#HeartBleed Bug is a Pun You Should Care About

Your passwords used on the Internet are likely known to bad people if you’ve recently logged into Yahoo, the CRA, or other popular websites. You should consider changing all of your passwords next week if you’ve used them on the Internet, in case they were exposed by an attack using the “heartbleed” bug. This flaw in OpenSSL security allows attackers to get a “heartbeat” response from affected servers, including your password in an unencrypted form.

With computer security, if you have high convenience, you’re likely experiencing a low level of security. So throw away those old passwords, and pick some new ones to use with different websites. The more passwords you have, the fewer sites you’ll lose access to if one password is learned by an attacker.

Kickstarter hacked

I signed up for KickStarter and didn’t even end up using it. Because I was lazy/human, I used a password I’d used on some other websites when creating my account there.

Kickstart hacked, personal info obtained.

So now I’ve had to go to a bunch of other websites and change the password I used on KickStarter to something else, in case the account thieves manage to brute-force solve the encrypted passwords they got from KickStarter.

Was I smart and used a unique password for each of the sites potentially affected? I’m human.

Blog Action Day 2013 – Human Rights #BAD13

On Friday I was invited to talk about blogging, on Regina’s community radio station CJTR. The show was Human Rights Radio by Jim and Gord, and we spent the hour going over what a blog is, why it’s useful to have one, and how it could be used to promote human rights. You can give a listen to it!

The second half of the show is on YouTube too, if you want to look at the ceiling for most of it:

Also, if you’re in Saskatchewan, check out the “Get Active with Amnesty” 2013 conference. I was a guest speaker for it last year when it was in Regina. This time it is in Moose Jaw.

This is the conference site.
And there is also a facebook event page you can use to invite friends.

Passwords Holding the Web Together

I noticed another person with a CIBC 2-factor authentication fob on their key chain last week. It displays a seemingly random number that actually only a special server knows, so if a password is stolen, so too must the fob containing the random number code that changes every minute. Without both the password, and the fob, a thief is unable to log into a stolen account.

Passwords make the Web work, so we can have ‘our’ stuff, and keep unwanted and very unwelcome people from viewing it and changing our own information. So a title like “Kill the Password: Why a String of Characters Can’t Protect Us Anymore” should be very, very concerning to people and businesses depending upon computers alike.

This Forbes headline caught my eye recently, and I have mixed feelings about it. “Kill the Password: Why a String of Characters Can’t Protect Us Anymore”. Is it going to work to keep computer information secure? My scepticism is sky-high following the Snowden leaks of NSA and related world spying agencies overstepping their constitutional bounds. Could we really design a technology where it’s secure enough to trust the government to implement it for us? I’d trust it only after an intelligent group of individuals who understand encryption very well, give it a thumbs-up. Someone who has worked with WikiLeaks, and works on an anonymous Web system called Tor is Jacob Appelbaum. If Jacob gave a system the thumbs up, or a thumbs down, I’d take his word for it. Even better, he could explain why a system works, or does not.

Is another security technology on the horizon going to change the Web almost overnight in a very drastic or revolutionary way? I wish I had the answers. Maybe the NSA has the answer already? We can’t trust them, however.

Friday Night Hardware Hacking

Last night I fixed a Vista laptop (It wouldn’t finish booting into Windows normally because I’d installed another hard drive, and ran ClamAV which possibly changed a file it was depending on after I removed the other hard drive. I ran startup repair, and then the system restore option, and that fixed it, easily.)
Declawing CueCat
This evening I noticed an old barcode scanner that Dad got in some online deal, and it never worked. It had DRM built into it, and wouldn’t read barcodes as plain text as they should be. Instead it encrypted the text and relied upon decryption software from a spyware server to give useful output. I learned this (again) tonight, trying to find out if plugging the USB device into Ubuntu would just work, since it’s the future, 2013. I had the hardest time figuring out the proper name for the scanner, but the Cat. No. 68-1966 on the bottom finally helped. It’s a CueCat. The IBM.com/eserver branding on the side was useless.

CueCats can be bought on eBay still for about $10.

Declawing CueCat

Then I found some really great information about how easy it is to modify the pins of an IC, to eliminate the encryption[PDF] of the plain text barcode! Lots of hackers have done it.

This hacking project is about 8 years behind cutting edge, but now Dad has a working bar-code scanner for his desktop computer. And defeating DRM is a good way to pass the time.

Declawing CueCat

PRISM: Does Government Have a Sense of Humour?

No.

