Quotulatiousness

December 4, 2012

Tumblr gets trolled

Filed under: Media, Technology — Tags: , , , , — Nicholas @ 09:58

The Register‘s John Leyden on the JavaScript troubles inflicted on Tumblr the other day:

A worm spread like wildfire across Tumblr on Monday, defacing pages on the blogging website with an abusive message penned by a notorious trolling crew.

The outbreak was triggered by the GNAA, a group of anonymous troublemakers who get their kicks from winding up bloggers with offensive posts.

Tumblr temporarily halted the publication of new journal posts to prevent the worm from spreading further before restoring the service to normal a few hours later.

[. . .]

“It appears that the worm took advantage of Tumblr’s reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages,” wrote Graham Cluley, senior technology consultant at Sophos.

“It shouldn’t have been possible for someone to post such malicious JavaScript into a Tumblr post — our assumption is that the attackers managed to skirt around Tumblr’s defences by disguising their code through Base 64 encoding and embedding it in a data URI,” he added.

November 25, 2012

Anthropology and hacker culture

Filed under: Media, Technology — Tags: , , , , — Nicholas @ 11:56

Cory Doctorow on a new book by Biella Coleman called Coding Freedom: The Ethics and Aesthetics of Hacking:

[Coleman's dissertation has been], edited and streamlined, under the title of Coding Freedom: The Ethics and Aesthetics of Hacking, which comes out today from Princeton University Press (Quinn Norton, also well known for her Wired reporting on Anonymous and Occupy, had a hand in the editing). Coding Freedom walks the fine line between popular accessibility and scholarly rigor, and does a very good job of expressing complex ideas without (too much) academic jargon.

Coding Freedom is insightful and fascinating, a superbly observed picture of the motives, divisions and history of the free software and software freedom world. As someone embedded in both those worlds, I found myself surprised by connections I’d never made on my own, but which seemed perfectly right and obvious in hindsight. Coleman’s work pulls together a million IRC conversations and mailing list threads and wikiwars and gets to their foundations, the deep discussion evolving through the world of free/open source software.

October 27, 2012

Do you use a stupidly easy-to-guess password?

Filed under: Technology — Tags: , , , , — Nicholas @ 11:15

SplashData has released an updated list of the top 25 passwords gleaned by hackers from stolen password files:

# Password Change from 2011
1 password Unchanged
2 123456 Unchanged
3 12345678 Unchanged
4 abc123 Up 1
5 qwerty Down 1
6 monkey Unchanged
7 letmein Up 1
8 dragon Up 2
9 111111 Up 3
10 baseball Up 1
11 iloveyou Up 2
12 trustno1 Down 3
13 1234567 Down 6
14 sunshine Up 1
15 master Down 1
16 123123 Up 4
17 welcome New
18 shadow Up 1
19 ashley Down 3
20 football Up 5
21 jesus New
22 michael Up 2
23 ninja New
24 mustang New
25 password1 New

If you recognize any password on this list … do yourself a favour and change it to something not on the list, preferably using more characters (including upper and lower case letters, numbers, and symbols). And don’t use the same password on multiple sites! SplashData sells a password keeper application that is quite useful (I’ve been using it for years now), and is available for multiple platforms.

July 12, 2012

Säkerhetsbloggen does some preliminary analysis of Yahoo’s 453,000 leaked passwords

Filed under: Technology — Tags: , , , , , — Nicholas @ 10:01

As we’ve noticed before, there are lots of really, really bad passwords in use:

Recently, Ars Technica reported about a leak by “D33ds Company” of more than 450.000 plain-text accounts from a Yahoo service, which is suspected to be Yahoo Voice.

Since all the accounts are in plain-text, anyone with an account present in the leak which also has the same password on other sites (e-mail, Facebook, Twitter, etc), should assume that someone has accessed their account.

[. . .]

Total entries = 442773
Total unique entries = 342478

Top 10 passwords
123456 = 1666 (0.38%)
password = 780 (0.18%)
welcome = 436 (0.1%)
ninja = 333 (0.08%)
abc123 = 250 (0.06%)
123456789 = 222 (0.05%)
12345678 = 208 (0.05%)
sunshine = 205 (0.05%)
princess = 202 (0.05%)
qwerty = 172 (0.04%)

Other bits of password-related idiocy are here.

