07.04.08

Dataloss via Stupidity.

Posted in IT, News at 2:43 am by Tyler Reguly

Sometimes we hear about dataloss via theft or loss of a computer. For the most part (assuming I don't hear about it happening to a company on a weekly basis), I can (eventually) forgive the company (even if my personal data has been lost). After all accidents (losing a computer) and burglaries are a fact of life. Does this excuse the practice of not encrypting data? Nope... but as I said... eventually I forgive the company, after all years ago when these were paper files, they weren't encrypted. At the same time, I do feel that there should be serious government fines handed out to companies that lose sensitive customer data (my forgiveness doesn't exclude the requirement for punishment of some sort).

What I can't forgive though is dataloss via stupidity... That is, throwing away sensitive data without making an effort to destroy it. I shred pretty much everything that comes to me in the mail at home... (everything I don't save anyways). I've worked in places where DBAN was utilized religiously before laptops were assigned from one individual to another or old desktops were sold off. I even took a bench grinder to a hard drive one time (although that was more for fun... but it did destroy the data).

I just read this blog post (via Consumerist) and it reminded me once again of the stupidity that sometimes happens. I can get replacing old computers... I even get throwing out the computer (although I'd think that there are plenty of places to donate the machine). I can't get leaving your employee and customer databases, along with letters to customers in place (screenshots on the original blog). This really does come down to Dataloss via Stupidity and I think that's how we need to start defining it.

Someone needs to go and put a big notice on the door of the offending Curves that mentions how poorly they treat customer data. We should start doing this to all companies that fall victim to Dataloss via Stupidity. This is a prime example of one of those unforgiveable acts.

Now I know someone is saying, "But you just said you can forgive accidents... maybe this was an accident." This isn't an accident... Throwing away a letter to a single customer without shredding it that contains personal information... That's an accident. Turning around to grab a drink from the vending machine and having your laptop stolen... That's an accident. Taking a used computer and just tossing it in the trash... that's not an accident... that's stupidity.

In Texas they've got a law requiring those that service computers to have a PI license. Perhaps it's time that we start thinking about licensing to use a computer... We could even have stages of licensing:

  • Stage 1: Allowed use of a computer
  • Stage 2: Allowed access to the internet
  • Stage 3: Allowed use of a computer for business purposes
  • Stage 4: Allowed to repair a computer
  • Stage 5: Allowed to dispose of or destroy used computer equipment.

In reality that's going way overboard (just like the Texas law), but something needs to be done to prevent the stupid from using computers... and something really needs to be done to prevent Dataloss via Stupidity. Perhaps Curves should be slapped with a nice, big fine just to remind people to think first.

It’s the End of the World as We Know It…

Posted in IT, News at 1:54 am by Tyler Reguly

And I feel fine...

By morning most likely everyone will have blogged about the recent court ruling that Google hand over the YouTube logs to Viacom (MTV & Paramount Pictures parent company).

Oddly enough I saw a clip on BBC News that was mentioning popular articles on their website. The first thing my wife said was, "Does this mean I should stop going to YouTube?" My immediate response was, "Why?" To which she responded, "If I watch something that's copyrighted, can't I be sued or something?"

Now this was the way the short little news clip presented itself, and I'm definitely not a lawyer but my answer was, "No." Now maybe I'm wrong, and I'll probably be the only one to say this, but I don't see how this is a big deal. Viacom wants to compare the viewing habits on their copyrighted material vs non-copyrighted material. I actually think they have a right to do that. It comes down to this... find a way to keep the copyrighted material off the site or give people who's copyrights are violated access to statistics.

Based on the article, that's all Viacom wanted... statistics. Well at one point they wanted to YouTube source code but that's a ridiculous request. Google probably should have just granted them access to the statistics right away. I honestly don't care if Viacom figures out who I am and what I've watched on YouTube.

I do hope that Google gets the right to anonymize the logs before passing them on, but they should have been doing that all along... there was no real reason to store IP Addresses for any length of time.

Anyways... it'll be interesting to see what Viacom gets in the end, and how many people cry that this really is the end of the world.

12.10.07

Hackers for Charity: Interview with Johnny Long

Posted in IT, Interesting Stuff, News, Security at 11:51 am by Tyler Reguly

In a previous post, I had reviewed a SecTor presentation done by Johnny Long. I had also mentioned on Hackers for Charity, a charity started by Johnny to link up hackers with charities that require IT/IS assistance. I see this as an incredible contribution and was looking forward to getting involved myself, but at the same time I was receiving feedback from readers who were interested based on the brief mention I had made of it. I decided the best way to follow up was to contact Johnny for a brief interview. I sent him a few questions, in hopes of getting a bit more information out to everyone that reads it, and I've basically inserted the email responses below.

Who is Johnny Long? While most that read this will know who you are, there may be a few that don't...

I'm a hacker by trade, a pirate by blood, a ninja in training, a
family guy and author.

How did you first get involved with charity organizations and what drew you to the IT side of their operations?

My wife went on a mission trip to Uganda last year, and I joined her
in her research about what was going on in Uganda. This led me to
Invisible Children. I mentioned them in my talks, raised some support,
etc but when my wife returned from Uganda, I felt drawn to do more
than raise money. This past may, she returned to Uganda and I went
with her. Several corporations and the hacker community chipped in to
fund our trip. We worked with an organization called AOET (aoet.org)
who is working to help orphans left in the wake of the HIV/AIDS
pandemic.

What is Hackers for Charity?

We exist to connect the skills of the hacking community with charities
that need those skills. We aim to empower charities through the use of
information technology.

At SecTor you had mentioned that it was for 'unemployed hackers', is this true... Does an employment restriction exist?

Not at all. But generally we tend to attract those looking for work.
We have some senior members that are very well-set career-wise, and
those folks are looking for a positive outlet for their skills. We
provide that.

Could you provide an explanation / description of how the "references for work completed" 'thank-you/reward' system works.

It's pretty simple. Successful completion of a project results in a
LinkedIn connection and resume reference from myself and other
professionals that can vouch for the work. The professionals are
well-known in the industry, and their recommendations carry real weigh
to potential employers. Those that are already gainfully employed
receive the same benefits, but can add our organization and the
charity name to their list of professional accomplishments. We're also
working on a link/referral system that provides exposure for companies
that donate time or money.

How successful has Hackers for Charity been so far?

We have a mailing list of 80+ members. We've successfully completed
three projects: a reusable mail system, a reusable blogging system,
and our largest project-- an online child sponsorship system for AOET.
The child sponsorship system is amazing. It was developed by Paul
Madoff in the span of about two weeks, and will literally save the
lives of children in sub-Saharan Africa. Designed for AOET, this
system replaces their old cumbersome system with a streamlined system
that allows potential child sponsors to browse a gallery of children
in need, and select one for sponsorship. The old system was so
cumbersome that many potential sponsors got lost in the process and
often went to more popular and more technically advanced child
sponsorship programs. It could be argued that sponsoring a needy child
anywhere is better than not helping at all, it's heartbreaking to see
the AOET sponsorship system crippled because of technology issues.
This system addresses that, and once it passes a vetting process, it
will be released for public use through the AOET.org web site. Last
but not least, we've raised over $2000 for AOET, most of which went to
supporting their work in Kenya.

Hackers for Charity currently uses a Google Groups mailing list (which is becoming more common) which requires a Google email address. Have you considered moving away from that to a standard mailman list to allow for more accessibility? (Note: This question was asked due to comments received when I had previously mentioned Hackers for Charity)

Uhm, yes.

Hackers for Charity is still young... are there any planned next steps?

We plan on growing. =) Honestly, this thing has taken off so fast that
it's difficult for me to keep my head above water. We won't be able to
do much without some sort of (corporate?) sponsorship that will help
pay the overhead associated with running the organization. There are
only so many hours in the day, and I'd like to devote more of them to
the organization.

Has there been any thought to Hackers for Charity stepping towards a Doctors Without Borders type approach. Where in additional for volunteering to help a charity from the comfort of your own home... volunteers could be sent to third world countries or disaster areas to help implement or rebuild an IT
infrastructure?

Absolutely. I can't go into too much detail right now, but we're in
the planning stages of making that happen next year (2008).

Any words, advice or thoughts for people who have been thinking about volunteering but haven't taken any action yet... for either procrastinators or people who they might not be the type of person (or have the type of skill set) that Hackers for Charity is looking for?

Forget your skills. Come with an eagerness to help those less
fortunate. Heck, just come if you could care less for all that
altruistic crap and are just looking for a bump up on your resume.
Some of the most needed skills are those you may think are useless.
Soft skills, such as business, marketing, management, accounting, etc
are all needed.

02.11.07

Apple issues cease and desist over “iPod Mondays” event

Posted in News at 12:35 am by Tyler Reguly

This is actually pretty interesting... Considering that the event organizer contacted Apple before ever starting the event, has been praised by the local Apple store, has been mentioned on the Apple website and has Apple employees attend his events...

I was clued into this via an Engadget story, which was inspired by a BoingBoing post.

You can read the email conversations between Clint (organizer of iPod Mondays) and Apple on iPodMonday.com.

You can also read an article on this issue in the Des Moines Register.

10.27.06

Torrent Site Admin goes to Jail

Posted in News at 1:13 am by Tyler Reguly

Check it out - http://torrentfreak.com/bittorrent-admin-sent-to-prison/

The 23 year old Grant Stanley has been sentenced to five months in prison, followed by five months of home detention, and a $3000 fine for the work he put in the private BitTorrent tracker Elitetorrents.

I put this in news.... then I thought about it.... Look at the comments... It shows you the little kids associated with Torrents.... the juvenile mentality that still plagues the internet... I wasn't sure if I should laugh or cry as I read the comments... so I did a little of both.... The education system is obviously failing if they represent the current products of it...

Peace,
HT

10.16.06

IT RSS Feeds

Posted in IT, News at 9:42 pm by Tyler Reguly

Over the weekend I started playing with RSS... It's been a while since I had my own RSS reader and decided I'd try one again... I decided that instead of a seperate browser I wanted a Firefox plugin (I played with a number of Firefox plugins this weekend and I plan to review a number of them in the upcoming weeks). After playing with a couple of plugins, and some stand alone readers... I decided on NewsFox.

It is a little sluggish... and the occasional feed it hasn't been able to read properly... There's no "mark all as read", you have to perform the task per feed.. but overall it's pretty good. I've got about 80 feeds in it, it checks them every 30 minutes and notifies me of any changes... I've also installed it at work and transfered over the OPML file (attached below)...

I built a fairly complete list of IT Secuity / IT News feeds... I started with blogs / sites that I frequent and then added ones that were linked off those... The result is what's below. I'm calling it the Computer Defense RSS Compilation :)... I'll be updating it as I update my own feed... and I'll also welcome input from anyone who feels they have input to add. The file was exported from NewsFox, so if you import it into any other reader the feeds will be added in a folder called NewsFox.

Let me know if you come across any additions.

Peace,
HT

IT RSS Feeds OPML

Nameless, Faceless Corpor… Oh wait… maybe they do care.

Posted in News at 9:31 pm by Tyler Reguly

I love hearing the phrase "Nameless, Faceless Corporations"... We could probably throw the world evil in there.... However... we always attach a name to them... Microsoft is evil, Google is Evil... I love the people that you catch saying these things... They're the same people that you catch saying "Bill Gates is Evil"... When you point out that Mr. Gates donates millions if not billions of dollars annually, they call it a tax write-off... He's not doing it because he cares...

Well now we've got another one for the skeptics for the "everyone who makes money is evil, we should all support only open source" crowd. This may be a shocker... but Google cares about the environment.. This shouldn't be much of a shocker though... because Google's founders have already invested in an electric sports car and solar panels. This time, however, the Googleplex itself is getting a bit of a makeover as Google plans to install solar panels on the roofs of several of the Googleplex buildings... They will generate enough electricity to power 1000 homes.... or cover about 30% of their electricity usage. This will be the largest corporate solar installation in the US and one of the largest in the world... Let's hope that other businesses will see the value in this (A one time expenditure vs monthly electricity payments) and follow suit.