I never realized the famous voice that said, “You’ve Got Mail” on AOL, was actually some guy from the NSA.

Do you ever feel like no one is listening to you? Just pick up a phone, & dial. The NSA is there no matter what number you call. You probably shouldn’t find that comforting, however.

Government Can Watch You Have Sex

Here’s how to let the NSA know when you’re having sex:

1.) Buy a Nike (or related) workout monitor, or keep your (smart) cell phone (or tablet) on your person or the soft surface where you are engaged in intercourse.
2.) Ensure the workout arm band or cell phone is turned on and uploading your statistics to the Net.

You’re done. You’re an accidental exhibitionist in the NSA’s all seeing electronic eyes.

I’ve described cell phones as “digital leashes” for spouses, for years. It’s not too far off from the truth, is it?

bike odo
-Not wired to the Internet, but uploaded anyway. Yes, there are privacy implications with this too.

iPhones have had apps available for years now, which track sleeping patterns based on bed movement, in order to set off an alarm to wake a person up at an ideal point in their sleep cycle. They do not all filter out bed movement from activities other than sleeping.
Continue reading

PRISM: Prepared for Exposure

More details are out on PRISM, Tempora, and other illegal spying schemes by the NSA and friendly intelligence agencies, apparently even in Germany.

The NSA even has a special department for such cooperation, the Foreign Affairs Directorate, he says. He also exposes a noteworthy detail about how government decision-makers are protected by these programs. The partnerships are organized in a way so that authorities in other countries can “insulate their political leaders from the backlash” in the event it becomes public “how grievously they’re violating global privacy,” the former NSA employee says.

Interviewer [Jacob A. @ioerror]: Are German authorities or German politicians involved in the NSA surveillance system?

Snowden: Yes, of course. We’re in bed together with the Germans the same as with most other Western countries. For example, we tip them off when someone we want is flying through their airports (that we for example, have learned from the cell phone of a suspected hacker’s girlfriend in a totally unrelated third country — and they hand them over to us. They don’t ask to justify how we know something, and vice versa, to insulate their political leaders from the backlash of knowing how grievously they’re violating global privacy.

This is how it’s obvious that what’s happening is illegal, because populations don’t consent to it if politicians fear retribution when the truth is out.

Data Remains Buffered for Three Days

The scope of this “full take” system is vast. According to Snowden and Britain’s Guardian newspaper, Tempora stores communications data for up to 30 days and saves all content for up to three days in a so-called Internet buffer. “It snarfs everything in a rolling buffer to allow retroactive investigation without missing a single bit,” Snowden says.

Asked if it is possible to get around this total surveillance of all Internet communication, he says: “As a general rule, so long as you have any choice at all, you should never route through or peer with the UK under any circumstances.”

In other words, Snowden says, one can only prevent GCHQ from accessing their data if they do not send any information through British Internet lines or servers. However, German Internet experts believe this would be almost impossible in practice.

The UK government has a complete backup of all Internet traffic through its countries, for 3 days? Wow.

T-Rex Doesn’t Taste Like Bacon

I couldn’t keep a straight face over this one. The T-Rex Burger is offensive, but the Baconator isn’t?

“She said the fast-food restaurant “strives to deliver a positive dining experience for our customers. Our goal is to provide options to our customers so they can make options that meet their needs.”

Reddit ruins the fun, unintentionally.

==

Meanwhile, what could go wrong with having passengers’ phones designed to communicate via radio signals to a bag with radio communication emanating from it. That won’t freak airlines right out. (Kaboom) They shouldn’t be losing bags in the first place, since there’s a policy that bags do not go onto planes if the passenger hasn’t joined the flight their bag is on.

(dailymail.co.uk/sciencetech/article-2341600/The-luggage-GPS-tracking-device-makes-impossible-lost.html)

==

I for one welcome our Flying Cyclist Overlords, and look forward to serving in their bicycle mines.

PRISM: Greenwald on CNBC

Encrypt your shit:

The world is not sliding, but galloping into a new transnational dystopia. This development has not been properly recognized outside of national security circles. It has been hidden by secrecy, complexity and scale. The internet, our greatest tool of emancipation, has been transformed into the most dangerous facilitator of totalitarianism we have ever seen. The internet is a threat to human civilization.
[...]
In the new space of the internet what would be the mediator of coercive force?
[...]
It is easier to encrypt information than it is to decrypt it.
[...]
Cryptography is the ultimate form of non-violent direct action.
[...]
No amount of coercive force will ever solve a math problem.