Time to backup gmail if this is true…
If this post is true, there’s now a really good reason to backup gmail locally: “Is google shutting down email accounts if they suspect hijacking?“
Post Comment »
Today is Wiretap the Internet Day!
Starting today, your intertubes are tapped. You weren’t using those civil liberties anyway, right?
For more, see:
- Today is America’s wiretap the Internet day (Via BoingBoing)
- Reminder: Monday is Wiretap the Internet Day (Via Wired)
Comments Off
Numbers stations…
I can’t believe I hadn’t heard of this before today:
“Numbers stations are shortwave radio stations of uncertain origin. They generally broadcast people reading streams of numbers, words, or letters (sometimes using a phonetic alphabet)…” (Via wikipedia.)
5 Comments »
SSH Tunneling on public networks
I’ve been traveling a bit this week, which means I’ve also been accessing the net on untrusted networks. For general web surfing this doesn’t both me, but when it comes to editing my blogs or accessing any web service that doesn’t authenticate over SSL, I’d feel better if I knew my passwords weren’t floating past some coffee shop’s network admin in clear text. Fortunately, there’s an easy solution: SSH tunneling.
There’s plenty of information online that describes how SSH tunneling works and how to set it up, but not surprisingly, you have to do a bit of Googling to actually find concise, step-by-step instructions that actually work. So here we go: Erik’s Three-Step Plan for Looking Like You Know What You’re Doing SSH Tunneling. (For the record, I’m using a PowerBook running OS X, tunneling to a server running Ubuntu Linux.)
[STEP 1] On the remote server I’m running Privoxy (an HTTP proxy.) On a Debian/Ubuntu box, getting Prixovy running is as complicated as typing: sudo apt-get install privoxy
[STEP 2] Assuming you can SSH into your remote server (ie., no firewall blockage), launch Terminal.app and issue something like this: ssh -N -L 8118:127.0.0.1:8118 remoteuser@serveraddress (changing “remoteuser” and “serveraddress” appropriately.) Using the -N flag you’ll still need to authenticate with the server, but you won’t actually get a command prompt — the window will just look like nothing’s happening.
[STEP 3] Tell your browser to use a proxy for HTTP and HTTPS running at 127.0.0.1 on port 8118.
You’re done! You can now hit WhatIsMyIP to see it working.
Of course, just like other three-step programs, there’s a little fine print and few extra details that might help to know:
- Privoxy is an HTTP proxy, which translated means that instead of your browser asking a server for a web page, you’ll be asking Privoxy and Prixovy will relay the request and pass the resulting content back your way. Using a proxy is handy when: (1) You want to tunnel your browsing activity, and/or (2) When you’d like to have the proxy do some content manipulation for you (which is what Privoxy was written to do.) This content manipulation can be anything you want, but most of the time it means stripping out advertisements and possibly cleaning up bad HTML before the browser sees it.
- If you haven’t used Privoxy before, you might want to read the docs and poke around in the config files to tweak as needed.
- By default Privoxy runs on port 8118, hence the 8118 mapping the ssh statement.
- Save yourself some time by storing your proxy settings for future toggling. To cover most OS X apps you’ll be creating a new Network Location for this. Go to the Apple Menu / Location / Network Preferences to create a new location profile. Toggling can be done using the Location menu under the Apple menu. For Firefox (which ignores the system-wide proxy settings), you’ll need to enter the settings directly into the Firefox’s Preferences or install the SwitchProxy Firefox plugin to enable a pop-up menu for proxy switching from the Firefox status bar.
Happy Surfing!
2 Comments »
diggdot, texas sues Sony, and other news…
diggdot.us launched (a Digg / del.icio.us / Slashdot aggregator.) Normally this wouldn’t be news for me, but this site happens to be built using TurboGears, a Python web stack that I happen to be building a few toys with as well. (Via “Instantly Hooked on Diggdot.us“)
In other news…
Texas Sues Sony Under Anti-Spyware Law
“AUSTIN, Texas - The state sued Sony BMG Music Entertainment on Monday under its new anti-spyware law, saying anti-piracy technology the company slipped into music CDs leaves huge security holes on consumers’ computers.”
A piece of tape defeats any CD DRM:
“Applying a piece of opaque tape to the outer edge of the disk renders the data track of the CD unreadable. A computer trying to play the CD will then skip to the music without accessing the bundled DRM technology.”
Hackers Cracked Gmail (Here’s how)
“Google said Wednesday it has fixed a problem in its widely used email program that allowed hackers to break into people’s Gmail accounts to read messages and pose as legitimate email users.”
Post Comment »
Defacing phishers
Yeah, it’s technically illegal, but this is awesome: “Underground showdown: Defacers take on phishers“. Crackers defacing phishing sites — I love it!
More at: “Online Vigilantes Fight Back Against Phishing Fraudsters“.
