Quotulatiousness

June 28, 2010

Monty’s salute to President Obama at the G20 talks

Filed under: Economics, Government, Humour, USA — Tags: , , , , , , — Nicholas @ 12:08

Monty, in his daily “Financial Briefing” post, has his own G20 protest:

The meeting of the G-20 is the big news, but “big news” in this case means no news, really. The whole point of the conference appears to provide world leaders with an opportunity to frown and look concerned. What other purpose it serves I don’t know. The peaceful hippies seem to be enjoying themselves, though. Toronto cops arrested about 500 yammering idiots, but failed to heed Mayor Daley’s advice to lump them up a little bit before letting them go. (That would be Richard J. Daley, who viewed beating up hippies as vigorous and healthy outdoor exercise, not his pissant kid Richard M. Daley.)

But hey, on the bright side: everyone agreed to “cut debt”! Yay! It’s just that easy, apparently! Monty, a financial-industry gadfly and obscure vulgarian from some trailer park in Jesusland, heckled the gathered august personages by shouting “You incompetent, moronic, cheating, lying, prevaricating, thieving, low-down, whiffle-headed, asshole spendthrift fucksticks!”. He was forcibly removed by security. When reached later for comment from his jail-cell, Monty said that his remarks “[W]ere delivered in the heat of the moment, but do accurately reflect my beliefs.” He also invited President Barack Obama to come to his cell and kiss his ass. President Obama could not be reached for comment.

The arrest count reportedly went over 900, but the most frequent allegations of police brutality were from some of the media people who were arrested. Jesse Rosenfeld, a Guardian reporter, was observed being punched by police while they were handcuffing him. The National Post had two of their photographers arrested, while all the newspapers seemed to have encountered police discouragement to them filming or photographing events after the violence broke out.

The Toronto Star notes that search warrants are for pussies, not real police officers:

John Booth said the officers, who entered through an unlocked door, sidestepped repeated requests to show him a warrant. He said they alternately promised to produce it later, claimed to have showed it to someone else, or simply said no.

“At first I actually said, ‘This isn’t a joke, right?’ Because I honestly couldn’t even understand where this was coming from,” he said. “They understood, as the interaction went on, that it was looking less and less likely that I had anything to do with what they were talking about. They were inadvertently discovering — ‘Oh, okay, thanks for telling us that there’s two apartments,’ like that was so enlightening. Yeah, well, you should’ve known that before you came into my house.”

The Booths say they will not sue. But they have filed a complaint to the province’s police review office in an attempt to hold the planners of the raid accountable; John Booth said he does not blame the junior officers who conducted it.

June 27, 2010

QotD: Toronto Saturday Night, G20 edition

Filed under: Cancon, Media, Politics, Quotations — Tags: , , , — Nicholas @ 09:16

You can walk a block or two from the action and Toronto is seen carrying on as normal. It’s not quite dangerous, but it’s not quite safe. The crowds are a mix of the indignant, the earnest and the opportunistic. Some obviously carry bad intentions. A lot seem simply bored. When the lights went out in 2003 and order unravelled slightly, Toronto turned into a party. Tonight, again, people are out in the streets, but the mood is simply dumb.

Aaron Wherry, “Toronto, tonight”, Macleans, 2010-06-26

June 26, 2010

The smell of burning police cars

Filed under: Cancon, Media, Politics — Tags: , , , , , , — Nicholas @ 21:34

Just when you think the anarchists have decided to let the government look like fools, they pull stuff like this, allowing the security forces to justify the billion+ they’ve spent on the G8/G20 summit meetings:

Pic from Eric Squair.

Pic from Pete Forde. The second police car in this photo also gets the warm treatment from the anarchists.

For those not familiar with Toronto, this is approximately here:

Update: Michael Coren has a suggestion to get the police more involved in deterring the rioters:

An idea. Tell the cops that these anarchist criminals are actually confused, gentle Polish visitors trying to find help at an airport. Not only will deadly force ensue but the police will lie about it all after the fact.

Update, the second: Another burning police car, further east at (I assume) Queen King St. and Bay St.

Pic by Marissa Nelson.

Update, the third: In spite of all the images available of burning or burnt-out police vehicles, the three above were the only ones. Rarely have so many twittered so much about so few . . .

June 3, 2010

Toronto Police tougher than the RCMP?

Filed under: Cancon, Law — Tags: , , , , — Nicholas @ 12:48

Kelly McParland notes that even though the RCMP have a lot of tough-guy things on their list of “will do”, there’s one thing Toronto Police will do that the RCMP won’t:

The RCMP will Taser an old lady at the drop of a hat.
They’ll Taser a guy in an airport because he’s holding a stapler and looks upset.
They’ll Taser the disabled.
They’ll Taser a 15-year-old girl in handcuffs.
They’ll Taser an 82-year-old heart patient in a hospital bed.
They’ll Taser someone who’s been hog-tied, pepper-sprayed, handcuffed and manacled.
They’ll Taser just about anything that can be Tasered. But they won’t use “sound cannons” in the middle of a city. Too risky.
Toronto police are buying four of the ear blasters for the G20 summit.

May 28, 2010

Is it too late to cancel?

Filed under: Bureaucracy, Cancon, Economics, Government, Politics — Tags: , , , , , , , , — Nicholas @ 14:33

Chris Selley rounds up the (almost unanimous) pundits’ opinions about the billion-dollar-boondoggle-summit-set:

Is it too late to cancel the G8 and G20 summits?

The National Post‘s Don Martin for the win: “No amount of righteous government bluster about living in post-9/11 protection paranoia, last week’s bank firebombing in Ottawa or the precedent of hosting two back-to-back summits can explain how an $18-million security tab for the G20 in Pittsburgh last September, which involved 4,000 police, must balloon to a billion dollars in Toronto requiring 10,000 cops on the ground.” Yup. It’s outrageous, and the government seems very oddly . . . proud of it. We can hardly wait for the Auditor-General and Parliamentary Budget Officer to find out just where this money went. Especially in a climate where Canadians are thoroughly cheesed off about government spending in the first place, it’s not too much of a stretch to say this is the sort of issue that might bring down a government.

“A case of bureaucracy gone wild,” is Jeffrey Simpson‘s uncontroversial verdict in The Globe and Mail, “or planning gone crazy, of fear sinking itself into every official’s and security person’s heart.” Imagine what we could have bought with that $1-billion! A bunch more Canada Research Chairs, or a whack of “clean-energy projects,” or assistance for “cultural groups” — so sleepy — or, hey, now we’re talking, a massive injection of cash for infrastructure on aboriginal reserves. Or, as Simpson says, “whatever.” Almost literally anything would be better. We’d arguably be better off flushing the $1-billion down the john.

For those of you looking forward to suffering through the event, here’s the official map of the restricted area around the Metro Convention Centre:

The best advice — unless you’re hoping for a run-in with the police — is to avoid Toronto for that weekend (plus a few days in either direction).

May 27, 2010

The absurdity of spending $1 Billion for G20 meeting security

Filed under: Cancon, Economics, Politics — Tags: , , , , — Nicholas @ 13:30

Hard to disagree with anything Rex Murphy says here:

Summits are useless, expensive and potentially dangerous anachronisms.

Let’s take the G20 summit, which will be held June 26-27 in Toronto. No one from the general public will be meeting with the world leaders — summits are not for mingling. So why are the leaders gathering in the middle of Canada’s most populous city when the very idea of interacting with any of the city’s population is absolutely impossible?

Once inside the summit venue the leaders — and their insanely bloated retinues — will be almost antiseptically sealed off from every other bit of Toronto. It’s all fortified meeting rooms and security-proofed hotels for them. Effectively, they will come to Toronto, stay behind a shield of impassable security and talk to leaders they’ve already met. It makes zero sense.

If you’re of a Toronto-centric, anti-Stephen Harper mindset (that would be most Toronto voters), you might attribute it to Harper recreating the famous pacification policy of Henry II: imposing the costs of supporting the royal court by visiting the powerful nobles (that is, the victim can’t refuse the honour of hosting the King, and then has no money or time to plot or scheme against same).

Update: Kelly McParland makes another good point:

Hard as it is to fathom, the Conservatives appear to have successfully created a bigger waste of money than the Liberal gun registry. It took a long time — they’ve had 15 years to study how the Liberals went about wasting so much money on an agency that costs a lot and doesn’t work — but they’ve managed.

In doing so, they’ve disqualified themselves from ever complaining again about money-wasting Liberal schemes, or the gun registry itself for that matter. If Tories can blow a billion forcing everyone in Toronto to find somewhere else to spend the weekend of June 26-27, Liberals can force farmers to get shotgun licences.

May 4, 2010

Spear phishing (test) attack on US Air Force

Filed under: Military, Technology — Tags: , , , , , — Nicholas @ 07:43

I’d heard the term “phishing” before, and I’ve reported at least a dozen various attempts to the appropriate parties (companies and organizations who are used in phishing attempts often have a reporting address set up so you can just forward the message to them). “Spear phishing” was new to me, and apparently it was also new to a large number of US Air Force personnel:

Offers to hire American airmen, stationed at an airbase on the Central Pacific island of Guam, as extras in the Transformers 3 movie, turned out to be an unexpectedly scary training exercise. First, keep in mind that there is no Transformers 3 filming scheduled for Guam. The email was a fake, used to test how well airmen could detect a hacker attempts to deceive military Internet users to give up valuable information.

