Tag: security

When Paul Rogers sucked the air out of the room

Been wondering what happened to the video of Paul Rogers at TedXBradford.

Well no need to wonder any more, Imran just posted it on the site and listening to it again its pretty sobering but theres a light at the end.

I originally said this

This talk was like no other. Most of the talks were pretty neutral about the web. However Paul literally sucked the air out of the room with his talk about the political mess and security woes the internet has accelerated. Afterwards there was a level of what just happened in the cinema.

Now you can hear/watch and judge for yourselves… but bear in mind this was the last talk after a number of very positive talks about life online

Paul Rogers is Professor of Peace Studies at Bradford University. He worked originally in the biological and environmental sciences, including lecturing at Imperial College, London, but has worked for the past 30 years on international security. He is a consultant to Oxford Research Group, an independent UK think tank, and also writes a weekly analysis of international security issues for www.opendemocracy.net

Do I TRUST mint with my money management?

Mint - refreshing money management

So I've been using Microsoft Money for quite a while to manage my money but since moving to gnu/Linux, I've not really converted the money file over to anything else. I was checking out the KDE application Money2 but started thinking there has got to be a better way to do this?

Well in steps Mint fresh faced from the Techcrunch conference. When I first heard rumours about it, I thought it was something to do with that terriable credit card company in the UK with the same name. However Mint.com promises to refresh money management by adding all the goodness of Web 2.0.

So I've been checking it out, and to be honest I like what I see but I'm not convinced they can be trusted with my finanical information. Now don't get me wrong I'm no hot shot with millions in the bank but I still wouldn't want what how much I pay for lunch (not a lot thanks to Tesco) in the public domain. I'm not saying Mint are leaking this information, I'm just not sure. I've been reading there Privicy policy and it all looks ok but I have this naggy feeling that this is dangerious and should be avoided for a while longer, at least let someone else be the test muppet. I had this feeling when I first heard about Paypal and to be honest I do use it but tend not to keep money in it for long and I use its most basic features. All those advanced features like hooking it into your bank i've avoided because it worries me. Although in a recent episode of Security now, Paypal's Director of Account protection was on talking about the levels of security and privicy they have for users of their service. SecureID was one of the solutions and to be honest, if my bank offered that, I would gladly use it.

I guess my fear of using Mint is a little overboard but like linking my facebook profile to some of the other sites I use, I think somethings are maybe left alone till I can trust them. Trust is a funny thing, I mean I trust my bank, paypal, amazon, Tesco, Plaxo, etc. But I don't trust Facebook, Mint, etc with my credit card details. They haven't been around long enough to prove their trustworthness. There rep is 0 in my book. I need Facebook to stop mining my information and start offering me real uses. Mint I guess will have to rely on good feedback from people on there own blogs before I start using it.

Its all useless anyway, mint is american centric, requiring a zip code before you can sign up. Have they never heard of Open ID? Simon Wilison was right, all startups should use Open ID if they want people to use their service. Now Mint you've lost a customer because although I could make up a zip code, why the hell should I?

Comments [Comments]
Trackbacks [0]

Serious Window Problem indentified by Microsoft

After listening to Security now Episode 58, I had write a quick blog post to warn people about this very (I would say) critical flaw in Windows XP and IE. I have temporarily patched my systems by unregistering the VGX DLL. I would highly suggest everyone do the same by copying the following code into your run dialog box and restarting your machine.

regsvr32 -u “%CommonProgramFiles%Microsoft SharedVGXvgx.dll”

Much more information and another flaw affecting only Windows 2000 users can be found at the security now notes page.

Comments [Comments]
Trackbacks [0]

About Ben’s disclosure of the BBC’s weather feeds

Ben Metcalfe

I forgot I haven't publicly said anything about Ben Metcalfe highlighting the direct urls of the weather feeds. My take on the whole thing is simple – Security through obscurity.

A system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that the flaws are not known, and that attackers are unlikely to find them.

Security through or by obscurity, is generally a bad idea. By the BBC developer putting the urls inside a plain text javascript file, he or she was relying on Security through obscurity. Ben simply disclosed this information to the world. You could say well he should have let the BBC know, but like software vulnerabilities company's will sit on this information for years because its not important enough. Nope theres no douht in my mind that Ben did the right thing, and maybe taking down the blog post was a good idea for the BBC. We should be thankful and hell this might have spurred some movement on the backstage front? I do wonder if the javascript file in question still has the urls inside of it?

Comments [Comments]
Trackbacks [0]

95 Theses of Geek Activism

In the vein of the cluetrain manfesto, Devanshu posted a great post with 95 points about geek activism. Honestly there pretty awesome, but here's my favorate…

  • Violating a license agreement is not theft.
  • All corporations are not on your side.
  • Everything will enter the public domain some day- even Mickey Mouse.
  • Trusted computers must not be trusted.
  • Proprietary data formats must never store public information.
  • Fair use is a good thing.
  • Use multiple operating systems regularly so you truly understand interoperability.
  • Data mining will not stop terror.
  • Express your opinion in public
  • Blog
  • Security is a trade-off- what are you willing to give up?
  • Use Creative Commons
  • Understand the difference between civil disobedience and breaking the law.
  • Support the free, public domain archives of information.
  • Undermine censorship by publishing information censored in oppressive countries.
  • Voicing your views in a Slashdot comment thread is good, in your own blog is better, but in places that non-geeks frequent is best.
  • Have a global perspective in ideas of geek civil liberties, intellectual property rights and so forth. Do you like your country’s policies in this respect? Can you help people from another country?
  • Read more
  • Make sure that if a vendor locks you in, you lock them out.
  • Linux is no longer a philosophy- it is a good piece of software. Use it if it fits your needs.
  • More information available to the most number of people is a good thing.
  • Vote
  • Read our modern geek philosophers- read Bruce Perens, Cory Doctorow, Bruce Sterling and even Richard Stallman. Read Schneier to find practical reasons why stupid security mechanisms are stupid. Read them even if you disagree with them- it will help frame your point of view.
  • DRM only keeps an honest user honest.
  • Be proud of being a geek, a gamer, a privacy advocate, promoter of free speech and an innovator without fear of litigation, of government or restrictions on liberties- a geek activist.

Comments [Comments]
Trackbacks [0]

Steve Gibson says Windows Metafile was a backdoor

So while in the shower today I was listening to Leo Laporte and Steve Gibson's Security now number 22. I almost fell in the shower after hearing the possibility that Microsoft maybe covered up a backdoor in Windows. Simply put Steve Gibson is suggesting that Microsoft or some people involved in the code for the Windows Metafile (WMF) put in a backdoor. Aka it was not a flaw or vunerability, a backdoor! If this is true I'm speechless.

Its easy to think of this as a conspiracy and put on your foil hats now but this deadly serious. Even Steve has admitted if he's wrong he will be the first to admit he's wrong but he really doesnt believe this. He's actually put a lot on the line for this. Personally I think this is just a long line of the mainstream lying to us. Think about it Sony and there badly written DRM and worst still badly written Rootkit. Lies and more damm lies. Even when there pants were down they tried to cover it up by saying people didnt even know what a rootkit was so why tell them. I remember quoting Miles in my post about the Rootkit saying Apple and Microsoft must be pissing themselves with laughter. Well its now Microsoft's time and Apple are not getting away clean. Theres lots of talk about iTunes in the context of useage patterns feedback and the reduction of uses of the sharing feature across the versions. So Apple users don't even laugh because Apple are hardly saints either.

But back to this claim of a backdoor in Windows. If it turns out to be true (and honestly Steve's explaining actually makes a lot of sense I have to say). We have to wonder how many more there are? Who put this backdoor there and who actually knows about it? I expect by the time this gets out there it will make the large news sources quickly. I've not looked on Digg, slashdot, boingboing yet because I'm on the 10am train into London Bridge. Tell a lie, I just did a search through Digg on the my aggregator and this came up (which is close but not the same) this came up.. I'll digg it when I get back online in about 20mins. Looking at the date of the Digg story (7:30am) its still too early for most of the Western world and may not have had time to circlate yet. Steve did say this was a exclusive to Security now and he's only known about it for about a day at most. Anyhow, we shall see what happens. By the way the people who came out of this smelling pretty sweet has to be Hackers. If it wasn't for hackers and reverse engineering we would never know. This is critical to remember no matter how it turns out.

Comments [Comments]
Trackbacks [0]

Messy haxoring with metasploit caught on iptv

Its not quite as cool as it may sound from the title. I just watched epioside 13 of my lame-ass iptv soap, The scene. yes everyones got there weakness but if you put this against other soaps like Hollyoaks then it comes out quite well. Anyhow, I got a real kick out of main character trying to get root on windows box hosting a FTP server. They used the well established metasploit to find a flaw and exploit it. To be fair its one step up from the hack in the matrix reloaded and they did do a little homework to use the nice opensource framework metasploit. Its certainly a fine line between security tester and exploiter but the best tools always are.

Talking of which if you didnt catch the Security now podcast number 9 about rootkits, please do as it will give you a good old wake up call. I've been personally aware of rootkits for quite a long time but I didnt know spyware, adware applications were starting to use them just so they cant be removed from a computer. Its crazy, but its true. Honestly I wouldnt wish a rootkit on my worst enemy, I just cant imagine anything worst. Anyhow, Steve and Leo do a great job explaining how rootkits work. It is however really good to know Microsoft and Sysinternals are working on the problem. I did try out SysInternal's Rootkit Revealer on all my machines and I'm clean as expected but its good to be sure. I suggest everyone should give it a try, at least till Microsoft add rootkit scanning to there malicious software removal tool. No one likes to be rooted…

Comments [Comments]
Trackbacks [0]