Reddit “hacked”!

02/08/2018
reddit

Reddit – “hacked”

Reddit member info was compromised in June this year. Two data-sets were accessed: the first from 2007 containing account details and all public and private posts between 2005 and May 2007; and the second included logs and databases linked to Reddit’s daily digest emails, which was accessed between 3 and 17 June this year. The data includes usernames and email addresses linked to those accounts.

Reddit they are contacting members who may have been affected.  But the way these stories go, it will be revealed soon that everyone’s data has been leaked, so all Reddit members should probably reset their passwords.

And if you are one of the millions of people who re-use user-names and passwords over multiple sites, you’d better change your login info on all accounts.  This time do it properly, with a password manager.  Better late than never, eh!

The Reddit system was compromised through former employee accounts which were “protected” with SMS-based two-factor authentication.

SMS-based two-factor authentication is more secure than using a password alone.  But it is relatively easy to break through. For instance, an attacker can transfer a phone number by supplying an address, last 4 digits of a social security number and perhaps a credit card – exactly the type of data that is widely available on the dark web thanks to large database breaches like Equifax.

bmc-purple


Google censoring searches in China again

02/08/2018
google-logos

Google has a new logo and updating its image – but under the surface it’s still that pre-2010 half-evil censor

Eight years after Google pulled out of the censored Chinese internet, they’re back.  It’s been reported that the company is working on a mobile search app that would block certain search terms and allow it to reenter the Chinese market.

Google has engaged in the China-controlled internet space before: but in 2010 it pulled out, citing censorship and hacking as reasons.  It didn’t pull out completely – it still offered a number of apps to Chinese users, including Google Translate and Files Go, and the company has offices in Beijing, Shenzhen and Shanghai – But the largest of its services – search, email, and the Play app store – are all unavailable in the country.

Google co-founder Sergey Brin told the Guardian in 2010 that his opposition to enabling censorship was motivated to his being born in Soviet Russia.   “It touches me more than other people having been born in a country that was totalitarian and having seen that for the first few years of my life,” he said as Google exited the Chinese market after 4 years of cooperating with the authorities.

But now they’re back, working on a mobile search app that would block certain search terms and black-listed material.  The app is being designed for Android devices.

According to tech-based news site The Information, Google is also working on a censored news-aggregation app too. The news app would take its lead from popular algorithmically-curated apps such as Bytedance’s Toutiao – released for the Western market as “TopBuzz” – that eschew human editors in favour of personalised, highly viral content.

Patrick Poon, China Researcher at Amnesty International, called Google’s return to censorship “a gross attack on freedom of information and internet freedom.”

In putting profits before human rights, he said, Google would be setting a chilling precedent and handing the Chinese government a victory.

This is important because many computer users will set a search site as their homepage and even find content by entering key-words into the url bar of their browser.  Because of Google’s ubiquity, it is frequently set as default search engine on browsers, meaning that millions of users will find that their experience of the internet is that delivered through the lens of Google.  If that lens is smudged or cracked by censorship, all these users’ internet experience is skewed.  So it is essential to highlight the fact that Google is not the neutral, trustworthy agent that many users think it to be.

GreatFire, an organisation that monitors internet censorship and enables circumvention of the “Great Firewall of China”, said the move “could be the final nail in the Chinese internet freedom coffin” and that “the ensuing crackdown on freedom of speech will be felt around the globe.”

bmc-orange


Cypherpunk: Freedom and the Future of the Internet, free download pdf

19/07/2018

assange-cypherpunks

Just found this download link for Julian Assange’s 2012 book Cypherpunk: Freedom and the Future of the Internet.  I found it literally less than thirty minutes ago, so I’m posting it here before I’ve had a chance to read it myself.  Once I have, I’ll tell you what I think of it.  In the meantime, check it out for yourselves!  And here is an excerpt from a review by Marienna Pope-Weidemann at http://www.counterfire.org:

A watchman’s shout in the night

Since the infamous PRISM surveillance system was exposed by the NSA analyst Edward Snowden, the existence of what the cypherpunks have long called ‘the transnational surveillance state’ is beyond doubt. Conspiracy has become reality, and paranoia has become the number-one necessity of investigative journalism.

Cypherpunks: Freedom and the Future of the Internet, published last year, describes itself as ‘a watchman’s shout in the night’. An apt description, given everything we have learned lately. What the book is trying to hammer home is the immense importance of the internet as a new political battleground: how it is structured, monitored and used has serious ramifications for political organisation, economics, education, labour, culture and just about every other area of our lives, because increasingly, their world is our world. And if knowledge is power, and it is never been as ubiquitous as it is in cyberspace, there is a great deal at stake.

Who are the cypherpunks?

