Saturday, May 28, 2005

Lavasoft Announces the Launch of Ad-Aware SE 1.06

With the 1.06 update you can be certain to receive the best protection available against disturbing privacy threats with faster scanning and more efficient Code Sequence Identification (CSI) capabilities in both Ad-Aware and Ad-Watch.

For a complete list of updates and changes, click here.

read more | digg story

Friday, May 20, 2005

California Prohibiting RFID Identification Cards

The California State Senate on Monday approved a bill with broad bipartisan support (29-7) that would prohibit state and local governments from issuing identification documents, driver's licenses, and ID cards containing a RFID tag

WTH? They're looking after us? It's a kodak moment. You might want to gather the family close and take some pictures or something.

Known as the Identity Information Protection Act of 2005, SB 682 was authored by State Senator Joe Simitian (D-Palo Alto). The bill would also make it unlawful for a person to read or attempt to read an identification document without the owner's knowledge.

Another sign of clear thought. Since we already know RFID has been hacked in the past, I can just see the criminals walking around in crowds trying to crack your RFID tags and steal your identity.

read more | digg story

Tuesday, May 17, 2005

Test Your Pop-Up Blocker has added pop-up testing to its arsenal of auditing tools. The new feature allows users to run tests against their installed pop-up blocking software, step by step. The tool comes in a few flavors from network noob to web-geek and even something they call Misc.

read more | digg story

Yahoo 'Web Beacons' Track Users

Yahoo tracks all of its users everywhere on the web and the way to opt-out is detailed below. If you have a Yahoo e-mail account or belong to one of Yahoo's many Yahoo groups, this probably applies to you.

Beacon clauses in the yahoo privacy information give the opt-out we're looking for. Clicking here will bring you to a paragraph entitled "Outside the Yahoo Network."

In this section you'll see a little "click here to opt out" link that will let you "opt-out" of their web-beacon information gathering technology. Which is what you want.

Once you have clicked that link, you are exempted. Notice the "Success" message on the top of the next page. Be careful because on that page there is a "Cancel Opt-out" button that, if clicked, will undo the opt-out.

WASTE Network for encrypted, private filesharing

WASTE is software for setting up small, secure, private filesharing networks. WASTE provides chat, instant messaging, and file transfers between connected users, all of which is encrypted. The software is entirely peer to peer so no server is required. It works best for transferring files between small groups of people, like a group of friends.

I've not tried this yet but the idea is a great one. I wonder if a combination of this and some of the P2P methods we've seen before are mergeable. Judgeing by the recent patent applications, our good buddies in the MPAA and RIAA are actively infiltrateing P2P networks (as if they were secure to begin with right?) and avoiding noble attempts such as blocklists. BayTSP may have had a brief smack in the mouth by projects such as PeerGuardian, but their usefulness will slowly be confined to keeping less motivated people from connecting to your computer.

Right now PeerGuardian and the other IP blocking tools will keep advertisers out and prevent major spyware outlets from being visited by unwitting family members "surfing" the net. Consider how easy it would be to setup a cheapy hosting plan at any one of the throngs of service providers, and run your snooping operation from there. If you're not sure which ISP to pick, download the freely available list of blocked IP ranges and make sure your new box is not on the list. By the way, be looking for a month to month contract provider, because as soon as you file your lawsuits that entire ISP will most likely be blacklisted. I'm sure the ISP and all of their other customers understand that you must defend your program from people that want to see it.

Sunday, May 15, 2005

Spyware Blaster 3.4 Released

JavaCool Software has released version 3.4, which is not available via the update feature of previous versions. Update install instructions for people using older versions suggest that you should download the latest version, disable all protection in your current install, uninstall the old version and then install the new one.

read more

Thursday, May 12, 2005

MPAA targets TV Download Sites

The MPAA has now turned its gaze towards the "theft" of television shows.

"Continuing its war on Internet file-swapping sites, the Motion Picture Association of America said Thursday that it has filed lawsuits against a half-dozen hubs for TV show trading..."

The problem here is that they're still going after the technology rather than the people breaking the laws. This is like giving parking tickets to the auto makers. Bit Torrent is not going away, in-fact it's growing like mad. The technology is becoming part of other media shareing schemes like podcasting.

read more | digg story

Firefox 1.0.4 Released

Mozilla foundation has rushed to fix the 1.0.3 security issues. Firefox 1.0.4 has been officially released. Direct link

I'd like to see all software updated so quickly. I for one am very thankful for it as the work-around for 1.0.3 was getting rather annoying. Turn off Java Scripting when surfing, turn it back on when you visit a trusted site, so the pages work properly,(gmail? GUH!)then turn it back off again.

All of my numerous extensions seem to be working, and on a side note there is an update for the BBcode extension, which is great for phpBB forum users.

Wednesday, May 11, 2005

Cox launches security suite

As part of the Safe is Beautiful campaign, Cox Communications has sent out email to users announcing the availability of security software free for Cox subscribers, installs on up to 4 computers.

Their new security software includes:

  • Anti-Virus protection for your PC
  • Firewall software
  • Parental Controls "help filter the sites your kids are visiting and set time limits for Internet use"
  • Anti-Spyware software
  • Pop-Up Blocker

New Desktop Console

All of these programs are managed through a Cox High Speed Internet Desktop Console.
Personally I don't want another toolbar, desktop doo-dad or system-tray... er system notification area... icon. None of the available software is open source and all seems to be provided by Authentium: "Your Cox account number and Cox High Speed Internet e-mail address is provided to Authentium solely so that they may activate and support your software, and so that Cox can track activations between Cox and Authentium. Authentium will not use any of the information provided for marketing and will not distribute it to any other parties. For more information, please see the Cox Privacy Policy."

Windows 98se or higher is required but there is a link to the apple security site. Is this the first step to ISP's taking responsibility for the massive proliferation of botnets and the hordes of spyware infected computers? On the one hand I have to cheer Cox for their efforts and on the other I have to wonder why this sort of thing took so long. We seem to be starting into a new age of "blocking."

The Hackers will always win

Some time ago I published this as a wake-up call to the game and entertainment industry here. Since then it seems to me that this is becoming relevant to more and more industries and content providers (CP's) of all sorts. These two simple ideas still elude the awareness of so many people it shocks me. So here it is, freshened up a bit and aimed at the CP's collectively.

Rule No. 1 -Surge's Guide to Computing
The hackers will always win. No matter what you do, how sophisticated your plan, intricate your efforts, the hackers will always prevail.

Lets examine why this is so, shall we?

  1. Hackers have unlimited time. CP's have to meet deadlines, face budgetary constraints and need to deliver their product or service in a timely and marketable fashion. The hacker however, waits until the product comes out, and works on it until the desired result is achieved. This is particularly evident in things that cannot be changed after they hit the market, like DVD's and consumer hardware.
  2. Hackers love to do it because CP's don't want them to. Viva la resistance! Hackers form what amounts to clubs, that allow them to team up to solve problems. Look at the OpenSource movement and Linux! Geezus! These people have spent hundreds of thousands of man hours working and 99% of them have made precisely jack doing it. Sometimes hackers will spend every free moment they can spare just to impress their friends or peers, and some of this worlds best hacks have been done to embarrass people seen by the hacker community as undesirable.
  3. Hackers seemingly have unlimited resources. Money, access, time, computing strength, bandwidth, knowledge, talent, and experience to name a few. These resources are dispersed among many, but the bigger the target the more collected resources come together to make a great hack. I can think of a few things as an example of this but if you doubt it's true, you must be a complete fool.
  4. Hackers are smart. Just face the fact. It's a simple and often overlooked fact that many people just don't take into account. CP's spend money and time trying to jam up hackers and P2P users so they can't do what they want to. ( see rule 2 ) Smart people are, at this very moment, working to slip past all the CPs' silly efforts to control, monitor, observe, capitalize upon, harvest data from and in general rule over use of computers and the internet.
  5. If CP's can change, so can hackers. Think CP's are too dynamic for hackers to keep up? Prove it! Just about anything that's worth a crap to anyone is, or has been hacked in someway. CP's are going to loose because hackers are, by nature, relentless.

Rule No. 2 -Surge's Guide to Computing
People will always choose the path that let's them do what they want to.

I know this doesn't seem profound, but it is something that needs to be included. It does seem to escape the minds of awesome companies and their efforts seem bent on getting people to do what the company wants, instead of getting the company to do what the people want. Silly stupid sons of bitches.

  1. Today, people can search for and download music in a portable near-CD quality (good enough for most people) format that is universally recognized by 100's of applications and hardware manufacturers, for free. This is in most cases illegal, and yet wildly popular.
  2. Enormous resources have been applied to prevent this, all have failed.
  3. There is no media format available upon which data can presented that cannot be duplicated or recorded, and then shared with others over the internet.
  4. Anti-Spyware programs [also], anti-spamming efforts and anti-virus [also][also], even ad blocking systems are at an all time high for both their popularity and their technical sophistication. People are working very hard to gain back control of their computers and the things their computers are doing.
  5. When the RIAA/MPAA/Metallica shut down Napster, several new technologies jumped in, and people continued to do what they wanted to do.
  6. When it was discovered that hackers had found out how to decrypt DVD content, the MPAA and it's ilk rushed to blast the offenders with lawsuits and public smears. The hacker response was to make the algorithm as small as possible and distribute it as widely as it could be. Some people printed it on t-shirts. One fellow had it tattooed on his body. Today that same algorithm is used to rip and decode DVD's all over the world. People want to share movies and other DVD content. They want to bypass the DVD region locks that would prevent someone in Asia from viewing a DVD sold in Europe or anywhere else. And people can do it... are doing it. Stand in their way if you'd like ( see rule 1 ) but it's pretty foolish.

Hackers have even been at work to defeat systematic controls like websites that require registration, proof of age, or email verification.

So it brings me to my WHOLE freakin point. So many companies are hard at work to develop ways to stop hackers and pirates. The result of which has formed the following banes of the computer users of the world:

  • Product activation - Microsoft and others.
  • CD-Check
  • CD-Keys
  • Serial Numbers
  • Required Registration
  • Hardware Dongles
  • DRM - Digital Rights Management
  • DMCA - Digital millennium Copyright Act
  • Applications that require the CD to be in the drive to use
  • CSS - Content scrambling System
  • Proprietary formatting of media and content
  • Crippled hardware (blue-tooth cell-phone anyone?)

All of these things have been defeated by hackers, sometimes in as little as a few hours. All of them have been widely distributed and defeating techniques for all of them have been well documented and are freely available.

All of these things make using these products and services more difficult for the users and do not stop hackers! Why do CP's make paying customers suffer for nothing? The cost associated with all the BULL user have to put up with to use the product, only makes the product more costly for the user. CP's could save a lot of money by tossing the BS and spending money on adding out-of-the-box value. Make sure it works out of the box, no patches, or brief server downtime, or momentary delays in your supply cycle... all creative ways of saying the same thing... we ****ed up. And CP's continue to do it. They continue to expand their efforts to control, and capitalize and subjugate computer users and so they will be defeated.

Real ID Passes Senate

Privacy advocates' efforts to stop legislation that would create a federally-approved electronic ID card failed today. A military spending bill which contained the so-called Real ID Act driver's license reform passed unanimously in the U.S. Senate.

Hey, great! Just what we need. Bundle up some war-fighting cash with some privacy abolishment and toss in a ever growing threat of identity theft and you're set. The ball has officially been dropped.

read more | digg story

Sunday, May 08, 2005

Firefox 1.0.3 Extension Vulnerability

Apparently the good folks over at FrSIRT have found a way to trick your beloved Firefox into installing an extension, bypassing the regular security measures using JavaScript. Your options at this point seem to be, disabling JavaScript, or my preference, disable the "Allow web sites to install software" option, by going to Tools -> Options -> Web Features (windows). UPDATEMozilla Security has posted their work-around and comments that they've patched their servers to prevent the exploit

I guess it happens to everyone, and I think the incidents of major flaws being discovered in "alternative" computer choices will be on the rise as more and more people begin to make the switch from the Wintel mindset. Unfortunately, as more people begin to see the benefits of having control over their computers with programs like Firefox, and it's numerous extensions, hackers will being to pick them apart. No code is perfect.