Monday, December 27, 2010

Why NORAD tracks Santa.

"The tradition began in 1955 after a Colorado Springs-based Sears Roebuck & Co. advertisement for children to call Santa misprinted the telephone number. Instead of reaching Santa, the phone number put kids through to the CONAD Commander-in-Chief’s operations "hotline." The Director of Operations at the time, Colonel Harry Shoup, had his staff check the radar for indications of Santa making his way south from the North Pole. Children who called were given updates on his location, and a tradition was born."

Some people can be awesome on the fly.  The rest of us marvel.  Thanks for being awesome Colonel Shoup!

Sunday, December 26, 2010

Netflix on Linux:

It's time to pay it back Netflix.  Using FOSS to leverage a profit is fine. Using it for PR but sticking it to the users is NOT!

Shannon VanWagner has an excellent post on the topic.

Posted via email from ninjahippie's (pre) posterous

Friday, December 24, 2010

GTOW Email (Password) security

I know - I haven't written a GTOW in a long time.  Maybe this is my GTOQ (quarter).  This may be the most important one of the year though.

Over the past month or so several of my friends have had their gmail or hotmail accounts "hacked".  I've been lucky enough to avoid this peril and being the IT security guy in residence among my circle of friends, I get asked about this quite often.  How it happens, and how to prevent it.

How it happens is 90% caused by password re-use.  Most people have very few or even just one password that they use for almost everything.  From their Gmail account all the way to their bank.  The best of us normally have only a few.  The recent leak from the Gawker sites really highlighted this for many people.  Many use the same password on sites all across the net.  In Gawker's case it was just passwords used to comment on stories on their various sites.  Not a lot of attention was placed on security (by both Gawker and their users) as this doesn't seem very important.  The problem is that when these accounts were leaked  - they contained email addresses and Internet handles where the same password was used.  From that seemingly innocent password leak thousands of email and twitter accounts were compromised. I in fact have an account on Gawker but since it has a different password than any of my email or social sites I was OK.

How to prevent this:  Don't use the same password.  Seems simple but no one can remember different passwords for every site.  What I recommend in order of increasing security are the following:

  1. 4 or 5 different passwords of increasing security level.  One that is "open" - you use it only for things like the Gawker comment system.  Then a step up - sites that have a little personal info on you but nothing that could really be used to steal your identity or money.  Then a step up - social network sites.  Another for shopping or sites that keep your credit card info on file and finally one for just your bank and one for health info.
  2. A mnemonic algorithm.   Such as this one
  3. A password safe and individual, highly secure, random passwords for every site.  This one sounds like a crazy pain in the butt doesn't it.  Actually - it's not at all.  Here's the recipe:
I highly recommend Keepass.  Mostly because it runs on everything.  I mean everything - Windows/Mac/Linux - plus every smart-phone, PDA and some things I've never even heard of.  This way you can have the app on your phone, work and home computers and even a USB stick.  I also recommend it because you can store the encrypted password data file anywhere you want.  I store mine on my Dropbox account.  I use Dropbox for the same reason I use Keepass.  It works everywhere.  This way my current password data is available to me everywhere.

Keepass also does two other things that make setting all this up worth the work.  First it generates really great passwords at the click of a button.  Second - it types in your user name and password for you on all of those sites.

Since setting this up I've taken to using a different random password on every site and system.  Oh, the other thing I forgot to mention - both Keepass and Dropbox are FREE.  Dropbox is also awesome because it copies your files to your local system whenever they are updated online.  That way even if you don't have Internet access you have the most recent copy available.

Also - on top of all this password security - make sure that you fill in and regularly update the recovery options on your email accounts.  I can't overstate this.  I've had at least two friends that had ignored these items and had an amazingly hard time getting back control of their accounts.  Both Google and Hotmail allow you to specify another email address and/or a phone number where they can securely send you account recovery links - after you answer some security questions. 

For gods sake don't use your mother's maiden name (or any other personal data that can be looked up) as your security question!  The famous Sara Palin email hack - her security question was "Where did you attend high school?".  That took some real hacker skill to guess didn't it. Even if you aren't famous - disgruntled employees or acquaintances can easily look up your home town, birth date, and have probably heard stories about your dog.  Don't do it.

Happy holidays!

Posted via email from ninjahippie's (pre) posterous

Thursday, December 23, 2010

Don't F*ck with a hacker's computer

Loved this session at this year's Defcon:

Posted via email from ninjahippie's (pre) posterous

Monday, December 20, 2010

Dual Screen Kno - The coolest device I've seen. For students

I am SO going to look into this for my college bound son!  Fantastic use of tech.

The has a bunch of video with real beta testers on real devices.  It's not vapor.

Posted via email from ninjahippie's (pre) posterous

Tuesday, December 14, 2010

Charlie Stross explains it all:

Best explanation I've ever read.  It's all been an alien invasion.

"We are now living in a global state that has been structured for the benefit of non-human entities with non-human goals. They have enormous media reach, which they use to distract attention from threats to their own survival."

Trust me.  Read the post.

Posted via email from ninjahippie's (pre) posterous

Another EFF Victory: Email Privacy Protected by Fourth Amendment

Friday, December 03, 2010

Full Body Scanners: What's Next?

Thursday, December 02, 2010

Opt Out! TSA parody

First the airports.  Then the bus and train stations.  Next:



Posted via email from ninjahippie's (pre) posterous

The most ridiculous motorcycle ever built.

Ladies and germs, I give you the Tron Lightcycle.  Made real.


Posted via email from ninjahippie's (pre) posterous

Close the Washington Monument

The man that wrote the book (literally - actually several) on cryptography and information security opines on the dilemma of what to do with the Washington Monument. It speaks volumes and should be read and considered by everyone:

Schneier on Security

A blog covering security and security technology.

December 2, 2010

Close the Washington Monument

Securing the Washington Monument from terrorism has turned out to be a surprisingly difficult job. The concrete fence around the building protects it from attacking vehicles, but there's no visually appealing way to house the airport-level security mechanisms the National Park Service has decided are a must for visitors. It is considering several options, but I think we should close the monument entirely. Let it stand, empty and inaccessible, as a monument to our fears.
An empty Washington Monument would serve as a constant reminder to those on Capitol Hill that they are afraid of the terrorists and what they could do. They're afraid that by speaking honestly about the impossibility of attaining absolute security or the inevitability of terrorism -- or that some American ideals are worth maintaining even in the face of adversity -- they will be branded as "soft on terror." And they're afraid that Americans would vote them out of office if another attack occurred. Perhaps they're right, but what has happened to leaders who aren't afraid? What has happened to "the only thing we have to fear is fear itself"?
An empty Washington Monument would symbolize our lawmakers' inability to take that kind of stand -- and their inability to truly lead.
Some of them call terrorism an "existential threat" against our nation. It's not. Even the events of 9/11, as horrific as they were, didn't make an existential dent in our nation. Automobile-related fatalities -- at 42,000 per year, more deaths each month, on average, than 9/11 -- aren't, either. It's our reaction to terrorism that threatens our nation, not terrorism itself. The empty monument would symbolize the empty rhetoric of those leaders who preach fear and then use that fear for their own political ends.
The day after Umar Farouk Abdulmutallab failed to blow up a Northwest jet with a bomb hidden in his underwear, Homeland Security Secretary Janet Napolitano said "The system worked." I agreed. Plane lands safely, terrorist in custody, nobody injured except the terrorist. Seems like a working system to me. The empty monument would represent the politicians and press who pilloried her for her comment, and Napolitano herself, for backing down.
The empty monument would symbolize our war on the unexpected, -- our overreaction to anything different or unusual -- our harassment of photographers, and our probing of airline passengers. It would symbolize our "show me your papers" society, rife with ID checks and security cameras. As long as we're willing to sacrifice essential liberties for a little temporary safety, we should keep the Washington Monument empty.
Terrorism isn't a crime against people or property. It's a crime against our minds, using the death of innocents and destruction of property to make us fearful. Terrorists use the media to magnify their actions and further spread fear. And when we react out of fear, when we change our policy to make our country less open, the terrorists succeed -- even if their attacks fail. But when we refuse to be terrorized, when we're indomitable in the face of terror, the terrorists fail -- even if their attacks succeed.
We can reopen the monument when every foiled or failed terrorist plot causes us to praise our security, instead of redoubling it. When the occasional terrorist attack succeeds, as it inevitably will, we accept it, as we accept the murder rate and automobile-related death rate; and redouble our efforts to remain a free and open society.
The grand reopening of the Washington Monument will not occur when we've won the war on terror, because that will never happen. It won't even occur when we've defeated al Qaeda. Militant Islamic terrorism has fractured into small, elusive groups. We can reopen the Washington Monument when we've defeated our fears, when we've come to accept that placing safety above all other virtues cedes too much power to government and that liberty is worth the risks, and that the price of freedom is accepting the possibility of crime.
I would proudly climb to the top of a monument to those ideals.

A version of this essay -- there were a lot of changes and edits -- originally appeared in the New York Daily News.
I wish I'd come up with the idea of closing the Washington Monument, but I didn't. It was the Washington Post's Philip Kennicott's idea, although he didn't say it with as much fervor.
Posted on December 2, 2010 at 10:41 AM