Post Comment »
More reasons to feel safe
Lately I’ve been putting most of my bookmarks on del.icio.us instead of here, but these three recent articles on WIRED NEWS were worth pointing out:
First, “Known Hole Aided T-Mobile Breach.” We’ve all heard plenty about what’s her name’s Sidekick getting owned, but the less recent T-Mobile breach has me a bit more concerned. According to this article, the back-door wasn’t nearly as elaborate as one would have hoped — it was simply an un-patched version of BEA WebLogic that let Jacobsen in. According to the article, older versions of WebLogic had a “feature” that allowed any file on the server to be read or replaced using an undocumented HTTP parameter. That’s right, someone designing the software decided that they would enable a full-on backdoor, but not tell anyone. You’ve got to be kidding. Worse still is that the flaw was discovered and a patch was issued, but T-Mobile simple failed to update their web servers.
But it get’s better. According to this article, the U.S. Government has decided that there will be “No Encryption for E-Passports.” Well that’s just great. How about just issuing T-Shirts and ball-caps with our social security numbers on them, and requiring travelers to hand out business cards with all their personal information to everyone they see. At least they thought about the issue enough to suggest that wrapping one’s passport in tin foil and duct tape should protect your personal information.
Of course, even with proper security measures, none if it will matter if the people who collect and sell this information don’t care who they sell it to. The article, “California Woman Sues ChoicePoint“, describes a case against ChoicePoint, “a data broker that collects financial, medical and other personal information on billions of people”, for apparently selling personal records to identity thieves.
Post Comment »
Jabber servers owned
Ouch! Security Focus has a news piece titled, “Root kit surface after Jabber attack” which explains that the Jabber development servers have been owned for more then a year! These attacks, which have happened on other projects, are particularly nasty if they inject malicious code into a large software project. Not only did the developers have to discover that the box was owned, but now everyone working on the project needs to comb the source code looking for changes (and you can’t trust the revision control systems.) If the project’s source was modified, it’s amazing that it took this long for someone to notice — especially if it meant a backdoor went out to all servers running the Jabber engine!
Post Comment »
Popular Posts:
- Using the Python for Series 60 Bluetooth Console from OS X
- Arduino development on Ubuntu PPC (and command-line Arduino)
- Passing JSON via the X-JSON HTTP header with Django and Prototype
- Ubuntu + Hildon UI = in-Car PC UI
- Moving my blog from WordPress to Django; Part 2: Migrating the data
- Cold weather fuel leak
A few books I'm reading now:
-
"Innovation and Entrepreneurship
" by Peter Drucker
-
"Seeing What's Next: Using Theories of Innovation to Predict Industry Change
"
-
"Blue Ocean Strategy: How to Create Uncontested Market Space and Make Competition Irrelevant
"
A few books I'd recommend:
-
Naked Economics: Undressing the Dismal Science
by Charles Wheelan -- A fantastic overview of the field of Economics. I was pleasantly surprised by how much I enjoyed this book.
-
A Short History of Nearly Everything
by Bill Bryson -- a true tale of scientific thinking throughout history. You'll be amazed by how much we still don't know.
-
Freakonomics [Revised and Expanded]: A Rogue Economist Explores the Hidden Side of Everything
by Steven D. Levitt, Stephen J. Dubner -- a fun read offering a somewhat different way of looking at society. Answers questions like "Why do drug dealers still live with their moms?", and what qualities in a parent matter for the success of a child later in life?
-
Getting Things Done: The Art of Stress-Free Productivity
by David Allen. I'm a bit of a GTD freak since reading this, but productivity == $$ (whether you can simply get more work done in a given time, or work less by focusing on the right tasks.)
Recently read books:
-
"JavaScript: The Good Parts
" -- A thin book with some good best-practices, but a little disappointing. Perhaps it's JavaScript's fault, not the author's ;-)
-
"Web Form Design: Filling in the Blanks
" -- Good overview of usability issues in designing HTML forms, backed by examples and eye-tracking research. I bought the digital edition, which was slightly cheaper. (You can use code: WFDDE to get an extra 10% off any purchase on the publisher's site.)
-
"What Got You Here Won't Get You There: How Successful People Become Even More Successful
" by Marshall Goldsmith -- Discusses interpersonal skills (and how to identify and fix them) that most commonly hold executives back in their career advancement.
-
"The Simplicity Survival Handbook: 32 Ways To Do Less And Accomplish More
" -- Lesson: Cut the corporate B.S. and stop wasting your time. Focus only on what matters most.
-
"Crucial Conversations: Tools for Talking When Stakes are High
" -- Lessons on handling tough conversations: firing people, relationship problems, hostage negotiations (well, maybe not that last one.) Wasn't an exciting read, but I've been paying more attention to "turning points" in conversations since reading it.
-
"Watchmen
" -- Graphic novel to be released as a feature film in 2009.
-
"The Unwritten Laws of Business
" -- Very short. Flip through it at a book store before buying. If you already have corporate work experience you can probably skip this one.
-
"How to Win Friends & Influence People"
by Dale Carnegie. -- Classic book on being friendly to people to get your way.
-
"The Effective Executive: The Definitive Guide to Getting the Right Things Done
" -- I really enjoyed this one. It's about the value of picking the right things to work on... the things that matter to your organization, and that fit with your strengths.
-
"Practical Django Projects
" -- Lessons in building reusable ("pluggable") Django applications. Assumes you know the basics of Django and Python.
-
"Bargaining for Advantage: Negotiation Strategies for Reasonable People 2nd Edition
" -- I really enjoyed this one. Lots of suggestions and strategies for negotiating.