post

Olga Wants Me!

Left: The photo that 'Olga' sent me. Right: Likely the 'real' Olga

Left: The photo that ‘Olga’ sent me. Right: Likely the ‘real’ Olga

The increasing sophistication of spammers constantly amazes me. This one, however, was the best yet. Not that I’d get sucked in to this phishing attempt, but the text was good enough that it got through to my ‘real’ email…and not just in to my spam folder.

Helo Steve,

My name is Olga. I am a 22 year old college student living by Moscow. I go to Bauman University (Moscow State University of Technology) and will be cumming to Minesota for a visit next month.

I have seen you on the internet and would very much like to meet you in person. Please email me or click this link: http://link-redacted.ru

Sweetly, Olga

Of course I didn’t click the link (and you NEVER should either*), but even as I write this I’m sort of stunned it arrived intact. Just goes to show you how careful we have to be when this crap is sent our way.

*What should you do? Hover over the link and look in the bottom of your browser window. You will see the REAL address they’re sending you to. The text for a hyperlink can be anything (e.g., Bank of America) but go to any URL. Don’t click on it…just delete the email.

post

NSA: Why are you not focused on protecting the nation?

nsa-logoReading the German publication Der Spiegel’s article called Prying Eyes: Inside the NSA’s War on Internet Security this weekend, like them I was struck by something that has been on my mind for over ten years. Why does the U.S. intelligence services, and specifically the National Security Agency (NSA), do more to protect the nation?

What came out in the Edward Snowden revelations was that the NSA is, without question or doubt, working feverishly to crack all encryption and are also working hard to build a quantum computer that will crack the little unbreakable encryption we still enjoy today.

Any of us in information technology, web or mobile app creation, and any sort of data security at all, know that if something has been cracked—regardless if it’s some kid in Norway or a state-based intelligence service—it is only a matter of time before the blackhat hackers discover it and exploit the crack.

[Read more…]

post

Takei Tours YouTube Space LA

George Takei’s YouTube show, Takei’s Take, tours YouTube Space LA (there are also London, Tokyo and New York locations currently). If you haven’t yet heard about this space, and what they’re trying to accomplish, this is a perfect overview in 4 minutes (and always enjoyable due to George’s take on things and his delightfully positive attitude and outlook)!

post

You’re in Danger on Public Wifi!

wifi-publicIllustration by Kristina Collantes

If you ever connect to a public Wifi hotspot, you owe it to yourself to spend 4-5 minutes and read this article by Maurits Martijn called, “Maybe It’s Better If You Don’t Read This Story on Public WiFiWe took a hacker to a café and, in 20 minutes, he knew where everyone else was born, what schools they attended, and the last five things they googled.”

I want to make thousands of copies of that article and give them to every single person I see in every public Wifi location everywhere!

Let me say it as emphatically as I can if you’ve read this far: You are an idiot if you connect to any public Wifi without running a virtual private network (VPN) connection (like the one I use, Private Internet Access for $39.99/year for 5 devices). If you don’t it’s not “if” you will get hacked, but rather “when” it will happen to you.

To show you how pervasive and simple it is to hack your laptop, smartphone or tablet when you connect willy-nilly to some public Wifi hotspot, let me give you a glimpse at what I can only describes as a…

HACKER’S DREAM MACHINE
The Wifi Pineapple, a $99.99 black box

The Wifi Pineapple, a $99.99 black box
which makes it trivial for a hacker to steal you!

Because I’ve technically known the risks for nearly ten years, I’ve been paranoid about public Wifi locations since 2005 and wrote about being “naked in a coffee shop” here, here and here. But to show you how brain-dead-simple it has become to BE a hacker, wait until you read about a black box called the Wifi Pineapple you can buy, for $99.99, which lets anyone who has one:

  • Run a man-in-the-middle attack, essentially spoofing a public Wifi connection and even impersonating the actual, real network connection (whether open or secured). How many times have you connected to Wifi that said “Coffee Shop Guest” or “Free Public Wifi”? Sometimes they’re real, mostly they are not. You can almost never be certain.
  • The attacker can monitor all network traffic flowing between an Internet gateway and the connected clients (like your laptop, smartphone or tablet!) as well as manipulate this data in transit such as through captive portals, DNS spoofing, IP redirection and even the substitution of executables in transit (so that file you’re downloading might be coming off of the attacker’s laptop!).

There’s alot more you can do with this device and Hak5, the group that makes it, is certainly gleeful about all the rogue crap it can do:

“…the WiFi Pineapple is more than a platform – it’s a community for creativity. Rickrolling clients, powering off WiFi drones mid-flight, tracking commercial airliners and logging WiFi connections are only some of the creative things being done within the WiFi Pineapple community.”

On the Hak5 forums they even have a section entitled, “WiFi Pineapple University” to help users teach users about this ‘fun’ little box.

The good news? If you run a VPN and inadvertently connect to “Coffee Shop Guest” and it’s actually a spoofed connection through one of these black boxes, the hacker would only see encrypted traffic! Everyone else’s internet traffic—Facebook login, bank password, credit card data—would mostly be going in the clear. (Note: I know that an actual SSL connection would encrypt traffic in the browser, and so do most smartphone and tablet apps, but more sophisticated hackers can even spoof SSL connections so that your browser thinks it is securely connecting…but it is not).

I must admit that, even though I’m more appalled by the activities of our government and mass surveillance of U.S. citizens in what I believe is a direct violation of our Constitution, boxes like this one target individuals with a lot to lose. It’s not right and not fair and I hope I never catch someone using one in a public place or…

post

Privacy Does Matter

Glenn Greenwald was one of the first reporters to see — and write about — the Edward Snowden files, with their revelations about the United States’ extensive surveillance of private citizens. In this searing talk, Greenwald makes the case for why you need to care about privacy, even if you’re “not doing anything you need to hide.”

post

NSA Files Decoded

guardian-nsa-files-decodedThe Edward Snowden revelations about the U.S. National Security Agency (NSA) and its vacuum surveillance, sadly seems to be fading from the public consciousness. Undoubtedly this is viewed as a positive by the intelligence community since they are continuing to accelerate their programs now seemingly unabated.

Awareness is one reason I was pleased to see this article that The Guardian wins an Emmy for coverage of NSA revelations. Their multimedia piece NSA Files Decoded is one of the best, most comprehensive and informative (dare I say “entertaining?”) pieces I’ve seen yet. Congratulations to The Guardian team!

If you care at all about the world our children and grandchildren will inherit, then you owe it to yourself to watch the videos or read articles at NSA Files Decoded. You might also consider paying attention to a relatively new website, The Intercept, so that you can stay aware, stay informed, and not be one of those who are naive about the unprecedented and growing power of the intelligence community and its surveillance of all U.S. citizens.

post

Frontline’s United States of Secrets

frontline-ussecrets

Last night was part two of the PBS Frontline program called United States of Secrets. It was one of the best, most thorough overviews of what is going on with the NSA’s vacuum surveillance that I’ve ever seen.

You owe it to yourself, and the future of our children, to be aware of what’s going on.

NSA Finally In The Light

nsa-logoI’ve been deeply concerned about the massive, sweeping surveillance going on for over TEN YEARS! Whenever I bring up this topic (and online security in general) too many of my family and friends just shrug and say, “Oh well.” Frankly, I just don’t understand why most people don’t seem all that concerned about our fundamental erosion of liberty caused by the NSA’s mass surveillance.

Thankfully the Edward Snowden whistleblowing finally shined a light on what I intrinsically knew was going on shortly after 9/11 (see Snowden’s revelations and the overall controversy at The Guardian’s NSA Files website section). Yes, I feel vindicated for my paranoia but that attestation is not something I longed for…instead I hoped the government’s drive to classify their constitutional violations and illegal activities as “keeping America safe from terrorism” would stop.

Unfortunately that whistleblowing has made it increasingly hard for companies who sell their technology outside of the United States. For example, the NSA was inserting hardware in Cisco routers which caused CEO John Chambers to write a letter to President Obama asking for it to cease…now.

We’ve only seen the beginning of the backlash and erosion of our competitiveness around the world since no one trusts us anymore.  [Read more…]

post

Web’s Inventor Calls for Net Neutrality

The NeXT computer on which Sir Tim Berners-Lee wrote the World Wide Web

The NeXT computer on which
Sir Tim Berners-Lee wrote the World Wide Web

This year the World Wide Web turns 25 years old. Sir Tim Berners-Lee, the man who invented the Web, is imploring the world to keep the Web free, open, neutral and robust.

There is no question that Berners-Lee has deep and profound concerns about the direction the Web has taken. From global mass surveillance to net neutrality, he clearly sees his baby, the World Wide Web, as one of the most powerful inventions in human history but one in jeopardy of being subsumed by governments, corporations, or others in power positions. 

He’s created a website, Webat25.org, highlighting what he discusses in this video below and it is one you should visit.

post

Are We Living in a Bizarro Universe?

Bizarro: art from the cover of Superman #202 (Dec. 1967). Art by Curt Swan & George Klein.

Superman’s alternate universe doppelganger ‘Bizarro’: art from the cover of Superman #202 (Dec. 1967). Art by Curt Swan & George Klein.

Unless my family and I are living in an alternate Bizarro universe, it’s pretty clear that we all will soon be paying a lot more for our internet broadband connections and our internet choices will be throttled.

I say that because of the net neutrality battle going on right now, one the internet service providers (ISPs), and especially the cable providers who also provide television, think this is one they cannot afford to lose.

None of the ISPs want Netflix, Apple’s AppleTV, Google’s $35 Chromecast, or a service like Aereo to either continue to succeed or be in a good or better position to do so.  Unless, of course, the ISPs are allowed to make the internet a toll road where only those who pay can get through or go fast.

If the cable companies and other ISPs “win” the net neutrality battle, our TV streaming options will collapse, we will all pay more for our internet connections, all while having to continue to pay “bundled” prices for cable TV channels we never watch.  [Read more…]

post

Thoughts About the Secret Police

stasi

The Ministry for State Security (German: Ministerium für Staatssicherheit, MfS), commonly known as the Stasi, has been described as one of the most effective and repressive intelligence and secret police agencies in the world. (More here at Wikipedia)

All last evening, and over lunch today, I’ve been reading dozens and dozens of articles on the shitstorm going on with respect to the National Security Agency and their scooping up data about Verizon phone calls and how the NSA has access to major companies (see U.S. intelligence mining data from nine U.S. Internet companies in broad secret program) to collect our emails, photos, tweets, chat logs and more. Last night and today the aggregator Google News displayed links to over 2,000 articles (and that doesn’t count all of the blog posts) about this ongoing issue. 

But it was a post today that crystallized the FEAR about what’s going on in a way I’d not yet read from anyone or any news outlet.

Your iPhone Works for the Secret Police, from Harvard Business Review blogger James Allworth, recapped our fear about what the NSA mass data vacuuming means for all of us. As someone whose ancestry hails from Prussia and Germany — and that I’ve spent alot of time in Germany, especially just a few years after the Berlin Wall fell — I can tell you that the effects of the Stasi repression was still palpable. Allworth points to the Stasi as an example of an intelligence service run amok and what it could lead to:

The infamous East German secret police, the Stasi, managed to infiltrate every part of German life, from factories, to schools, to apartment blocks — the Stasi had eyes and ears everywhere. When East Germany collapsed in 1989, it was reported to have over 90,000 employees and over 170,000 informants. Including the part-time informants, that made for about one in every 63 East Germans collaborating to collect intelligence on their fellow citizens. You can imagine what that must have meant: people had to live with the fact that every time they said something, there was a very real chance that it was being listened to by someone other than for whom they intended. No secret police force in history has ever spied on its own people on a scale like the Stasi did in East Germany. In large part because of that, those two words — “East Germany” — are indelibly imprinted on the psyche of the West as an example of how important the principles of liberal democracy are in protecting us from such things happening again. And indeed, the idea that it would happen seems anathema to most people in the western world today — almost unthinkable.

President Obama, Congressional leaders and any others are defending the subversion of our Constitution and the 4th amendment as “legal” and “sanctioned”. But when everything is secret, how can we do what President Reagan said about our relationship with the former Soviet Union “Trust…but verify”? The answer is “we can’t” and what’s going on right now in the present-day United States would have been a Stasi leader’s wet dream back then.

If you read nothing else about this important issue, take a few minutes and read Allworth’s article here