Begun by a circle of Californian libertarians, the original cypherpunk mailing list was initiated in the late 1980s, as individuals and activists, as well as corporations, started making use of cryptography and, in response, state-wide bans were introduced (p.64). For the cypherpunks, the use of encryption for anonymity and secure communication was the single most important weapon for activists in the internet age.

Their rallying cry was ‘privacy for the weak, transparency for the powerful’; the dictum to which Wikileaks has dedicated itself. As discussed in the book, the subsequent evolution of the internet has taken it in the opposite direction: citizens, politically active or otherwise, law-abiding or otherwise, have lost all right to privacy, while the powerful hide increasingly behind secret laws and extrajudicial practices.

Cypherpunks is a collective contribution of four authors, three of them leading figures in the cypherpunk movement. First we have Julian Assange, who needs less and less introduction as time goes by (there are even two films now devoted to this problematic figure, the independent Australian feature, Underground, and the highly inaccurate box-office disaster We Steal Secrets). Assange has been hacking since the age of seventeen, when he founded the Australian group, the International Subversives, and wrote down the early rules of this subculture: ‘Don’t damage computer systems you break into (including crashing them); don’t change the information in those systems (except for altering logs to cover your tracks); and share information.’ Next we have German journalist Andy Müller-Maguhn of the Chaos Computer Club, co-founder of European Digital Rights and writer for Bugged Planet. Jacob Appelbaum, also a member of the Chaos Computer Club, is the developer who founded Noisebridge, an award-winning educational hackerspace in San Fransisco and international advocate for the Tor Project. Finally, we have the co-founder of the La Quadrature du Net advocacy group, Jérémie Zimmerman, a leading figure in struggles for net neutrality and against the Anti-Counterfeit and Trade Agreement (ACTA) who does not seem to be able to get on a plane without being harassed by government officials over his ties to Wikileaks.

assange4

Julian Assange, founder of Wikileaks, has been holed up in the Ecuadorian embassy in London since 2010 to avoid extradition to Sweden and USA. Pic from http://www.extremetech.com


Darknet Part 3: How people got caught

10/07/2018

Part 3 of an occasional series of videos about the Darkweb, hidden services, anonymity… all the good stuff that we need, and need to know about!

Excellent Defcon presentation by Adrian Crenshaw detailing how some Tor users got caught.  TL;DR: it’s all down to faulty OpSec.  Be careful all the time, use your common sense, and all well be well.  So long as there aren’t 0days in Tor Browser that the Man knows about and the devs don’t…

But this isn’t too long to watch.  So watch it!  Even if you don’t use the darknet it is hugely informative and entertaining.  And if you do use Tor or otherwise have an interest in anonymity (which means you!), it is doubly informative and entertaining… in fact it is essential for everyone to watch.  So watch it!

tor-browser1

There’s a special browser that leads to a secret web…

bmc-yellow


Free calls, free texts, free everything

07/07/2018

globfone-pc-and-mobile

I wrote about Globfone recently, but here it is again.  This time I’m writing a dedicated review, as it’s a blinding service and deserves all the publicity it can get!

Globfone.com offers free calls, free SMS, free p2p video calls and free p2p file sharing.  The service is all free, is planned to remain free, no registration or subscription required, the service is sustained completely by ads and sponsors.

On their site they describe their “Free Online Phone Project”:

The idea behind Globfone is to deliver telecommunication services like SMS and international calls for free to users across the globe. At Globfone, we firmly believe that there is ‘Love in Sharing’, therefore we are currently seeking to increase our coverage to more than 90% of major International GSM networks that we currently cover. Globfone WEB is a completely FREE to use internet service that allows you to make free phone calls, send free text messages, make free video calls and a free P2P file sharing service to all your friends and family around the world. This service works without For FREE! And you don’t have to install any special software or go through long registration process – Globfone is completely SAFE and EASY to use.

Their worldwide coverage includes 91% of mobile networks for SMS and 96% for calls.

Most of my experience with Globfone is the SMS service.  It is possible to send messages from just about anywhere in the world, to just about anywhere in the world.  And Globfone claims that it is possible to send texts to the same number repeatedly in close succession so as to have conversations via SMS.  This is something that most services don’t allow, reportedly to prevent spam.  But with Globfone, you can.  Imagine that you have a mobile phone but no credit or messages left from your allowance.  You can text message your friend, she can reply by texting your phone, and then you can reply immediately via Globfone, so carry on a text conversation.   Afreesms.com doesn’t allow this, nor does any other service I have come across in my years of checking out these kinds of sites.  This is something that Globfone is rightly proud of.

As well  as laptops and desktop computers, you can also send SMS from most smartphones.  And there is an app – Globfone SMS Messenger – for Android and iOS.

The free calls is a VoIP service that requires no registration, something you rarely find.  This service, as well as the SMS, there is an upper limit to the number of free calls and SMSes available to a single IP address during a 24 hour period.  When that limit is reached, the user is alerted and asked to wait 24 hours before using the service again.  And there is also a call-specific time limit: when you make a call, you are shown a countdown representing how much time you have left on that call.  The call-specific time limit is a pain in the ass – it seems you can’t make calls longer than a minute – but remember this service is free and you’re not likely to find better.

