Archive

Archive for May, 2013

iHouse is a very, very fine house

May 30, 2013 Leave a comment

When I sell my house I’m going to call it iHouse. I’ll be able to charge twice as much, and there will be loads of people wanting to buy it – even though they know it’s not worth it. Lots of other houses have better features and cost less; but, hey, they’re not iHouses.

But I shan’t mention the office suite. It has suffered from feature creep. It’s full of stuff that I thought was good but never actually use – a television, a hi-fi, a 3D film studio, kitchen range and cuddly toys. Who needs all that junk in an office?

Don’t even get me started on the chrome finishing; but at least it’s smart, smooth and minimalist…

Categories: All

Disclosure timeline for vulnerabilities under active attack

May 30, 2013 Leave a comment

This is the headline of a new Google blog: Disclosure timeline for vulnerabilities under active attack. It’s beautiful, and I like to think intentional. On the surface, it simply says that we, Google, are explaining our new timeline for the disclosure of vulnerabilities discovered by our engineers, if they are being actively exploited.

But underneath there is a subtle dig at Microsoft. Microsoft has always demanded a lengthy timeline; and would probably prefer indefinite non-disclosure. Google, however, has always championed a short timeline. It is oh so easy to read this headline as: Microsoft’s disclosure timeline for vulnerabilities is now under active attack by Google.

This new disclosure timeline for actively exploited vulnerabilities is seven days. You cannot fault the logic – with dissidents increasingly targeted by spyware, failure to disclose could potentially be life-threatening. Hell, I would say that it should be a 24 hour timeline. Be that as it may, Google has for now settled on seven days.

And it’s going to be contentious. But here’s the genius. If you’re gonna cause a ruckus, why not get in a sly dig, cloaked in the genius of ambiguous deniability, at the same time?

Categories: All, Security Issues

Yahoo says my password is too weak

May 14, 2013 60 comments

A lot of visitors searching for data on a Yahoo ‘password too weak’ issue end up on my own Password is too weak… page.

My own issue was with BT – but since there is a close relationship between BT and Yahoo, it may well be exactly the same problem. The answer lies within the comments on my earlier page. Put simply, the BT password rules exclude certain characters that get generated by password managers (such as vertical bars), and is limited to 16 characters.

If you go over 16 characters and include vertical bars then you get a ‘password too weak’ error when actually your password is being rejected because it is too strong.

I don’t use Yahoo so cannot confirm whether this is the same issue. However, if Yahoo is continually rejecting your password as ‘too weak’ it would be worth checking the small print; and perhaps limiting your password to 16 characters – and no vertical bars.

UPDATE
Judging by the comments, this is a more widespread issue with Yahoo than I suspected. Again, judging by the comments, if you’re having trouble updating or changing your password, it may be worth trying a different browser. If this doesn’t work, try changing the password via an Android or iOS app.

SEE ALSO
You might also be interested in my take on the whole question of passwords (not just Yahoo): Password theory is good – password practice is poor

Categories: All, Security Issues

Silly, childish lies from companies that should know better

May 13, 2013 Leave a comment

I subscribe to a number of paper.li dailies. I use them to aggregate news stories for me that I probably wouldn’t find on the BBC – Anonymous, civil liberties, censorship etcetera.

So I was a little perturbed when I couldn’t access them yesterday. I got the emails with the links alright, but the links didn’t work. Rather than my selected Daily, I got this:

spacer

Silly lies from BT/Yahoo

Silly lies from BT/Yahoo

spacer

My first thought, naturally, was that some sinister, subtle censorship was underway – perhaps one of the dailies included a proxy for The Pirate Bay and BT felt it necessary to ‘block’ it. Far-fetched, maybe – but the society we now have makes such thoughts inevitable. It turned out not to be censorship, but (or so I understand) ‘DNS issues’ at paper.li.

But I’m still concerned. Look at the page that BT/Yahoo sent me to. Did I mean ‘gap.co.uk’? Now by what stretch of the imagination does mis-typing ‘paper.li’ end up with ‘gap.co.uk’?

Gap Inc, says Gap, “is a leading global specialty retailer offering clothing, accessories, and personal care products for men, women, children, and babies under the Gap, Banana Republic, Old Navy, Piperlime, and Athleta brands.” Yeah, well, I guess that can easily be confused with an off-the-wall news aggregator.

Then there’s the ‘related searches’. Now, how can there be a related search when I haven’t made a search?

The simple fact is that these are all paid-for adverts. I don’t actually mind that. But what I seriously object to is BT/Yahoo trying to pretend that they’re providing me with a service when they’re simply accepting money from advertisers. It’s this low-level petty deceit that I find both disturbing and frankly pathetic.

Categories: All, General Rants

Aethelred versus the Vikings – a neverending story

May 10, 2013 Leave a comment

My peers may remember playing Saxons and Normans on the beach as small children (it was before black and white television and the rise of cowboys and indians and cops and robbers). The alternative was Saxons and Vikings; but suffered because apart from Harold we only knew two Saxons: Alfred and Aethelred. Aethelred was the short straw, because he was never ready – or more accurately, he was ill-advised and accepted bad or no counsel.

Vikings embarking on a denial of service attack – source Wikipedia

Vikings embarking on a denial of service attack – source Wikipedia

Well Aethelred and the Vikings are making a comeback. Aethelred is business and the Vikings are hackers; and it doesn’t seem to matter what good advice is given, Aethelred ignores it and the hackers come back – again, and to gain and again.

Good counsel: encrypt, but Aethelred does not. Use and enforce strong passwords, but he doesn’t. Undertake staff awareness training on a continuous basis, but he doesn’t bother. The list goes on and on.

But the absolute perfect proof that the spirit of Aethelred yet lives and breathes can be seen in a comment from Ashley Stephenson, CEO of Corero Network Security. He was talking about the DDoS attack on Battlefield 3, “yet another in a long line of attacks aimed at disrupting gamers.”

Sometimes such attacks come from the competition; other times its just for the lulz. But, he adds, “Another motive our clients in gaming and across other sectors continue to experience is cyber extortion. Malicious users specifically threaten gaming and other sites, demanding to be paid a ransom or be the victim of a Distributed Denial of Service attack. More often than not these blackmail threats go unreported as some companies opt to pay the ransom rather than go public with the attack in the hope that this will satisfy the hackers, though this is rarely the case and may lead to the site continually being targeted.”

Aethelred, a long-standing Anglo-Saxon tradition that believes we can yet get peace in our time, lives on. Looks like the Vikings are winning again.

Categories: All, Security Issues

The law is an ass

May 5, 2013 1 comment

It’s worth repeating. The law is an ass. 

A fundamental purpose of law is to protect the individual. Sadly, this purpose has long since been appropriated by big business – the purpose of the law is now to pander for business at the expense of the citizen through the collusion of politicians.

The result is that the law has become ridiculous.

In the past it used to be an unwritten rule in the UK that parliament would not pass unenforceable laws. The reason is that a law that cannot be enforced makes the law look an ass. Worse, it makes parliament look as big an ass as the law that cannot be enforced.

Here’s an example. Parliament has created the laws that made the courts attempt to block The Pirate Bay (TPB) at the behest of the music industry (and film and video and video gaming etcetera). Parliament has become the pimp of the music industry (ironic, really, since neither prostitution nor the employment of prostitutes is illegal – because it is unenforceable – but pimping is illegal).

But back to The Pirate Bay. The courts have been forced by the alliance of parliament and the music industry to order the ISPs to block TPB. But blocking TPB is so unenforceable it is absurd; confirming that the law and parliament has become a collective ass.

The easiest way to get round the block is to use a proxy service. You go to a site in a country that doesn’t operate a block, and that website redirects you to TPB. A quick search on Google turned up at least 150 TPB proxies.

But you don’t even need to look for them. There’s a Chrome add-on and an Android app that will do it for you automatically.

If you don’t use Chrome and don’t have Android you could use TOR, which will both provide anonymity and bypass the block. Or use a VPN. Both of these require some effort and a little knowledge.

So you could simply switch to the Opera browser and turn on Turbo mode. Turbo mode is designed for users with slow connections. It speeds things up by going via Opera’s own servers. But since you are going to Opera rather than TPB, you don’t get blocked when you go through Opera Turbo to get to TPB.

spacer

The Pirate Bay, via Turbo Opera, from the UK

The Pirate Bay, via Turbo Opera, from the UK

spacer

This is TPB via Opera Turbo from the UK today. Note that although I asked for thepiratebay.se (Sweden), I automatically got redirected to TPB’s latest home at dotSX. TPB moved from Sweden to “Sint Maarten, a tiny island in the northeast Caribbean located 190 miles east of Puerto Rico,” a few days ago (TorrentFreak). This follows the latest court case in Sweden against TPB by the music industry. Incidentally, TPB also has an Icelandic domain. The music industry case in Sweden is trying to get the Icelandic domain closed because it is registered to a man of Swedish nationality. I salute Marius Olafsson of Iceland’s domain registry ISNIC, who told TorrentFreak: “ISNIC will legally fight attempts to use the domain name registry system to police/censor the net. We believe that to be ineffective, wrong and dangerous to the stability of the DNS as a whole.”

Or you could simply use the Google cache. Chrome direct:

spacer

The Pirate Bay direct – as blocked by UK ISPs

The Pirate Bay direct – as blocked by UK ISPs

spacer

Google’s cache:

spacer

The Pirate Bay via Google cache from the UK

The Pirate Bay via Google cache from the UK

spacer

The long and the short of it is that the UK blockade of The Pirate Bay (or any other website) is unenforceable.

Only about 30% of the UK electorate bothered to vote in last Thursday’s local elections. Pompous political spinners try to tell us that it’s mid-term and people are more concerned with national rather than local issues. I give them an alternative – the people are totally disillusioned with politics and politicians and the whole political process because the law and parliament has become an ass in the pocket of big business.

And that’s a tragedy.

Categories: All, Politics, Security Issues

Feds: Kansas City here we come; Kansas: not in our back yard you don’t

May 5, 2013 Leave a comment

I wish it related to something other than the right to bear arms, but I wholeheartedly support and applaud the stance being taken by Kansas. “The Obama Administration,” wrote Kris Kobach, Kansas Secretary of State, to US Attorney General Eric Holder, “has repeatedly violated the United States Constitution for the past four-and-a-half years. That abuse cannot continue. The State of Kansas is determined to restore the Constitution.”

Background
On 4 April the Kansas legislature passed SB102: The Second Amendment Protection Act. The Second Amendment is a difficult one, with academic debate on whether it provides a right to bear arms, or restricts Congress from preventing citizens from carrying arms, or whether it relates to individuals or a collective militia. It is, however, generally considered the right to bear arms.

There is a current debate in the US on whether this right should be restricted. Obama wants it restricted. Kansas does not. Its new law states:

Any act, law, treaty, order, rule or regulation of the government of the United States which violates the second amendment to the constitution of the United States is null, void and unenforceable in the state of Kansas.

It goes further in authorizing Kansas law enforcement to arrest and prosecute any federal agents seeking to enforce unconstitutional laws within Kansas.

Attorney General Eric Holder is not amused. He wrote to Governor Brownback in no uncertain terms:

I am writing to inform you that federal law enforcement agencies… will continue to execute their duties to enforce all federal firearms laws and regulations. Moreover, the United States will take all appropriate action, including litigation if necessary, to prevent the State of Kansas from interfering with the activities of federal officials enforcing federal law.

He claims in the letter that SB102 “directly conflicts with federal law and is therefore unconstitutional.” That is, the Feds trump the States every time.

Not so, responds Kobach (a former professor of constitutional law); not every time:

It was drafted with the intent to assert Kansas’s authority as a co-equal sovereign under the United States Constitution to regulate a subject matter that is outside of Congress’s jurisdiction under the Interstate Commerce Clause of Article 1, Section 8.

That is, the Feds cannot interfere with commerce inside and confined to an individual State; and this law refers to “a firearm that is assembled in Kansas, that is stamped ‘Made in Kansas’, and that never leaves the State of Kansas.”

Conclusion
If you want to bear arms regardless of anything that Obama might say or do, get thee to Kansas and buy a Kansas gun. Not sure if you can buy a Russian or Israeli flat-pack and assemble it in Kansas, but it will be tested by someone sooner or later.

Proposal
That more US States take a similarly pro-active stance to protect the US Constitution whenever the Obama (or any other) Administration arbitrarily acts against it; because once freedom and liberty has gone from the United States, there will be little to prevent other Western governments doing the same.

Categories: All, Politics