Mild science, tech news, stories, reviews, opinion, maps and humor

24 November 2013

Bitcoin in the limelight: Questions for buyers and investors

DDoS attacks manipulate vulnerable markets

The vulnerable market was the Mt. Gox Bitcoin exchange. In April 2013, Mt. Gox was overwhelmed by DDoS. The point, the company speculated, was to destabilize Bitcoin and fuel panic-selling. After driving market prices down, the attackers can then rush in and buy Bitcoin at the lower price. Obviously, this isn't fair.

Life isn't fair but Bitcoin must be

Life may not be fair in general, but securities and currency markets require fairness and avoidance of market manipulation in order to function. Without it, they will die. Trust is essential. Apparently, Mt. Gox was robust enough to withstand this volatility. The attackers were fortunate. In their pursuit of unfair profits, they are taking a selfishly short-term view. DDoS attacks could destabilize Mt. Gox, or any other entity that serves a similar purpose. If that happens often enough, or in sufficient size, it will undermine credibility in Bitcoin.

Mt. Gox wasn't uniquely vulnerable. In the past few months, there were other DDoS related Bitcoin extortion incidents. BTC-China was brought down in September 2013, and BIPS, a European payment provider, experienced a DDoS attack two days ago, on 26 November 2013.

27 October 2013

Paleo specie

This is BB Billosaur, a ceramic piggy bank for paper currency. He is made by Le Mouton Noir & Co. Le Mouton Noir is located in New York City. I am not surprised (I miss it there).

The store owners describe their motivation:
For many years we have followed the heard like a flock of sheep. Working hard, learning and growing, we have never let go of our dream. The black sheep finally wakes up and steps forward to have some fun.

Meet bb billosaur a ceramic piggy bank
Billo-saurus!

BB Billo seems difficult to resist: A paper currency-only porcelain piggy with holes down his back emulating a Stegosaurus-like Mohawk, made by black sheep!

25 October 2013

Account hijackers

If a message originates from a familiar name or email address, its likelihood of making it through spam filters is greater.

Google described their efforts to minimize harm to users due to email account hijacking:
"Our security team...saw a trend of spammers hijacking legitimate accounts to send their messages. [We developed] a system that uses 120+ signals to...detect whether a log-in is legitimate, beyond just a password."
Less than 1% of spam emails make it into a Gmail inbox.

chart Google Gmail accounts compromised since 2010 decreased to nearly zero
Legitimate Gmail accounts blocked for sending spam versus time

The number of compromised accounts decreased by 99.7% since 2011. That's impressive, for a sustained reduction! How does Google avoid false positives? I am so curious about the specific details of their filtering rules!

The blog post was written in March 2013. It is remarkable that the same methods continue to be effective, as Gmail spam-attackers would perceive this as a new challenge to be overcome.

120 Signals


I suspect that Google's methods are analogous to those used by the U.S. Department of Health & Human Services' Centers for Medicare & Medicaid Services (CMS) in detecting medically unlikely edits (MUEs). MUEs can be accidental, due to claim coding or data entry errors. MUEs can also be deliberate, when there is fraudulent intent, e.g. by filing for more services, or for more expensive services. Regardless of intent, MUE identification reduces paid claims error rates.

How will the Affordable Care Act impact existing processes for detecting MUEs, and for setting benchmarks? CMS does not disclose its MUE criteria for the same reasons that Google will not reveal details about their 120 signals.

Continuous improvement is a part of life, for email-spam account hijackers, Google and the fraud detection team at the Centers for Medicare and Medicaid Services.

I wrote a post about health care, with a much more Ellie-centric theme, a few years ago. That was when I worked as statistician for ACCCHS, Arizona's state-administered Medicaid/Medicare program, monitoring program performance and quality of care.

11 March 2013

Compressed data for prayer, anagrams and digital rights management

I found an oddly contemporary-looking New York Times article that is in fact, quite vintage for the Internet. It begins with a review of a most peculiar e-commerce company:
doing business with Newprayer.com may require a leap of faith.
- Compressed Data: Beaming Prayers to God's Last Known Residence
via The New York Times Online, 31 August 1999.

Example of ecommerce in 1999
Last known location of the divine is
easier to find than this website
Image provided courtesy of archive.is
The Internet Fraud Watch for the National Consumers League was deluged with complaints about fraud on the Net, having received 7,700 last year and 6,000 through the first six months of 1999.
If they only knew what was to follow, in less than ten short years.