Note Blog

Thursday, April 17, 2014

Holy Thursday

  • I have a confession to make...

    • When I started in tech all those years ago, I believed that increased productivity would lead to more free time for workers. I was young and naive. In hindsight I realize how wrong I was. I am directly responsible for many people losing their jobs in a number of industries by creating "efficiencies". The people who still have work have to work longer and harder to protect themselves because of the throngs of unemployed people who will gladly work long hours, which of course makes matters worse. The ability to work from home and email have shackled people to their jobs 24/7. In this way, I honestly believe that world is a worse place because of me.

      I Am Sorry.

  • Heartbleed

    • Another Day... more Heartbleed News... I think I'm worse the CNN with an airplane

    • Does your browser respect certificate revocations?

      Revocation Awareness Test  

      With keys leaking due to heartbleed, it's important that your browser properly handles revocations. The above link is an SSL page with a revoked cert, if your browser doesn't throw an error or warning and just loads the page you might have problems. A clever hacker might be able to impersonate a site (yes, they would need to poison DNS, but there are vulnerabilities there).

      For Me, Safari throws a warning, FF blocks it, Chrome just lets things happen.

  • On This Day

    • In 1967 - The Surveyor 3 spacecraft was successfully launched from Cape Kennedy, Florida on its mission to the Moon. It was the first to carry a surface soil sampling scoop.

  • Holy Thursday

    • Holy Thursday (also known as Maundy Thursday, Covenant Thursday, Great and Holy Thursday, Sheer Thursday and Thursday of Mysteries) is the Christian feast, or holy day, falling on the Thursday before Easter. It commemorates the Maundy and Last Supper of Jesus Christ with the Apostles as described in the Canonical gospels. It is the fifth day of Holy Week, and is preceded by Holy Wednesday and followed by Good Friday.

  • Aereo

    • If you don't know, Aereo is a web service that allows you to watch television remotely. They have hundreds of mini antennae on the roof of a building that they a subscriber can control and watch over the internet. They only allow people local to the antenna to have access to it (so I can get access to NY programming but not programming from Boston). This is great for people who live in a city like NY. If you don't have line of sight to the Empire State Building you can't always get a signal. Digital TV has made this worse since it's all or nothing. If you live in an apartment and can't mount an antenna on the roof your only choice is to pay for cable. Aereo presents another choice, you rent access to an antenna in their farm, and watch it over the internet. You only get the programming that is being transmitted over the air so you're not "stealing" anything. The broadcasters don't like it and are suing Aereo, the case is going to the Supreme Court next week.

  • Random Musings

    • After the past week, I'm reminded why I moved from infosec back into development. That move, and taking up Yoga are the 2 best things I''ve done for my heart.

    • This is why filtering on the internet is hard:

      I'm reminded of a usenet newsgroup that used to be blocked a lot. It was a fan group around Captain Picard from Start Trek: TNG... the group was named alt.bald.sexy.captain

  • Today's Background Image : The Last Supper - by Giampietrino

Wednesday, April 16,2014

  • Heartbleed

    • Yes, I took a day or 2 off from Heartbleed, but it appears that it's time to get back to it.

    • The press isn't getting Heartbleed  

      It's great when someone smarter then you is saying the same things as you are. Again, passwords aren't the real problem, the website's keys are.

    • A comment on the above link:

      I have to tell you a quick story, Christina. Last week, I spent a night patching a number of clients' systems. One of them called me then next day accusing me of taking advantage of the exploit to make some money since the news said that, "If you don't change your passwords your SSNs might be stolen". So, he felt, "all we need to do is change passwords and since the system doesn't store SSNs there's no need for action". I sent him a number of articles setting him straight, but it left me to wonder if there are firms out there that haven't fixed things because a non-technical manager / CEO depriortized it based on a 3 minute report on the radio.

      IMHO, Users should be advised to check with their providers. If a site hasn't posted someplace what their heartbleed status is; users should email / tweet/ call them. Users should be advised not to use systems where the heartbleed status isn't clear. I agree that users can't fix this, but I feel they need to pressure website owners to get this fixed.

    • Heartbleed: Revoke! The time is nigh!  

      80,000 certificates have been revoked.. this means that there are around 420,000 affected certs out there.

    • It's simple, the problem isn't passwords, the media is wrong. The problem is the fact that the keys to the encryption have been leaked. Unless your provider changes them, there's nothing you should be doing.

      I'm at the point that I have to say it's up to every one of you to pressure your provider. If a site you have an account on hasn't let you know if they were effected or not you need to contact them and ask. It's really simple and 2 part question:

      1) Was your site affected by the Heartbleed Bug?

      2) If so, have you upgraded openSSL and revoked the certificated (and if not, when?)

      I spent some time bugging my bank last week. Their initial answer which was from a script was something along the lines of, "We here at [Goliath National Bank] take your security seriously and look into all problems". When I pressured them further I got a, "if you feel uncomfortable change your password". I explained that I was a technology consultant and why that was useless (that might have been using False Authority Syndrome to my advantage). They said they'd look into it. After bugging them a few times they eventually updated their script and posted something in their news section over this past weekend. At the end of the they they were not affected.

    • And we have #2...(after the Canadian Tax Authority

      Mumsnet users urged to change password after Heartbleed hackers target site  

  • On This Day

    • In 1976 - The Helios-B deep-space probe made what was then the closest controlled approach to the Sun at 43 million km or within 0.3 AU.

  • Random Musings

    • It seems it always happens. Whenever we get too high-hat and too sophisticated for flag-waving, some thug nation decides we're a push-over all ready to be blackjacked. And it isn't long before we're looking up, mighty anxiously, to be sure the flag's still waving over us. - Yankee Doodle Dandy

    • Principal: L.I. High School Students Suspended Indefinitely For Displaying Confederate Flag  

      Skipping over the hate issues for a moment. Freedom of speech protects a person from government censorship. Freedom of speech does not mean that a Private Institution is required to give you a platform. That's why I'll take down comments on my blog that I find offensive. The government can't force me to take down a post but Facebook / Twitter/ my ISP can. I have to right to get on a soapbox in a public park and discuss my views, I don't have a right to do it inside a mall. Assuming that St Anthony's High School is not a public school (very good bet) they have every right to confiscate the flag, and suspend or expel the students.

    • Teen appeals conviction for recording alleged bullying  

      Unfortunately, PA is an all party consent state, so this is technically wiretapping but...

      Schools are not courts so the rules of evidence don't apply. Just because it was obtained illegally, doesn't mean a principal can't act on it. I didn't realize that bulling had to be repetitive, anyway the mother supposedly reported the bullying in the past.

      What principal in the world listens to a student being bullied orders the student to erase the recording and calls the police to have the victim arrested for wiretapping?

      What fracking planet do I live on... and how do I leave?

  • Today's Background Image : - In The Blue by A Bloke Called Jerm

Tuesday, April 15, 2014

Happy Tax Day!

Top