Reddit “hacked”!

02/08/2018
reddit

Reddit – “hacked”

Reddit member info was compromised in June this year. Two data-sets were accessed: the first from 2007 containing account details and all public and private posts between 2005 and May 2007; and the second included logs and databases linked to Reddit’s daily digest emails, which was accessed between 3 and 17 June this year. The data includes usernames and email addresses linked to those accounts.

Reddit they are contacting members who may have been affected.  But the way these stories go, it will be revealed soon that everyone’s data has been leaked, so all Reddit members should probably reset their passwords.

And if you are one of the millions of people who re-use user-names and passwords over multiple sites, you’d better change your login info on all accounts.  This time do it properly, with a password manager.  Better late than never, eh!

The Reddit system was compromised through former employee accounts which were “protected” with SMS-based two-factor authentication.

SMS-based two-factor authentication is more secure than using a password alone.  But it is relatively easy to break through. For instance, an attacker can transfer a phone number by supplying an address, last 4 digits of a social security number and perhaps a credit card – exactly the type of data that is widely available on the dark web thanks to large database breaches like Equifax.

bmc-purple


Google censoring searches in China again

02/08/2018
google-logos

Google has a new logo and updating its image – but under the surface it’s still that pre-2010 half-evil censor

Eight years after Google pulled out of the censored Chinese internet, they’re back.  It’s been reported that the company is working on a mobile search app that would block certain search terms and allow it to reenter the Chinese market.

Google has engaged in the China-controlled internet space before: but in 2010 it pulled out, citing censorship and hacking as reasons.  It didn’t pull out completely – it still offered a number of apps to Chinese users, including Google Translate and Files Go, and the company has offices in Beijing, Shenzhen and Shanghai – But the largest of its services – search, email, and the Play app store – are all unavailable in the country.

Google co-founder Sergey Brin told the Guardian in 2010 that his opposition to enabling censorship was motivated to his being born in Soviet Russia.   “It touches me more than other people having been born in a country that was totalitarian and having seen that for the first few years of my life,” he said as Google exited the Chinese market after 4 years of cooperating with the authorities.

But now they’re back, working on a mobile search app that would block certain search terms and black-listed material.  The app is being designed for Android devices.

According to tech-based news site The Information, Google is also working on a censored news-aggregation app too. The news app would take its lead from popular algorithmically-curated apps such as Bytedance’s Toutiao – released for the Western market as “TopBuzz” – that eschew human editors in favour of personalised, highly viral content.

Patrick Poon, China Researcher at Amnesty International, called Google’s return to censorship “a gross attack on freedom of information and internet freedom.”

In putting profits before human rights, he said, Google would be setting a chilling precedent and handing the Chinese government a victory.

This is important because many computer users will set a search site as their homepage and even find content by entering key-words into the url bar of their browser.  Because of Google’s ubiquity, it is frequently set as default search engine on browsers, meaning that millions of users will find that their experience of the internet is that delivered through the lens of Google.  If that lens is smudged or cracked by censorship, all these users’ internet experience is skewed.  So it is essential to highlight the fact that Google is not the neutral, trustworthy agent that many users think it to be.

GreatFire, an organisation that monitors internet censorship and enables circumvention of the “Great Firewall of China”, said the move “could be the final nail in the Chinese internet freedom coffin” and that “the ensuing crackdown on freedom of speech will be felt around the globe.”

bmc-orange


Darknet Part 3: How people got caught

10/07/2018

Part 3 of an occasional series of videos about the Darkweb, hidden services, anonymity… all the good stuff that we need, and need to know about!

Excellent Defcon presentation by Adrian Crenshaw detailing how some Tor users got caught.  TL;DR: it’s all down to faulty OpSec.  Be careful all the time, use your common sense, and all well be well.  So long as there aren’t 0days in Tor Browser that the Man knows about and the devs don’t…

But this isn’t too long to watch.  So watch it!  Even if you don’t use the darknet it is hugely informative and entertaining.  And if you do use Tor or otherwise have an interest in anonymity (which means you!), it is doubly informative and entertaining… in fact it is essential for everyone to watch.  So watch it!

tor-browser1

There’s a special browser that leads to a secret web…

bmc-yellow


The Cypherpunk Manifestos

24/06/2018

Reading a lot about privacy and anonymity and cryptography and cryptocurrency and Darknet hidden services and Tor lately.  Something that has caught my attention is the Cypherpunk movement, and their manifestos.

bitcoin

Without anonymous currency, we don’t have real anonymity

The earliest one seems to be The Crypto Anarchist’s Manifesto, written by Timothy C May in 1988.  Here’s a link to it.  Written thirty years ago, but very of the moment even now.  Read how it opens:

Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner. Two persons may exchange messages, conduct business, and negotiate electronic contracts without ever knowing the True Name, or legal identity, of the other. Interactions over networks will be untraceable, via extensive re-routing of encrypted packets and tamper-proof boxes which implement cryptographic protocols with nearly perfect assurance against any tampering. Reputations will be of central importance, far more important in dealings than even the credit ratings of today. These developments will alter completely the nature of government regulation, the ability to tax and control economic interactions, the ability to keep information secret, and will even alter the nature of trust and reputation.

A cypherpunk’s manifesto” by Eric Hughes, is also very relevant, even though it is 26 years old.  Here’s a bit:

Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can’t get privacy unless we all do, we’re going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don’t much care if you don’t approve of the software we write. We know that software can’t be destroyed and that a widely dispersed system can’t be shut down.

Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation’s border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.

This is stuff that could have been written yesterday.  The technologies required for true anonymity have broken out fairly recently: encryption, cryptocurrency, all this has come to a head now.  If we don’t seize this opportunity, maybe we don’t deserve it.

bmc-yellow


ibVPN – safe web browsing for not much money

08/06/2018
ibvpn-4616-reviews

ibVPN – a high-rated VPN service with more than 180 servers world-wide

A VPN (Virtual Private Network) is a technology that creates a safe and encrypted connection over a less secure network, such as the internet. VPN technology was developed as a way to allow remote users and branch offices to securely access corporate applications and other resources. Nowadays VPNs are widely used to encrypt and secure an otherwise insecure connection (such as a public wifi access point – an eavesdropper can see everything you do over McDonalds’s wifi if it isn’t encrypted!); some people use VPN service to access restricted online service – eg if you live in the UK you won’t be able to use the US Netflix service as that is geographically restricted to users in the USA.  But if you use a VPN server based in the USA, Netflix won’t be able to tell that you’re not in the USA yourself – all Netflix can see is that your traffic is coming and going from that US-based server.  This feature also lends some anonymity to the internet connection, which is another reason some people use a VPN.

And  it’s not just geographical restrictions that VPN use can help you circumvent: some work and school networks stop users accessing some sites like Youtube for instance (your employer may want you to work rather than look at cat videos) or hacker sites (schools tend to block sites with crime-related content, and as so many people associate hacking with crime, anything containing the word “hacker” gets banned).  So, the local network won’t let you view what you want?  Use a VPN, and all the local net can see is data going to/coming from the VPN server.  It knows nothing about goddamn cat memes or how to crack Facebook accounts!

For the past few years I have been using ibVPN (“Invisible Browsing”), run by Romanian-based service provider Amplusnet.  It’s not the fastest service out there, but it is competitively-priced and has global availability.  ibVPN boasts of more than 180 servers in 47 countries across the globe.  And there are 4 different service plans:

  • Ultimate, at $4.83 per month –  “Great for strong privacy and securityheavy streamingunblocking restricted websitestorrents & p2p activity. The most complete package”
  • Standard, at $3.08 per month – “Great for regular usagestreamingunblocking restricted websitesprivacy protection. Includes access to VPN and Extensions. No SmartDNS.”
  • Torrent, also $3.08 per month – “Special package for those looking to protect their identity while downloading torrents. Privacy protection. No SmartDNS or Proxy.”
  • IBDNS/SmartDNS, also $3.08 per month – “Special package designed for unblocking restricted websitesand heavy streaming. Includes SmartDNS and access to browser extensions. No VPN.”

Their All-In-One client software/apps is available for Windows, Apple MacOS and iOS, and Android devices, and the services are also compatible with Linux, most routers, smart TVs and gaming consoles.  The interface is clean and efficient (see below).

ibVPN-All-in-one-client

ibVPN All-In-One client interface controls your VPN sessions

If you’re thinking of going with ibVPN but want to try before you buy, they offer a 6 hour free trial period.  And they have a 15 day money back guarantee if you’re not satisfied by the service.  This shows they have confidence in the quality of their product.

The speed of some servers/connections is not always great, but it is rarely appalling and the price is excellent.  All in all, a good service – I’ve been using it for some years now, which is the greatest praise any product could get – if I keep paying for something it’s because it’s the best!!  😉

Buy Me A Coffee


How to rip dvds – including “copy-protected disks” – with dvd::rip and vlc

27/03/2016

Disclaimer: I never ever break the law.  Any suggestion that I do so, regularly and in flagrant disregard of conventional norms, is unintended and all I can say in my defence is that you must have misunderstood what I’ve written (I often write fiction – maybe this blog entry is fiction.  Lies, lies; all is lies!).  Anyway, don’t never do wrong!! (was that a double negative?)

I hate buying DVDs.  Bittorrent is beautiful, it takes away all that parting with money nonsense.  But another way to get cool videos is having friends who buy DVDs then lend them out to their friends.  Including you!  Except you don’t watch the thing once then give it back – you riiip it first!

piracy-is-not-a-victimless-crime-resized

Don’t copy DVDs!  Not only is it illegal, it’s not a victimless crime.  Think of the poor movie stars, the directors, the multi-millionaire producers.  And the children!  Won’t somebody please think of the children? [image shamelessly borrowed from the Intellectual Property Rights Center (whoever they are).  Don’t sweat it, IPRCENTER, you can have the image back when we’ve finished using it…]

I like using dvd::rip despite its stupid name.  I mean, what’s up with the double-colons?  They’re invisible to Google as far as I can make out.  Luckily for you, I (the King of stealing shit) found the dvd::rip download page.

Now for the bad news (so far as most of you are concerned – it’s a Linux program!!!  Ha!  Ha!  Ha!  Linux FTW!!  If you want to learn how to rip DVDs with Windows or Mac, you’ll have to look elsewhere.  But don’t give up the hunt too quickly.  Tenacity is a great quality for a pirate, hacker, oil-field surveyer, just about anyone to have.  And if that doesn’t work out for ya, get yerself a Linux OS.  Ubuntu is my favourite (also my first, so I may be biased) but there are lots of other distros to try.

Okay, so you have Linux (Ubuntu!  Ubuntu!  Choose Ubuntu!) installed.  Now you need a DVD ripping software.  My personal choice is dvd::rip, despite its stupid name.  It’s a stupid name because those dumb double-colons stop you from installing the program via the command line (ie sudo apt-get install application-x).  But the Ubuntu Software Centre will find it easily enough, or the package manager of whatever Linux distro you’ve installed.  Tell it to install, and in a jiffy dvd::rip will be downloaded and installed, stupid double-colons and all  (depending on how fast your internet connection is and how long you consider a jiffy to be).

If, for some reason, your distro installation system doesn’t find dvd::rip, you can find downloads in various formats here.

Okay, you have dvd::rip installed on your system and you have a DVD you want to rip.  We’re nearly there: all you gotta do is to stick in the DVD and rriiiip it.

Insert the DVD, then run dvd::rip.  Under the File menu, click on New Project.  The next screen will want some storage path information.  By default the project is called unnamed.  If you change it in the Project name box, it will automagically change in the other boxes too.  Note that the files created by dvd::rip will appear in a sub-directory of your home directory. Now click on the button labelled +create project. dvd::rip will want to know where to put the *.zip file.  For this example, I’m ripping the DVD of the movie The Departed, so I called the project “departed”.  So dvd::rip wants to know where to put the file departed.rip file.  I generally just stick them in my home directory.  Choose where you want your *.rip file to be stored, then click OK.

Now the program wants some info about the DVD device you’re using.  Generally leave this as it is, unless you’re using an external or non-default DVD device.  You’ll be offered a ripping choice: Copy data from DVD to harddisk before encoding or Encode DVD on the fly.  I choose the first because it is quicker and puts less strain on the DVD devices.  It also enables “interesting features”, but I haven’t explored these yet.

 

dvdrip-save-project-departed

So, you’ve selected the DVD device and ripping mode.  Now click on the greyed-out button RIP Title.  This brings you to a new screen.  There’s a big empty space here which will fill with the DVD’s contents when you click the button Read DVD table of contents. Click it.

A list of the table of contents will be printed to the screen.  In the case of The Departed it’s pretty obvious which particular title you want to rip: there are only 2 options, and one is only 1 second long.  So title 2, all 2 hours and 25 minutes of it, is the one you want.

dvdrip-tableofcontents

 

Sometimes choosing is more difficult.  Generally, the longer item is the one you want.  Sometimes though. a sneaky attempt at “copy protection” (hah!) presents you with a long list of titles of almost identical lengths.  There’s a pretty easy way of working out which title is the one you want to rip.  I will explain how to get past this ridiculous attempt at “copy-protection” later*.  But, to continue with this example, it’s clear which track you want to rip. So high-light it (by clicking on it) then click on Rip selected title(s)/chapter(s) near the bottom of the screen.  The status bar at the bottom of the screen will start turning orange – the more orange you can see, the more of the DVD has been ripped.  So now it’s a waiting game.  Large files can take 45 minutes or more ro rip!  So now’s a good time to make some coffee, maybe watch some TV show you downloaded from the internet, you naughty pirate, you!

When  the ripping is done, the status bar at the bottom of the screen will not be orange any more.  It will  be clear, except for some text telling you how much free space you have left on your hard disk.  Now click on Transcode.  On the Transcoding page, usually the only changes from the default are under Video Bitrate Calculation: by Target media I choose from the drop-down menus One x 850 MB  Then I click on Transcode, and sit back to watch the status bar fill with orange again – or maybe watch some more illegal content while waiting for the transcoding to finish…  By default dvd::rip makes 2 passes transcoding, which can take some time…

At the end of all this transcoding… and waiting… and transcoding… and waiting… that status bar will trn colourless again, with some text saying how much diskspace is left.  The ripping is complete.  Go to ~/dvdrip-data, and in the directory named avi you will find your movie in an avi video file -move it to where you keep your video files .  The sub-directories tmp and vob may as well be deleted, as I haven’t found a use for them yet. The files in the vob directory are especially large – in the case of The Departed, there were 8 .vob files, all but one weighing in at 1.1 GB each!  They may be useful (perhaps for transferring the movie to another video DVD?) but I haven’t looked into that yet.  So I do myself a favour by deleting the contents of the dvdrip-data directory and freeing up the disk space.

*The sneaky yet futile attempt at “copy protecting”.

I told you that I’d get to this nonsense, and so I have.  Some DVDs, when their tables of content are open, list many titles as the one you want to copy.  You can’t tell them apart very easily, as they are all near enough the same length.  But only one of them is the track you want.  The others are a school of red herrings, containing just parts of the movie or other such crap.  What you need is “The 99 Video Titles Fix”.  What you need is vlc.

vlc should be available through the Software Centre or Synaptic (I’m assuming that you’re using Ubuntu. It might be in the package manager of other Linux distros.  If you’re having problems finding it, have a look at the VideoLAN site for possibly useful information. And Google.  Never forget the mantra: Google Is Your Friend.)  If you’re going to rip one of these “copy protected” disks with dvd::rip you are going to need vlc.  Unless you know of another method, in which case please share this other method in Comments below (or if you’re shy, send it to me direct via the Contact Form button at the top of this page.

captain-america-the-first-avenger-resized

This guy is a dick.  Really!  I ended up cheering for the Red Skull, that Captain was so goody-two-shoed.  And a shield?  FFS! [image stolen, I mean borrowed, from amazon.com]

Anyway.  A friend of mine lent me his DVD of Captain America: The First Avenger, and an evil voice in my ear whispered “Rip the DVD and add it to your goodly-sized collection of comics-based movies.”  You see, I collect comics-based movies.  The good voice in my other ear said something like “Mmph! Mmmph!” like it had been gagged or something.  Anyway, I’m easily led, so I set to ripping Captain America.

But those evil guys at Hydra, I mean Marvel Studios, had employed a fool-proof method of copy protection.  I fired up dvd::rip, had it read the table of contents, and look what it showed me!

cappy-table-of-contents

99 tracks in total, 16 of which were about the right size to be the one I wanted.  But only one was the right one.  So what to do?  Rip all 16 possibles?  That would take a bloody long time.  There had to be a quicker way, I thought.  And I was right.  I consulted my good friend Google and it found this for me.

Basically, fire up vlc,  then select Media > Open Disc.

vlc-open-disc

Next select the type of disc you’re about to play (DVD), enter the device name and path (VLC will select the most likely device – or use Browse and click Play to start playback.

vlc-disk-selection

Now start watching the movie – make sure you’ve gone through any menus and the correct movie you want to rip is playing, then click Playback > Title.  In the example below you can see it’s Title 1; but when this so-called “copy protection” is in use the correct Title could be any, from 1 to 99 or however many they’ve decided to put on the disk to dissuade potential pirates.  Bloody idiots: no matter how many layers of armour they embed their precious movie in, there’s always a way through!

vlc-title

So now you know which Title is the one you want, go back to dvd::rip and select that Title.  And Abracadabra!  The movie is yours!  If you’re a wicked pirate, that is, and I would never condone piracy.  I feel I must repeat: this blog post is fictional – I’ve never ripped a DVD in my life – and all th info is strictly for educative, abstract purposes.  They hang pirates, you know?  Seen the end of Pirates of the Caribbean, where cunning Jack Sparrow escapes the hangman’s noose?  Well, that’s fiction.  (If you haven’t seen that movie, you could probably find it via bittorrent; or a friend may have a DVD you could borrow… 😉 )

giffgaff1

Click on Stewie if you want amazing value mobile phone service including 4G and £5 extra free credit!

 

Buy Me A Coffee


Blowing Whistles

18/02/2016

If you’re at all interested in the case of NSA whistle-blower Ed Snowden, you may be interested in watching the excellent documentary film Citizen 4.  You can download it from here.  Well worth checking out.

Edward_Snowden-2

Ed Snowden.  Image from Wikimedia.


%d bloggers like this: