Category: Security

Spot the Undercover Reporter

Wired: DefCon staff lured her to a large hall telling her that the Spot the Fed contest was in session and that she could get a picture of an undercover federal agent at the contest. When she sat down, Jeff Moss, DefCon’s founder, announced that they were changing the game. Instead of Spot the Fed, they were going to play Spot the Undercover Reporter and then announced, “And there’s one in here right now.” Madigan, realizing she’d been had, jumped from her seat and bolted out the door with reporters carrying cameras chasing after her through the parking lot and to her car.

Mobile Phone Registration

An open letter to Minister Eamon Ryan about government proposals to require the registration of all mobile phones, and the frankly juvenile comments of a junior minister about their reasoning.

Minister,

I would like to formally object to the apparent plan being put together by your government to require the registration of all mobile phones. This is another – completely unnecessary – step the Irish government is taking on the slippery slope of privacy invasion.

I say completely unnecessary because the only people who /won’t/ be affected by this type of initiative are the people it’s supposed to target. And in highlighting them, your junior minister demonstrated a complete lack of understanding of privacy issues.

I hope both you and he will take the time to read this relatively short paper on the, frankly immature, “Nothing To Hide” argument.

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565

I would appreciate your confirmation that you won’t in fact be going ahead with any legislation or initiatives regarding this. It is, to be blunt, the kind of useless security theatre one would expect from the current US administration, or possibly fascist dictators.

We’re better than that.

Yours sincerely,
Adam Beecher

Also see posts by Fergus, Damien, Antoin, Daithí and TJ.

UPDATE: I received this reply from the Minister’s office on the 24th of July btw. Just an acknowledgement, no substance.

On behalf of Mr Eamon Ryan T.D., Minister for Communications, Energy and Natural Resources I wish to acknowledge your email below, the contents of which will be brought to the Minister’s attention.

I sent a complaint to the junior minister too btw, but I don’t have a copy as I had to do it via a web form. Obviously he doesn’t have the testicles to post his email address on the web. I received no reply from him at all, surprise surpise.

UPDATE: The Minister responds.

Don’t sign Avaaz.org petitions

[NOTE FOR THOSE LACKING CLUE: Comments are closed on this post for a reason. Commenting on other posts about it is moronic and futile. Fuck off.]

Not if you value your email address, that is. I’ve signed quite a few of them on prompting from Sista, but recently I’ve started received spam on the unique email address I set up to subscribe. I reported it to Avaaz and received an assurance that they don’t sell or share their list, but that they’ve received reports and are investigating. I asked them to follow up, they didn’t. Obviously their security has been breached.

UK War drivers arrested

This kind of bollocks drives me demented. In separate incidents, a man and a woman “received a caution for dishonestly obtaining electronic communication services with intent to avoid payment”. How are they avoiding payment when they’re simply using a publicly-available connection? It’s the clueless dickwad that left his or her connection open that should be locked up. Their rig is probably spewing out all sorts of shite anyway, we should at least do them for littering.

Schneier on Passwords

I’m a big fan of Bruce Schneier, I think he’s probably the best plain-speak security guy around, one that can see past the bluff and bluster to the underlying issues. He calls the TSA and their ilk on bullshit airport security procedures regularly, for example, and watching him out the latest “unbreakable” cipher as complete guff is a wonder to behold.

In this Wired article he goes into how easy most passwords are to crack, including – much to my surprise – passwords that I would have considered relatively secure, such as a pronounceable root with an appendage. I found the comparative frequencies of prefixes and suffixes particularly interesting. Of course, as Bruce constantly tells us, security is relative, so your passwords should be too.

Here’s the critical paragraph, although I’d recommend reading the entire article for context, and just because it’s as well-written as nearly all of Bruce’s pieces:

So if you want your password to be hard to guess, you should choose something not on any of the root or appendage lists. You should mix upper and lowercase in the middle of your root. You should add numbers and symbols in the middle of your root, not as common substitutions. Or drop your appendage in the middle of your root. Or use two roots with an appendage in the middle.

I agree strongly with his recommendation that a password store should be used by anyone needing to deal with large numbers of passwords. Personally I use KeePass, but I’ll be switching back to PasswordSafe shortly because no matter how hard I try, KeePass databases simply can’t be used across platforms.)