Monday, June 30, 2008

Suspending this Blog

It's been about a year since my last entry in this binary log.

I guess it's obvious by now but here's the official statement: I've decided to suspend my writing in this Blog indefinitely. There are many reasons to it. I don't have the time, interest and imagination to start or comment new topics.

This has been my first attempt to maintain a Blog and I think it's gone quite well. Of course the feedback could be a lot better but I'm under the impression that I've managed to present a couple of interested thoughts and ideas to the world.

The posts I've written over the past months will stay here as an archive until I decide what to do with them (maybe move them to a new location or keep only a small selection of them).

Anyway, cheers!

Tuesday, July 31, 2007

Want Internet Anonymity? Be Creative!

When it comes to Internet Anonymity most people try to leak absolutely no information. This isn't always possible and definitely makes them look suspicious. What I propose is to be a little more creative! Create an imaginary character who will represent you online. This character must seem real enough in the way that you give out no real information of your own but still put together a complete, every-day person.

First of all find a name. Next come up with a birth date. After that decide where he will live (country, town, street and zip code). Write them down. These things are pretty much all you need to open an online account and should be the same in all accounts you will use under that name. So our character will need at least an e-mail address so create one. That's it! You can "play" this character and "become" him when in need to masquerade you actual identity.

Wish to enter a forum without giving your real name? Avoid something like "superman123" for your nickname. Use your character's name instead.

Now that we've solved the personal information issue, we want to make sure no digital trail will lead back to the real you. Use TOR along with Torbutton (if you have Firefox) to surf the Internet anonymously! I'd suggest you use a different Firefox profile or even a portable version like PortableFirefox to separate your real-you cookies and passwords from the character's, otherwise one may be able to link you two!

That's about it. The key element is NOT to hide your information but present false yet valid-looking to anyone who requests it. Even if some of your real data gets leaked in the process, one won't be able to tell which is fake and which is not so the "noise" produced by the imaginary character will still cover your tracks. Finally, remember that the character is a role you need to play. That character should seem to be a normal person going online, with habits (maybe subscribe to a couple mailing lists), hobbies and activities.

Sunday, July 15, 2007

Botnet Movie

There's a cool botnet introductory movie over at GOVCERT.NL (Computer Emergency Response Team for the Dutch Government).

Friday, July 06, 2007

Data Ticking Time Bomb

There's an interesting article over at BBC Technology News concerning the compatibility of modern and future computer systems with old file formats.

From the article:
"Unless more work is done to ensure legacy file formats can be read and edited in the future, we face a digital dark hole." [...] "If you stored something on a floppy disc just three or four years ago, you'd have a hard time finding a modern computer capable of opening it." [...] "We cannot afford to let digital assets being created today disappear. We need to make information created in the digital age to be as resilient as paper."

This really is an emerging problem as we move forward to a more computerized world. Right now the technology allows us to digitize large aspects of ours lives. Computers and electronic services are replacing traditional concepts such as paper-based documents and records and physical transactions.

Nowadays nobody uses floppy disks and most new computers don't even have a floppy drive. How about those people who kept an archive in such disks in the past? They probably won't be able to access it from their current computer system and what about in a year or so? Also, a lot of electronic documents are stored in formats that have either evolved or been completely abandoned. So, is that information lost? This should never be the case when it comes to unique, irreplaceable data!

Currently the idea of open document (format) standards is constantly gaining ground. They are standards for creating text, audio, video, picture files etc. So as long as they are carefully designed and most vendors follow them, we shouldn't have a problem. Things get complicated when closed source software such as Microsoft Office establishes and follows product-specific, non-standard formats which may even be incompatible among different versions!

When it comes to storage media (like floppy disks) the problem still exists since technology evolves quite rapidly and does not allow any ties from the past to slow it down. So yes it's quite possible that the CD you are using today to backup your files will be useless in five years from now since your new computer won't have a CD-ROM Drive! Besides, blank CDs don't have a life expectancy more than a couple of years. At this point, the evolution and wide use of computer networks and the Internet might give the answer. It's so easy to quickly upload and manage large amounts of data that a lot of people do their backups online!

Anyway, it's an interesting article to read and a lovely topic to ponder on.

Friday, June 22, 2007

"Change Your Password!" or Not?

Today I came across an article at the "Daily Cup of Tech" blog where the author urges you to frequently (every month or two) change your password(s). At first this may seem like a really good idea but I'll have to disagree. First of all let me point out some other password-related security guidelines.

One should never use the same password in all of his accounts. Should one of them be compromised, he is totally helpless. For example your password to a forum should never be the same as the password in the e-mail address you have provided during registration. Most people have two or three passwords and use one of them for their "most-secure" accounts, the second one for their e-mails and the third for every other "low-security" case. I'm not necessarily saying that's the best one can do. Also, passwords should be hard to guess (and therefore hard to remember). So a totally random combination of letters, numbers and symbols, longer or equal to 8 characters is a nice choice.

Let's get back to the article. Having at least three totally random passwords like "C9U6h#*U" or "swa!Es7u" is already a hard thing to do. Frequently changing them and therefore memorizing them every month or so is something nearly impossible for the average user. Too much effort can push one into writing down the password or storing in somewhere like on his cell phone. This is far worse than keeping the same password for a long time.

In my opinion, a secure-enough password is not in any danger from contemporary password-guessing techniques. The only way it can be compromised is if transmitted over an insecure medium, like a non-SSL HTTP session.

Friday, May 18, 2007

Schneier: Airline Security Cartoon

Cartoon

Found it at Bruce Schneier's blog. It really is a hilarious example of Cover Your Ass (CYA) Security.

Saturday, May 12, 2007

Schneier: Is Big Brother a Big Deal?

Is Big Brother a Big Deal?

From the article:

Big Brother isn't what he used to be. George Orwell extrapolated his totalitarian state from the 1940s. Today's information society looks nothing like Orwell's world, and watching and intimidating a population today isn't anything like what Winston Smith experienced.