June 5, 2012

Stuxnet, Duqu, and Flame: joint US-Israeli projects

Filed under: Middle East, Military, Technology, USA — Tags: , , , , , — Nicholas @ 09:02

The US and Israeli governments have admitted that the Stuxnet, Duqu, and Flame malware infections were joint efforts:

American and Israeli officials have finally confirmed that the industrial grade Cyber War weapons (Stuxnet, Duqu and Flame) used against Iran in the last few years were indeed joint U.S.-Israel operations. No other details were released, although many more rumors are now circulating. The U.S. and Israel were long suspected of being responsible for these “weapons grade” computer worms. Both nations had the motive to use, means to build and opportunity to unleash these powerful Cyber War weapons against Iran and other that support terrorism.

The U.S. Department of Defense had long asked for permission to go on the offensive using Cyber War weapons. But the U.S. government regularly and publicly declined to retaliate against constant attack from China, mainly because there were fears that there could be legal repercussions and that weapons used might get out of control and cause lots of damage to innocent parties.

Iran turned out to be another matter. Although not a serious Cyber War threat to the United States, Iran was trying to build nuclear weapons and apparently Israel had already been looking into using a Cyber War weapon to interfere with that. Given the nature of these weapons, which work best if the enemy doesn’t even know they exist, don’t expect many details to be released about this Cyber War program. What is known is that the Cyber War weapons unleashed on Iran were designed to concentrate only on very specific targets. So far, only three weapons that we know of have been used. One (Stuxnet) was designed to do damage to one specific facility, the plant where Iran produced nuclear fuel for power plants, and atomic weapons. That one worked. The other two (Duqu and Flame) were intelligence collection programs. They also apparently succeeded, remaining hidden for years and having lots of opportunity to collect enormous quantities of valuable data.

May 15, 2012

Nerd politics: problems and opportunities

Filed under: Government, Liberty, Politics, Technology — Tags: , , , , , , — Nicholas @ 00:08

Cory Doctorow in the Guardian on the current state of “nerd politics:

In the aftermath of the Sopa fight, as top Eurocrats are declaring the imminent demise of Acta, as the Trans-Pacific Partnership begins to founder, as the German Pirate party takes seats in a third German regional election, it’s worth taking stock of “nerd politics” and see where we’ve been and where we’re headed.

Since the earliest days of the information wars, people who care about freedom and technology have struggled with two ideological traps: nerd determinism and nerd fatalism. Both are dangerously attractive to people who love technology.

In “nerd determinism,” technologists dismiss dangerous and stupid political, legal and regulatory proposals on the grounds that they are technologically infeasible. Geeks who care about privacy dismiss broad wiretapping laws, easy lawful interception standards, and other networked surveillance on the grounds that they themselves can evade this surveillance. For example, US and EU police agencies demand that network carriers include backdoors for criminal investigations, and geeks snort derisively and say that none of that will work on smart people who use good cryptography in their email and web sessions.

But, while it’s true that geeks can get around this sort of thing — and other bad network policies, such as network-level censorship, or vendor locks on our tablets, phones, consoles, and computers — this isn’t enough to protect us, let alone the world. It doesn’t matter how good your email provider is, or how secure your messages are, if 95% of the people you correspond with use a free webmail service with a lawful interception backdoor, and if none of those people can figure out how to use crypto, then nearly all your email will be within reach of spooks and control-freaks and cops on fishing expeditions.

[. . .]

If people who understand technology don’t claim positions that defend the positive uses of technology, if we don’t operate within the realm of traditional power and politics, if we don’t speak out for the rights of our technically unsophisticated friends and neighbours, then we will also be lost. Technology lets us organise and work together in new ways, and to build new kinds of institutions and groups, but these will always be in the wider world, not above it.

May 11, 2012

Britain’s government websites under attack

Filed under: Britain, China, Government, Technology — Tags: , , , — Nicholas @ 09:06

Perhaps I’m just cynical, but I had expected that any government website would need to be “hardened” against attack. The British government’s many official websites have indeed been undergoing attacks for quite some time:

The British Ministry of Defense has admitted, for the first time, that it is under heavy attack by hackers. It was also revealed that some of these attacks had succeeded. The good news is that the military is becoming more aggressive and imaginative in dealing with Cyber War defense. China was not directly accused of being behind any of these attacks, but it was mentioned that there are now discussions underway with the Chinese on the matter. All this is an old problem.

Last year, Britain went public to report a higher number of Internet based attacks. The report noted that the emphasis was now on economic assets. This included technology and business plans. For example, the Foreign and Commonwealth Office was under heavy cyber-attack for several months, apparently in an effort to obtain secret details of government plans and techniques for supporting British exports. Government Internet security officials were making all this public to encourage British firms to increase their Internet security.

All this was nothing new. Two years ago Britain’s domestic intelligence service, MI5, went public with numerous charges of Chinese Internet based espionage. MI5 accused China of using both agents and hacker software, to obtain secrets from specific companies and government organizations. This approach had Chinese personnel approaching specific British businessmen at trade shows, and offering gifts, like a thumb drive loaded with hidden hacker software that will load itself on to the victim’s PC and seek out valuable information. Internet based attacks, traced back to China, continue to send real looking email that has an attachment containing another of those stealthy hacker programs that seek out secrets, or even quietly take over the user’s PC. Three years ago, MI-5 sent alerts to major corporations warning them of similar attacks and advising increased security of their data.

January 29, 2012

China and the censorship state

Filed under: China, Government, Liberty, Media — Tags: , , , , , — Nicholas @ 12:02

Rebecca MacKinnon in the National Post on the ways and means of ensuring “harmony” in China’s corner of the internet:

In fall 2009, I sat in a large auditorium festooned with red banners and watched as Robin Li, CEO of Baidu, China’s dominant search engine, paraded onstage with executives from 19 other companies to receive the “China Internet Self-Discipline Award.” Officials from the quasi-governmental Internet Society of China praised them for fostering “harmonious and healthy Internet development.” In the Chinese regulatory context, “healthy” is a euphemism for “porn-free” and “crime-free.” “Harmonious” implies prevention of activity that would provoke social or political disharmony.

China’s censorship system is complex and multilayered. The outer layer is generally known as the “great firewall” of China, through which hundreds of thousands of websites are blocked from view on the Chinese Internet. What this system means in practice is that when one goes online from an ordinary commercial Internet connection inside China and tries to visit a website such as hrw.org, the website belonging to Human Rights Watch, the web browser shows an error message saying, “This page cannot be found.” This blocking is easily accomplished because the global Internet connects to the Chinese Internet through only eight “gateways,” which are easily “filtered.” At each gateway, as well as among all the different Internet service providers within China, Internet routers — the devices that move the data back and forth between different computer networks — are all configured to block long lists of website addresses and politically sensitive keywords.

These blocks can be circumvented by people who know how to use anti-censorship software tools. It is impossible to conduct accurate usage surveys, but it is believed likely that hundreds of thousands of Chinese Internet users deploy these tools to access Twitter and Facebook every day. Yet researchers estimate that out of China’s 500 million Internet users, only about 1% or so (a number somewhere in the single-digit millions — still a large number of people but not enough percentage-wise to shape majority public opinion) use these tools to get around censorship, either because most do not know how or because they lack sufficient interest in, or awareness of, what exists on the other side of the “great firewall.”

November 25, 2011

GCHQ goes public, sort of

Filed under: Britain, Technology — Tags: , , , — Nicholas @ 08:57

GCHQ grew out of the WW2 code-breaking group based at Bletchly Park and is the British equivalent of the NSA. Recently it was announced that GCHQ will start offering its expertise to private businesses:

Some of the secret technologies created at the government’s giant eavesdropping centre GCHQ are to be offered to private industry as part of new cyber security strategy being unveiled by ministers on Friday.

The idea is likely to be one of the most contentious in the plans, which could lead to the government being paid substantial sums for software developed by the intelligence agency based in Cheltenham.

Opening up GCHQ to commercial opportunities will not deflect it from defending national security, which remains its priority, ministers argue, and the agency has insisted it will not be side-tracked.

However, the new cyber strategy makes clear that the dangers posed by espionage and crime on the web cannot be faced without better co-operation between the two sectors, and that they will have to work together more closely in future.

November 19, 2011

Internet users’ password security still hasn’t improved

Filed under: Technology — Tags: , , , , , — Nicholas @ 10:03

Do you use any of the following terms as your password? If so, congratulations, you’re helping keep the rest of us from being as easily hacked as you are:

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

This list is from SplashData, who produce (among other things) a password-keeper utility. Last year, Gawker published the 50 top passwords in a graphic:

Here’s a word cloud from an earlier post on passwords:

Other posts on this topic: opportunities for humour with your bank’s secret questions, xkcd on the paradox of passwords, Passwords and the average user, More on passwords, And yet more on passwords, and Practically speaking, the end is in sight for passwords.

