Menu

Michael Gracie

Monday Ugly in tech security

Like “Coyote Ugly,” but actually ugly:

First…hackers busted into the website of the US Consolate General in Russia. As if the US didn’t have enough problems off shore…

“This latest attack highlights the fact that no organization is immune from infection, and that no matter what the size of the company, it must defend its webpages fully to avoid being stung.”

No doubt there – attacks on institutions are commonplace – it’s just that they have good PR teams to keep it hush hush.

Next…a German onion router administrator gets arrested. Clearly not the guy’s problem, but getting arrested highlights the risks of running a Tor server in this day and age (as well as the cluelessness of some politicians regarding technology). What’s Tor? Inquiring minds check here first.

Last but not least… a bunch of laptops were pre-loaded with Vista, as well as a 13-year old boot sector virus. Plenty has already been said on Vista and it’s security. But I can’t help but chuckle.

Web browsing for political dissidents who want jail time

Some Canadian developers are about to release a tool that will allowed web users subject to government censorship to surf the net free of blockage. Psiphon is a product of the Open Society Institute, an arm of the Soros Foundation.

It is great that folks are aiming to provide a free, uncensored internet to less fortunate humans of our planet, but I have a big problem with this. The system in question doesn’t provide anonymity for the user, meaning any node running the software for said user can freely see what they are browsing. It is going to take about ten seconds for evil governments to set up nodes of their own in the free world, and nab their citizenry as they browse.

psiphon is not an anonymous software program. psiphon users are not anonymous from the psiphon provider. Although traffic between the psiphon user and psiphon provider is encrypted, psiphon providers can potentially monitor everything that is done by the psiphon users they host.

These guys should have taken a look at Tor first, although I suspect someone may have been looking for a grant instead of looking for something useful.

Set yourself free, with one CD

Wired is running a story about Anonym.OS, a bootable version of OpenBSD set on CD. It surfs the net using Tor, an encrypted proxy server system that has become very popular as of late (and quite overloaded, as I can attest from waiting days for all that pr0n to load…oops, maybe thats the Privoxy install I didn’t do right).

Nonetheless, the creators noted that it is not ready for everyday use (meaning grandma can’t have it yet), but it has interesting implications for computer security, outside of its first intent (downloading pr0n in private, of course). The fact that you can boot a machine and surf the net without your computer ever using its hard drive would be a boon for keeping viruses and malware on the sidelines.