Identity thieves have regained the upper hand, suggests a new survey released Wednesday by fraud research firm Javelin Strategy & Research.  The firm's annual survey of 5,000 consumers suggests a rise in the rate of ID theft during 2011, reversing a drop in identity-related that was found in last year's survey.  The main cause of the new increase: A return to old-fashioned credit card fraud.

"There's been a rebound. … ID thieves have bounced back," said Javelin President James Van Dyke, explaining that meant about 7.7 million Americans were hit with credit and debit card fraud in 2011, or about 2.2 million more than in the previous year.

The survey estimates that 11.6 million Americans were hit by ID theft in 2011, compared to 10.2 million in 2010. Put another way, 4.9 percent of the U.S. adult population -- roughly 1 in 20 adults -- was affected by identity-related fraud last year, compared to 4.35 percent of the population in 2010.

---

Javelin, like the Federal Trade Commission, uses a fairly broad definition for identity theft:  any time a transaction occurs using a victim’s name or account information without authorization.

Nearly all the increase can be attributed to sharp rise in credit-card fraud, the survey found. Last year, 2.3 percent of all adults found unauthorized charges on their cards, compared to 1.4 percent in 2010.

A recent rise in credit card fraud has also shown up in previously unpublished research by security firm Gartner. Analyst Avivah Litan shared the data with msnbc.com. 

Her survey found that, of all adults who say they've been hit by credit card fraud at some point, 29 percent said the most recent incident had occurred in the 12 months preceding September, when her survey was conducted.  That compares to just 18 percent who said the most recent incident hit 13-24 months earlier.

"Our data says the same thing (as the Javelin data)," Litan said. "It is worth noting that increases in fraud rates are even more pronounced on the small business and corporate side, which Javelin didn't survey."

Javelin's 2011 survey is the seventh time the firm has queried American adults looking for ID fraud trends. The survey, which has a maximum margin of error of 1.7 percent, was sponsored by several financial services companies, but Van Dyke said the sponsors weren’t  allowed to interfere with the research methodology or the publication of the resulting report.

What would cause a rise in old-fashioned card data theft?  Numerous factors, Van Dyke said.

"It's probably partly an issue of where the gains (the banks) had made couldn't be sustained," Van Dyke said. "Also, the economy also plays a part. We've done this long enough to see a correlation between the state of the economy and this kind of fraud." 

The recession has made life a bit harder for banks’ back-end fraud prevention systems, too. Some consumers have simply stopped using credit cards, but maintain open accounts. These dormant cards are ripe for fraud.  Meanwhile, the recession has also dramatically altered some consumers’ buying patterns, throwing banks’ pattern-recognition efforts off.

There is good news within Javelin's results, however.  The rate of new account fraud -- when a criminal uses a victim's personal information and good credit to open up new accounts -- has dropped slightly, according to survey takers. New account fraud is much more of nightmare for victims, and more costly to financial institutions..

"In fact, the overall amount lost to identity fraud is down slightly," Van Dyke said, from an estimated $20 billion to $18 billion.

The survey also hints at some other larger trends in identity security.  Smartphone users are about 30 percent more likely to report being hit by ID fraud. Surprisingly, 62 percent say they do not use a screen password to protect their devices.

"People aren't protecting their devices," Van Dyke said.

Some 36 million Americans, or roughly 15 percent of U.S. adults, say they received a data breach notification in 2011 from a company indicating it had lost their personal information.  Those who say they received such a notice were more than nine times as likely to also report being fraud victims.

"This is a trend we see spanning four years now, yet we haven't been able to generate any meaningful public awareness around it," Van Dyke said. Many consumers don't even sign up for free credit monitoring services when they are offered by companies that have leaked data, he said. 

Even so, more Americans detected ID fraud through electronic monitoring of accounts -- such as through online banking -- than through paper statements, the first time that has happened, according to the survey.  Such monitoring leads to earlier detection and lower financial losses for both banks and consumers.

Finally, the survey suggests some connection between active use of social networks and ID theft. Slightly more than 10 percent of LinkedIn users say they were hit (10.1 percent), while 7 percent of Google+ users and 6.3 percent of Twitter users reported being victims -- all three above average. Facebook users, at 5.7 percent, were barely above the national average of 4.9 percent.

Those with public profiles often confessed to being careless with data: 45 percent share their birth date and year;  63 percent shared their high school; 18 percent shared their phone number; and 12 percent shared their pet's name.

"We still have a significant education problem," Van Dyke said. "Consumers are having trouble  being able to grasp what is sometimes conflicting advice in the marketplace. In fact, sometimes it’s impossible to follow the patchwork advice they are given."

*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter. 

When you buy an online coupon, how do you know a store will honor it?

Edgar Dworsky walked into Rose's Chinese Restaurant in Waltham, Mass., last week with a $6 coupon he’d purchased for $3 and found out the hard way that not everything is what it seems online.

The online coupon category is getting more crowded daily. Led by giants Groupon and Living Social, there are now hundreds of smaller competitors. But not every email offering a discount is a good deal.

Dworsky purchased his coupon from MobileSpinach.com in early February. But when he went into Rose’s, the owner said he’d never heard of MobileSpinach and didn’t plan to honor it. Instead of enjoying a cheap meal, Dworsky found himself in the middle of the messy world of online merchant discounts.

---

Dworsky’s tale isn’t unique. Many store owners around the country say they’ve never agreed to accept coupons being offered for sale on MobileSpinach, and the firm has been dogged by nationwide complaints that it is selling allegedly “fake” coupons. 

The firm’s co-owner, John Vitti, blames the complaints on misunderstandings, poor memories of merchants and over-eager affiliate salespeople, and says he’s happy to issue refunds.  But merchants getting pitched daily by ever-increasing number of Groupon-like sites are often caught in the middle, completely confused by the complicated world of e-coupons.

Dworsky was equally frustrated when he tried to use his coupon on Feb. 11.

“The man at the counter, the owner, said he didn't know what this certificate was, that he never agreed to offer these certificates, and that he had not been paid for them. He indicated that someone had come in the day before with one like it also," Dworsky said.

And while MobileSpinach later agreed to refund the $3 he'd spent on the coupon, he wasn't really satisfied. Calls placed to other nearby restaurants unearthed a similar pattern.

"This is a scam of sorts ... or a naive company that thinks they can advertise deals that they have not yet formally acquired," said Dworsky, a former assistant attorney general in Massachusetts who now runs the consumer advocate website MousePrint.org.

Indeed, MobileSpinach has previously been accused of selling deals it didn't really have the right to sell. Last August, San Francisco-area foodie magazine Grubstreet wrote two stories about restaurants and consumers getting tripped up by Mobile Spinach group coupons that weren't authorized. In November, a student newspaper at George Washington University reported the same problemin the Washington, D.C., area. The paper said 50 disappointed consumers were turned away from a small restaurant called Crepaway with invalid $10 vouchers they'd purchased from Mobile Spinach for $5. 

Other unusual stories dog Mobile Spinach. Jim Gilbride, who owns Old Country Deli in Hicksville, N.Y., told msnbc.com that a caller recently offered him an opportunity to buy a Mobile Spinach ad. He declined, and was surprised when the ad showed up on MobileSpinach.com anyway.

"I never heard him say (the ad would go up anyway)," Gilbride said. "I dismissed him when he called."

A man who answered the phone at Kabob Corner in Medford, Mass., said the same thing about a $3 for $6 coupon offered for that store.

"It is a fake coupon," he told msnbc.com before hanging up.

Even merchants who have dealt with Mobile Spinach seem to face some confusion.

At Creative Cakes in Silver Spring, Md., owner Randi Goldman said she agreed to a $5 for $10 in merchandise deal with Mobile Spinach about six months ago.  She generally feels pestered by sites like Groupon and Living Social, and doesn't like the revenue split they offer -- merchants only pocket 25 cents for every dollar in value that is sold. But her Mobile Spinach salesman said she'd earn 100 cents on the dollar for every coupon sold.

"They said they'd pay me $5 for every coupon, and there was a special deal with the credit card companies who would pay the other $5," Goldman said.  So far, only a few coupons have been redeemed and her PayPal account has been credited the funds, she said.

Vitti, the co-founder of Mobile Spinach, admits that there have been some customer service issues, but blames them on confusion in the coupon marketplace.

"This space is getting crowded," he said. "There's just so much confusion. Sometimes merchants don't remember what they've agreed to."

That's his explanation for Dworsky's issue at the Chinese restaurant.

“I personally had a conversation with the owner of Rose's Chinese Restaurant and he apologizes for this confusion and so do we,” he said. 

A worker who answered the phone at Rose’s said the owner wasn’t present and declined to comment.

Vitti said the rash of San Francisco complaints was the result of a short-term experiment that involved offering deals for sale before they'd been arranged with a merchant. The company later ditched the idea, he said. 

He attributed the Washington, D.C.,-area complaints to rogue affiliates. Some deals on MobileSpinach.com weren't arranged directly by the Mobile Spinach sales team, but rather by affiliates in a revenue-sharing arrangement.

"There was confusion because the only way to redeem those was for people to make purchases online, and they were walking into the store with those," he said. "Over time we were getting more and more customer support issues, to a point where we are uncomfortable with them. Sometimes these aggregators and deal providers don't have best relationships (with merchants). ... Sometimes you wondered, ‘Who's got the relationship here?' "

So as of Feb. 4, he said, Mobile Spinach has stopped dealing with affiliates and will only promote deals sold directly by its sales force. The number of deals being offered dropped from "thousands to about 400" as a result, he said.

"We are trying to clean up this industry," he said. “There has been many well documented problems in the coupon, gift card and now the deal space with redemption at any size merchant ... even large national retailers.”  

He said the full value offer to Creative Cakes was real – “customer acquisition costs,” he said – but added that it is only temporary.

Consumers who feel they've purchased a bad deal from Mobile Spinach should contact the firm for a refund, he said. "We have a refund-anytime, no-questions-asked policy," he said.

Merchants, however, face a slightly trickier proposition. They can refuse to honor any coupon, but that risks irritating a potential customer. Gilbride, the deli owner, said he'd probably honor a coupon brought in by a frequent customer just to avoid a negative interaction. 

”I've been in this business 26 years now," he said. "I try not to get frustrated anymore by any of this." 

*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter. 

 

"I should have flown with someone else or gone by car/’Cause United breaks guitars."  

Dave Carroll created perhaps the most successful gripe against a misbehaving company in the history of gripes, doling out Web-style justice with a remarkably viral -- and sarcastic -- music video. Now, he's trying to share his formula for success with other consumers on a website named Gripevine.com.

The site, which is free for consumers, is the latest in a crowded field of Web services that aim to act as a megaphone for aggrieved consumers who otherwise feel ignored when companies do them wrong.

---

Carroll suffered every traveling musician's nightmare in 2008. When he arrived at a gig after a flight, he found his guitar had snapped in two. The Canadian musician’s nightmare became United Airlines' nightmare after he posted the video.

Carroll's catchy and hysterical music video spread like wildfire in early 2009. As views crept upward toward 10 million, it was obvious that his song had become the gold standard in Web-based consumer revenge.

Carroll’s guitar catastrophe occurred six months earlier, when he tried to safely transport himself and his $3,500 Taylor acoustic from his home in Halifax, Canada, to Omaha, Neb. During a stop in Chicago, he says he and other passengers witnessed baggage handlers recklessly tossing bags on and off the flight. When he arrived in Nebraska, his instrument was critically damaged.

As recounted by Carroll, six months of haggling ensued. Carroll said he tried to make United fork over $1,200 to cover costs of repair. The airline refused. He said he'd accept the money in travel credits; United still wouldn't budge. As an act of desperation, he wrote the song and enlisted friends in the video production.

Within a few days, the song was viewed half a million times. Apparently spooked, United called offering Carroll $2,400 in cash and credits, which he said he declined, instead encouraging the airline to donate the money to a music school.  The song rocketed up the iTunes music chart, and Carroll received two Taylor guitars from the factory to use as props in a follow-up video.

And with the experience offering a nice lift to his band, Sons of Maxwell, it also opened him up to an entirely new world.

"When it went viral, I was caught off guard by the reaction,” he said this week. “I received about 10,000 emails in first three weeks. It was a conversation starter. People were telling me they liked the video, but they really wanted to share their own story. And they asked me for help. Obviously, I couldn't write a song for everybody. But I had a passion to help somehow."

After a couple of false starts, Carroll settled on Gripevine, which offers a simple-enough platform. Annoyed consumers post their gripes on the site.  An automated system informs the targeted company that a gripe exists and offers them a chance to solve the problem. If that doesn't work, Gripevine offers consumers a tool that "amplifies" the gripe, making it easy for social network friends to "support" the grievance by sharing it with their friends, who can then share it and their friends, and so on. 

"The more times your gripe is viewed and the more people you share it with, the more the company will be motivated to work with you to resolve your issue," says Gripevine on its instruction page.

Gripevine users will also earn "credibility points," which will help companies learn if the griper is just a serial complainer or a genuinely aggrieved customer with a beef.

Carroll is not providing the service out of the goodness of his heart -- companies will have to pay a fee to get access to a "dashboard" that makes dealing with gripes easy. Carroll is hoping that companies view the fee as a small price to pay to stem a looming social media train wreck.

Although Carroll lives in Nova Scotia and his business partners are in Toronto, Gripevine handles consumer complaints across the U.S. and Canada. The site launched earlier this month; so far, 4,000 consumers have signed up and a dozen companies have claimed their Gripevine pages, which Carroll said will be free for the first six months. The website is also in talks with several Fortune 1000 firms, he said.

"Every customer is a potential ‘United Breaks Guitars’ customer," he said.  "The right answer for them is solve each problem before it gets out of hand. ... United could have solved my problem with $1,200 in credits."

While there's an obvious pro-consumer tilt to such a service, and many companies have been initially skeptical when approached, Carroll says he genuinely wants to help both sides of the transaction. 

"We call ourselves the Switzerland of customer service,” he said. “Users can't use profanity. We encourage them to be solution-based. It looks like the small guy taking on big companies, and they are worried about brand bashing. But if you are a good company, you really do want to treat people right. ... Gripevine is one way you can turn these things around quickly."

Gripevine is not alone, though it is more sophisticated than most. A smartphone app called "ComplainApp" makes it easy for users to post their complaints simultaneously on various social networks. A website named GetSatisfaction.com provides tools for companies to set up their own online customer service communities, encouraging quick problem resolution. Straightforward Twitter and Facebook posts often get results, as many companies actively monitor social network for potentially damaging viral moments. And various complaint websites like ConsumerAffairs.com and RipoffReport.com (not to mention the Red Tape Chronicles) offer consumers a chance to simply post their frustrations and hope someone sees them and offers help.

The key for companies, Carroll says, is not waiting passively for the next clever trick that makes an angry consumer a Web sensation.

"When I had this problem, at the beginning, I had no social media clout," he said.  "If companies are solving people's problems based on how many Twitter followers they have, well, that's really short-sighted."

*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter. 

More content from msnbc.com and NBC News

• Cape Cod dolphin strandings keep rescuers working OT
• Leaked: Climate skeptics’ strategy for schools
• Study: 1 in 8 voter registrations have errors
• Restaurant settles lawsuit over N-word receipts

It appears that Mitt Romney now has a Rick Santorum Internet-age problem.

Recall that Web users who search for "Santorum" using a tool like Google are immediately confronted with a parody site that offers a faux definition of the word "santorum" which is not suitable for work or polite conversations.  Within the past few weeks, enterprising Romney-haters have pulled off the same trick, albeit at a slightly less tasteless level.

Searching for Romney using Google now yields a page defining the term Romney as "to defecate in terror" within the first five links or so, reports Danny Sullivan of SearchEngineLand.com.  (Go ahead, try it for yourself).

---

 

Clicking on the site brings visitors to a Web site called "SpreadingRomney.com" which echoes the SpreadingSantorum.com site.  The page repeats the definition and links to a story about Romney's ill-fated family vacation that include a lengthy trip with the family dog strapped to the roof of the car.

"I don’t recall seeing it recently, so it appears to be a new gain,"  Sullivan wrote in a blog post about it.

The rise is unusually meteoric, and almost certainly signifies a concentrated effort to game Google's ranking system. In fact, Sullivan uncovered a page at DemocraticUnderground.com encouraging people to "Google Bomb" the SpreadingRomney site.

(Geeks would say this technique isn't, strictly speaking, a Google bomb. But it certainly must feel like one to the Romney camp).

The site launched on Jan. 10, site creator Jack Shepler told Sullivan. He also said he's not affiliated with any campaign, and created the site just to be funny, "and to make a point."

It got a boost when msnbc's Rachel Maddow mentioned it during her show two days later, but that hardly justifies the high Google ranking. SpreadingSantorum has been around for years, has attracted thousands of links the old-fashioned way, and the site offers real points of debate about gay rights debate.  SpreadingRomney.com is hardly more than a blank page, yet still managed to fool Google and Microsoft's Bing. (Msnbc.com is a joint venture of Microsoft and NBC Universal.)

We've discussed earlier how political entities can trick search engines, and why Google seems to let this go on as a form of political speech.

Sullivan supports that concept, but the quick rise of SpreadingRomney.com might be changing his mind a bit.

"For this site to leap-frog ... others, it creates all the same issues that Google initially encountered with real Google bombs, the impression that anyone can fire off a linking campaign and make it into the top results for anything," he said. "Certainly Google should take a harder look at why its algorithm rewarded a site with so little substance to it."

 

*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter. 

Parents angry about Facebook use now have their poster child. He's a dad wielding a .45 pistol, who posted a YouTube video showing him firing bullets through his daughter's laptop computer as an act of discipline.

The shooter, who identifies himself as Tommy Jordan from North Carolina, has not yet responded to requests for comment, so it's not possible to verify the authenticity of the stunt, in which he allegedly “executed” the laptop after his daughter posted a profanity-laced note on her Facebook page.

No matter: it’s sparked a firestorm of debate. In less than 24 hours, the laptop-pistol video has garnered more than 1.5 million views, many of them parents cheering the uploader's depiction of tough love.

---

 

"I thought the video was great. I can only imagine the look on his daughter's face when she saw that on her Facebook page," wrote one.

"Sometimes to get your point across to a child (especially a teenager) you have to get their attention. These days that's hard to do. So he found a way to get her attention."

Still another: "I applaud it. She'll think twice before she hits the enter button next time. PS. Nice shot."

Other parents reacted with shock at the public humiliation apparently inflicted on the teenager by her father.

Monica Vila runs an online forum for parents struggling to deal with technology and teen issues called The OnlineMom.com.  She falls into the shocked crowd.

"When I saw it for the first time, I got chills," she said. "And when I saw people cheering him on, I got chills again."

She's heard from thousands of frustrated parents through her site, and she's even heard stories of parents hurling laptop computers out the window when children were disobedient. But she's never seen such a public attempt to embarrass a child.

The shooter in the video isn't acting like a parent, she said: he's acting like a peer, taking out his frustration.

"For the life of me I can't understand what the lesson here is," she said. "If you think about it, he basically just threw a similar temper tantrum to the one his daughter threw, except this one with bullets."

In the video, the man says his daughter had posted a profanity-laced comment on Facebook criticizing him, believing he couldn't see it. Using his skills as an IT worker, he did, a fact he mentions several times in the 8-minute video.

"Her actions merited some punishment, but he's basically saying, I'm more badass than you," said Vila. "Plus, the way the whole thing is choreographed. It's not about parenting. It's about him, he's mad, and he has a gun."

Parents have plenty of reason to feel angry -- even desperate -- about kids' use of social networks.  It's not unusual that they'd try something extreme to get their kids' attention, she said.

"I do see the frustration parents feel," she said. "But the applause of other parents saying, 'Yay,' comes from their unwillingness to jump in and be parents in the platform that their kids are playing in."

Betsy Brown Braun, a child development and behavior specialist, is sympathetic to the anger parents feel when faced with rebellious teen-agers. She even conceded that the video has high entertainment value, with the dad puffing on a cigarette while sporting a cowboy hat.

"The reason it's gotten people cheering it on is because parents are frustrated, she said. “ Teenagers are impossible. He was doing what any parent would like to do. They are living vicariously through him."

In fact, most parents have probably fantasized about doing something similar.   The difference is, they thought better of it, Braun said.

"The sane parents have stopped themselves," she said.  "The difference between a sane, mature person and a child is that the mature parent is able to stop their impulses and do appropriate things that can help a child grow. It may not be what you want to do right now, what feels good, but it's the thing that's going to benefit the child three months, six months, years from now.”

When Braun works with parents, she often hears some version of, "You don't know what it's like!" But as the mother of triplets, she had to deal with three teenagers at once. Some of her experiences are chronicled in the books she’s written on raising children, including "Just Tell Me What To Say,” and  “You're Not the Boss of Me."

She said her main concern about the father's actions in the video is the example they set.

"This models exactly what you don't want kids to do when they are upset," she said. "This is about how you handle rage. It's the

poorest example of shooting from the hip you could imagine."

But she saw something in the video that many observers might have missed.

"I heard this as a cry for help.  This guy is in trouble. The communication is so bad between them that, in this case, they are both acting like angry 5-year-olds," she said. "Teenagers can really be impossible. ... You get to the point where you say, 'I've had it. You are driving me crazy!' But he needs other tools for dealing with this."

 

*Abuse, appropriate parenting, or something in between? Tell us here
*Follow Bob Sullivan on Facebook     
*Follow Bob Sullivan on Twitter. 

 

More on parenting from Today.com

• Mom makes wayward teen stand on side of road with a “Honk if I need education” sign advertising his 1.22 GPA 
• Why making your kids cry for YouTube views is not bad 
• Hot sauce used in discipline
  

How much would you pay to be sure you wouldn’t get stuck in a middle seat on a 3-hour flight? Would you pay $2,000? You know airline fees have been a little crazy lately, but this sounds pretty extreme.

Famed consumer advocate Ralph Nader says American Airlines tried to charge him nearly $2,000 extra recently to get an aisle seat for an upcoming flight.

American Airlines says there is no such thing as $2,000 aisle seat fee.  But Nader was informed , repeatedly, that the only way he could be sure he’d be able to get an aisle seat to accommodate his large 6-foot, 4-inch frame on an upcoming Hartford, Conn., to Dallas-Ft. Worth flight was to buy a different ticket than the $750 ticket he already had -- one that would cost him $2,680, or almost $2,000 more.

"I knew that it might be $50 more for aisle seats. But they said, 'Oh no.  The only choice is pay $2,680 or be an elite traveler,’" Nader said. "It's extortion. They are charging you for knee lengths."

---

To be clear, American Airlines hasn't upped its aisle seat fee to $2,000.  Instead, when Nader's travel agent Bill Magner asked for an aisle seat, he was told there were no aisle seats left. When Magner looked at the seating chart of the plane and saw a dozen empty aisle seats, the American Airlines agent clarified by saying that all aisle seats available for seat assignments to non “Preferred” economy class ticket holders were gone.  But if Nader were willing to buy pay a full-fare, refundable ticket –  for $2,680.40 --  he could get a guaranteed aisle seat .

Got it?

"Astonishing," said Magner, who has booked airline seats for Nader for 30 years.  "When I called American Airlines, after I finally got them on the phone, they were absolutely no help."

But the airline said it's got a perfectly sensible explanation, and it's merely doing what nearly every airline does.

"The seats that were eligible to book ahead of time (by non-preferred customers) were already chosen," said Tim Smith, an American Airlines spokesman.  In other words, all the other aisle and window empty seats were being reserved for last-minute business frequent fliers, “preferred” customers or those who are willing to pay higher fares.  "The point of this exercise is to make sure our most loyal customers have first run at those seats."

This "the flight's not full, but it's full for you," confusion should feel familiar to folks who've ever tried to book a free trip with airline miles on a popular route.  Even if a flight is relatively empty, an airline can say that there are no seats left for non-paying miles travelers.  Now that seat assignments have become a source of revenue, airlines are beginning to apply the same logic elsewhere, with some awkward results.

Smith assured us that the airline isn't trying to sell consumers $2,000 seat upgrades -- but in fact, as Nader sat trying to book his Feb. 11th flight on Feb. 1, that was the only option available to him.

Airlines get away with creating artificial seat scarcity when they have a monopoly on certain routes. American is the only airline offering a non-stop from Hartford to Dallas-Ft. Worth, and Nader doesn't have a flexibility in his travels.  So he, like so many other travelers, was stuck.

"They are mopping up when they have control of the routes. It's really amazing," Nader said. ""These are rampaging, crazed corporations. The computer tells them there is no competition and they pull back all the aisle seats looking for money."

It's unclear how many seats are put on hold for last-minute preferred travelers -- Smith said the number varies with every flight based on a complex calculation, though "it's safe to say that the first 5, 6, or 7 rows are saved for preferred."  And that means it’s unclear how many aisle or window seats are available for reserve by economy-class travelers on the lowest rung an airline’s frequent flier ladder.

But don't blame Nader for thinking that a conspiracy is in the works: that the number of aisle seats available to economy travelers is precisely one fewer than they might want at the time of booking.

"They are setting a condition and then backing off and pulling back the seats whenever they want," he said.

Nader did have the option to wait until the day of his flight, when those held-back seats would be released, and hope there would be an empty aisle seat.  But of course, even when paying $750, there would be no guarantee.

RED TAPE WRESTLING TIPS

Exceptions do happen.  And on Saturday, after calls to the airline's executive offices and to msnbc.com, Nader was able to persuade the airline to place him in an aisle seat for his original $750 fare.

You, on the other hand, have only limited  options to make sure you don't get stuck in a middle seat between passengers named "Rock" and "Hard Place." Gaining preferred status on an airline and sticking to it is really the "best" of your bad options. Booking early, before those "available" non-preferred seats fill up, can help.  Only choosing destinations where there's healthy competition will help, but megamergers like the recently completed Continental-United marriage are making those harder to find.

But really, the only way to avoid such Draconian airline fees is to take the train.

 

 Don't miss the next Red Tape:
*Get Red Tape headlines on your Facebook Wall
*Follow Bob on Twitter. 
*Get an e-mail newsletter with Red Tape stories (requires Newsvine registration).

It should be clear by now that nothing online is sacred, and no security company is safe from hackers. VeriSign Inc., the firm at the center of so many critical systems on the Web, was infiltrated by hackers in 2010.  Because details of the attack, first disclosed Thursday by Reuters, are so vague we are left to assume the worst -- and the worst is pretty bad.

It's possible that the VeriSign hackers could turn the Web upside down and create an Internet where nothing would be what it seems.  A hacker website could look and act just like your bank's website. Your PC could easily be tricked into downloading automatic software updates that would appear authentic but actually contain viruses. And no matter what web address you typed into your browser, you could be redirected to a criminal's website half-way around the world.

But there's important context to this story which might ratchet down the "Oh My God!" factor considerably.  For starters, there is reason to believe that VeriSign's revelation is nothing more than evidence companies are starting to comply with rules forcing them to disclose such incidents: In other words, similar successful hacks like this may have occurred in the past but simply went unreported.  We'll discuss the evidence for that in a moment. First, let's look at the possibilities raised by the VeriSign attack.

---

 

VeriSign is involved in two distinct, fundamental Internet security structures that could be impacted by this attack.  A successful attack on one would be serious, but a raid on the other could threaten the Internet itself. So let's start there.

VeriSign's most critical function is its role in the Domain Name System address book, which governs what happens when Web users type common name Web addresses into their browsers.  There are 13 "root"  DNS servers placed strategically around the planet for redundancy. VeriSign operates two of them. Should a hacker gain access to this part of VeriSign's business, he or she could theoretically poison the other 11 root DNS servers, and the bad data would eventually spread to the other DNS servers. The consequences could be dire: It could mean that everyone who typed "msnbc.com" into a Web browser would be sent to a computer controlled by criminals, instead of the real msnbc.com website.  A computer criminal with destructive intensions could theoretically ruin the database that maps names with IP addresses and effectively shut down parts of the Internet. It has long been discussed that these root name servers are perhaps the most vulnerable point of the attack on the Internet

But it's more likely that the agencies controlling the other 11 root Domain Name Servers would be able to regain control of the DNS table and restore the system within a day or two, if not within hours. As you might imagine, root DNS servers do disagree from time to time and there is a process for handling that.

It's also important to note that VeriSign, in the SEC disclosure which started this incident, claims that its DNS servers were not attacked by hackers.

"Access was gained to information on a small portion of our computers and servers. We have investigated and do not believe these attacks breached the servers that support our Domain Name System ("DNS") network," the firm wrote in the filing.

VeriSign's other crucial function is issuing digital certificates through its VeriSign Authentication Services group. Certificates impact your computer use every day because they tell your PC that a company's website or software is really what is says it is. Certificates are a crucial part of the SSL system that ultimately displays a friendly looking lock when you visit your online bank.  They also identify the legitimacy of software updates sent to your computer by software makers.  Many modern PCs won't install software unless it is digitally signed. 

A hacker who could influence the way VeriSign issues certificates would be a massive problem for both consumers and corporations.

"VeriSign is one of the most important enterprise trust authorities in the world, which delivers people safely to more than half the world's websites,” wrote Catalin Cosoi, Chief Security Researcher at Bitdefender Labs. “A certificate issued by VeriSign will automatically be accepted by both browsers and operating systems. This kind of incident practically voids all the security provided by 64-bit operating systems,"

In other words, hackers would have an easy time loading viruses onto PCs around the world.

That's terrible, but it's not new. Virus writers have been compromising certificate issuers with abandon for the past 18 months. It's one of the reasons that Stuxnet computer virus managed to infect millions of PCs worldwide.  That also means structures are in place to deal with fraudulent certificates.

"The worst case scenario would be several phishing attacks with valid certificates that browsers will render as legit," Cosoi said. "This would potentially yield a huge level of data that could be exploited for financial gain. However, it’s important to remember that a strong anti-phishing solution will keep you protected."

Of course, it's not even clear from VeriSign's filing that its certificate business was compromised.  Complicating matters further: Symantec Corp. purchased most of that business from VeriSign last year. For its part, Symantec said on Thursday that the assets it acquired in the sale were not compromised.

"We want to make it very clear that Symantec takes the security and proper functionality of its solutions very seriously. The Trust Services (SSL), User Authentication (VIP) and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the VeriSign, Inc. quarterly filing," said Symantec spokeswoman Nicole Kenyon in a statement to msnbnc.com.

Of course, it’s possible that one of Verisign’s other business unit – it provides extensive security consulting, for example – was the hackers’ only target.  That seems unlikely, however, given the target-rich environment the offers to computer criminals.

To be sure, many experts think the Verisign attack is serious business.

"The SEC filing says 'Information stored on the compromised corporate systems was exfiltrated.' That sounds like a targeted attack to me," said Mikko Hypponen, chief technology officer at F-Secure.com. "Like the one against Google. And RSA. And Lockheed-Martin."

But it's possible the VeriSign admission, buried in the SEC filing, is little more than paperwork which puts in print something that security professionals have long understood: No firm is safe from hackers.  This might be at once comforting and disturbing: In October of last year, the SEC issued guidelines that called out public firms for under-disclosing security leaks and hinted strongly that fines would come when firms failed to report successful hacker attacks. The VeriSign quarterly report was issued soon after, and it's easy to imagine the disclosure is more routine than anyone would like to admit.  In fact, Stewart Baker, a lawyer at Steptoe & Johnson, predicted as much in a blog earlier this month.

"With enforcement so easy, and the harm from breaches so tangible, so serious and so likely to bring headlines, no one should expect the enforcers to go easy on companies that have been slow to disclose. Instead I expect a growing wave of cases based on companies' failure to make timely disclosure of ongoing breaches," he wrote.

Clearly, admission by VeriSign that executives at the firm were unaware of the breach shows a terrible lack of coordination inside the firm. And it's scary to read this admission, too: "Given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information."

Still, it’s important to note that we are talking about attacks that could be a year old, and whatever they were, criminals are already deep in the process of exploiting them. Sad to say there’s nothing most consumers can do in response to this report.

In health news, there’s always the complicated issue of increased diagnosis vs. increased incidence. Is a new disease on the rise, or are we simply better at finding cases of it? The VeriSign incident raises the same question.

But the deeper truth here is probably something that professionals have known for some time: In the cat and mouse game between hackers and security firms, hackers are winning and, in some places, it's starting to look like a blowout.  

 

 Don't miss the next Red Tape:
*Get Red Tape headlines on your Facebook Wall
*Follow Bob on Twitter. 
*Get an e-mail newsletter with Red Tape stories (requires Newsvine registration).

Cry as it might about the new federal rules designed to clarify flight ticket prices, the airline industry brought this on itself. The hidden fees and “after charges” encountered by flying consumers had reached such absurdity that one might rightly call them an attack on the English language.

Witness, for example, Spirit Airlines "passenger usage fee," which adds up to $16.99 to flights purchased online – each way.  The fee’s name implies that buying a ticket costs one price, but actually using it costs extra.  That's absurd.  It's also not quite what Spirit is doing -- the fee is assessed to consumers who purchase tickets through the airline’s Website. The only way to avoid the fee is to buy tickets at the airline's airport counters.  

---

Either way, consumers have had enough, and now the Department of Transportation has, too.  Could similar rules for other industries, such as cell phones or pay television, be far behind?

On Thursday, new consumer-friendly federal Department of Transportation rules kicked in that require airlines to quote prices including all required fees and taxes.  The airlines aren't happy and have filed lawsuits over the requirement.

But already, consumers should notice the changes. For example, in the past, you might typically see an ad for a $199 one-way fare that in reality cost $245 after security fees, taxes, and other tack-on charges were applied. Now, airlines must use the $245 figure in an ad. (AlaskaAir.com uses this example on its Website.)

The rules do not require inclusion of "optional" fees, such as checked luggage costs, in the advertised price -- so consumers still have a lot of homework to do when they are shopping around for the best deal on a ticket.

Still, after years of battling what I've called "The Death of the Price Tag," a phenomenon that makes it nearly impossible for consumers to properly comparison shop for many products and services they buy, there's finally a small reason to celebrate.

"Now there are no more '$9 fare' sales. Airlines have to advertise the full price," said Christopher Elliot, a travel writer and author of “Scammed: How to Save Your Money and Find Better Service in a World of Schemes, Swindles, and Shady Deals." “(For some airlines) deception has been their business model. It's definitely not only the airlines who were doing this kind of thing, but they have made an art out of it." 

The new rules clean up some other advertised price issues, too. For years, airlines have hawked bargain-basement round-trip tickets by slicing the price in half and publishing a one-way fare -- even in situations where purchase of a round-trip ticket was required. In other words, there was no way to buy something anywhere near the price in the ad. The new rules require prominent disclosure of the round-trip price.

Edgar Dworsky, who operates Mouseprint.org, cheered the changes and said other federal regulators should consider similar requirements.

"The car rental industry is notorious for quoting a low daily rates, but when you add up the fees and everything else, the price comes out to 20, 30, even 40 percent above the stated price," he said. He also cited a friend in New York who recently signed up for cable television and Internet service after answering an ad claiming the price would be $99 per month. “His bill was $147. He didn't realize he would be charged extra for a box in every room, and goodness knows what else." 

Tack-on fees are huge business for the airlines. Domestic carriers collected nearly $5.7 billion in baggage and change fees alone in 2010, according to Consumers Union. So naturally, the airline industry is hardly going down without a fight. Spirit Airlines is risking the wrath of regulators by railing against the new rules with a large pop-up notice placed on its home page labeled "Warning." The notice accuses regulators of planning to "carry out their hidden agenda and quietly increase their taxes...And if they can do it to the airline industry, what's next?"

Industry trade associations are also complaining about the change. Steve Lott, a spokesman for the Air Transport Association, has complained in several publications that "basic economics" dictate consumers will shy away from flying because prices appear to be higher.