A good use of the free call service is to find your phone – if you’ve mislaid it somewhere in your home you can use Globfone to call it, the ringtone then helps you locate your handset.  Handy, and unaffected by the call time limit as you don’t need to answer the phone.

The webphone service is truly cross-platform as all you need is a modern browser  – it uses multiple different SIP/media engines including a Java VoIP engine – runs in all java enabled browsers; WebRTC – runs in all modern browsers; and Flash VoIP – for compatibility with some old browsers.  You also need to enable speakers and microphone, and optionally headphones.  And that’s it: as long as your computer has that, you can use the webphone service.  If you have problems, visit this webpage.

You can make free calls from most modern smartphones, but may experience difficulties using older mobile platforms, like Symbian OS.   If your mobile browser doesn’t support Java, Globfone’s FAQ advises using its mobile beta app – but I couldn’t find a link to that app.

I haven’t used the p2p services – file-sharing and video calls.  These services are peer-to-peer, meaning a direct connection is made between 2 computers, rather than using phone networks.  If any readers have experience of these Globfone services, please tell us about it in Comments.

The services are financed by ads and sponsorship.  In the FAQs, if you want to donate to Globfone or support it in any way, it suggests you “like” Globfone in social media, or place a link to the site in your blog.  So that’s what I’m doing here.  And look: here’s the link to Globfone!

bmc-yellow


Crazy copyright law voted down… for now…

06/07/2018

Thank goodness, MEPs voted against the Copyright Directive!  The insane ideas, to create a “click tax” and to create automated censors to filter uploaded content, have been beaten.

For now.

Julia Reda, MEP for the Pirate Party, tweeted: “Great success:  Your protests have worked! The European Parliament has sent the copyright law back to the drawing board.”

But that makes it sound far too permanent.  The truth is, this subject is going to be revisited sooner rather than later – thee full European parliament will debate amendments to the copyright directive in September, which is just 2 months away!  And while 318 MEPs voted against the Directive, 278 voted in favour and 31 abstained.  That is not a huge majority.  And it could all be turned around if the press insist on reporting this as a big money-saver for the big internet companies as the Guardian has.”Youtube and Facebook escape billions in copyright payouts after EU vote,” their headline says,

Google, YouTube and Facebook could escape having to make billions in payouts to press publishers, record labels and artists after EU lawmakers voted to reject proposed changes to copyright rules that aimed to make the tech companies share more of their revenues.

The paper did report the other side, how high-profile figures like Wikipedia founder Jimmy Wales, world wide web inventor Sir Tim Berners-Lee, net-neurality expert Tim Wu, and internet pioneer Vint Cerf claim it would transform the internet from a platform for sharing and innovation into a tool for the automated surveillance and control of its users.

Put simply: we’ve won this battle, but the bureaucrats who were pushing the copyright directive have a habit of revisiting subjects time and again until they get the result they want.  And they want the copyright directive.  We have to remain alert or they may still destroy our internet!

 


Hunt for free SMS

29/06/2018

I was using afreesms.com, but for some reason I got barred! So I googled for another free service, and the first tutorial got me to install Bluestacks – an android emulator – and an app called TextMe.

TextMe-capture

TextMe – Useful if you live in “the US, Canada & More”

Yeah, I saw that it said “Send free texts to your friends in the US, Canada & More!”  I just assumed that “& More” included Europe FFS! I mean, it knew I was in the UK and slipped me geo-located ads…

TextMe-UK-ads

But I was wrong.  US and Canada… And the More?  Not Europe, not the UK.  It’d be cool for users in the US and Canada for sure.  Apparently you can send and even receive SMS on your free new number!

No good for me though.  Time wasted.  So let’s make up for it by finding a solution to my self-imposed goal – sending texts for free to UK numbers.

I decided to keep to BlueStacks, figuring that phones are natural text-senders.  So I googled appropriately and founds this:

whatsapp-free-sms

So I followed the instructions, configured the app, matched my phone number with SMS verification… and that was the only text message that emanated from Bluestacks.  Shubham Kedia was rewarded with free texts on his laptop, but I wasn’t.  😦

In the end I found my free SMS… and more!  Actual phone calls! For free!

globfone-free-sms-etc

Free SMS… and calls! And P2P video chats and file-sharing! For free! WTF???

Globfone.com is wicked.  Free international VOIP calls FFS!!  Okay, so they are time-restricted, but it’s still there to use for free.  And the peer-to-peer stuff looks like it’s cool, though I haven’t tried it myself.

Anyway, I did it.. eventually…  Got free text messages from my laptop.  Hurray!!!!

bmc-black


%d bloggers like this: