Reddit “hacked”!

02/08/2018
reddit

Reddit – “hacked”

Reddit member info was compromised in June this year. Two data-sets were accessed: the first from 2007 containing account details and all public and private posts between 2005 and May 2007; and the second included logs and databases linked to Reddit’s daily digest emails, which was accessed between 3 and 17 June this year. The data includes usernames and email addresses linked to those accounts.

Reddit they are contacting members who may have been affected.  But the way these stories go, it will be revealed soon that everyone’s data has been leaked, so all Reddit members should probably reset their passwords.

And if you are one of the millions of people who re-use user-names and passwords over multiple sites, you’d better change your login info on all accounts.  This time do it properly, with a password manager.  Better late than never, eh!

The Reddit system was compromised through former employee accounts which were “protected” with SMS-based two-factor authentication.

SMS-based two-factor authentication is more secure than using a password alone.  But it is relatively easy to break through. For instance, an attacker can transfer a phone number by supplying an address, last 4 digits of a social security number and perhaps a credit card – exactly the type of data that is widely available on the dark web thanks to large database breaches like Equifax.

bmc-purple


Google censoring searches in China again

02/08/2018
google-logos

Google has a new logo and updating its image – but under the surface it’s still that pre-2010 half-evil censor

Eight years after Google pulled out of the censored Chinese internet, they’re back.  It’s been reported that the company is working on a mobile search app that would block certain search terms and allow it to reenter the Chinese market.

Google has engaged in the China-controlled internet space before: but in 2010 it pulled out, citing censorship and hacking as reasons.  It didn’t pull out completely – it still offered a number of apps to Chinese users, including Google Translate and Files Go, and the company has offices in Beijing, Shenzhen and Shanghai – But the largest of its services – search, email, and the Play app store – are all unavailable in the country.

Google co-founder Sergey Brin told the Guardian in 2010 that his opposition to enabling censorship was motivated to his being born in Soviet Russia.   “It touches me more than other people having been born in a country that was totalitarian and having seen that for the first few years of my life,” he said as Google exited the Chinese market after 4 years of cooperating with the authorities.

But now they’re back, working on a mobile search app that would block certain search terms and black-listed material.  The app is being designed for Android devices.

According to tech-based news site The Information, Google is also working on a censored news-aggregation app too. The news app would take its lead from popular algorithmically-curated apps such as Bytedance’s Toutiao – released for the Western market as “TopBuzz” – that eschew human editors in favour of personalised, highly viral content.

Patrick Poon, China Researcher at Amnesty International, called Google’s return to censorship “a gross attack on freedom of information and internet freedom.”

In putting profits before human rights, he said, Google would be setting a chilling precedent and handing the Chinese government a victory.

This is important because many computer users will set a search site as their homepage and even find content by entering key-words into the url bar of their browser.  Because of Google’s ubiquity, it is frequently set as default search engine on browsers, meaning that millions of users will find that their experience of the internet is that delivered through the lens of Google.  If that lens is smudged or cracked by censorship, all these users’ internet experience is skewed.  So it is essential to highlight the fact that Google is not the neutral, trustworthy agent that many users think it to be.

GreatFire, an organisation that monitors internet censorship and enables circumvention of the “Great Firewall of China”, said the move “could be the final nail in the Chinese internet freedom coffin” and that “the ensuing crackdown on freedom of speech will be felt around the globe.”

bmc-orange


an american idiot

20/07/2018
donald trump idiot google search

Don’t wanna be an american idiot? Too late Donald!

Ain’t it grand, how any idiot can game Google results and show the world who really is the idiot?

That’s what activists have been doing: do a Google image search for the word “idiot” and you get a fine selection of Donald Trump pictures!

This is how it works:

According to Inquisitr,  part of the reason for this result is that several English articles published last week included the Green Day song titled “American Idiot” in the headline in relation to Donald Trump and his trip to England; (protestors were actually using the song in the protests). This meant that images were likely titled to describe the article and used the terms “American Idiot” and Donald Trump as descriptives in the image metadata as well as in the article content. As a result, Google’s algorithm has paired these terms together, and with so many people reading and sharing these articles, it has pushed its relevance to the top of the search results.

When you type the word “idiot” into Google’s image search, Trump is the first returned result. This is partly because the Green Day song American Idiot was used by protesters to soundtrack his trip to London. But since then there’s also been a concerted campaign to capitalize on that association, and manipulate Google’s algorithm, by linking the word to the picture. Mostly this involved people upvoting a post containing a photo of him and the word “idiot” on Reddit. [from theguardian.com]

This trick has been used many times before.  For instance, there was a spate of hook-nosed caricatures posted with the single word “Jew”, which resulted in an Image Search for “jew” returning the hook-nosed caricature.

And it was used by Trump fans to associate the word “rapist” with pictures of Bill Clinton.

Many of these were rudimentary, almost meaningless. “RAPIST! RAPIST! RAPIST! RAPIST!” “Today this rapist turns 70. Happy Birthday, rapist.” Most originated from the notorious Reddit forum TheDonald, where fans of Trump congregated to spread his gospel of doing whatever you like, screw the consequences.

The forum moderators would pin a post to the top of the forum to encourage others to upvote it, and the swell of upvotes would push it to the front page of Reddit, which already styles itself “The front page of the Internet”, causing it to leap up to the top row of Google images.

They also did it with an image of Michelle Obama with features Paintshopped to look like an ape.  And the TheDonald team did it with the CNN logo and the words “fake news”.

So it’s kind of fitting that the trick has now been turned on Trump and his idiotic fans!

So is there a moral to be learnt from this story?  Of course not!  The internet is utterly amoral, as are those of us who spend too much time in it. Who knows who will be belittled and demonized next?  And that’s probably the best thing about it – he who demonizes today may be demonized tomorrow.  The internet giveth and… well, it don’t giveth anything but it demands its pound of virtual flesh!

trumps-an-idiot

bmc-orange


Darknet Part 3: How people got caught

10/07/2018

Part 3 of an occasional series of videos about the Darkweb, hidden services, anonymity… all the good stuff that we need, and need to know about!

Excellent Defcon presentation by Adrian Crenshaw detailing how some Tor users got caught.  TL;DR: it’s all down to faulty OpSec.  Be careful all the time, use your common sense, and all well be well.  So long as there aren’t 0days in Tor Browser that the Man knows about and the devs don’t…

But this isn’t too long to watch.  So watch it!  Even if you don’t use the darknet it is hugely informative and entertaining.  And if you do use Tor or otherwise have an interest in anonymity (which means you!), it is doubly informative and entertaining… in fact it is essential for everyone to watch.  So watch it!

tor-browser1

There’s a special browser that leads to a secret web…

bmc-yellow


Free calls, free texts, free everything

07/07/2018

globfone-pc-and-mobile

I wrote about Globfone recently, but here it is again.  This time I’m writing a dedicated review, as it’s a blinding service and deserves all the publicity it can get!

Globfone.com offers free calls, free SMS, free p2p video calls and free p2p file sharing.  The service is all free, is planned to remain free, no registration or subscription required, the service is sustained completely by ads and sponsors.

On their site they describe their “Free Online Phone Project”:

The idea behind Globfone is to deliver telecommunication services like SMS and international calls for free to users across the globe. At Globfone, we firmly believe that there is ‘Love in Sharing’, therefore we are currently seeking to increase our coverage to more than 90% of major International GSM networks that we currently cover. Globfone WEB is a completely FREE to use internet service that allows you to make free phone calls, send free text messages, make free video calls and a free P2P file sharing service to all your friends and family around the world. This service works without For FREE! And you don’t have to install any special software or go through long registration process – Globfone is completely SAFE and EASY to use.

Their worldwide coverage includes 91% of mobile networks for SMS and 96% for calls.

Most of my experience with Globfone is the SMS service.  It is possible to send messages from just about anywhere in the world, to just about anywhere in the world.  And Globfone claims that it is possible to send texts to the same number repeatedly in close succession so as to have conversations via SMS.  This is something that most services don’t allow, reportedly to prevent spam.  But with Globfone, you can.  Imagine that you have a mobile phone but no credit or messages left from your allowance.  You can text message your friend, she can reply by texting your phone, and then you can reply immediately via Globfone, so carry on a text conversation.   Afreesms.com doesn’t allow this, nor does any other service I have come across in my years of checking out these kinds of sites.  This is something that Globfone is rightly proud of.

As well  as laptops and desktop computers, you can also send SMS from most smartphones.  And there is an app – Globfone SMS Messenger – for Android and iOS.

The free calls is a VoIP service that requires no registration, something you rarely find.  This service, as well as the SMS, there is an upper limit to the number of free calls and SMSes available to a single IP address during a 24 hour period.  When that limit is reached, the user is alerted and asked to wait 24 hours before using the service again.  And there is also a call-specific time limit: when you make a call, you are shown a countdown representing how much time you have left on that call.  The call-specific time limit is a pain in the ass – it seems you can’t make calls longer than a minute – but remember this service is free and you’re not likely to find better.

A good use of the free call service is to find your phone – if you’ve mislaid it somewhere in your home you can use Globfone to call it, the ringtone then helps you locate your handset.  Handy, and unaffected by the call time limit as you don’t need to answer the phone.

The webphone service is truly cross-platform as all you need is a modern browser  – it uses multiple different SIP/media engines including a Java VoIP engine – runs in all java enabled browsers; WebRTC – runs in all modern browsers; and Flash VoIP – for compatibility with some old browsers.  You also need to enable speakers and microphone, and optionally headphones.  And that’s it: as long as your computer has that, you can use the webphone service.  If you have problems, visit this webpage.

You can make free calls from most modern smartphones, but may experience difficulties using older mobile platforms, like Symbian OS.   If your mobile browser doesn’t support Java, Globfone’s FAQ advises using its mobile beta app – but I couldn’t find a link to that app.

I haven’t used the p2p services – file-sharing and video calls.  These services are peer-to-peer, meaning a direct connection is made between 2 computers, rather than using phone networks.  If any readers have experience of these Globfone services, please tell us about it in Comments.

The services are financed by ads and sponsorship.  In the FAQs, if you want to donate to Globfone or support it in any way, it suggests you “like” Globfone in social media, or place a link to the site in your blog.  So that’s what I’m doing here.  And look: here’s the link to Globfone!

bmc-yellow


Crazy copyright law voted down… for now…

06/07/2018

Thank goodness, MEPs voted against the Copyright Directive!  The insane ideas, to create a “click tax” and to create automated censors to filter uploaded content, have been beaten.

For now.

Julia Reda, MEP for the Pirate Party, tweeted: “Great success:  Your protests have worked! The European Parliament has sent the copyright law back to the drawing board.”

But that makes it sound far too permanent.  The truth is, this subject is going to be revisited sooner rather than later – thee full European parliament will debate amendments to the copyright directive in September, which is just 2 months away!  And while 318 MEPs voted against the Directive, 278 voted in favour and 31 abstained.  That is not a huge majority.  And it could all be turned around if the press insist on reporting this as a big money-saver for the big internet companies as the Guardian has.”Youtube and Facebook escape billions in copyright payouts after EU vote,” their headline says,

Google, YouTube and Facebook could escape having to make billions in payouts to press publishers, record labels and artists after EU lawmakers voted to reject proposed changes to copyright rules that aimed to make the tech companies share more of their revenues.

The paper did report the other side, how high-profile figures like Wikipedia founder Jimmy Wales, world wide web inventor Sir Tim Berners-Lee, net-neurality expert Tim Wu, and internet pioneer Vint Cerf claim it would transform the internet from a platform for sharing and innovation into a tool for the automated surveillance and control of its users.

Put simply: we’ve won this battle, but the bureaucrats who were pushing the copyright directive have a habit of revisiting subjects time and again until they get the result they want.  And they want the copyright directive.  We have to remain alert or they may still destroy our internet!

 


2 days to save the internet!!

03/07/2018

eu-plan-to-destroy-internet

On 5 July, the European Parliament is voting on a copyright directive that, if passed, threatens the existence of the internet as we know it.  This isn’t hyperbole:

  • It will force online platforms to vet uploaded content for copyright violations.  Sites such as Youtube are able to automate this work, which results in a lot of false positives.  Smaller platforms might have to sort uploads by hand, which would be impossible for most sites
  • Artists and others who remix content, share it or create parodies of others’ material will be criminalised by this directive
  • Mining of text and data-sets will be legal only for scientific research institutions; other people, such as journalists, librarians and independent scientists will no longer be allowed to data-mine, regardless of their legitimate interest

These are only a few of the harmful effects of the copyright directive.  We all need to protest this bill as it threatens the open internet, not only in Europe but world-wide.  Changecopyright.org are helping us oppose the directive, by giving us all free telephone calls, to call the European Parliament and tell them to vote against Article 13.  They even provide callers with a script, if you don’t know what to say.  Go to changecopyright.org for information.  And don’t delay: the European Parliament votes on this on 5 July!!

bmc-purple


%d bloggers like this: