GoDaddy Bleeding Domains Thanks To SOPA Support
From Drew Olanoff at TheNextWeb regarding the GoDaddy SOPA support fiasco:It’s going to get worse before it gets better for domain registration company Go Daddy. Yesterday, we reported that Go Daddy had reversed its decision to support SOPA. Its customer service reps are even taking to the phones to beg you to keep your domains with the company.
It looks like these PR moves to save face, and business, are completely futile. According to TheDomains, 21,054 domains were transferred away from Go Daddy on Friday alone. At $6.99 a pop, that would make for a loss of $147,167, not taking future renewals into account. The day before wasn’t a good one for the company either, with 15,000 people taking their domains elsewhere. That means that even though Go Daddy changed its stance, people have had enough.
I have never liked GoDaddy. They always seemed pretty shitty, like they were trying to scam their customers and take advantage of people. Even if they never did any of that, the perception I get from their site, their advertising and their corporate image is that they are in the game for abuse. It is nice to see karma working the right kind of wonders for a change. (via TBR)
iTunes Match: Smart Playlists Cannot Nest Playlists
If you are in the process of migrating your iTunes library to iTunes Match and have encountered issues with ineligible songs and playlists then here is why the latter is considered ineligible: smart playlists using the “playlist” option simply do not work. For whatever reason, iTunes Match is unable to nest playlists, thus removing the option of creating playlists based on other playlists (ie. “Playlist is playlist”).
One way around this is to use the option of nesting conditionals within smart playlists, a feature introduced in the release of iTunes 9. This should alleviate most scenarios where you may want to nest a smart playlist within another, but not everyone.
I have run into a situation where I am unable to use my “jarkolicious Radio” playlists because it is built off of a combination of five playlists. Here is how the playlists are broken down:
- 3-Star Radio: “Rating is ***” and “Last Played not in the last 10 weeks”
- 4-Star Radio: “Rating is ****” and “Last Played not in the last 3 weeks”
- 5-Star Radio: “Rating is *****” and “Last Played not in the last 2 days”
- New Music: “Date Added in the last 1 month”
- Favorite Music: Not a smart playlist
My “jarkolicious Radio” smart playlists is merely a playlists that combines all of the above five playlists into a single playlists. The idea is to get a good mix between old, new and favorite music, a job the playlist does pretty well. It is my most widely used playlist.
Unfortunately because it is a playlists built off of nested playlists it is ineligible for iTunes Match. I have tried to migrate the combination to a smart playlist using nested conditionals but it just does not produce the same results.
Try as I might, the fact of the matter is so long as “jarkolicious Radio” contains the conditional “Playlist is playlist” then it will continue to remain ineligible until Apple adds this functionality of there is a good way to get the nested conditionals to work properly.
Bottom line: if you are wondering why you have smart playlists which are showing up as “ineligible” for iTunes Match then consider checking to see if you are nesting playlists as your conditionals. If you are, you might have to look for an alternative method.
Hacker Says Texas Town Used Three Character Password To Secure Internet Facing SCADA System
Paul Roberts at threatpost on a Texas SCADA hack:
“This was barely a hack. A child who knows how the HMI that comes with Simatic works could have accomplished this,” he wrote in an e-mail to Threatpost.
“I’m sorry this ain’t a tale of advanced persistent threats and stuff, but frankly most compromises I’ve seen have been have been a result of gross stupidity, not incredible technical skill on the part of the attacker. Sorry to disappoint.”
When the security people are not involved in a project you end up with stupidity like this. There should have been auditing controls in place to prevent a live system relying on a three-character password from being placed online. (via Brooks Review)
American Censorship Day: November 16
On 11/16, Congress holds hearings on the first American Internet censorship system. This bill can pass. If it does the Internet and free speech will never be the same. Join all of us on the 16th to join together to stop this bill.
Everyone who runs a web site owes it to themselves to participate.
PlugBug - One accessory charges two devices simultaneously
So obvious, it’s kind of surprising nobody released a product like this sooner.
First DISA-Approved Android Device No Longer Commercially Available
From Defense Systems:
The Dell Streak 5 smart phone/small tablet computer is the first handheld device using the Android 2.2 operating system to be certified for use in the Defense Department’s secure but unclassified communications, said John Marinho, director of Dell enterprise mobility solutions.
Although the Streak 5 is no longer available commercially, Dell is supplying it to DOD because the military likes the form factor, Marinho said. However, he added that the same capabilities and service can be delivered to other platforms running on Android.
Only DoD would approve a device no longer commercially available.
Peculiar Perspective on iMessage vs SMS
drdrang on iMessage, a new feature of iOS 5:
Here’s the thing. I already have an unlimited texting plan from AT&T that covers everyone in my family. I don’t, however, have an unlimited data plan, so this looks like something that will eat away at my monthly data allotment while giving me virtually nothing in return.
That sure is an interesting perspective on iMessage compared to SMS texting. I find it hard to believe that even 10000 texts a month will have a significant impact on a monthly data plan. This is just a misguided rant against a feature the author misunderstands.
In the end, after an update to his essay, the author does seem to realize that maybe he is in the minority:
My point—possibly not as clear as it would have been had I not written this post late on a Saturday after a couple of Harp Lagers—was not so much that iMessage would add a huge load to my family’s data usage, but that whatever increase in 3G use it creates would come with virtually no benefit to us. Your mileage, as they say, may vary, and I’m not suggesting iMessage is a mistake.
SoftBank Computer Glitch Halts iPhone 4S Sales and MNP
The Next Web Asia reporting on opening day iPhone 4S sales in Japan:The opening day of iPhone 4S sales in Japan did not start well for Softbank. According to the Wall Street Journal, the operator was forced to suspend the sale of all smartphones, including the new device from Apple, at 0200 GMT this morning after a computer glitch affected customer registrations.
The issue was fixed three hours later with the operator optimistic that it did not cause any loss of sales.
I was at au/KDDI from 0300 GMT to approximately 0700 GMT and I assure you the supposed computer glitch was not fixed three hours later. We left empty handed and were asked to wait for a call. We received that call at 8:30pm - four hours after leaving au/KDDI - and were asked to come back the following morning at 1000 when the shop opens.
When we arrived at au/KDDI we first had trouble obtaining a mobile number portability (MNP) reservation number from SoftBank’s automated system due to high demand. This took roughly 45 minutes before we were finally off and running. It was at this point that everything fell apart.
The au/KDDI shop clerk, who was very helpful, was having trouble with the MNP process. This part of the purchase requires au/KDDI to touch SoftBank’s computer systems, to validate the MNP reservation number and account holder’s name and number for accuracy. This entire process kept repeatedly failing. Unfortunately, the clerk was uncertain of the specific reason.
It was at this point that I decided to walk three blocks down the street to the SoftBank shop to find out what was going on. As usual, the SoftBank clerks were somewhat clueless. All the one clerk could tell me was that their system was down so she was unable to print my account information. As I was about to walk away, another clerk mentioned to a customer that their systems were down and she would not be able to deliver pre-ordered iPhone 4’s until tomorrow, when system restoration was expected.
Are you kidding me?
I walked back to au/KDDI and told the clerk. She decided to try a few more times just to see if she would be able to deliver our phone that day. While I was waiting I called SoftBank customer service and asked them what was happening. The kind lady on the other end of the phone told me the same thing - SoftBank was experiencing a catastrophic systems failure so new sales and MNP would be impossible until the next day.
I spent a little over four hours in au/KDDI trying to secure my wife’s iPhone 4S to no avail, all thanks to SoftBank and their not being prepared for the exodus to their rival.
I am unsure where TNW got their information but it sure does not match my experience. It is worth pointing out that existing au/KDDI customers upgrading their existing handsets to an iPhone 4S were unaffected. The only customers affected were existing SoftBank customers who were upgrading or trying to port their number to a different mobile carrier.
Information Security Basics
Whether you run your own home network or are part of the IT shop administering the corporate network, there are some basic information security protocols which should always be followed. These tips are designed to help you, the administrator, adequately protect the network from the myriad of attacks available today. Ensuring your network is free of compromise is vitally important for all network users because it allows for the continued, uninterrupted operation of the very network they rely upon to perform their job.
This list is, by no means, designed to be all-inclusive. It is merely a small subset of tips which should help set most people in the right direction. These tips are generally married with more complex solutions, producing a far more comprehensive effort than the mere implementation of these basics.
1. Defense-In-Depth
Defense-in-Depth is the foundation of all information security programs. It is a comprehensive strategy for protecting a network through layers. These layers are generally network areas such as the network perimeters (ie. premise router), DMZ, physical security, authentication mechanisms, auditing, logging and more. This list is by no means inclusive.
By placing multiple layers of defense throughout your network you will increase the complexity required to break through those defenses while simultaneously hardening your network defenses. By itself, the statement sounds like all you do is slap in some defense-in-depth and you’re off and running. That is not the case. An IT shop must have someone on staff who clearly comprehends information security and defense-in-depth for the program to succeed.
As I said, defense-in-depth is a framework. The majority of the remaining tips, while doable on their own, are ultimately layers within this theory. Merely implementing them individually may very well increase your network security posture, however it is advisable to implement all measures to protect your network at the highest degree possible.
2. Network Security Perimeter - Deny by Default, Allow by Exception
All good networks have strong perimeter defenses. Every network connection must have a premise router, the router which is connected to the upstream internet service provider. The premise router should make use of access-lists (ACL) to only allow the minimum required TCP/IP connections both in and out of the network. This is known as a “deny by default, allow by exception” policy.
If your network does not run a web server accessible by the public, there is absolutely no need to allow 80/tcp inbound from the world. If there is no SSL server accessible by the public, do not allow 443/tcp inbound. More than likely, 1024-65535/tcp and 1024-65535/udp are not required inbound at all.
Allowing the possibility for these connections is a huge and unnecessary vulnerability. Essentially, you deny all connections by default and build an ACL which only allows required connectivity in or out of the network.
Along with a strong premise router ACL, all networks should employ at least a stateful firewall sitting right behind the premise router. The firewall should be configured identically to the premise router, following the “deny by default, allow by exception” policy.
The reason a stateful firewall is important is because we need to be able to inspect the packets, and keep track of the state of the network connections traversing the firewall. This allows the firewall to adequately distinguish between legitimate and potentially harmful connections or connection attempts.
3. Anti-Virus
If there is one security application which is a must-have, anti-virus protection is it. Not using anti-virus software will definitely do way more harm than you ever thought possible.
At the minimum, install an anti-virus client on all workstations and servers on the network and have those clients report to a corporate anti-virus server. It is important to install anti-virus software on all servers and clients. If even a single machine is left not running anti-virus software then that one vulnerability may cost you in the end.
Conclusion
These basic information security tips are just that - basic. There are far more advanced techniques for protecting your network. In a future installment I plan on covering some of these more complex methods.
For now, enjoy reworking your premise router to a “deny by default, allow by exception” policy. Implement strong perimeter protection to help thwart the bad guys. You will be amazed how much more fortified the network will be with very little effort.
These basic techniques will do wonders for the amount of help desk phone calls you are going to receive. After all, if your users are suddenly unable to use bittorrent or instant messaging, after having been able to for so long, they’re going to wonder what’s going on. Be prepared for the onslaught of questions!
Some tradeoffs are worthwhile.
iPhone 4S Review
This is the easiest product review I’ve ever written. The iPhone 4S is exactly what Apple says it is: just like the iPhone 4, but noticeably faster, with a significantly improved camera, and an impressive new voice-driven feature called Siri.
Need anything else be said?
German Police Writing Eavesdropping Malware?
Graham Cluley of Sophos:
Sophos’s analysis of the malware confirms that it has the following functionality:
- The Trojan can eavesdrop on several communication applications - including Skype, MSN Messenger and Yahoo Messenger.
- The Trojan can log keystrokes in Firefox, Opera, Internet Explorer and SeaMonkey.
- The Trojan can take JPEG screenshots of what appears on users’ screens and record Skype audio calls.
- The Trojan attempts to communicate with a remote website.
Sounds like German authorities are overstepping their bounds. While I certainly have no intimate knowledge of German law, I find it hard to believe this is permissible under their wiretapping statutes - which were written during the telephone era - or any other laws.
While there are surely some intelligence related statutes permitting certain types of activity, it is highly dubious to think these techniques would be allowed to target average citizens. Although, three-letter U.S. agencies never let something like legalities or the constitution ever get in the way of spying on their own citizens.
Steve Jobs, the pioneer of the computer as a jail made cool, designed to sever fools from their freedom, has died. As Chicago Mayor Harold Washington said of the corrupt former Mayor Daley, “I’m not glad he’s dead, but I’m glad he’s gone.” Nobody deserves to have to die - not Jobs, not Mr. Bill, not even people guilty of bigger evils than theirs. But we all deserve the end of Jobs’ malign influence on people’s computing.
Richard Stallman, self-appointed free software movement spokesman and toejam lover, on Steve Jobs’ death.
What an asshole. (via The Loop)
You hear people talk about television actors as the people we don’t know who we let into our homes, since they show up in our dens each night. Every Apple event, Steve showed up in my home too, wherever my Mac was. I would read the liveblog first, then watch the video as soon as Apple made it available. I’ve watched countless interviews with the man, too. So part of the reason I think his death hits me hard is because I really do feel like I knew him—even if he didn’t know me.
Why Steve Jobs’s death feels so sad by Lex Friedman of Macworld.
Friedman captures the essence of how I feel by eloquently articulating why so many people felt a connection with Steve Jobs, a man they never once met. I took a stab at translating my emotions into words but completely missed this outstanding theory.
I’m pretty sure none of this would have happened if I hadn’t been fired from Apple. It was awful tasting medicine, but I guess the patient needed it. Sometimes life hits you in the head with a brick. Don’t lose faith. I’m convinced that the only thing that kept me going was that I loved what I did. You’ve got to find what you love. And that is as true for your work as it is for your lovers. Your work is going to fill a large part of your life, and the only way to be truly satisfied is to do what you believe is great work. And the only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you’ll know when you find it. And, like any great relationship, it just gets better and better as the years roll on. So keep looking until you find it. Don’t settle.
Stanford Commencement address delivered by Steve Jobs, CEO of Apple Computer and of Pixar Animation Studios, on June 12, 2005.
How many people can truly say they love what they do for a living?
While I enjoy what I am currently doing, even though it has its daily challenges, I cannot honestly say I love my job. I strive to work towards doing what I love. In due time methinks.
US Department of Homeland Security developing system to predict criminal intent
From Donald Melanson of Engadget:
According to a new report from CNET based on documents obtained by the Electronic Privacy Information Center, the US Department of Homeland security is now working on a system dubbed FAST (or Future Attribute Screening Technology) that’s designed to identify individuals who are most likely to commit a crime. That’s not done with something as simple as facial recognition and background checks, however, but rather algorithms and an array of sensors and cameras that can detect both physiological and behavioral cues that are said to be “indicative of mal-intent.” What’s more, while the DHS says that it has no plans to actually deploy the system in public just yet, it has apparently already conducted a limited trial using DHS employees — though no word on the results of how well it actually works, of course.
Minority Report is currently in the alpha stages of development. Beware of the thought police otherwise you may find yourself behind bars or worse.
