With a general election just weeks away now, I’ve been wondering just what part Twitter will play in electing the next government? A new poll by Lewis Communications has revealed that 24 percent of the 1000 people consulted thought that Twitter was an essential communication tool in a democracy such as ours. That said, only 27 percent said they might be encouraged to vote for an MP who contacted them through their social networking service compared to 48 percent who would not be so minded. Mind you, one in six of those asked also thought that the barman in The Simpsons, Moe Szyslak, was a political blogger so maybe we shouldn’t take these figures too seriously.

A couple of numbers that did jump out at me from that survey though were related to online voting and political websites: 77 percent wanted to vote online this year, and 56 percent had visited a political website already in the run up to the General Election. Eb Adeyeri, Digital PR Director at LEWIS Communications, reckons that many people believe this will be “the UK’s first “Internet election” with politicians exploiting channels such as Facebook and Twitter to convey their message” but warns that a “badly-focused social media campaign could do more harm than good as Gordon Brown discovered with his infamous YouTube appearance”.

The Labour Party is taking Twitter seriously enough to have appointed a ‘Twitter Tsar’ in Kerry McCarthy MP, while Tory leader David Cameron famously dismissed Twitter users on a radio show by saying that “too many twits make a twat”.

Certainly there are more MPs, and would be MPs, using Facebook and Twitter than ever before it seems to me. Of course, the cynical side of me does accept that the rise of the micro-blogging and socially networked MP and the forthcoming election may be linked. There’s even less doubting that Twitter has become politicised to a degree, and loosely organised Tweet campaigns can be more effective as a lobbying tool than many other avenues when it comes to getting massive media attention in the shortest timescale. We’ve already seen many such groundswell campaigns on Twitter, and as the election draws ever closer I expect we will see many more. Of course, with that election looming we’ll have to expect less of these campaigns to be true feelings of the people events and more of them to have the hand of The Party pushing them.

But how can you track and analyse party political activity on Twitter? Sense Internet reckons it has the answer with the newly released the Tweetlection tool which
claims to track comments about political parties on Twitter, providing a picture of those politically motivated keywords that are most active at any given time.

“While all parties engage in tweeting, until now it has been hard to get a real-time picture of what is being said on key issues, and by whom,” says Sense MD Aidan Cook. “Previously it was difficult to get an accurate view of just how much excitement or interest a specific event or issue was generating”. Cook reckons that users will be able to get at a glance overviews of “the frequency of tweets over time for each party and the common themes in those tweets” which could help political parties modify existing themes and messages, or even create new ones.

Get this: developers of ’second-tier’ web browsers are moaning about how unfair it is that Microsoft is advertising their products for free. Sheesh!

You can, I do believe, file this one firmly under WTF? Apparently, forcing Microsoft into displaying the ballot screen and effectively giving them free advertising is not enough. Now six of the seven clients which do not make it onto the first screen of browser software choices, the so called second-tier browsers, are complaining to the European Commission for what they consider an even fairer slice of the pie as it were.

While the developers of the Avant, Flock, GreenBrowser, Maxthon, Sleipnir and SlimBrowser browser clients have petitioned EC vice-president Neelie Kroes to get Microsoft to change the ballot screen so that their somewhat obscure browsers are given a bit more prominence. The argument being that users only see five browsers (Chrome, Firefox, Opera, Safari and Internet Explorer itself) by default without scrolling to reveal the less popular choices. What the moaning minnies want is an indication that they actually exist, encouraging users to scroll right and reveal them.

The petition states that the design “leaves the vast majority of users unaware that there are more than five browsers to choose from” and complains that the browser developers “did not have the opportunity to offer any Browser Choice screen design feedback”. Well duh, why should they have had? Indeed, the petition suggests quite rightly that Microsoft has no intention of making any changes.

If I were those second-tier browser developers I’d be keeping quiet on this one. Heck it’s a pretty massive publicity boost that they have been included at all, considering that most users will not have a clue as to their existence and be even less bothered about using them. the way that the Internet works is such that if they were really that worthy then surely they would have floated like cream to the top, although still underneath the silver foil cap that it Internet Explorer of course. While you might argue that Chrome only made the impact it did on market share courtesy of being developed by Google, you’d be wrong. Sure, that did it no harm but if it were not for the fact that it’s so fast and fabulous (yes I’m an ex-Firefox convert in danger of becoming a Chrome fanboy) it would have sunk without trace in the market share stakes. And the argument falls apart entirely when you consider the share that Firefox managed to carve out on word of mouth alone.

So my advice would be to Shut The Flip Up and worry less about Microsoft being a big pile of poo pants for not giving your second-tier clients more prominence in this free advertising jamboree and worry more about improving those clients so that they become first-tier through functional merit.

Have hackers now become industrialised, to the extent that they now represent an exponentially increased threat to not only individuals and business, but Government and worryingly the education sector as well?

That’s the striking conclusion of a new report from data security specialists Imperva. It even goes as far as comparing the emerging industrialization of hacking to the way in which the 19th century Industrial Revolution advanced methods and accelerated assembly from single to mass production. “The result” Imperva warns “is that today’s cybercrime industry has transformed and automated itself to improve efficiency, scalability and profitability”.

The ‘Industrialization of Hacking’ report has uncovered a plot to infect educational servers worldwide with Viagra ads that download malware to the victim when they visit the infected pages, hosted on otherwise legitimate educational sites.

This is just one example of the increasingly industrialised methodology being implemented by hackers to automate an as yet unreported search engine manipulation scheme which has already infected hundreds, and quite possibly thousands, of .edu and .ac.uk servers with these infected Viagra ads.

“This attack on academic institutions highlights how hacking has become industrialized infecting servers from major institutions including UC Berkeley, Ohio State, University of Oxford and more” explained Imperva CTO Amichai Shulman, who continued “ironically, this technique is the most prevalent method used to create havoc in cyberspace, yet remains virtually unknown to the general public”.

It would appear that over the years there has emerged a clear definition of roles and responsibilities within the hacking community. Think of these as developing to the point where they provide a supply chain resembling, in many ways, a drug cartel.

Indeed, you can see a division of labour within this highly industrialised hacking community that encompasses researchers, farmers and dealers. The researcher looks for vulnerabilities in applications and frameworks, selling what they discover to criminal groups and turning a profit in the process. Farmers, on the other hand, are primarily responsible for maintaining and increasing a botnet presence through the medium of mass infection, again looking to carve a profit and often working on a per infected zombie basis. Which just leaves the dealers who, just like their drug cartel counterparts, are tasked with the distribution of the end product, in this case a malicious payload, and who also earn their keep on a commission only basis. Everyone makes some money, the criminals running the gangs make a big one of course.

If these guys are, indeed, making educational servers a target now then it’s a worrying move and one which is likely to cause a headache for network admins across campus on a global basis.

Let us know here at IT Pro if you have seen an increase in malicious activity within your academic domain, and what you have been doing to combat it.

The trouble with putting a fair usage cap on unlimited broadband accounts is, quite simply, that they are unfair. If those accounts were advertised as being ‘actually really rather limited broadband, dontcha know old chap’ then maybe I would be happier with the notion of traffic management policies. If traffic management policies were explained in real world detail to the consumer at the point of sale, before they became just another unhappy mug punter, I’d be happier still.

Not that I think that someone doing an online equivalent of the fat bloke in the all you can eat joint should pay the same as the healthy eater, that would just be unfair on the majority. However. I think that the virtual fat bloke should be able to stuff twenty burgers and fries an hour in his face if that’s what the sign on the door says he can do, without having a waiter watching his every mouthful waiting to pounce with the smallprint on the back of the menu in hand after burger number three.

Replace burger with BBC iPlayer or Spotify and all of a sudden you realise that there are more potential ‘fat blokes’ than you might imagine. Broadbandchoices recently undertook a survey of some 1400 broadband users and discovered a completely unsurprising fact: many people don’t have a clue when it comes to what fair usage actually is, what data caps their ISP imposes or even how much they themselves download in an average month.

Michael Phillips, product director at Broadbandchoices, reckons “the rules governing fair usage policies and download limits need to be taken out of the small print and made clear and easy for everybody to understand. Whilst we do urge broadband users to take responsibility for their downloading habits and find out what the rules are, ISPs also need to do more to raise awareness of this issue”.

You don’t have to be a Twitter Psychic to know when people are away from home, you can use the Please Rob Me website instead.

A group by the name of Forthehack has launched a website called Please Rob Me which serves to expose the security risk of location-aware online services such as Twitter and Foursquare. It has opted to do so by listing all the empty homes that are available to be robbed by publishing a live feed of those Foursquare players who automatically post location updates to Twitter.

As I write this there are some 180 ‘new opportunities’ to rob someone, with Twitter usernames displaying exactly when these people left home.

So why am I publicising this? Because it’s a really good idea in that it exposes the folly of sharing your location data, at all times, via services such as Twitter, Google Buzz and of course Foursquare to the world at large without a second thought to the security implications of doing so.

Some might argue that it is irresponsible to publish this data, but hang on a minute the whole point is that all this data is already in the public domain. The irresponsible action is being taken by those choosing to put it their, not by those opting to remind them how stupid they are being.

Seriously, would you put an advert in the local paper saying ‘I’m leaving my house tomorrow at 10am and won’t be back for 3 hours’ or such like? I’m guessing the answer is no, yet plenty of people are quite happy to do the equivalent online in the name of being social, or playing a game. It really does beggar belief.

Seriously again, things are even more problematical with geo-location aware services these days as they can actually post maps showing exactly where you are based on the GPS data of the mobile device being used to make your postings. So not only do people let the world know they are leaving the house empty, but they show them exactly how far away from it they are as well.

Here’s what the people behind the Please Rob me site have to say in defence of their actions:

“Don’t get us wrong, we love the whole location-aware thing. The information is very interesting and can be used to create some pretty awesome applications. However, the way in which people are stimulated to participate in sharing this information, is less awesome. Services like Foursquare allow you to fulfill some primeval urge to colonize the planet. A part of that is letting everyone know you own that specific spot. You get to tell where you are and if you’re there first, it’s yours. O, and of course there’s badges. The danger is publicly telling people where you are. This is because it leaves one place you’re definitely not… home. So here we are; on one end we’re leaving lights on when we’re going on a holiday, and on the other we’re telling everybody on the internet we’re not home. It gets even worse if you have “friends” who want to colonize your house. That means they have to enter your address, to tell everyone where they are. Your address.. on the internet.. Now you know what to do when people reach for their phone as soon as they enter your home. That’s right, slap them across the face. The goal of this website is to raise some awareness on this issue and have people think about how they use services like Foursquare, Brightkite, Google Buzz etc. Because all this site is, is a dressed up Twitter search page. Everybody can get this information.”

How much will a data breach cost my business? That’s the question often asked of risk management consultants by companies looking to balance the cost of security against the potential damage of lost or stolen data. Well, courtesy of privacy and information management research specialists the Ponemon Institute we have an answer albeit a generic one: £64.

That’s £64 for each and every lost customer record, and not the total impact upon the bottom line, I hasten to add. It’s a little less for public sector organisations at £54 per record, and a little more for the private sector at £69, but the average is £64.

The Ponemon Institute, together with PGP Corporation, has completed its third annual study into the costs that UK organisations will incur following a data breach and discovered that it’s gone up by seven percent, per record, on average during 2009 when compared to the 2008 figure of £60. Compare it to the 2007 result and the increase is even more dramatic as back then the cost was just £47 per record. It would appear that much of the difference can be absorbed by reduced consumer trust which contributes a whopping £29 of that £64 total.

“This third annual study shows that the financial impact of data breaches is hitting UK organisations harder and harder each year” Dr. Larry Ponemon, founder of The Ponemon Institute says, adding “In the commercial sector the costs associated with customer churn and attracting new customers are particularly acute, but our research suggests these firms are getting better at detection, remediation and customer communications. However, these efficiencies aren’t shared in the public sector, where the direct costs of a data breach are significantly higher. For example, the cost of notifying users that their records might have been compromised is more than four times higher for public organisations than for private firms”.

Oh, and in case you were wondering, the average total cost of a data breach according to the report was a staggering £1.68 million.

The rapid advance of the cloud, along with other existing Internet-based services, into the business space has highlighted the need for trust in the underlying protocols that provide the driving force behind the Internet. Some are now arguing that a secure software-based DNS signing system is essential if business is to maximise the potential of the cloud.

With the release of OpenDNSSEC, software under a BSD licence which helps simplify the process of creating and managing DNSSEC signatures, that goal could have got a little nearer. Not least as the software can be downloaded and installed on existing systems, without interfering with existing infrastructures, and used to quickly set up and provide a secure DNS service without hassle.

What is DNSSEC do I hear you ask? Well DNSSEC essentially secures the data used to translate domain names by the addition of a cryptographic signature to that data and so providing proof that the query has not been modified in transit. This is increasingly important as the bad guys start targeting the data in DNS caches which, without such measures, is now hugely vulnerable to attack. OpenDNSSEC has been developed as an open-source turn-key solution for DNSSEC to secure zone data just before it is published by effectively taking in unsigned zones and adding signatures and other DNSSEC required before passing it on to the authoritative name servers for that zone.

Natalie Booth, organiser of the 360°IT infrastructure and security conference, is a fan of the open source initiative. She reckons that by allowing site owners and operators to download the OpenDNSSEC software, the open source initiative is paving the way for a new generation of Internet software and browser add-ins that uses this important new technology. “360°IT welcomes the release of the open beta of this BSD licensed software and expects to see a flurry of software arriving in the coming months that advances what looks like being a major evolution in Internet security” Booth says.

So a press release lands on my virtual desk this morning, informing me that I have ’so much freedom’ in my pocket and extolling the virtues of sharing the mobile 3G Internet. There is just one thing wrong with this enthusiastic release for a 3G router so I can share my mobile broadband connection around between friends, family and colleagues - and that’s the real world.

“The new Wireless Mobile Router 300N X2 enables the user to easily share wireless mobile 3G internet at any location such as a hotel, conference room, café or camping site” the email from the PR begins, and the release itself continues with such classic lines as “ideal for mobile users, who want to share mobile 3G internet with multiple users at any location”.

I particularly liked the optimism shown by Sitecom, whose product this is bigging up, when talking in terms of sharing ones “3G internet subscription with colleagues in a conference room or on a business trip, with fellow students at school or with family on the camping site”.

Have these people never actually bought a mobile phone, or indeed a 3G mobile broadband access dongle and used it for Internet related stuff? Have they never looked at the terms of the contract? Or do they live in some fantasy world where the words ‘usage cap’ and ‘monthly data limits’ have not been invented perhaps? Accessing the Internet courtesy of your mobile device is great, but exceed the monthly limit and you’ll find yourself either dumped into the world of no access (or at least no vaguely usable access) or the world of the ‘now the network provider can charge you at the truly exorbitant per Mb rate’ which is even worse.

I am fortunate in that pretty much everywhere I go my 3G connection is rubbish, meaning that I can stay within my monthly data cap. That said, when armed with a netbook and a 3G dongle in an area of decent reception and given a day with nothing better to do I am like most nerds in that I can do some serious damage to it by way of streaming video and some monster downloading sessions or perhaps a bit of chatting via Skype even.

Look, I am willing to admit that this mobile router looks impressive on paper: “two Internal High Performance Antennas to strengthen the range of the wireless network” which “reduce dead spots and guarantee expanded coverage at any location” and comes complete with 802.11n and WPA2 support via a one-button setup system.

But, and it’s a huge J-Lo booty sized but, why would anyone in their right mind want to share their 3G Internet access with anyone? Seriously, if you are on a camping trip with me bring your own Internet enabled mobile device. Honestly, if we are at a conference and your mobile phone won;t connect to the Internet well tough, should have bought a better mobile phone. And as for fellow students at school, gee whizz, if ever there’s a case for a stupid argument in a press release getting some kind of award then that has to be it.

Here’s the bottom line: buy your own 3G dongle, buy your own 3G mobile phone, use a WiFi hotspot.

So, to conclude, nice looking bit of kit which falls squarely into the for use by millionaires, tech philanthropists and idiots only.

Welcome to my oddest headline since I suggested Vista added to the global warming problem. Bear with me and I’ll explain the connection between the data thieves and carbon emissions.

As you are probably aware, the world of greenhouse gas, carbon emissions and global warming is a highly politicised and highly complex one. One of the ways that those companies which pollute the most are encouraged to reduce their carbon emissions is the good old bribery option, formally known as an economic incentive I do believe but we all know what they mean really. Anyway, these bribes, sorry I mean incentives, operate by a limit being set on the pollution level that is allowed and those companies being issued with emission permits. The companies also get an equivalent number of ‘emission credits’ that give them the authority to pollute to that level.

Which is where it starts to get interesting, as companies are not allowed to go over the cap set by the allowances and credits that they hold. Unless they buy more credits that is, and they can do this as companies which pollute less than their caps are able to sell their excess credits. Still with me, good. The idea is that the seller is being rewarded for lower emissions while the buyer is being penalised for higher emissions, and to oversee the exchange of these carbon credits there are trading registries.

And that’s where the phisher connection comes in.

According to the BBC this international carbon trading market has suffered at the hands of the bad guys, no not the highly polluting companies but rather the conmen and phishing gangs. Apparently some 250,000 carbon permits were stolen this week, with a market value in excess of 3 million Euros. Trading registries in a number of EU countries were forced to close down as a direct result, albeit temporarily.

It seems that the phishers created fake emissions registries and then emailed thousands of companies across Australia, New Zealand, Germany and Norway in order to fool them into handing over the registration details needed for the fraudsters to steal their emissions permits. Enough companies did just that for the scam to be successful.

Phil D’Angio, director and online security expert at VeriSign, told me “It’s no surprise that fraudsters targeted the lucrative business of emissions trading. Phishing scams are most often seen targeting consumers, requesting banking customers to reconfirm account information for example. However, the concept is always the same. People are duped into entering sensitive data into fraudulent sites, resulting in them or their companies losing money or crucial information.”

And how has this contributed to global warming? Well according to several reports, and common sense for that matter, the scam and subsequent closure of registries and exchanges has hampered trading in carbon credits. And trading in carbon credits is mostly agreed to be a pretty important part of the drive to slow down climate change, ipso facto online crime is making global warming worse.

Without wishing to dismiss the importance of this too much, but at the same time attempting to swing the story back around to the enterprise, the moral of this should be that phishing gangs do not just target the consumer. Sure, that is the all too readily accepted assumption in the enterprise, and many CIOs and those responsible for information security at board level will dismiss the notion that the enterprise is at risk as a result. This particular attack shows that criminal gangs target whoever and whatever can make them a return, and that includes your business. Education, or perhaps I should say re-education, at all levels from workers to directors is required to prevent people falling for this kind of ‘for security reasons you need to re-register your details’ scam.

I’ve been all over the Johnny Depp is NOT dead story this weekend like a nasty rash. Seriously, how this could have spread quite so quickly is beyond me. It has run broad as well as deep, which is unusual for a Twitter hoax. However, it does serve to demonstrate not only how important Twitter is becoming as a breaking news source but also how badly things can go wrong if you treat Twitter Trending Topics as gospel instead of Chinese Whispers.

It only took me a few minutes of Googling to dig up the fact that the supposed car crash was actually an old hoax resurrected from 2004, and it wasn’t a very good one back then to be honest. The lazy hoaxer just pasted an image over an existing CNN news story page but couldn’t be arsed to remove the original text. So one minute it was talking about Depp in an alcohol fuelled death crash and the next about some British Navy types having a lucky escape from a caving accident. Sigh.

Sure, I had the advantage of being an online news guy so am blessed with one of those ‘I’ve heard that somewhere before’ kind of memories which comes with the territory. So when my wife woke me up and was all “the man I love is dead” on my ass I knew it was a hoax. Obviously I also knew my marriage was not, perhaps, as secure as I had thought but that’s another story.

What else I knew, once I’d done my investigating and written it up in the forlorn hope it might help stem the tide of misinformed tweets (it didn’t) was that it wouldn’t be long before the RIP Johnny Depp malware hit the web. Another forlorn hope that a security journalist warning the public to be alert might stop link clicking idiots doing just that. Still, the news stories went out yesterday.

Today the inevitable has happened and Graham Cluley over at Sophos has the video evidence of malware scammers using the web to direct people expecting to find video footage and news of the Johnny Depp death crash to something even nastier. Part of me wants to say that look, if you are searching for video footage of a celebrity perishing in a car crash then you deserve everything the malware scumbags throw at you. But then again, I’ve seen how devoted Depp fans react to the news that their idol may be dead (waves at wife across the office) and know that logic can often be thrown out of the window in an attempt to get at the truth.

To save you the trouble, here is the truth:

Depp did not die in a car crash in 2004 or 2010 and there is no video footage as a result.

Twitter should not be treated like News at Ten, but more as a load of people down the pub - and you wouldn’t necessarily believe Bob at eleven when he tells you that Gordon Brown has resigned over a sex scandal and he knows it is true because Fred told him and he heard it from the barman. Would you?