Reddit “hacked”!

02/08/2018
reddit

Reddit – “hacked”

Reddit member info was compromised in June this year. Two data-sets were accessed: the first from 2007 containing account details and all public and private posts between 2005 and May 2007; and the second included logs and databases linked to Reddit’s daily digest emails, which was accessed between 3 and 17 June this year. The data includes usernames and email addresses linked to those accounts.

Reddit they are contacting members who may have been affected.  But the way these stories go, it will be revealed soon that everyone’s data has been leaked, so all Reddit members should probably reset their passwords.

And if you are one of the millions of people who re-use user-names and passwords over multiple sites, you’d better change your login info on all accounts.  This time do it properly, with a password manager.  Better late than never, eh!

The Reddit system was compromised through former employee accounts which were “protected” with SMS-based two-factor authentication.

SMS-based two-factor authentication is more secure than using a password alone.  But it is relatively easy to break through. For instance, an attacker can transfer a phone number by supplying an address, last 4 digits of a social security number and perhaps a credit card – exactly the type of data that is widely available on the dark web thanks to large database breaches like Equifax.

bmc-purple


Darknet Part 3: How people got caught

10/07/2018

Part 3 of an occasional series of videos about the Darkweb, hidden services, anonymity… all the good stuff that we need, and need to know about!

Excellent Defcon presentation by Adrian Crenshaw detailing how some Tor users got caught.  TL;DR: it’s all down to faulty OpSec.  Be careful all the time, use your common sense, and all well be well.  So long as there aren’t 0days in Tor Browser that the Man knows about and the devs don’t…

But this isn’t too long to watch.  So watch it!  Even if you don’t use the darknet it is hugely informative and entertaining.  And if you do use Tor or otherwise have an interest in anonymity (which means you!), it is doubly informative and entertaining… in fact it is essential for everyone to watch.  So watch it!

tor-browser1

There’s a special browser that leads to a secret web…

bmc-yellow


Net neutrality is dead – But together we can bring it back to life!

15/01/2014

So net neutrality is dead –  the US court of appeals for the District of Columbia ruled in favour of broadband giant Verizon, following a long-running challenge to the Federal Communications Commission’s rule-making powers.  So a serious battle has been lost; but the war isn’t quite over yet.

According to Wikipedia.org:

Net neutrality (also network neutrality or Internet neutrality) is the principle that Internet service providers and governments should treat all data on the Internet equally, not discriminating or charging differentially by user, content, site, platform, application, type of attached equipment, and modes of communication.[1][2][3][4]

There has been extensive debate about whether net neutrality should be required by law. Since the early 2000s, advocates of net neutrality and associated rules have raised concerns about the ability of broadband providers to use their last mile infrastructure to block Internet applications and content (e.g. websites, services, and protocols), and even block out competitors. (The term “net neutrality” didn’t come into popular use until several years later, however.) The possibility of regulations designed to mandate the neutrality of the Internet has been subject to fierce debate, especially in the United States.

Neutrality proponents claim that telecom companies seek to impose a tiered service model in order to control the pipeline and thereby remove competition, create artificial scarcity, and oblige subscribers to buy their otherwise uncompetitive services. Many believe net neutrality to be primarily important as a preservation of current freedoms.[5]Vinton Cerf, considered a “father of the Internet” and co-inventor of the Internet Protocol, as well as Tim Berners-Lee, creator of the Web, and many others have spoken out in favor of net neutrality.

Net neutrality (also network neutrality or Internet neutrality) is the principle that Internet service providers and governments should treat all data on the Internet equally, not discriminating or charging differentially by user, content, site, platform, application, type of attached equipment, and modes of communication.[1][2][3][4]

There has been extensive debate about whether net neutrality should be required by law. Since the early 2000s, advocates of net neutrality and associated rules have raised concerns about the ability of broadband providers to use their last mile infrastructure to block Internet applications and content (e.g. websites, services, and protocols), and even block out competitors. (The term “net neutrality” didn’t come into popular use until several years later, however.) The possibility of regulations designed to mandate the neutrality of the Internet has been subject to fierce debate, especially in the United States.

Some opponents of net neutrality claim that  “broadband service providers have no plans to block content or degrade network performance”.  But this is a barefaced lie.   Bob Kahn, co-inventor of the Internet Protocol, has called the term net neutrality a “slogan” and states that he opposes establishing it.  The Wikipedia article goes on to say:

Opponents of net neutrality claim that broadband service providers have no plans to block content or degrade network performance.[8] Despite this claim, there has been a single case where an Internet service provider, Comcast, intentionally slowed peer-to-peer (P2P) communications.[9] Still other companies have begun to use deep packet inspection to discriminate against P2P, FTP, and online games, instituting a cell-phone style billing system of overages, free-to-telecom “value added” services, and bundling.

So, in short: instead of treating internet communication equally, the abandonment of net neutrality will lead to the big telecoms companies pushing their content over others, and will make it well-nigh impossible to access information that the big internet services providers don’t want you to know.  This is a denial of freedom of speech, and will push the ISP’s point of view over all critics.  Once up on the time the internet was a valuable commodity because it told us everything warts and now.  Now, the FCC’s stupidity will make “minority” points of view all but impossible to find.  The telecoms companies will make disagreement all but invisible.

Check out these links here and here.  FFS, we need to do something before an avalanche of ignorance and hatred turns the web into a newspaper run by media moguls who hate freedom of expression.  So please, tell the FCC to clean up their act and restore internet neutrality right now.  So please, do it for us all.  Unless, of course, you want to become another apathetic, couldn’t-care-less kind of person who’s happy to be lied up, brain-washed and treated like a powerless fool.  Don’t let that happen to you: internet neutrality is a tool to silence those who disagree with the authorities no matter what evil they’re spouting.  There’s not much time left for us free-thinkers: don’t let them get away with it!

Make_a_donation

 
Locations of visitors to this page


free web stat


Peaches made me think: what do I actually know?

05/12/2013

Mooching round the internet last night, going where the links take me, I discovered that Peaches Geldof had tweeted the names of the women who let Lostprophets singer Ian Watson molest (and attempted to rape!) their babies.  It’s a foul, incomprehensible thing that the mothers (and Watson) did.  And I’d like to know these women’s names, if I know them or might meet them.  But the law says their identities must not be revealed to the public for a good reason: to protect the victims, those babies.  Peaches tweeted their names anyway.

Okay, so apparently she deleted them later (probably after her lawyer explained the seriousness of what she’d done); but that’s no good, the horse has escaped the stable and has galloped halfway to John O’Groats by now.  Oh, and Peaches apologized  “for any offence caused”.  So that’s alright then?

Anyway, in her opinion piece in the Guardian, Marina Hyde refers to the case of “the idiot who famously sprayed ‘Paedo’ on the door of a Newport paediatrician in 2000.”  Now, I’ve heard of this story, but it’s always been embellished with gruesome detail: the paediatrician’s house was fire-bombed and he (she?) had to flee from a mob waving pitchforks and flaming torches. Marina Hyde offered a link to the story so I clicked it, interested to see what monstrous details this version of the story may mention.

The Link took me to a BBC News Wales piece whose writer actually quotes the paediatrician:

Paediatrician attacks ‘ignorant’ vandals

A hospital paediatrician has hit out at vandals who forced her to flee her home after apparently taking her job title to mean she was a paedophile.

South African-born Yvette Cloete – a 30-year-old trainee consultant at the Royal Gwent Hospital, Newport, south Wales – said she planned to move home after returning to find the outside of her property daubed with the words “paedo”.

She said she can not rule out the possibility that the paint attack was connected with her job at the hospital.

And that’s it, pretty much.  No firebombs or lynchings, no angry mob.  There’s even a photograph of her front door, captioned “The front door was daubed with yellow paint”.  But the door looks pretty red to me, Ms Cloete must have fixed it before the BBC got there.

paediatrician-door

I’m not saying that what happened to Ms Cloete was insignificant: to find the word “paedo” sprayed on your door would be pretty disturbing.  But the reported story is a hell of a lot less lurid than the versions I’d previously heard and read.

And this gets me thinking: what exactly do any of us know?  I don’t mean what we’ve heard or been told – what do we know?  Not very much really.  That’s something we should carry with us, so next time you hear a story you can reflect: so-and-so says this, somebody else says something else, and at the end of the day I still don’t know a thing.  Something to give us pause when we sit in judgement of others, or when others sit in judgement of us.