August 19, 2011

If you want to take the moral high ground, you must live up to it

Filed under: Britain, Media — Tags: , , , — Nicholas @ 15:27

James Delingpole has a bit of advice for the BBC and the Guardian:

The liberal-Left has many vices. But surely the most noisome one of all (in a crowded field) is its rank hypocrisy. If you’re going to take the moral high ground — as Lefties will insist on doing at every opportunity — the very least you owe the world in return if you have a shred of compunction, decency or intellectual consistency is to demonstrate more integrity than those you are impugning. And if you can’t do that, then bloody well shut up.

In the last few months, you can’t have helped noticing, the liberal-Left media, led by the BBC and the Guardian, have been dwelling on the News International phone hacking scandal with a shrillness and hysteria and foaming moral outrage out of all proportion to the nature of the offence.

Am I defending phone hacking or the leaking by police of confidential information to newsapers? Of course I’m not. I think it’s a horrible, grubby practice which must have left all the people who were victims of it feeling soiled and discomfited. But a) as we saw in the cities of Britain last week (and we’re also seeing on the stock markets) there are many problems far more deserving right now of the media’s crusading attention. And b) it’s not as if News International’s imprints which were the only newspapers playing this game. The gutter end of journalism is, of necessity, an unscrupulous, highly competitive business. Tabloid hacks stand or fall on the number of scoops they get over the opposition. It would be stretching the bounds of credulity to claim that other papers, besides those owned by Murdoch, have not engaged in similar dirty tricks.

July 13, 2011

Anonymous decides they’re against Ethical Oil

Filed under: Cancon, Environment, Media, Technology — Tags: , , , — Nicholas @ 10:13

I guess all the popular targets have already been hit, so the rumour is that Anonymous is going to be going after companies working in the oilsands:

In related news, Anonymous said it planned to attack oil firms and banks supporting the controversial extraction of oil from sand in Alberta, Canada. Exxon Mobil, ConocoPhillips, Canadian Oil Sands, Imperial Oil, and the Royal Bank of Scotland have been put on notice that they are likely to be targeted in Anonymous’ latest operation, dubbed Project Tarmageddon.

Anonymous began with attacks on the Church of Scientology in early 2008 before it made headline news last year with attacks on financial service firms that blocked donation to WikiLeaks following the release of controversial US diplomatic cables. Another long-running campaign has targeted entertainment industry firms that hassled file sharers or console modders, most notably Sony.

July 11, 2011

The highly localized outrage in the News of the World affair

Filed under: Britain, Media — Tags: , , — Nicholas @ 09:09

Frank Furedi points out the amazingly restricted view of the media:

The furore that surrounds the demise of the News of the World has little to do with the specific morally corrupt practices at that tabloid. Rather, as with other highly stylised outbursts of outrage in recent years — from ‘cash for questions’ to the MPs’ expenses scandal to bankers’ bonuses — this is a media-constructed and media-led furore. The main reason the sordid phone-hacking affair has become the mother of all scandals is because the media assume that anything which affects them is far more important than the troubles facing normal human beings.

It’s understandable: media folks frequently point out that politicians and celebrities move in “bubbles” which rarely bring them into contact with ordinary people — yet only occasionally seem to be aware that the media lives in its own set of bubbles.

Outrage-mongering, which is essentially an accomplishment of the media, is parasitical on today’s depoliticised and disorganised public life. In the absence of true political conviction, of any meaningful political alternative, strongly held views have been replaced by expressions of frustration and outrage. In such circumstances, the cultural elite can substitute its own agenda for that of the public, and in effect an outraged media reality becomes the reality.

Over the past week, many have claimed that the News of the World’s phone-hacking practices have offended the British public. Time and again, journalists claim to have detected a powerful public revulsion against the machinations of News International. Even a sensible columnist like Matthew d’Ancona argues that ‘David Cameron and Rupert Murdoch are swept up in a public fit of morality’. In truth, this ‘public fit of morality’ is actually confined to a relatively narrow stratum of British society. People in the pub or on the streets are not having animated debates about the News of the World’s heinous behaviour. Rather it is the Twitterati and those most directly influenced by the cultural elite and its lifestyle and identity who are emotionally drawn to the anti-Murdoch crusade.

July 8, 2011

A contrarian view on the News of the World closure

Filed under: Britain, Liberty, Media — Tags: , , , — Nicholas @ 09:28

Well, somebody had to point out the cloud to this lovely silver lining that everyone else is enjoying:

Around the world, miles of column inches and hours of television and radio debate have been devoted to the closure of the News of the World. And yet the gravity of what occurred yesterday, the unprecedented, head-turningly historic nature of it, has not been grasped anywhere. A newspaper of some 168 years’ standing, a public institution patronised by millions of people, has been wiped from history — not as a result of some jackbooted military intrusion or intolerant executive decree or coup d’état, but under pressure from so-called liberal campaigners who ultimately felt disgust for the newspaper’s ‘culture’. History should record yesterday as a dark day for press freedom.

In a civilised society we tend to associate the loss of a newspaper, the pressured shutting down of a media outlet, with some major corrosion of public or democratic values. We look upon the extinction of a paper for non-commercial reasons, whatever the paper’s reputation or sins, as a sad thing, normally the consequence of a tyrannical force stamping its boot and its authority over the upstarts of the media. Yet yesterday’s loss of a newspaper has given rise, at best, to speculative analysis of what is going on inside News International, or at worst to expressions of schadenfreude and glee that the four million dimwits who liked reading phone-hacked stories about Wayne Rooney on a Sunday morning will no longer be at liberty to do so. Many of those politically sensitive commentators who shake their heads in solemn fury upon hearing that a newspaper in a place like Belarus has closed down have barely been able to contain their excitement about the self-immolation of a tabloid here at home.

Many people, including us at spiked, had reservations about the News of the World’s mode of behaviour, especially following this week’s revelations of deplorable phone-hacking activity involving murdered teenager Milly Dowler and the families of dead British soldiers. The paper undoubtedly infuriated many people, too. Yet this was a longstanding public institution. Just because a newspaper is the private property of an individual — even if that individual is Rupert Murdoch — does not detract from the fact that it is also a public institution, with an historic reputation and an ongoing political and social engagement with a regular, in this case numerically formidable readership. That such a public institution can be dispensed with so swiftly, that a huge swathe of the British people can overnight be deprived of an institution they had a close relationship with, ought to be causing way more discomfort and concern than it is. How would we feel if other public institutions — the BBC, perhaps, or parliament — were likewise to disappear?

July 7, 2011

British tabloids

Filed under: Britain, Liberty, Media, Politics — Tags: , , , , — Nicholas @ 09:19

Brendan O’Neill views with some puzzlement the degree of outrage at the News of the World phone-hacking compared to earlier tabloid excesses:

Even some of those involved in the campaign recognise that there is a disparity between their earlier reaction to breaches of morality by tabloid newspapers and their reaction to this one. The campaigner who has successfully managed to get some big corporations to withdraw their advertising from the News of the World says she had previously learned to live with a ‘generalised, low-level irritation with the content of some of the tabloids’, yet following the Milly Dowler revelations those ‘years of irritation were transformed into rage’. Others have referred to the Dowler claims as ‘a tipping point’, arguing that we knew Murdoch’s tabloids were value-free and ethics-lite, but we didn’t know ‘they were this bad’.

In truth, there has been a distinct lack of journalistic integrity amongst some of the tabloids (and other media outlets) for many years now. For example, in 1988 the News of the World hounded the mentally ill EastEnders actor David Scarboro, not only revealing that he was in a psychiatric institution but also publishing photos of the institution and describing Scarboro as ‘mad’. Forced, under the glare of tabloid publicity, to flee the institution, Scarboro committed suicide by leaping off Beachy Head. He was just 20 years old. More famously, or rather infamously, the Sun libelled Liverpool football supporters following the Hillsborough disaster in 1989, falsely claiming that they had pickpocketed and urinated on dead and dying fans. There are many other instances over the past 30 years where the tabloids have used harassment and intimidation to get stories that have sometimes ruined people’s lives or denigrated the dead.

Yet none of those episodes gave rise to a widespread anti-tabloid campaign that galvanised prime ministers, opposition leaders, the respectable media, political activists and lawyers, as the Milly Dowler revelations have. Nor did they result in three-hour emergency debates in the House of Commons, with politicians battling it out to see who could express the most vociferous disdain for tabloid culture. The most striking thing about the anti-Murdoch campaign that has been so speedily consolidated over the past 48 hours is that it includes a smorgasbord of people who are normally at each other’s throats — from Conservative MPs to left-wing agitators, from big businesses such as William Hill and Coca-Cola (which are withdrawing their adverts from the News of the World) to religious spokespeople.

« Newer PostsOlder Posts »
« « The Innocent Bystander’s Survival Guide| The end of Canada’s combat deployment in Afghanistan » »

Powered by WordPress