October 31st, 2010


You Won't See Christmas Displays Doing Stuff Like This!

Geeks and holidays make interesting bedfellows.

"This year my Halloween project is the Automatic Halloween Candy Dispenser® triggered by TextforTreat®, CallforTreat® (powered by Twilio)and @TweetforTreat® technologies. Of course it can also be triggered from a Big Red push button, but where is the fun in that? When trick-or-treaters show up at my house they can text, call, or tweet a code displayed on an LCD screen to get their Halloween candy. They can also push the Big Red button. Once the candy request is made a few “special” effects are triggered by X10 modules. A low laying fog machine is activated and lights turn on while the candy shoots down from my front deck on the second floor."

You Just Taaaaaaaaaalk...Taaaaaaalk Too Much

I'm not going to mention all the details of this.  Besides, they aren't necessary.  This is a general warning.

There's an admin on an Internet site that makes enemies everywhere he goes, but the people who pay and subscribe to his site defend him constantly.

There's a wiki site.  It just got a huge info dump with all kinds of personal information about the guy.

The admins locked the site and demanded proof that what this guy edited to add was legit.


He's been following this guy on Twitter for about a year.  Has where he works, what his job is, and more.  He's just one degree away from dropping docs on the guy.  All because this hated admin sees no problem in revealing this info to anonymous people on the Internet.

The edits are remaining.  The hated admin is protesting invasion of privacy.  The wiki admins are telling him he made the info public so screw you.

Watch what you say and what you do.  You never know when it will bite you in the ass....

Hacking For Dummies. Literally.

I haven't complained about Firefox since the socket exploit that took down a bunch of IRC servers.  But now, there's a bigger problem, one that affects everyone, not just servers.  There's a Firefox extension called Firesheep.  What it does is it uses a sniffer to detect unencrypted cookies over wifi networks.  It then displays a list of them on a sidebar.  All the hacker has to do is double-click whichever identity, and they gain the log-in privileges of whoever and can access their accounts.  In other words, you don't have to know shit about computers to make this work.  And if you do know anything about computers, extending this with Javascript is so easy, it's criminal.  This was initially for Facebook and Twitter, but because the code is open source (it was released as a proof of concept and others have run with it), there are now variants that target all kinds of web sites.  Over 80K downloads, and it hasn't even been a week.

What is Mozilla doing?  Nothing.  According to them, it does not utilize any security vulnerabilities in Firefox itself.  Admittedly, I'm not sure there's much they can do, the source code is out there, but still, they aren't showing any concern.

Which means it's up to us to protect ourselves.

How can you defend against this?  Wired connections as much as possible.  Out and about?  If you can't use a Virtual Private Network or can't rent one, you could either use MiFi (turns a 3G or 4G connection on your own mobile device into your own wifi AP (Access Point), but given how expensive data plans are, if you can afford this, you can probably afford your own VPN anyway, and if too many do it, it could bog down the cellular broadband, as iPhone owners know too well) or INSIST on Transport Layer Security (TLS), Secure Sockets Layer (SSL), or both over HTTP (HTTPS).

But, Peter, some of you are asking, many sites authenticate you securely, but then your regular traffic is unencrypted and can be intercepted.  How can we possibly prevent this from happening?  I'm glad you asked!  There are at least three Firefox extension that will force sites to keep you secure instead of dumping you to an unencrypted stream.  I would personally recommend HTTPS Everywhere.  Why?  Because it's endorsed and hosted by those fine, upstanding folks at the Electronic Frontier Foundation.  In other words, this is the real shit.  Another alternative is Force TLS, an add-on hosted at Mozilla.  What's that?  You want something broader than that?  Here ya go, NoScript.  These three are the cream of the crop and will keep Firesheep users at bay.

We must look out for each other.

And Davy Crockett Rides Around And Says, "It's Cool For Cats"

I get a phone call from my teacher.  She's busy helping prepare for the ceremony/service for All Saints' Day tomorrow night, but she has a little spare time coming up, would I like to meet for lunch?  I'm totally there.  However, this, being Halloween, means people are wearing costumes, including the server who brings us our food.

So, a giant banana comes up with a tray of food for me.

As the banana leaves, my teacher sees the look on my face.

She asks, "Pretty surreal, huh?"

I said, I'm expecting any second now to wake up and find myself in a straight jacket.