahal replicas are our specialty. The issues confronting exporters are, in many cases, identical whether one is based in the US or in India. Many things on your Blog are noteworthy and make us learn a lot.

All of us thank you for your initiative and look forward to your continued writings. If at any time you or your friends require any items that we make, we would be glad to offer you our best attention and prices.

Thanks and regards,
Asha

Monday, October 8, 2007

Intentions....10/10

The intent of the action is solely held by the individual 'acting'. In my case, Essent ascribes my motivations as quite low, while many readers place them on a pedestal. The truth is somewhere in between. The comment about Publius took me back to my 7th grade Civics class, so very long ago.

"The consciousness of good intentions disdains ambiguity. I shall not, however, multiply professions on this head. My motives must remain in the depository of my own breast. My arguments will be open to all, and may be judged of by all. They shall at least be offered in a spirit which will not disgrace the cause of truth." -'Publius' The Federalist No. 1

Hamilton probably wrote the bulk of the Federalist Papers, but the contributions of John Jay and James Madison are far from forgotten. Could you imagine those authors having the power of blogs at their disposal? (A sidebar: Where is an Iraqi Federalist blog? Probably is one, and the topic is better left for a different blog.)


Has the blog been completely altruistic? Probably not, very few things are. I just see too many things that there should be awareness of, hidden from the public consciousness. We base so much of healthcare on trust. When that trust is violated, we all suffer.


Essent would probably say that their trust was violated, but the truth is, in healthcare we have so many barriers to knowledge of what really happens. There really is no 'loyal opposition' in healthcare. Government is the closest thing we have to that, as an advocate.

What happens in a socialized medicine senerio? Would I be facing a Federal suit? And who then is left to monitor?

A long while ago, I received an email from a blogger in the Netherlands, saying that he was fascinated by the blog, because in his country there wasn't such a thing (to this level). He wanted to follow-up with questions and an article, and suddenly nothing. Maybe, in a socialized medicine country, that's one stone you don't kick over.

It is ironic that the reason Essent was able to track back on me is because I wanted to be accurate in what I wrote--by using their own words. Posted at their own websites. I just did it a bit less covertly than I should have.

Friday, October 5, 2007

Who Moved My Client Base?

I wrote this story, "Who Moved My Client Base?" special for Small Business Trends.

It's about a business owner named Mel who is faced with a slowing small business. He uses social media to turn things around and grow his business by tapping into a global client base.

Hope you like it and if you do, please comment and then pass the story along to someone you know who might benefit.

It's Hard To Remember....10/7


...that the objective was to drain the swamp when you are up to your butt in alligators....

MY problems aren't the problem, merely the symptom. (Lord, that took a bit to say it.) The manifestation of Essent's attitude first impacted staff, then patients, and now the community. Obviously, I was not the first--Holly was. And there are plenty of examples of the staff's treatment.

But what about patients? Rumor has it that Essent is sweating this last incident, and that a case is being talked around.

Have you noticed that several healthcare corporations have been purchased in the last year...and we know that Essent is being shopped out. So why hasn't it been bought?

No matter what you may think, it isn't the blog. Again, merely the symptom, not the cause.

Merrimack Valley Hospital $-1,498,033
Nashoba Valley Medical Center $860,296
Sharon Hospital $1,467,558
Southwest Regional Medical Center$-212,615
Paris Regional Medical Center $288,275*

So, investors have a ROI of less than a million on what kind of investment? Sounds like the Out-Patient Surgical Center here.... You be the judge....

*figures from AHD.com

Wednesday, October 3, 2007

Cultural Collaboration At Its Best

Recently, 40-plus IBMers from 11 different nationalities got together. Official assignment: To identify the key attributes that make IBM global delivery special. Unwritten agenda: To meet each other and create a “cultural connect.”

Guess where it all took place? Second Life.

Read more about it here.

Innovators Using Technology To Make The World a Better Place

Read all about the tech awward laureates here.

2007 Laureates

Intel Environment Award Laureates


* Emulsified Zero-Valent Iron (EZVI) Team FL, Kennedy Space Center, Florida
* Fundacion Terram Chile, Santiago, Chile
* Joe David Jones, Skyonic Corporation TX, Austin, Texas USA
* Marc Andre Ledoux, Consortium SudEco Industrie Montreal, Canada
* Solar Sailor Chatswood, Australia

Accenture Economic Development Award Laureates

* Anil Chitrakar, Babu Raja Shrestha, and Prachet Kumar Shrestha, Environmental Camps for Conservation Awareness Kathmandu, Nepal
* Association la Voute Nubienne Ganges, France
* blueEnergy San Francisco, California, United States
* Kamal Quadir, CellBazaar Dhaka, Bangladesh
* Kiva.org San Francisco, California, United States

Microsoft Education Award Laureates

* Canal Futura Rio de Janeiro, Brazil
* Elluminate, Inc., Fire and Ice / Elluminate Live! Ft. Lauderdale, Florida, United States
* Institute for the Study of Knowledge Management in Education, OER Commons Half Moon Bay, California, United States
* Robert Shelton, Terry Hodgson, and Stephanie Smith, Math Description Engine Software Development Toolkit and MathTrax application (MDE-SDK MathTrax) Texas, United States
* TakingITGlobal Ontario, Toronto, Canada

Katherine M. Swanson Equality Award Laureates

* Counterpart International Washington, DC, USA
* Devendra Raj Mehta, Bhagwan Mahaveer Viklang Sahayata Samiti Jaipur, India
* Grameen Shakti, Empowerment Through Renewable Energy Technologies Dhaka, Bangladesh
* Innocence Project New York, U.S
* Tropical Forest Trust, Indigenous Peoples Voices Programme Craissier, Switzerland

Health Award Laureates

* Diagnostics Development Unit, University of Cambridge & Diagnostics for the Real World Ltd. Cambridge, U.K.
* Donald O'Neal, HELPS International Farmersville, TX U.S.
* P&G's Children's Safe Drinking Water Program Cincinnati, Ohio, USA
* PATH, Vaccine Vial Monitor Seattle, WA U.S.
* Vaxin Inc., Rapid-Response Bird Flu Vaccine Birmingham, Alabama, U.S.