Reddit “hacked”!

02/08/2018
reddit

Reddit – “hacked”

Reddit member info was compromised in June this year. Two data-sets were accessed: the first from 2007 containing account details and all public and private posts between 2005 and May 2007; and the second included logs and databases linked to Reddit’s daily digest emails, which was accessed between 3 and 17 June this year. The data includes usernames and email addresses linked to those accounts.

Reddit they are contacting members who may have been affected.  But the way these stories go, it will be revealed soon that everyone’s data has been leaked, so all Reddit members should probably reset their passwords.

And if you are one of the millions of people who re-use user-names and passwords over multiple sites, you’d better change your login info on all accounts.  This time do it properly, with a password manager.  Better late than never, eh!

The Reddit system was compromised through former employee accounts which were “protected” with SMS-based two-factor authentication.

SMS-based two-factor authentication is more secure than using a password alone.  But it is relatively easy to break through. For instance, an attacker can transfer a phone number by supplying an address, last 4 digits of a social security number and perhaps a credit card – exactly the type of data that is widely available on the dark web thanks to large database breaches like Equifax.

bmc-purple


Darknet Part 3: How people got caught

10/07/2018

Part 3 of an occasional series of videos about the Darkweb, hidden services, anonymity… all the good stuff that we need, and need to know about!

Excellent Defcon presentation by Adrian Crenshaw detailing how some Tor users got caught.  TL;DR: it’s all down to faulty OpSec.  Be careful all the time, use your common sense, and all well be well.  So long as there aren’t 0days in Tor Browser that the Man knows about and the devs don’t…

But this isn’t too long to watch.  So watch it!  Even if you don’t use the darknet it is hugely informative and entertaining.  And if you do use Tor or otherwise have an interest in anonymity (which means you!), it is doubly informative and entertaining… in fact it is essential for everyone to watch.  So watch it!

tor-browser1

There’s a special browser that leads to a secret web…

bmc-yellow


Net neutrality is dead – But together we can bring it back to life!

15/01/2014

So net neutrality is dead –  the US court of appeals for the District of Columbia ruled in favour of broadband giant Verizon, following a long-running challenge to the Federal Communications Commission’s rule-making powers.  So a serious battle has been lost; but the war isn’t quite over yet.

According to Wikipedia.org:

Net neutrality (also network neutrality or Internet neutrality) is the principle that Internet service providers and governments should treat all data on the Internet equally, not discriminating or charging differentially by user, content, site, platform, application, type of attached equipment, and modes of communication.[1][2][3][4]

There has been extensive debate about whether net neutrality should be required by law. Since the early 2000s, advocates of net neutrality and associated rules have raised concerns about the ability of broadband providers to use their last mile infrastructure to block Internet applications and content (e.g. websites, services, and protocols), and even block out competitors. (The term “net neutrality” didn’t come into popular use until several years later, however.) The possibility of regulations designed to mandate the neutrality of the Internet has been subject to fierce debate, especially in the United States.

Neutrality proponents claim that telecom companies seek to impose a tiered service model in order to control the pipeline and thereby remove competition, create artificial scarcity, and oblige subscribers to buy their otherwise uncompetitive services. Many believe net neutrality to be primarily important as a preservation of current freedoms.[5]Vinton Cerf, considered a “father of the Internet” and co-inventor of the Internet Protocol, as well as Tim Berners-Lee, creator of the Web, and many others have spoken out in favor of net neutrality.

Net neutrality (also network neutrality or Internet neutrality) is the principle that Internet service providers and governments should treat all data on the Internet equally, not discriminating or charging differentially by user, content, site, platform, application, type of attached equipment, and modes of communication.[1][2][3][4]

There has been extensive debate about whether net neutrality should be required by law. Since the early 2000s, advocates of net neutrality and associated rules have raised concerns about the ability of broadband providers to use their last mile infrastructure to block Internet applications and content (e.g. websites, services, and protocols), and even block out competitors. (The term “net neutrality” didn’t come into popular use until several years later, however.) The possibility of regulations designed to mandate the neutrality of the Internet has been subject to fierce debate, especially in the United States.

Some opponents of net neutrality claim that  “broadband service providers have no plans to block content or degrade network performance”.  But this is a barefaced lie.   Bob Kahn, co-inventor of the Internet Protocol, has called the term net neutrality a “slogan” and states that he opposes establishing it.  The Wikipedia article goes on to say:

Opponents of net neutrality claim that broadband service providers have no plans to block content or degrade network performance.[8] Despite this claim, there has been a single case where an Internet service provider, Comcast, intentionally slowed peer-to-peer (P2P) communications.[9] Still other companies have begun to use deep packet inspection to discriminate against P2P, FTP, and online games, instituting a cell-phone style billing system of overages, free-to-telecom “value added” services, and bundling.

So, in short: instead of treating internet communication equally, the abandonment of net neutrality will lead to the big telecoms companies pushing their content over others, and will make it well-nigh impossible to access information that the big internet services providers don’t want you to know.  This is a denial of freedom of speech, and will push the ISP’s point of view over all critics.  Once up on the time the internet was a valuable commodity because it told us everything warts and now.  Now, the FCC’s stupidity will make “minority” points of view all but impossible to find.  The telecoms companies will make disagreement all but invisible.

Check out these links here and here.  FFS, we need to do something before an avalanche of ignorance and hatred turns the web into a newspaper run by media moguls who hate freedom of expression.  So please, tell the FCC to clean up their act and restore internet neutrality right now.  So please, do it for us all.  Unless, of course, you want to become another apathetic, couldn’t-care-less kind of person who’s happy to be lied up, brain-washed and treated like a powerless fool.  Don’t let that happen to you: internet neutrality is a tool to silence those who disagree with the authorities no matter what evil they’re spouting.  There’s not much time left for us free-thinkers: don’t let them get away with it!

Make_a_donation

 
Locations of visitors to this page


free web stat


Peaches made me think: what do I actually know?

05/12/2013

Mooching round the internet last night, going where the links take me, I discovered that Peaches Geldof had tweeted the names of the women who let Lostprophets singer Ian Watson molest (and attempted to rape!) their babies.  It’s a foul, incomprehensible thing that the mothers (and Watson) did.  And I’d like to know these women’s names, if I know them or might meet them.  But the law says their identities must not be revealed to the public for a good reason: to protect the victims, those babies.  Peaches tweeted their names anyway.

Okay, so apparently she deleted them later (probably after her lawyer explained the seriousness of what she’d done); but that’s no good, the horse has escaped the stable and has galloped halfway to John O’Groats by now.  Oh, and Peaches apologized  “for any offence caused”.  So that’s alright then?

Anyway, in her opinion piece in the Guardian, Marina Hyde refers to the case of “the idiot who famously sprayed ‘Paedo’ on the door of a Newport paediatrician in 2000.”  Now, I’ve heard of this story, but it’s always been embellished with gruesome detail: the paediatrician’s house was fire-bombed and he (she?) had to flee from a mob waving pitchforks and flaming torches. Marina Hyde offered a link to the story so I clicked it, interested to see what monstrous details this version of the story may mention.

The Link took me to a BBC News Wales piece whose writer actually quotes the paediatrician:

Paediatrician attacks ‘ignorant’ vandals

A hospital paediatrician has hit out at vandals who forced her to flee her home after apparently taking her job title to mean she was a paedophile.

South African-born Yvette Cloete – a 30-year-old trainee consultant at the Royal Gwent Hospital, Newport, south Wales – said she planned to move home after returning to find the outside of her property daubed with the words “paedo”.

She said she can not rule out the possibility that the paint attack was connected with her job at the hospital.

And that’s it, pretty much.  No firebombs or lynchings, no angry mob.  There’s even a photograph of her front door, captioned “The front door was daubed with yellow paint”.  But the door looks pretty red to me, Ms Cloete must have fixed it before the BBC got there.

paediatrician-door

I’m not saying that what happened to Ms Cloete was insignificant: to find the word “paedo” sprayed on your door would be pretty disturbing.  But the reported story is a hell of a lot less lurid than the versions I’d previously heard and read.

And this gets me thinking: what exactly do any of us know?  I don’t mean what we’ve heard or been told – what do we know?  Not very much really.  That’s something we should carry with us, so next time you hear a story you can reflect: so-and-so says this, somebody else says something else, and at the end of the day I still don’t know a thing.  Something to give us pause when we sit in judgement of others, or when others sit in judgement of us.

Make_a_donation

 

Locations of visitors to this page


free web stat


Ubuntu Forums down! Security breach! Don’t panic, carry on…

23/07/2013

Ubuntuforums.org, the bestest user forum for Ubuntu users that I know of, is offline due to a security breach whereby usernames, passwords and email addresses were compromised. This happened on 20 July, apparently, I only just noticed (come here for the latest news, eh).

Canonical, the company behind the Linux-based Ubuntu operating system, and whose servers host the Forums site, have put up an announcement page, to which you get redirected if you try to browse to the forums. From what Canonical have said, it appears:

1. Usernames, passwords and email addresses have been compromised. The passwords were stored hashed, ie not in plain text, but users who use their Ubuntuforums.org password on other sites should change them, just to be sure;

2.Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected by this.

I’m wondering: the forums site was being hosted on Canonical servers, and it was compromised. But other Canonical services are unaffected… So, is Canonical giving Ubuntuforums.org second-class service? Or are all Canonical servers this badly managed, meaning users should forget about using Ubuntu One, Launchpad, etc?

I don’t want to be an asshole about this – but Canonical, WTF??!

EDIT: I’m a bit behind the times with this, but Ubuntuforums.org is up and about again.  They’ve changed the logging-in mechanism, now you need a Launchpad account too, but it’s easy to do.  Just go to Ubuntuforums.org as usual and you’ll be walked through the new process.  If you’re into Ubuntu it’s a wonderful resource, I’ve managed to keep an account there since 2007, I’ve had a shit load of infractions (official warnings), one admin said he didn’t know of anyone worse, but the community there is really good.

Make_a_donation

Locations of visitors to this page


free web stat


I know I asked for more Comments… but not bloody spam!!!

18/04/2013

I know, I know… I asked for more Comments and now I’m getting more Comments. So why am I moaning here? Because I suspect a lot of them are real actual Comments from real actual people. I’m getting spam comments!

So okay, why do I believe this? Am I a paranoid schizophrenic with delusions of grandeur? I don’t think so (yeah I know, I would say that wouldn’t I?) – let me share my “evidence” before it’s laughed out of court –

In response to one of my most popular posts (“How to download and save streaming video from the internet, using Linux”) I have received Comments:

My brother suggested I would possibly like this blog. He was once totally right.

This post truly made my day. You cann’t imagine just how a lot time I had spent for this info! Thanks!

and

What’s up, always i used to check webpage posts here early in the break of day, because i like to learn more and more.

and

A person essentially help to make critically articles
I’d state. That is the very first time I frequented your web page and so far? I surprised with the analysis you made to create this actual put up extraordinary. Excellent activity!

and

Hello.This article was extremely remarkable, particularly because I was browsing for
thoughts on this subject last Tuesday.

and

each time i used to read smaller articles or reviews that also
clear their motive, and that is also happening with this
article which I am reading at this place.

All these Comments make no comment on the post they’re claiming to comment on. Some of them are bizarre, like maybe computer-generated? And all the Commentators have included a url which improves their Google score and can lead to Google Adverts revenue earned (every time a site’s url appears online, the site’s Google rating gets higher, and they can earn more from Google Ads).

Please don’t take this as a “don’t comment” warning. I want people, as many people as possible, commenting on my posts. But I want them to be relevant. What I’d really like is for readers to comment on my posts, others comment back, and before too long there are online conversations going on here, like that damn Bruce Schneier and others. I’ve been blogging here since 2007, and I’d really like I HATE HATE!!! become popular (I know I’ve got some regular readers and I love ’em, but I want more more more!

If I’m not posting stuff you want to get into conversations about me, use the CONTACT FORM button at the top of the page. Tell me what you like/hate/kill people for, and I’ll try to post about it. I don’t want this blog to be just a me-telling-you-stuff kind of place – I want lively discussions. I want to make my readers happy/sad/angry/peaceful/murderous. All you gotta do is hit the CONTACT FORM button.

Oh and please, no more spam. Or I’m gonna name and shame you, your email accounts and IP addresses and everything. I hate douchebags.

Locations of visitors to this page


free web stat


There’s one born every minute…

25/09/2012

According to phrases.org.uk, the phrase “There’s a sucker born every minute” is often said to have been coined by PT Barnum, the famous circus side-show organiser, though there’s no evidence he came up with the saying.  But it’s certainly true that  there are suckers everywhere, the internet included.

When you download files from hosting sites like letitbit.net or turbobit.net (and many, many others… I’m certainly not singling those sites out in particular), if you’re doing a free download, you will often be confronted with intrusive advertising.  A lot of it is for straightforward poker/casino sites, and even though I personally think that internet gambling is a silly way to get rid of money, at least those ads are straight to the point and honest.

But there are other kinds of ads – the “get rich quick” sites, such as this one.  That ad annoys me particularly – it is prevalent on some hosting sites, which means it keeps appearing again and again, and when you try to close the tab or navigate elsewhere, it throws up dialogue boxes asking “Are you sure you want to leave?” and “If you follow this tip you will make $600 per week” or some such nonsense.  But what really annoys me is the fact that the ad must be effective, otherwise the people behind the ad (clearly the same people who run the gambling site in question – but if you do a whois search on the domain name you find its owners are hiding behind a privacy company) wouldn’t waste their money on it.  And it’s so stupid: the ad claims that if you join a certain gambling site, and put a certain amount of money into your account, you can use a certain pattern of betting to exploit a fault in the site’s software and win heaps of cash.  A foolproof method apparently.  Unless you are the fool.

Think about it: if the gambling site had this flaw in its software, and there were web pages popping up all over the place to exploit the flaw, wouldn’t the site owners fix the problem, asap?  But the ad claims that its method has been working for years.  Does that make any sense at all?

This post is just a futile rant, I guess: there are idiots who respond to spam email, buy “herbal viagra”, give money to Nigerian confidence tricksters… as the man said: “There’s one born every minute.”  Suckers.

Buy Me A Coffee


%d bloggers like this: