Blog - Unity Behind Diversity

Searching for beauty in the dissonance

Tagged: security

Police caution about ATM shell scams

Found this video via LondonTopic.ca explaining how scammers can tamper with PIN pads or card readers on ATMs.

Creative Commons Attribution-ShareAlike 4.0 International Permalink | Post a Comment

MacBook Air first to be compromised in hacking contest

In a hacking contest pitting Windows, OS X and GNU/Linux against each other, a MacBook Air was the first machine to go down after just two minutes into the second day. The headline is in several places, but I’m linking to Slashdot because comments like these amuse me at 5:30am:

  • Ah, the pride of 0wnership.
  • the sound of a million fanbois as they screamed Nooooooooooooo i sense a disturbance in the reality distortion generator set comments to flamebait and activate the extra moderation modules captain taco
  • Safari browser has massive security hole.

    It’s funny how they turned a huge hole in the Safari browser into a commercial for the Mac Air.

    “Small size, big holes”

  • The Vista machine would have been hacked quicker if it ran faster
Creative Commons Attribution-ShareAlike 4.0 International Permalink | Post a Comment

MPAA University toolkit for combatting “piracy” violates copyright laws

The Motion Picture Association of America (MPAA) recently released software which it urged some of America’s largest universities to employ in order to monitor their networks for unauthorized file sharing. Not only do the universities not owe the MPAA anything, but the toolkit was found by security specialists to raise some major privacy concerns. Steve Worona, director of policy and networking programs at EDUCAUSE, says of the toolkit, “no university network administrator in their right mind would install this toolkit on their networks.”

More interestingly though, the software in question was based on Ubuntu variant Xubuntu and also made use of the Apache web server. There’s enough irony in the use of free and open source software to enforce draconian copyright laws already, but apparently the MPAA was in violation of the GNU GPL, the license the majority of the software is released under, by not making the source code available. Matthew Garrett from the Ubuntu technical board contacted the organization about their violation of copyright which resulted in a removal of the toolkit from the MPAA’s website. It will likely be up again soon once they sort things out, but this episode is both ironic and embarrassing for the MPAA. Calls for stricter copyright begin to sound hypocritical when the MPAA fails to respect other copyright holders’ rights.

Oh, and apparently this isn’t the first time the MPAA has done this sort of thing. And aside from violating copyright, they may also be in violation of Ubuntu’s trademark.

I really hope they’re embarrassed, but I’m not holding my breath.

Creative Commons Attribution-ShareAlike 4.0 International Permalink | Post a Comment

Access Gmail with a secure connection

Did you know that when you’re viewing mail in your Gmail account you’re not using a secure connection by default? That means that anyone who’s sniffing traffic on your network can intercept your packets and essentially read your email or, worse yet, steal your session (ie. login to Gmail as you)!

The chances of this actually happening to you are very slim. But Google actually offers HTTPS (ie. encrypted) access to Gmail, so why not take advantage of it? To use HTTPS, you just need to change the “http://” in the address bar to “https://” once you’re logged in and hit enter.

You need to do this ever time to log into Gmail though, which is a bit annoying. That’s why I’ve begun using the GMailSecure script for Greasemonkey. Greasemonkey is a Firefox add-on which allows you to install scripts that customize websites for you. This script simply replaces “http://” with “https://” for you whenever you’re logged into Gmail.

For any security conscious Firefox+Gmail users out there, this add-on ensures that you’re always viewing your email over a secure connection.

Creative Commons Attribution-ShareAlike 4.0 International Permalink | Post a Comment