In other words, Lott suggests, deceptively low price tags are good for the economy. If that were true, then fixing the economy would be easy -- simply let all retailers cut the price tags they place on items by 50 percent.  

In reality, price transparency is essential for economic activity, and it's just as likely that more clarity will lead to more purchases, not fewer.

Sadly, the new airline rules go only half-way toward real price transparency in the airline industry.  The aforementioned Spirit Airlines "passenger usage fee" still rates as optional in this new system, so it would not be included in advertised prices.

The real solution, says Elliot, is to force airlines to offer up their entire fee schedules to third parties that could create true apples-to-apples comparisons for consumers. 

"There are still some fees that were traditionally included in the price of the ticket that are, as the industry calls it, 'unbundled,’ now,” he said. "What would be great is if there were some way of forcing them to release data to the outside world, to online travel agencies, so they could build a fare tool that would include all of that."

And the simplest form of consumer protection in America would be a rule that simply forbids all firms from advertising a price for any item -- monthly cable service, airplane tickets, or a telephone line -- that is impossible to get. The problem is so rampant that many industries, such as auto sales, have adopted twisted language like "out-the-door-price” or “OTD price" to distinguish between fake price tags and real ones.  The Department of Transportation has taken one small step in this direction; other regulators should take notice.

Other friendly features of the new DOT airline regulations:

*Consumers now have 24 hours to cancel flight purchases without penalty, as long as the flight is at least seven days in the future.  That will give consumers extra time to shop around for prices; it will also allow them to get out of bookings made in error. Some airlines already extend such refunds to consumers as a courtesy; now, they all have to do it.

*Also, airlines must display baggage fees on the first screen of Websites containing a fare quotation for a specific itinerary, and must show the fees on ticket confirmation notices, too, the DOT says.

 

 Don't miss the next Red Tape:
*Get Red Tape headlines on your Facebook Wall
*Follow Bob on Twitter. 
*Get an e-mail newsletter with Red Tape stories (requires Newsvine registration).

What if two computer viruses got together on your computer and had a baby? 

It does happen, says security firm BitDefender, and the result is more mutant than mutt. The firm has taken to calling the third, new piece of malware produced by the odd couple — with apologies to Mary Shelley — "Frankenware." The spontaneous software offspring might be dangerously unpredictable, and it can be harder to defend against, BitDefender says.

There are so many computer viruses flying around out there that they can't help bumping into one other while wreaking havoc on our computers. In fact, virus writers account for this. In order to protect and defend a hard-won compromised computer, some virus writers actually install their own antivirus programs after they infect a PC. That way, another bad guy can't come along and hijack an already hijacked machine, said Catalin Cosoi, head of the Online Threats Lab at BitDefender, based in Romania.

---

But what happens when an already-infected machine is attacked by a virus that inserts code into every executable file it finds on a machine? What if a virus infects a virus?

In rare cases, says Cosoi, a third virus with unpredictable capabilities is created. But it's not that rare: His firm recently searched 10 million pieces of malicious software and found 40,000 distinct examples of this. 

"As with evolution, these things happen accidentally," he said. "The combination doesn't usually work, but sometimes it does."

It helps if the two pieces of malicious software have complementary features, he said — for example, if one is a keylogger while the other is designed with a wormlike ability to propagate quickly.

The good news is that, generally, such hybrid viruses can be easier to detect than their parents, because antivirus software that uses "signature" definitions — which identify malicious programs by looking for telltale lines of computer code — have "twice the chance" to detect the troublemaker. On the other hand, some other virus detection tools might overlook the Frankenware because the new file will be a different size from its parents, Cosoi said. 

John Harrison, a product manager with Symantec, said his firm had never found something like the Frankenware BitDefender is describing, but he did say most PCs that are successfully attacked by virus writers have multiple malicious programs on them. Generally, when a computer has a security vulnerability, the secret doesn't last long, and a hacker feeding frenzy follows.

"We've seen computers with 25 different pieces of malware on them, even more," he said. "They are often stealthy. ... By the time the user notices the PC has slowed down or there's a blue screen, it could be the 100th piece of malware." 

So the idea that two such programs could collide and accidentally create a hybrid isn't that far-fetched. But the real question is: Could such Frankenware pull a Frankenstein and wreak unexpected havoc on the real world?

Cosoi wasn't ringing any alarm bells. Virus writers do what they do for money, and this kind of random, destructive interaction wouldn't profit anyone. For that reason, he thought all the incentives in the computer underworld would probably be enough to limit such possibilities. In other words, virus writers will probably work to prevent such an occurrence because it would hurt their business.

And, most important, nothing of the sort has been discovered. The 40,000 Frankenware samples that BitDefender has found are no more dangerous than their "parents."

However, it's important to note that virus writers, even if they seem quite professional in their craft, hardly undertake rigorous product testing. Mistakes happen.

"If you throw a bunch of malware on a computer, that doesn't automatically mean it will create new malware and it rarely works," he said. "But when it does, it could be dangerous. I can see how a new kind of malware that spreads faster and is more viral than any of the two (parents) ... could turn into something more dangerous."

 Don't miss the next Red Tape:
*Get Red Tape headlines on your Facebook Wall
*Follow Bob on Twitter. 
*Get an e-mail newsletter with Red Tape stories (requires Newsvine registration).