Peace,
HT

09.24.06

TurnItIn.com — Genius Plagiarism Prevention or Legal Trainwreck.

Posted in News at 2:26 pm by Tyler Reguly

Many people, especially students, have heard of, and even experienced, TurnItIn.com. I came across the site while in college, and while I never had to use it myself, I knew many professors that required their students submit all assignments via the site. I've had my concerns and doubts regarding this site... The idea of a third party collecting and holding my data doesn't seem right. We live in a world where privacy is becoming more and more important... but student privacy is going out the door. What if an employee is perusing the database one day and finds a document they like and think will go places... They change the submission information... submit a notice back to the students professor that the work was copied. The employee attaches their own name to the document and submits it to a magazine for publication... While they my not have happened yet... there's no reason why it couldn't happen.

I worked on a 3rd party data storage solution once for written materials. The idea was that in order to maintain the users privacy only an encrypted copy, that the 3rd party couldn't open, was stored. This is obviously not the case with TurnItIn.com as they are making comparisons against your work.

Should a student be forced to submit their work because a percentage of them may cheat... Isn't this like requiring everyone submit their fingerprints and DNA because some people commit crimes? I'm sure that various privacy foundations would have issues with that and as a follow up to this I'm contacting both the EFF and PRC to find out their thoughts on TurnItIn.com and it's violation of students privacy... Especially the schools forcing students to make use of it.

I'm not the only one with concerns on this subject, recently a group of high school students from McLean High School in Fairfax County, Virginia formed the Committee for Students' Rights and collected more than 1100 signatures protesting the use of TurnItIn.com at their school. This story was carried by the Washington Post. I love the part that says "Fairfax school and Turnitin officials said lawyers for the company and various universities have concluded that the paper-checking system does not violate student rights." Of course Turnitin's lawyers don't think it violates students rights... if they said it did, they'd be out of a job.

I'll keep you up to date with responses I get from the EFF and PRC and once again I'd love to hear everyone's thoughts on this issue.

Peace,
HT

04.04.06

Virtual Server 2005 Released Free of Charge

Posted in IT, News, Software, Tools at 12:35 am by Tyler Reguly

That's right... you read that correctly. Microsoft is releasing Virtual Server 2005 R2 free of charge.

You can read the full article at PCWorld. If you want to download the software you can grab it from http://www.microsoft.com/windowsserversystem/virtualserver/software/default.mspx

Peace,
HT

02.07.06

Paying twice for a single service

Posted in Business, IT, News at 9:09 pm by Tyler Reguly

Hey Hey,

So I'm seeing this come up more and more these days... and I'm starting to wonder where the common sense is. I can't wait to see what the Government does... the results could prove the ultimate stupidity of government officials...

Let's think about this for a minute, we have a world wide infrastructure known as the Internet, people pay their phone and cable companies for High Speed access to this network. They then have the right to use the network to access the various servers hosting pages. These servers are also paying a company for High Speed access. Now we have both ends paying a provider to use their means of connection, but suddenly these providers want to pay twice. They want both ends to pay for usage of the lines... even though one of those ends is just fulfilling a request made by the end that is already paying. This isn't right... there's something very very wrong about that.

Let's say I send you (who lives in another country) a package. My government charges me to send you the package (the postal service), your government charges you to receive the package (customs and brokerage fees) but your government doesn't turn around and ask me for money. It'd be ridiculous to do that... yet that's what the ISPs now want to do...

Yes this has been going on for a while, so why am I just bringing this up? Because of the latest words from the mouth of a Verizon senior VP. He claims that Google is getting a 'free lunch'... yet what's he turning and asking for... He's asking for a 'free lunch', he's asking to charge for the use of a line that he's already charged someone for. The belief that this is going  on truly astounds me and leads me to question where people's intelligence has gone... It's definately nonexistant these days.. Those of you interested in this can read the Washington Post article @ http://www.washingtonpost.com/wp-dyn/content/article/2006/02/06/AR2006020601624.html

Peace,
HT