Category Archives: Technology

I have been working in Technology since 2003 where my first project was building and maintaining an online community for a circle of friends to maintain contact after high school. It was a somewhat crude form of what we now call “Social Networks” but it worked (mostly) and ran for several years before being retired.

Despite technology being my primary occupation and main source of income, when it comes to blogging I have primarily been focused on Pseudo-science. I hope to change this in the near future and possibly create a dedicated technology section on this site.

Google owes you nothing; get over it.

Pseudonyms on Social Networks

Today it seems that bitching about Google is a fashionable trend. Last year we had the so called ‘Nym Wars‘ where people complained about having to use their real name instead of a pseudonym on Google Plus a new social networking site operated by Google.

Given that Google Plus is a social networking site the idea of being anonymous is an oxymoron because a name does not equal an identity. Names alone mean nothing, it is the information attached to that name that make up the identity. A pseudonym offers no privacy in the context of a social network because if you’re going to maintain a friends list and communicate with people on that list in a forum that allows other to observe your discussion, then you’re are very quickly building a profile of yourself for the world to see. Combine that profile with photographs and information shared by your friends and suddenly any privacy you thought your pseudonym offered is gone; and it’s not coming back.

Keeping your eggs in one basket.

When Google began to suspend users for non-compliance of their real names policy some users found themselves locked out of not only Google Plus but also Gmail, Calendar etc, because Google links accounts across it’s multiple services. Therefore if you get banned from one service, you get banned from all services. I don’t know if Google has a means in place to only terminate individual services linked to an account rather than ban the whole account, but I hope users would learn a lesson from this.

It’s never a good idea to put all or even a significant amount of data into any one company. I know plenty of people who use Google services for everything Documents, Email, Calendar, Address Book, it’s insane how much data people are trusting to Google. Not because Google are bad (they aren’t) but because Google is a single entity. If you find yourself cut-off for any reason then you’re screwed. Especially if you use a Gmail address in which case you lose your email address aswell. (This is why I use my own domains)

You can opt-out.

Google has just announced that it will begin sharing user data amongst the multiple services that it offers.

Google announced on Monday that it would be enacting a new privacy policy that, when customers agree to it, will allow the company to collect and store information across all of its services. Not only that, but Google will share information gathered across those services in order to “maintain, protect and improve” the services, but also to target search results and ads for each user. There is no way to opt out of the information-sharing aside from deleting your entire account and saying goodbye to your Gmail, YouTube videos, and Calendar, among other things.

….

Privacy groups such as Common Sense Media are concerned about users’ inability to opt out of the information collection and sharing. “Even if the company believes that tracking users across all platforms improves their services, consumers should still have the option to opt out,” 

ArsTechnica

This is just common sense, Google are going to collaborate their records to make statistical analysis more efficient. This is for data that Google already collects from their own users, people who choose to use their service. The concern is that users “Can’t opt-out” which is not true. Users have to option of not using Google services. I should point out that most of Google’s services are provided for free, and no one is “required” to use them.

Google is a private company offering services to the public; they don’t owe the world. If you don’t like the terms of service them your opt-out is to simply not opt-in by putting all your information into Google. I’m a Google user myself but there is some information I choose not to put into Google, while other information I am happy for them to have.

You have a way to opt-out of Google, by not using their (free) services if you don’t like the terms that come as part of the deal. You will only become Google’s bitch if you let it happen. The same applies to Facebook and Twitter. Take control of your data and realise that Google don’t owe you anything.

Punished for paying; why piracy is the rational choice.

Some of my DVDs

I like movies and TV shows, especially if it’s comedy. Even more so if it’s British comedy. As a result I have four draws like this (picture right) full of DVDs. However despite the fact that I buy DVDs I am a strong advocate of digital piracy and strongly support the views of the Pirate Party of Australia especially the decriminalisation of non-commercial copyright infringement. But I’m happy to pay for quality content even if paying is technically optional.

So on a recent trip to the UK I brought some DVDs an amongst the DVDs I purchased was Series 1, 2 and 3 of The Inbetweeners a show I would never have known about had I not previously downloaded and watched it from The Pirate Bay.

Content piracy lead me to discovering the show and eventually purchasing it; presumably this should be a good thing…. Right?

Well not quite. It wasn’t long after arriving back in Australia that I decided to play a disc from the set.

This bullshit doesn’t happen on pirated content.

I know should have seen it coming, the disk is designed not to play in Australia I can still watch it on my PC, however I can do that with the pirated version anyway. In fact since the store purchased copy can’t be run from my DVD played this means that the pirated copy is actually more versatile than the copy I paid for. I thought paying for content was the right thing to do yet consumers get punished for doing just that.

This isn’t the first time I’ve run into bullshit on DVDs. There is a myriad of other bullshit that you need to put up with from DVDs, Clips and presentations that you can’t skip, menus that are slow to load and/or confusing, Scenes from you movie you’re about to watch, anti-piracy propaganda and commercials and region coding.

With a pirate copy you don’t have to put up with any of those problems. Just open the file once it’s finished downloading. In fact allot of DVD players today allow you to plug a USB drive into them and play the video file direct from the drive. No formatting to DVD required. So I have to ask….. What’s the point in paying for content when you are subjected to this sort of bullshit? It makes far more sense to just download the movies and tv shows. The pirated product is not only cheaper but works better too.

A security podcast that I recommend.

While I predominantly focus on Skepticism I do have other areas of interest. One of them is Computer Security. Having been to a couple of Skeptic conventions I have noticed that there is more than a handful of computer people within the skeptics community. So I’m sure allot of the people who do find my blog will also have have some good knowledge of computer security and computers in general. Security Now is a podcast that I think my appeal to allot of technical skeptics, although it isn’t a skeptical podcast itself.

Security Now is a computer security podcast released on a weekly basis and covers security vulnerabilities, firewalls, password security, spyware, rootkits, Wi-Fi, virtual private networks (VPNs), virtual machines, full virtualization, hardware-assisted virtualization, and virtual appliances. I have been listening to it since 2005 when the show was first debut, and I have been following Steve Gibson’s work at GRC.com since at least 2001.

So if you have an interest in computer security definitely checkout Security Now. I also recommend Steve’s hard drive maintenance software SpinRite, which I’ve been using the rescue and maintain hard drives.

Internet Censorship is 21st century book burning.

Internet Censoship is the 21st century equivalent of book burning. You cannot be inspired or educated by a book that you’ll never read, and you will never read that book if it is destroyed. In 1933 the German Nazi Party began it’s campaign of burning books that didn’t correspond with Nazi ideology. Censorship has always been a favorite tool of authoritarians because it limits peoples access to information and silences dissent within the population.

However the existence of the Internet has now made book burning largely redundant because books no longer need to be printed and shipped to those who will read them. Now ideas can be posted online where they are accessible anywhere in the world. I do not need to print pages of this site and send them off in the hope that someone might read them, instead I can post things here on my own corner of the web and anyone with an internet connection can access them. The internet provides a sort of immunity to book burning because not only can ideas be easily accessed without the need to ship a tangible item but they can also be electronically copied an infinite amount of times. Even destroying the server that hosts a particular website cannot guarantee that the ideas have not been copied and made available elsewhere.

But governments do not give in very easily. While there may not be many books left to burn there are still ideas that may need to be silenced. So authoritarian governments of the 21st century have come up with the idea of Internet Censorship. It may be impossible to burn the pages of a website but if the government can prevent people from accessing that website then the end result is the same as burning a book. People cannot be inspired or educated by an idea that they never read. Dissent can be silenced without the need to destroy all copies of the original.

Here in Australia the Gillard Government has plans to introduce legislation that will require all Internet Service Providers to block access to content that is “Refused Classification” that is any content that the Australian Government has deemed undesirable for public consumption. In 2009 Wikileaks released to Australian Governments blacklist of website that it wants banned for all Australians.

University of Sydney associate professor Bjorn Landfeldt said the leaked list “constitutes a condensed encyclopedia of depravity and potentially very dangerous material”.

He said the leaked list would become “the concerned parent’s worst nightmare” as curious children would inevitably seek it out.

But about half of the sites on the list are not related to child porn and include a slew of online poker sites, YouTube links, regular gay and straight porn sites, Wikipedia entries, euthanasia sites, websites of fringe religions such as satanic sites, fetish sites, Christian sites, the website of a tour operator and even a Queensland dentist. Sydney Morning Herald

It seems like nobody in Australia is safe from the Gillard Governments censorship regime. Many of us already know better than to run our website off servers located within Australia, but this regime of censorship is aimed at everyone. It doesn’t matter if your content is 100% legal the Australian Government may still silence you at their own discretion. Some people who find themselves on the government blacklist already reside within Australia. So I think it’s fair to ask; Why are they not arrested if the content of their website is so bad? The answer is of course that many of the websites that our government wishes to censor are not actually illegal. If the blacklisted content was illegal they would at least arrest the people who own it and live in Australia.

Internet Censorship is the 21st century version of Book Burning. Essentially a Book Burning 2.0 and it must be stopped at any and all opportunities. The internet gave us the freedom to share and discuss ideas without boundaries and those in power seek to reinstate those boundaries and limitations on behalf of vested interests. Silencing Dissent is the dream of every authority but it must not be allowed to happen here in our western democracy.

Lulzsec and Anonymous script kiddie SQL Injection.

I have been following the activities of the so called ‘hacker group’ calling itself “Anonymous” for some time now. Not because I support their activities but because I find the whole Anonymous, Lulzsec and Wikileaks debacle interesting.

While there is certainly a valid argument that Wikileaks is doing some good in the world the same cannot be said for Anonymous and Lulzsec. Although unlike Anonymous at least Lulzsec is up front about why they attack other peoples systems. They admit to doing it for fun and entertainment, whereas Anonymous tries to justify themselves with Hypocritical bullshit. Such as claiming to defend Free-Speech while simultaneously taking down the websites of perceived opponents.

Anonymous even tried to take this blog offline when I wrote the article titled “Anonymous Script Kiddies are not defending the internet.” at the time I didn’t recognise the traffic pattern as an attempted SQL Injection because I wasn’t expecting one and nor was I familiar with the tool they use to “hack” peoples websites. Needless to say the attempted SQL Injection failed and I was able to remain online.

It turns out the method by which these groups infiltrate websites is remarkably unsophisticated. The tool being used by both Anonymous and Lulzsec to infiltrate websites is called Havij, it’s a GUI based SQL Injection tool and is available for download here.

It is only after testing Havij against my own system that I recognised the signatures left in the server access logs by the Havij software. The most concerning thing about this is how easy it is to protect WordPress and a variety of other content management software from this type of vulnerability; yet these attacks keep on happening. In most cases securing your website is simply a matter of keeping the software upto date.

While Lulzsec and Anonymous are using unsophisticated attacks, if they inject a vulnerable website that happens to contain sensitive information it can have direr consequences for the user. As we have seen with the recent Sony hacks in which millions of credit cards were stolen.

I believe the best way to defend yourself from the kids at Lulzsec and Anonymous is by understanding the treat. I don’t endorse trying an SQL Injection on someone’s website without their consent. Use your own system or create a Honeypot.

Here are some resources I have found. To get started with SQL Injections.

SQL Injection Using Havij

Basics And Working of SQL Injection Attacks

Trick for Advanced SQL Injection

I do not condone any criminal activity, nor do I support the actions of either Anonymous or Lulzsec. I am only sharing what I have learned so far. Both screen shots were captured from legal penetration testing of my own systems setup expressly for that purpose.