The Transformers 3 email was a test to see how many airmen would fall for a “spear phishing” offensive. “Phishing” (pronounced “fishing”) is when a hacker sends out thousands, or millions, of emails that look like warnings from banks, eBay or PayPal, asking for you to log in (thus revealing your password to the hackers, who have set up a false website for this purpose) to take care of some administrative matter. The hacker then uses your password to loot your account. “Spear phishing” is when the emails are prepared with specific individuals in mind. The purpose here is to get specific information from, say, a bank manager, or someone known to be working on a secret project. In the Guam case, the targets of the spear phishing test were asked to go to a web site and fill out an application form to be eligible to be an extra. That form asked for information that would have enabled hostile hackers to gain more access to air force networks. A lot of the airmen who received the Transformers 3 email, responded. The air force won’t say how many, but it was more than expected. A lot more.

I doubt that many readers need to be told this, but no legitimate bank or financial institution should ever be sending you an email requesting you to follow an embedded link and log in to your account. If you get such an email, forward it to the bank’s security folks. If it’s legitimate, they can confirm it for you, but in 2010, no sensible bank should be communicating with you in this way.

March 4, 2010

Canadian air travel now to be subject to US oversight

Filed under: Bureaucracy, Cancon, Liberty, USA — Tags: , , , — Nicholas @ 07:11

I’d always suspected that the close co-operation between Canadian and US officials meant that even theoretically domestic flights might be scrutinized by the other country, but now it’s official policy:

Starting in December, passengers on Canadian airlines flying to, from or even over the United States without ever landing there, will only be allowed to board the aircraft once the U.S. Department of Homeland Security has determined they are not terrorists.

Secure Flight, the newest weapon in the U.S. war on terrorism, gives the United States unprecedented power about who can board planes that fly over U.S. airspace — even if the flights originate and land in Canada.

The program, which is set to take effect globally in December 2010, was created as part of the Intelligence Reform and Terrorism Prevention Act, adopted by U.S. Congress in 2004.

Parliament never adopted or even discussed the Secure Flight program — even though Secure Flight transfers the authority of screening passengers, and their personal information, from domestic airlines to the U.S. Department of Homeland Security.

January 21, 2010

And yet more on passwords

Filed under: Technology — Tags: , , , , , — Nicholas @ 13:11

This is becoming a quarterly topic around here. Imperva has done some statistical analysis of the 32 million passwords which were exposed in the Rockyou.com security breach:

Key findings of the study include:

* The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as “brute force attacks.”

* Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is “123456”.

* Recommendations for users and administrators for choosing strong passwords.

“Everyone needs to understand what the combination of poor passwords means in today’s world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second—or 1000 accounts every 17 minutes,” explained Imperva’s CTO Amichai Shulman.

The report identifies the most commonly used passwords:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

So there you go — all the tools you need to be a world-class password cracker.

January 2, 2010

This isn’t the way it was supposed to go

Filed under: Bureaucracy, Government, USA — Tags: , , — Nicholas @ 13:39

Over at Ace of Spades HQ, “Purple Avenger” tries to decipher the inscrutable Obama administration policy on information classification:

Here’s what I’ve found so far that I’m 100% sure of:

There’s a 10 year “default” on declassifying classified info unless a longer time frame was specified and justified.

Unclassified information may BECOME classified upon submission of a FOIA request for it . . . thus allowing for a public veneer of openness while reserving the right to clam up if said openness should prove inconvenient when someone actually learns of a document’s existence and has the nerve to request it.

Its a very lengthy and tortuously worded EO and people will be analyzing its ramifications for quite a while I suspect. I don’t imagine the professional intelligence community is terribly happy about the Byzantine procedures outlined here. Their jobs just got a lot harder.

December 18, 2009

More on passwords

Filed under: Technology — Tags: , , , , — Nicholas @ 08:58

The Economist‘s Tech.view correspondent confesses to password laxity:

He admits to flouting the advice of security experts: his failings include using essentially the same logon and password for many similar sites, relying on easily remembered words—and, heaven forbid, writing them down on scraps of paper. So his new year’s resolution is to set up a proper software vault for the various passwords and ditch the dog-eared list.

Your correspondent’s one consolation is that he is not alone in using easily crackable words for most of his passwords. Indeed, the majority of online users have an understandable aversion to strong, but hard-to-remember, passwords. The most popular passwords in Britain are “123” followed by “password”. At least people in America have learned to combine letters and numbers. Their most popular ones are “password1” followed by “abc123”.

I’ve written some carefully considered advice on passwords, which is still as valid today as it was in those dark, distant days of October.

November 27, 2009

A cure for complacency

Filed under: Technology — Tags: , — Nicholas @ 08:47

John P. Avlon wants to shake your complacent attitude to the threats to everyday life:

First your cell phone doesn’t work. Then you notice that you can’t access the Internet. Down on the street, ATMs won’t dispense money. Traffic lights don’t function, and calls to 911 don’t get routed to emergency responders. Radios report that systems controlling dams, railroads, and nuclear power plants have been remotely infiltrated and compromised. The air-traffic control system shuts down, leaving thousands of passengers stranded or rerouted and unable to communicate with loved ones. This is followed by a blackout that lasts not hours but days and even weeks. Our digital civilization shudders to a halt. When we emerge, millions of Americans’ data are missing, along with billions of dollars.

This scenario may sound like the latest doomsday blockbuster to come out of Hollywood. But each of the elements described above has occurred over the past decade as the result of a cyber-attack. Cyber-attacks are an accelerating threat, still without generally accepted terminology, effective deterrents, or comprehensive legal remedies. They are weapons of mass disruption, used by adversaries cloaked in anonymity, that could prove at least temporarily crippling to the digital infrastructure of modern society. This kind of attack is attractive to America’s enemies, not only because it allows weaker entities to take on far stronger ones but because it turns our technological strength into a weakness.

November 8, 2009

Aussie iPhone owners rickrolled

Filed under: Australia, Technology — Tags: , , , , — Nicholas @ 18:56

The horror, the horror:

The attacks, which researchers say are the world’s first iPhone worm in the wild, target jailbroken iPhones that have SSH software installed and keep Apple’s default root password of “alpine.” In addition to showing a well-coiffed picture of Astley, the new wallpaper displays the message “ikee is never going to give you up,” a play on Astley’s saccharine addled 1987 hit “Never Gonna Give You Up.”

Tricking victims in to inadvertently playing the song has become a popular prank known as Rickrolling.

A review of some of the source code, shows that the malware, once installed, searches the mobile phone network for other vulnerable iPhones and when it finds one, copies itself to them using the the default password and SSH, a Unix application also known as secure shell. People posting to this thread on Australian discussion forum Whirlpool first reported being hit on Friday.

October 23, 2009

WordPress plugins to consider

Filed under: Technology — Tags: , , — Nicholas @ 12:27

Charles Arthur looks at a few recommended plugins for WordPress blogs:

First, there’s been another upgrade to WordPress (it’s now at 2.8.5). The WordPress blog describes it as a “hardening release”.

Much more important, in my view, is the release of the WordPress Exploit Scanner plugin. Plugins are little extensions to WordPress; and Exploit Scanner is probably the next one you should install. (The first you should install, in my opinion, is Dr Dave’s Spam Karma 2 – which weeds out spam comments more effectively than anything I’ve ever seen, and is specific to your blog.)

The Exploit Scanner does a number of things: it compares your files against an MD5 hash of the WordPress files for whatever version of installation you’re running; it finds examples of suspicious code in your files – three principal ones being the use of “invisible” text through CSS; the use of iframes to embed code from other sites; and base 64 encoding, which can be used to obfuscate entire programs. It will also look through your posts and users to see if there’s anything suspicious or spammy about them.

October 10, 2009

Passwords and the average user

Filed under: Humour, Technology — Tags: , , , , — Nicholas @ 11:22

In this day of widely publicized panic about online security, it’s time we revisited the basics of password security. I’m sure that none of you reading this would ever have a less-than-ironclad routine for all your online activities:

  1. Never ever use the same password on multiple sites. Once they’ve grabbed for login for the MyLittlePony site, they’re into your bank account . . . or worse, your MyLittlePonyDoesDallas account.
  2. Always use the maximum number of characters allowed . . . I know it’s a pain when a site allows 1024 characters, but your online security is paramount. I believe most health insurance now covers carpal tunnel treatment, so you’re golden.
  3. Never include any word — in any human language — embedded within your password: this includes all the words in the Scrabble® dictionary for every known language. Can’t assume that the black hats speak English, y’know.
  4. Always use both capital and lower-case letters and include at least a single digit and a non-letter character in every password.

    5. Note: Don’t try to be clever and use 1337speak. The folks trying to crack your password all post on 4chan: you’re giving them a head-start. They dream in 1337.

  5. Change your password regularly. Daily, if necessary. Even hourly if you share a computer with others.
  6. Never, ever write your password down. That’s the first thing they’ll look for when they break down your door and trash your crib.
  7. Never, ever re-use a password. Don’t pretend you haven’t done this one. We all used to do it, until site admins started checking that you hadn’t re-used an old password.

Of course, even the professionals don’t do all of this. Some of ’em don’t do any of it. Do like the pros do: set all your passwords to “passw0rd”. Nobody ever guesses that.

For actual password advice that might be helpful, you can try this post on the Gmail Blog.

« Newer PostsOlder Posts »

Powered by WordPress