Make_a_donation

 

Locations of visitors to this page


free web stat


Ubuntu Forums down! Security breach! Don’t panic, carry on…

23/07/2013

Ubuntuforums.org, the bestest user forum for Ubuntu users that I know of, is offline due to a security breach whereby usernames, passwords and email addresses were compromised. This happened on 20 July, apparently, I only just noticed (come here for the latest news, eh).

Canonical, the company behind the Linux-based Ubuntu operating system, and whose servers host the Forums site, have put up an announcement page, to which you get redirected if you try to browse to the forums. From what Canonical have said, it appears:

1. Usernames, passwords and email addresses have been compromised. The passwords were stored hashed, ie not in plain text, but users who use their Ubuntuforums.org password on other sites should change them, just to be sure;

2.Ubuntu One, Launchpad and other Ubuntu/Canonical services are not affected by this.

I’m wondering: the forums site was being hosted on Canonical servers, and it was compromised. But other Canonical services are unaffected… So, is Canonical giving Ubuntuforums.org second-class service? Or are all Canonical servers this badly managed, meaning users should forget about using Ubuntu One, Launchpad, etc?

I don’t want to be an asshole about this – but Canonical, WTF??!

EDIT: I’m a bit behind the times with this, but Ubuntuforums.org is up and about again.  They’ve changed the logging-in mechanism, now you need a Launchpad account too, but it’s easy to do.  Just go to Ubuntuforums.org as usual and you’ll be walked through the new process.  If you’re into Ubuntu it’s a wonderful resource, I’ve managed to keep an account there since 2007, I’ve had a shit load of infractions (official warnings), one admin said he didn’t know of anyone worse, but the community there is really good.

Make_a_donation

Locations of visitors to this page


free web stat


I know I asked for more Comments… but not bloody spam!!!

18/04/2013

I know, I know… I asked for more Comments and now I’m getting more Comments. So why am I moaning here? Because I suspect a lot of them are real actual Comments from real actual people. I’m getting spam comments!

So okay, why do I believe this? Am I a paranoid schizophrenic with delusions of grandeur? I don’t think so (yeah I know, I would say that wouldn’t I?) – let me share my “evidence” before it’s laughed out of court –

In response to one of my most popular posts (“How to download and save streaming video from the internet, using Linux”) I have received Comments:

My brother suggested I would possibly like this blog. He was once totally right.

This post truly made my day. You cann’t imagine just how a lot time I had spent for this info! Thanks!

and

What’s up, always i used to check webpage posts here early in the break of day, because i like to learn more and more.

and

A person essentially help to make critically articles
I’d state. That is the very first time I frequented your web page and so far? I surprised with the analysis you made to create this actual put up extraordinary. Excellent activity!

and

Hello.This article was extremely remarkable, particularly because I was browsing for
thoughts on this subject last Tuesday.

and

each time i used to read smaller articles or reviews that also
clear their motive, and that is also happening with this
article which I am reading at this place.

All these Comments make no comment on the post they’re claiming to comment on. Some of them are bizarre, like maybe computer-generated? And all the Commentators have included a url which improves their Google score and can lead to Google Adverts revenue earned (every time a site’s url appears online, the site’s Google rating gets higher, and they can earn more from Google Ads).

Please don’t take this as a “don’t comment” warning. I want people, as many people as possible, commenting on my posts. But I want them to be relevant. What I’d really like is for readers to comment on my posts, others comment back, and before too long there are online conversations going on here, like that damn Bruce Schneier and others. I’ve been blogging here since 2007, and I’d really like I HATE HATE!!! become popular (I know I’ve got some regular readers and I love ’em, but I want more more more!

If I’m not posting stuff you want to get into conversations about me, use the CONTACT FORM button at the top of the page. Tell me what you like/hate/kill people for, and I’ll try to post about it. I don’t want this blog to be just a me-telling-you-stuff kind of place – I want lively discussions. I want to make my readers happy/sad/angry/peaceful/murderous. All you gotta do is hit the CONTACT FORM button.

Oh and please, no more spam. Or I’m gonna name and shame you, your email accounts and IP addresses and everything. I hate douchebags.

Locations of visitors to this page


free web stat


There’s one born every minute…

25/09/2012

According to phrases.org.uk, the phrase “There’s a sucker born every minute” is often said to have been coined by PT Barnum, the famous circus side-show organiser, though there’s no evidence he came up with the saying.  But it’s certainly true that  there are suckers everywhere, the internet included.

When you download files from hosting sites like letitbit.net or turbobit.net (and many, many others… I’m certainly not singling those sites out in particular), if you’re doing a free download, you will often be confronted with intrusive advertising.  A lot of it is for straightforward poker/casino sites, and even though I personally think that internet gambling is a silly way to get rid of money, at least those ads are straight to the point and honest.

But there are other kinds of ads – the “get rich quick” sites, such as this one.  That ad annoys me particularly – it is prevalent on some hosting sites, which means it keeps appearing again and again, and when you try to close the tab or navigate elsewhere, it throws up dialogue boxes asking “Are you sure you want to leave?” and “If you follow this tip you will make $600 per week” or some such nonsense.  But what really annoys me is the fact that the ad must be effective, otherwise the people behind the ad (clearly the same people who run the gambling site in question – but if you do a whois search on the domain name you find its owners are hiding behind a privacy company) wouldn’t waste their money on it.  And it’s so stupid: the ad claims that if you join a certain gambling site, and put a certain amount of money into your account, you can use a certain pattern of betting to exploit a fault in the site’s software and win heaps of cash.  A foolproof method apparently.  Unless you are the fool.

Think about it: if the gambling site had this flaw in its software, and there were web pages popping up all over the place to exploit the flaw, wouldn’t the site owners fix the problem, asap?  But the ad claims that its method has been working for years.  Does that make any sense at all?

This post is just a futile rant, I guess: there are idiots who respond to spam email, buy “herbal viagra”, give money to Nigerian confidence tricksters… as the man said: “There’s one born every minute.”  Suckers.

Buy Me A Coffee


US want to extradite UK citizen for *not* breaking the law!

30/03/2012

This is one crazy story, but I swear it’s true – have a look at http://juliasblog-the-fight-of-our-lives.blogspot.co.uk/ if you don’t believe me…

Basically, British citizen Richard O’Dwyer, who lives in Britain and hasn’t been to the US since a trip to Disneyworld when he was five, has been running a website where he provides links to various TV shows and movies. Remember that: he doesn’t host the video files himself, he merely provides links to other sites, which he has no connection with. He was arrested for this in the UK, but not taken to court because, basically, he has not broken the law in the UK, and any trials based on providing links have failed.

But that’s not good enough for the US government. They are trying to extradite Richard to America to put him on trial… even though it’s not clear that his actions are criminal in the USA! Bsically, they want to bang him up in a hellhole of a federal prison and force him into some kind of plea-bargain. And this is all too possible, as we have an insane extradition treaty with the USA, hurried through parliament after the 9-11 thing. According to the treaty, UK citizens can be extradited to the US on the flimsiest charges, whereas there’s no way at all that America would extradite their citizens here for such a ridiculous “crime”.

I swear, this is all true – check out the blog I linked to above, and also have a listen to the 28 March episode of the radio show Off The Hook, which is available as a podcast at www.2600.com. Absolutely crazy…

Locations of visitors to this page


free web stat


Even those yanks with their Gitmo crap can get it right now and then… so how come us Brits consistently get it so wrong?

29/02/2012

I got my monthly EFF newsletter email earlier today, and a couple of things caught my eye. Some pretty important stuff, so I’m gonna tell you about it here:

1. Appeals Court Upholds Constitutional Right Against Forced Decryption. Basically, the FBI seized laptops and disk drives of this guy, but couldn’t access the data thereon because it was encrypted with Truecrypt. A grand jury ordered the man to produce the unencrypted contents of the drives, but he refused, invoking his Fifth Amendment privilege against self-incrimination. The court held him in contempt and sent him to jail. But the EFF filed an amicus brief, arguing that the man had a valid Fifth Amendment privilege against self-incrimination, and that the government’s attempt to force him to decrypt the data was unconstitutional. The 11th U.S. Circuit Court of Appeals agreed, ruling that the act of decrypting data is testimonial and therefore protected by the Fifth Amendment. Score one for Freedom, right? Well, it’s good for the Americanos: but unfortunately, since 2007, the Regulation of Investigatory Powers Act in the UK (RIPA) has allowed a person to be compelled to reveal a decryption key. Refusal can earn someone a five-year jail term. How in hell can a country that keeps uncharged prisoners in Gitmo for over 10 years and gasses its own citizens on a regular basis embrace liberty better than us Brits? Please, answer me in Comments. It’s like that film Brazil, or a Franz Kafka story.

2. This one paints us Europeans in a better light (I say us Europeans, because unfortunately us Brits will do whatever America and the rich want us to do, including embarking on illegal wars that lead to the deaths of hundreds of thousands of civilians and leave Middle East countries unbelievably unstable and wrought with sickening sectarian violence). This particular happy story is about the European Court of Justice’s decision that

social networks cannot be required to monitor and filter their users’ communications to prevent copyright infringement of music and movies. The European Court of Justice (ECJ) found that imposing a broad filtering obligation on social networks would require active monitoring of users’ files in violation of EU law and could undermine citizens’ freedom of expression.

The ECJ found that forcing an ISP to install a filtering system that would identify and prevent its users from making available any potentially copyright infringing files would require “active observation” of the ISP’s users. Implementing such a system would fall afoul of the key principle in Article 15 of the EU e-Commerce Directive, which prohibits EU member states from imposing a general obligation on ISPs and hosting services to monitor information they transmit or store, or to actively seek facts or circumstances that indicate illegal activity.

The EFF note that the dreadfully-nigh ACTA, a wide-ranging treaty that will force laws on us in a backroom-dealing way that bypasses democracy, also seeks to make Article 15 meaningless. Will the ECJ decision affect at all the approaching behemoth? Or will our governments, all round the world, continue to obey the dictates of commerce rather than the wishes of their electorates? I think I know the answer already; but your Comments are, again, truly welcome.

Locations of visitors to this page


free web stat


SOPA Hearings postponed til next year… Good news?

21/12/2011

SOPA (the “Stop Online Piracy Act” [sic]) was due to be given a hearing in the the US House of Representatives last week. But fortunately it’s been put back to 2012, giving the opposition to SOPA longer to rally their defences.

SOPA proponents like to stress how SOPA would keep starving TV and movie producers from having to beg for soup in the street. But other commentators reject this spurious notion, focusing instead on the fact that the proposed laws would make it all too easy for the “big dogs” of the movie/music/games industries to force “innocent until proven guilty” websites to close down just because someone makes a complaint.

SOPA fans see the proposed legislation as necessary to keep the entertainment industries alive and kicking (as if…). There’s a list of SOPA supporters available (pdf); but if you don’t want to download the pf (why in hell would you?) I’ve reproduced the list here:

60 Plus Association
ABC
Alliance for Safe Online Pharmacies (ASOP)
American Federation of Musicians (AFM)
American Federation of Television and Radio Artists (AFTRA)
American Society of Composers, Authors and Publishers (ASCAP)
Americans for Tax Reform
Artists and Allied Crafts of the United States
Association of American Publishers (AAP)
Association of State Criminal Investigative Agencies
Association of Talent Agents (ATA)
Baker & Hostetler LLP
Beachbody, LLC
BMI
BMG Chrysalis
Building and Construction Trades Department
Capitol Records Nashville
CBS
Cengage Learning
Christian Music Trade Association
Church Music Publishers’ Association
Coalition Against Online Video Piracy (CAOVP)
Comcast/NBCUniversal
Concerned Women for America (CWA)
Congressional Fire Services Institute
Copyhype
Copyright Alliance
Coty, Inc.
Council of Better Business Bureaus (CBBB)
Council of State Governments
Country Music Association
Country Music Television
Covington & Burling LLP
Cowan, DeBaets, Abrahams & Sheppard LLP
Cowan, Liebowitz & Latman, P.C.
Creative America
Davis Wright Tremaine LLP
Deluxe
Directors Guild of America (DGA)
Disney Publishing Worldwide, Inc.
Elsevier
EMI Christian Music Group
EMI Music Publishing
ESPN
Estée Lauder Companies
Fraternal Order of Police (FOP)
Go Daddy
Gospel Music Association
Graphic Artists Guild
Hachette Book Group
HarperCollins Publishers Worldwide, Inc.
Hyperion
Independent Film & Television Alliance (IFTA)
International Alliance of Theatrical and Stage Employees (IATSE)
International AntiCounterfeiting Coalition (IACC)
International Brotherhood of Electrical Workers (IBEW)
International Brotherhood of Teamsters (IBT)
International Trademark Association (INTA)
International Union of Police Associations
Irell & Manella LLP
Jenner & Block LLP
Kelley Drye & Warren LLP
Kendall Brill & Klieger LLP
Kinsella Weitzman Iser Kump & Aldisert LLP
L’Oreal
Lathrop & Gage LLP
Loeb & Loeb LLP
Lost Highway Records
Macmillan
Major County Sheriffs
Major League Baseball
Majority City Chiefs
Marvel Entertainment, LLC
MasterCard Worldwide
MCA Records
McGraw-Hill Education
Mercury Nashville
Minor League Baseball (MiLB)
Minority Media & Telecom Council (MMTC)
Mitchell Silberberg & Knupp LLP
Morrison & Foerster LLP
Motion Picture Association of America (MPAA)
Moving Picture Technicians
MPA – The Association of Magazine Media
National Association of Manufacturers (NAM)
National Association of Prosecutor Coordinators
National Association of State Chief Information Officers
National Cable & Telecommunications Association (NCTA)
National Center for Victims of Crime
National Crime Justice Association
National District Attorneys Association
National Domestic Preparedness Coalition
National Football League
National Governors Association, Economic Development and Commerce Committee
National League of Cities
National Narcotics Offers’ Associations’ Coalition
National Sheriffs’ Association (NSA)
National Songwriters Association
National Troopers Coalition
News Corporation
Patterson Belknap Webb & Tyler LLP
Pearson Education
Penguin Group (USA), Inc.
Pharmaceutical Research and Manufacturers of America (PhRMA)
Phillips Nizer, LLP
Pfizer, Inc.
Proskauer Rose LLP
Provident Music Group
Random House
Raulet Property Partners
Republic Nashville
Revlon
Robins, Kaplan, Miller & Ciresi LLP
Scholastic, Inc.
Screen Actors Guild (SAG)
Shearman & Sterling LLP
Showdog Universal Music
Simpson Thacher & Bartlett LLP
Skadden, Arps, Slate, Meagher & Flom LLP
Sony/ATV Music Publishing
Sony Music Entertainment
Sony Music Nashville
State International Development Organization (SIDO)
The National Association of Theatre Owners (NATO)
The Perseus Books Groups
The United States Conference of Mayors
Tiffany & Co.
Time Warner
3
Ultimate Fighting Championship (UFC)
UMG Publishing Group Nashville
United States Chamber of Commerce
United States Tennis Association
Universal Music
Universal Music Publishing Group
Viacom
Visa, Inc.
W.W. Norton & Company
Warner Music Group
Warner Music Nashville
White & Case LLP
Wolters Kluewer Health
Word Entertainment

While there are some worthwhile causes included in the list (most of whom were probably lied to about SOPA), it generally sounds like a roll-call of what www.theinquirer.net calls “a Who’s Who of copyright holders and media companies”.

Please don’t be conned into thinking SOPA won’t affect you – it will affect every single user of the internet. Media conglomerates will be able to close down websites on the flimsiest of evidence, and their attack-squadrons of lawyers will make it all-but-impossible for anyone to argue. The corporations really want to own the net, and legislation like SOPA will serve it to them on a silver platter.Google, Facebook, Mozilla – just a few of the computer and tech companies are opposed to SOPA, as they are forward-thinking enough to see that SOPA is really a “democratic” version of the Great Firewall of China – unseen suits deciding what we can or cannot see – or post – on our interet. Do yourself a favour – educate yourself on what SOPA really means (Google Is Your Friend… Bing too), then hassle your legal reps to kill the act before it can become law!

 

Locations of visitors to this page


free web stat


%d bloggers like this: