Jetzt hab ich gedacht, wow, endlich mal was Interessantes.

Making Money with RSS
Wednesday, May 2 10:00 AM - 11:15 AM, Lando 4201
Speaker(s): Walter VonKoch - Microsoft
Audience(s): Business Decision Maker, Developer
Learn how to use RSS to engage with your customer and pull them directly into your world. Find out how to create new revenue opportunities by enabling your customers to purchase directly from your site’s RSS feeds.

Walter vonKoch, offenbar deutschstämmig, schreibt seinen Nachnamen zusammen und spricht ihn “van Kotsch” (wie auch schon Namensvetter Ed Koch seinerzeit in New York, gut zu hören auf “The Concert in Central Park” von Simon and Garfunkle: “We would like to thank Ed Kotsch” - gellendes Pfeifen. Aber das gehört nicht hierher.)

Ablauf bisher:

- 10 Minuten Verspätung, bis die Auflösung des Laptops zu der des Screens passte

- 20 Minuten Einführung in RSS

- 20 Minuten über Microsofts Simple List Extensions (SLE)

- ein guter Witz: “For $45 I will send you a PDF how to make money with RSS.”

- zwei völlig generische Folien über “Where’s the Money?” und “RSS, make me rich quick please”, die ich mir auch in fünf Minuten hätte selbst ausdenken können.

- eine längliche Einführung in die Windows RSS Platform

Danach hab ich nicht mehr so genau zugehört.

Schade drum. Ein bisschen Schlaueres hätte man sich vermutlich schon ausdenken können.

One thing that continues to amaze me in general is how bad public computers are often set up. Even in larger Internet cafés or hotels in have seen the weirdest configurations in terms of security and privacy.

The last place where I expected this, however, is a Microsoft conference where everything seemed to have been thought through to the very last detail.

In the conference area, there are dozens of public PCs available for participants, which is good, even though there is WiFi coverage, because not everybody wants to drag the laptop with him all day, plus no laptop battery lasts all day.

Obviously all PCs are set up the same, as the installation comes from a single image. The only program that can be started is the Internet Explorer - which makes sense. In the Internet Explorer, the “Tools” menu is disabled (i.e. the icon is not displayed), so there is no obvious way to delete the browser history after a quick emailing session.

If you search a little longer (Vista is still new for most of us) you will find the options in the Control Panel at “Delete Browsing History”. The dialoge box that opens looks like this:

This is where it gets really strange. You can delete everything (Files, cookies, etc.) except the browser history, as this option is disabled. The browser history is only deleted when the PCs are rebooted.

I asked the helpdesk staff if this was meant to be, aend a nice guy named Miles did acknowledge that this appeared to be a stupid setup, but that they had not build the image but only copied it to the PCs, and that they were not allowed to change it “for security reasons - now that you tell me this, I realize how absurd this is”, Miles said.

This conversation took place on Monday, and there was no apparent change in the setup yesterday. So during one break I looked at three PCs. The (only) good new is: I did not have access any email accounts. This being a tech savvy audience, nobody did not press “logout”, before he or she left the computer. However, a lot of private data was visible to me. Here are some examples.

At every computer I looked at, ten or more email addresses were easily visible just by opening the site again (I guess they all saved cookies).

Ben Skelton is using Google Apps for your domain and jackyxu98 is using MS Hotmail.

Yahoo! Mail displays the account name in the page title, so all usernames are conveniently listed in the History:

whoiskb and david_kizzia are using Yahoo! Mail

There were some other funny things to look at. Somebody from Russia obviously is preparing some dates back home, so he logged into dating.ru and looked at some profiles of girls.

I’m not a master of the kyrillic alphabet, but it looks like he was checking out Svetlana, 19, and Svetlana, 23 (he must like that name) and some others.

Plus, a sweet and pure newborn from Scandinavia and his mother were looked at from Las Vegas:

Picture gallery from Scandinavia (the only edits I made are in the left picture - you don’t want to start your life being posted like this with your real name)

Funny, right? Well, not entirely. I have at least three reasons why this is bad, even though I was not able to get into the email accounts:

1) Many people, maybe some of them walking around here, will have more knowledge than me and might be able to get into them with the address and the cookie

2) If I was a spammer, I could have walked around during a break and collected hundreds of email addresses.

3) As some of the email addresses are clearly secondary/private, and as everybody is wearing badge with the real name clearly visible, it would be very easy to post some facts like “John Doe from ACME Corp. has setup a private email address “meet-me-in-my-hotel-room@yahoo.com” for the conference. I don’t find this funny, but some people might.

I think Microsoft could really do better. There are staff members around to restart the browsers in every break and set it to display the mix homepage, and it would be very easy to tell them to delete the browser history as well - after enabling that feature.

Tags: mix07, public pc, security issues