Take a Narrow Health Site Survey

This sort of survey isn’t going to make the best website possible for our country.

I found the survey easy to take, but the results will be skewed toward the menu options listed, instead of answering the question ask which was “where would I look for X”, which is “Google”. Making sure existing links continue to work forever, would be the best way to ensure material is locatable by the public.

People Are Not Pigeons

You needn’t go farther than the comment section of a UK rag to find the sort of people who are okay with torture devices beging designed into their buildings.

“Now I’m lying on the cold, hard ground.”

Some sick cities are dealing with homeless people as if they were pigeons crapping from the roof of Wrigley Field.

Now there may be a municipality crazy and cruel enough to install this 5 year old pay-bench idea.

PAY & SIT: the private bench (HD) from Fabian Brunsing on Vimeo.

ADDED:

#HeartBleed Bug is a Pun You Should Care About

Your passwords used on the Internet are likely known to bad people if you’ve recently logged into Yahoo, the CRA, or other popular websites. You should consider changing all of your passwords next week if you’ve used them on the Internet, in case they were exposed by an attack using the “heartbleed” bug. This flaw in OpenSSL security allows attackers to get a “heartbeat” response from affected servers, including your password in an unencrypted form.

With computer security, if you have high convenience, you’re likely experiencing a low level of security. So throw away those old passwords, and pick some new ones to use with different websites. The more passwords you have, the fewer sites you’ll lose access to if one password is learned by an attacker.

Kickstarter hacked

I signed up for KickStarter and didn’t even end up using it. Because I was lazy/human, I used a password I’d used on some other websites when creating my account there.

Kickstart hacked, personal info obtained.

So now I’ve had to go to a bunch of other websites and change the password I used on KickStarter to something else, in case the account thieves manage to brute-force solve the encrypted passwords they got from KickStarter.

Was I smart and used a unique password for each of the sites potentially affected? I’m human.

Blog Action Day 2013 – Human Rights #BAD13

On Friday I was invited to talk about blogging, on Regina’s community radio station CJTR. The show was Human Rights Radio by Jim and Gord, and we spent the hour going over what a blog is, why it’s useful to have one, and how it could be used to promote human rights. You can give a listen to it!

The second half of the show is on YouTube too, if you want to look at the ceiling for most of it:

Also, if you’re in Saskatchewan, check out the “Get Active with Amnesty” 2013 conference. I was a guest speaker for it last year when it was in Regina. This time it is in Moose Jaw.

This is the conference site.
And there is also a facebook event page you can use to invite friends.

Passwords Holding the Web Together

I noticed another person with a CIBC 2-factor authentication fob on their key chain last week. It displays a seemingly random number that actually only a special server knows, so if a password is stolen, so too must the fob containing the random number code that changes every minute. Without both the password, and the fob, a thief is unable to log into a stolen account.

Passwords make the Web work, so we can have ‘our’ stuff, and keep unwanted and very unwelcome people from viewing it and changing our own information. So a title like “Kill the Password: Why a String of Characters Can’t Protect Us Anymore” should be very, very concerning to people and businesses depending upon computers alike.

This Forbes headline caught my eye recently, and I have mixed feelings about it. “Kill the Password: Why a String of Characters Can’t Protect Us Anymore”. Is it going to work to keep computer information secure? My scepticism is sky-high following the Snowden leaks of NSA and related world spying agencies overstepping their constitutional bounds. Could we really design a technology where it’s secure enough to trust the government to implement it for us? I’d trust it only after an intelligent group of individuals who understand encryption very well, give it a thumbs-up. Someone who has worked with WikiLeaks, and works on an anonymous Web system called Tor is Jacob Appelbaum. If Jacob gave a system the thumbs up, or a thumbs down, I’d take his word for it. Even better, he could explain why a system works, or does not.

Is another security technology on the horizon going to change the Web almost overnight in a very drastic or revolutionary way? I wish I had the answers. Maybe the NSA has the answer already? We can’t trust them, however.

Friday Night Hardware Hacking

Last night I fixed a Vista laptop (It wouldn’t finish booting into Windows normally because I’d installed another hard drive, and ran ClamAV which possibly changed a file it was depending on after I removed the other hard drive. I ran startup repair, and then the system restore option, and that fixed it, easily.)
Declawing CueCat
This evening I noticed an old barcode scanner that Dad got in some online deal, and it never worked. It had DRM built into it, and wouldn’t read barcodes as plain text as they should be. Instead it encrypted the text and relied upon decryption software from a spyware server to give useful output. I learned this (again) tonight, trying to find out if plugging the USB device into Ubuntu would just work, since it’s the future, 2013. I had the hardest time figuring out the proper name for the scanner, but the Cat. No. 68-1966 on the bottom finally helped. It’s a CueCat. The IBM.com/eserver branding on the side was useless.

CueCats can be bought on eBay still for about $10.

Declawing CueCat

Then I found some really great information about how easy it is to modify the pins of an IC, to eliminate the encryption[PDF] of the plain text barcode! Lots of hackers have done it.

This hacking project is about 8 years behind cutting edge, but now Dad has a working bar-code scanner for his desktop computer. And defeating DRM is a good way to pass the time.

Declawing CueCat

PRISM: Does Government Have a Sense of Humour?

No.

I never realized the famous voice that said, “You’ve Got Mail” on AOL, was actually some guy from the NSA.

Do you ever feel like no one is listening to you? Just pick up a phone, & dial. The NSA is there no matter what number you call. You probably shouldn’t find that comforting, however.

Government Can Watch You Have Sex

Here’s how to let the NSA know when you’re having sex:

1.) Buy a Nike (or related) workout monitor, or keep your (smart) cell phone (or tablet) on your person or the soft surface where you are engaged in intercourse.
2.) Ensure the workout arm band or cell phone is turned on and uploading your statistics to the Net.

You’re done. You’re an accidental exhibitionist in the NSA’s all seeing electronic eyes.

I’ve described cell phones as “digital leashes” for spouses, for years. It’s not too far off from the truth, is it?

bike odo
-Not wired to the Internet, but uploaded anyway. Yes, there are privacy implications with this too.

iPhones have had apps available for years now, which track sleeping patterns based on bed movement, in order to set off an alarm to wake a person up at an ideal point in their sleep cycle. They do not all filter out bed movement from activities other than sleeping.
Continue reading

PRISM: Prepared for Exposure

More details are out on PRISM, Tempora, and other illegal spying schemes by the NSA and friendly intelligence agencies, apparently even in Germany.

The NSA even has a special department for such cooperation, the Foreign Affairs Directorate, he says. He also exposes a noteworthy detail about how government decision-makers are protected by these programs. The partnerships are organized in a way so that authorities in other countries can “insulate their political leaders from the backlash” in the event it becomes public “how grievously they’re violating global privacy,” the former NSA employee says.

Interviewer [Jacob A. @ioerror]: Are German authorities or German politicians involved in the NSA surveillance system?

Snowden: Yes, of course. We’re in bed together with the Germans the same as with most other Western countries. For example, we tip them off when someone we want is flying through their airports (that we for example, have learned from the cell phone of a suspected hacker’s girlfriend in a totally unrelated third country — and they hand them over to us. They don’t ask to justify how we know something, and vice versa, to insulate their political leaders from the backlash of knowing how grievously they’re violating global privacy.

This is how it’s obvious that what’s happening is illegal, because populations don’t consent to it if politicians fear retribution when the truth is out.

Data Remains Buffered for Three Days

The scope of this “full take” system is vast. According to Snowden and Britain’s Guardian newspaper, Tempora stores communications data for up to 30 days and saves all content for up to three days in a so-called Internet buffer. “It snarfs everything in a rolling buffer to allow retroactive investigation without missing a single bit,” Snowden says.

Asked if it is possible to get around this total surveillance of all Internet communication, he says: “As a general rule, so long as you have any choice at all, you should never route through or peer with the UK under any circumstances.”

In other words, Snowden says, one can only prevent GCHQ from accessing their data if they do not send any information through British Internet lines or servers. However, German Internet experts believe this would be almost impossible in practice.

The UK government has a complete backup of all Internet traffic through its countries, for 3 days? Wow.