Breach notice – securitypractice.com

Namaste Motherfucker

Namaste MotherfuckerPhoto by Scott Beale

Please do not use securitypractice.com to send any email to me. The domain has been seized by a squatter who is demanding $2500 for it.

Unfortunately, I don’t have any friends in GoDaddy, but right now, the advert running in the UK of a bowling ball bag with a head in it has a certain appeal.

I am, as they say, funky as ten bears right now. Looking to the positive, the ideas that we’ve been kicking around in Cryptorights for the last couple of months now have a certain amount of spice on their tail.

Domain details below.

Continue reading

These are not the bugs you’re looking for

The droids we're googling for

The droids we're googling forPhoto by Stéfan
In between hammering out some code for The Harmless Project (more on that another day), and finally getting to play Borderlands 2, I browsed through the morass of anarchic information that is Pastebin. For those of you that don’t know, pastebin allows you to throw up any text, and pseudo-anonymously publish it to the internet at large. Perhaps not surprisingly, it gets used for a lot of wierd and nefarious stuff, although the original idea was for programmer types to be able to share code snippets (“Hey why doesn’t this work?”). 

Continue reading

Careful with that fling Eugene

Blackmail !

Blackmail !Photo by tim ellis
I have built a number of parts of the Internet. I have built a couple of ISPs in my time, and since starting out with a starry-eyed view of how computer networks allowed people to share ideas and create great things, what it is mostly used for is to satisfy lusts of various kinds (including the kind where people search for material that they are convinced everyone else should not be allowed to see, and then complain about it). This is all about how online romance (though it can work) more often is a story with an unhappy ending, featuring naive people who go looking for love in all the wrong places.

Continue reading

When your laptop (and you) are under duress

rocket racer--shot under duress

rocket racer--shot under duressPhoto by richardzx

For a while I have pondered the knotty problem of what should one do when one’s “life, fortunes and sacred honour” are under threat. It appears I’m not alone in this, as the hacker community is starting to respond. 

First of all, what is duress?

Continue reading

Oh snap!

Oh Snap!

Oh Snap!Photo by Photoshoparama – Dan
So it turns out that when you trust websites to keep them safe, you also trust the entire internet not to breach them. Oh dear.
When I wrote an article warning of the dangers of hoping other people would keep your underwear contents secret, I forgot one tiny little thing.
Bad people.

(If you are a snapchat user, change your passwords on every internet site you use! Use different passwords, or use a password generator like Lastpass. (I will cover off the basics of using Lastpass securely in another article). On a rather serious note, you need to have a grown-up talk with your kids about this too, and the less you have talked about internet safety as a family, the more likely they are to use something as fundamentally dumb as Snapchat.

Continue reading

RSA – the toxic third party?

Cold War Keys

Cold War KeysPhoto by Sparks68
RSA got paid a lot of money by the NSA to include (and make preferred) a flawed crypto algorithm in one of its developer products, BSAFE. While this is undoubtedly dodgy behaviour on the part of a “trusted third party”, its important for security practitioners to understand the problem, and to avoid contributing to the hand waving and shriekery that will ensue.

Continue reading

Putting the word out

Courtesy of Dragon News Bytes. Computer crime appears to have not only real criminals but also state sponsorship. Research is risky business these days.
Title: We need help with the strange disappearance of Dancho Danchev
Author: Ryan Naraine
Source: ZDNet
Date Published: 14th January 2011
Excerpt:
‘….Zero Day blogger and malware researcher Dancho Danchev (right) has gone missing since August last year and we have some troubling information that suggests he may have been harmed in his native Bulgaria.
Dancho, who was relentless in his pursuit of cyber-criminals, last blogged here on August 18.  His personal blog has not been updated since September 11, 2010.
At ZDNet, we made multiple attempts to contact him, to no avail.
Telephone numbers are going to Bulgarian language voicemails and our attempts to reach him via a snail mail address also came up empty.
Over the last few months, we have contacted the Bulgarian CERT authorities and used anti-virus contacts there to help us figure out Dancho’s disappearance. No one can figure out what happened to Dancho……’
To read the complete article see:

Today, young Jimmy finds out that life is not like alt.sex.stories

I got a heads up about a very angry guy from Paperghost.

Hi, about 4 hours ago my girlfriend called me saying there was an idiot that took over her Yahoo! Messenger ID and MySpace profile. She said the guy contacted her with the ID kriminal911 on her alternate ID threatning her to upload photoshoped pictures of her that show her in embarassing posinitions and change her details on myspace. He also threatened to swear at her friends on Yahoo!, and this would also be a big problem as most of them consider her ID legit. I tryied to add this guy on my own messenger list but he rejected my request. Now maybe the funniest (or scaryest) thing in this whole thing is that the son of a … asks for naked pictures with her in exchange for her accounts back. I gave my girlfriend some photoshoped pics to send him but he immediately knew they were fake ( I`m not very good at editing a picture in photoshop REALLY that fast)…he said he would post upload the pictures tommorow and swear at her friends if he doesen`t get his pictures.I don`t know if this guy is making fun of her or he is really mentally diseased but my girl friend really cares about her yahoo and myspace accounts and is scared of what this psycho might put there. If it was me I probably didn`t care, made some other id and forget this…but she doesen`t want to do this.And also she doesen`t want to send the psycho naked pictures of herself either….it`s kinda funny, as she would be willing to even pay for her accounts but not give images of herself naked ad even if she would be willing to do that i wouldn`t let her because god knows on what pornsite they might end up on (he even specified he wanted 12 pictures).I`d post the conversation between them but it contains very strong language and i really don`t have the time to remove all those words.”

He goes on to say:
“Finnaly i managed to trace the idiot! I located his ip, ISP, called, they gave me his info and i paid him a visit…guess what: he was 14 years old!!! LOL i wanted to kill the idiot but his parents were home. I didn`t tell them but i had a little talk with him telling him to quit doing this or i`ll beat the sh… out of him. I can`t belive i went into so much trouble for a 14 years old! When i told her she couldn`t belive it…she thought i was joking…i asked her if she knew him and she said no. Probably he`s seen her myspace profile. I wanted to tell his parents but he started crying in front of me lol. He actually started crying when i told him i sent a complaint to the police but when i told him i`m going to tell his parents he fell on his knees begging me not to do so. I will retract my complain tommorrow. Anyway at least i know the idiot is not a public threat. Thanks for the support. Who would have thought it was a 14 years old boy living a couple of streets away from me…the net these days.”

This sort of dumb behaviour will lead to these stupid kids getting yanked from their house, spanked publically, and the results posted to youtube.

Gah.