.:Computer Defense:.

There were fatal shootings again in Toronto, a shame for those involved and the after math could affect everyone. As a result of the weekend occurrences, there is once again talk of following the path of banning handguns. Now, I'm not a big gun fan... I'm not like our neighbours to the south in that I don't believe everyone should have a gun under their pillow, and I don't think that the Canadian gun laws are too strict... although I also don't think they're too lenient. Basically I think things are good how they are... banning handguns is like banning prescription drugs because too many people O.D. on heroin.

There are people that say "Guns Kill"... sure they do... but so does insulin. Should we ban insulin and keep it away from diabetics in case they use it to poison others? We can call these people close-minded.
Then you have the people that argue there's no reason to own a handgun. These are the same people that have a 42" Plasma screen, an XBox 360 and a backyard swimming pool. They don't grasp the concept of entertainment unless it's a form of entertainment they are interested in. We can call these people close-minded.
Lastly, you have the people, like Attorney General Michael Bryant, who say:

"There's 215,000 handguns legally owned in Ontario and they are all targets for theft and can end up on the streets of this province. It's not all of the guns that end up in the illegal gun trade, but it's about a third to a half of those guns, and we need to do everything we can to choke off the supply."

Again, we can call these people close-minded... It's the combination of the "close-mindedness" and Mr. Bryant's comments that should concern IT Professionals. Let's think about this for a second... most people don't "get" IT/IS... this leads to a sort of "close-mindedness" and then we have that comment above... That very scary comment. Let's ban the legal use because that will eliminate the 'illegal use'. I love how many people apply this logic and fail to see the problems in it. The people that are illegally acquiring guns will still illegally acquire guns... be it through theft, trunk sales or smuggling. It won't stop it... this will just stop the law abiding people from having access to handguns.

So now you're asking why this is of a concern to IT/IS professionals. Well let's look at France and their restrictions on encryption... or Germany and their "banning of hacking tools". In both of these cases the logic was, "Let's make it illegal and then people will stop using it illegally" WRONG! You are taking tools away from legitimate users, or making legitimate users criminals when they still use the tools and since those using the tools illegally are doing so to break a law... they won't stop. This flawed logic has to stop, it's just a downward spiral that's going to get worse and worse. Why does it seem that no one in positions of authority ever possesses common sense?

So here's how I see it happening:

1. Ontario Bans Handguns
2. Ontario Bans "hacking tools"
3. Ontario Bans personal vehicles, allowing only public transit (after all, cars can be used to kill)
4. Ontario requires all residents to be implanted with microchips for constant tracking (after all, if you're being monitored constantly it's harder to commit a crime)

I hope I'm not the only one that sees the problems with this and the problems with our Attorney General's logic... hopefully this can be stopped before we proceed down the slippery slope.

UPDATE:

I just visited the Ministry of the Attorney General's Contact Page and I was surprised to learn that we're already starting down the slippery slope. In order to provide a comment that will be read you *MUST* provide your name, email address and mailing address. Sure you could provide false information, but we "require" that information? Our government won't allow us to provide feedback and thoughts anonymously? Do they hunt down and kill those that they don't agree with? That's really the only possible reason for requiring that information.

I came across this today (via Liquidmatrix Security Digest) and thought it was good for a laugh.

Three Apple engineers and three Microsoft engineers are traveling by train to a conference. At the station, the three Microsoft engineers each buy tickets and watch as the three Apple engineers buy only a single ticket. “How are three people going to travel on only one ticket?” asks a Microsoft engineer. “Watch and you’ll see,” answers the Apple engineer.

They all board the train. The Microsoft engineers take their respective seats but all three Apple engineers cram into a rest room and close the door behind them. Shortly after the train has departed, the conductor comes around collecting tickets. He knocks on the rest room door and says, “Ticket, please.” The door opens just a crack and a single arm emerges with a ticket in hand. The conductor takes it and moves on. The Microsoft engineers saw this and agreed it was quite a clever idea. So after the conference, the Microsoft engineers decide to copy the Apple engineers (as they always do) on the return trip and save some money.

When they get to the station, they buy a single ticket for the return trip. To their astonishment, the Apple engineers don’t buy a ticket at all. “How are you going to travel without a ticket?” asks one perplexed Microsoft engineer. “Watch and you’ll see,” answers an Apple engineer. When they board the train the three Microsoft engineers cram into a rest room and the three Apple engineers cram into another one nearby. The train departs. Shortly afterward, one of the Apple engineers leaves his rest room and walks over to the rest room where the Microsoft employees are hiding. He knocks on the door and says, “Ticket, please…”

Surprisingly I'm not talking about people who are paid to write blog posts on certain subjects... that's better left for another discussion. Instead I'm talking about people that plaster their blogs with ads. I don't get this, I pay for web hosting and domain registration... I consider it part of being a geek... I currently have about 20 domains @ $5.99 USD/year and a $120 USD/year hosting account. I pay these costs myself, and provide my blog (and other sites) without ads plastered all over them. I even provide hosting (web and email) to friends.

So when I look at other people's blogs I have to wonder why they have them plastered with ads. I've complained about ridiculous blog tagging in the past, and others have complained about the large quantities of scripts that are employed on some blogs. Well now I want to gripe about ads. I don't want to point fingers, but a great example of this is Martin McKeay's blog. There are definitely worse offenders, but this happened to be the one I visited tonight that made me think about it. Why do we need to plaster our blogs with Google Ads, blogging is supposed to be about sharing information... originally personal info in journal form and now it's more journalistic... Is that why? We feel that since newspapers place ads, we should as well?

The only thing worse than plastering your website with ads, is placing them all over your RSS feed. Especially those people that provide "summary" articles in their feed, requiring that you visit the site for the full story, yet still insist on tacking an ad below the summary.

I'd love to know why... Do people really make that much money of their ads or are people really that hard up for the few extra cents that these ads bring in? I can get one ad in the side bar, or across the top or bottom of the page, but placing them between each post is excessive and annoying. I'd just love to know why people insist on doing it, especially when I see such little benefit.

That's right... the United States has had a Do-Not-Call List for 4 years now, and Canada has still yet to launch one, even though the idea was announced 3 years ago.

The Do-Not-Call list, introduced by Bill C-37,  is one step closer to becoming a reality as the CRTC announced the rules that will govern the DNC List and began it's search for an operator. Unfortunately, no one will willing to operate the DNC List. The reason? The government expects that money collected via 'subscription fees' collected from businesses accessing the DNC List will be sufficient to pay for the operation of the DNC List. This expectation caused the Canadian Marketing Association (CMA) to back out as the expected operator, stating that they can't operate a project with no clear business model. The CRTC will be responsible for handling complaints related to DNC List violations and can levy fines to a maximum of $1,500 per individual and $15,000 per corporation. These dollar amounts are per violation and not total amounts that can be fined.

Even more interesting is the list of "organizations" that will not be affected by this. The largest amount of telemarketing calls I have are from businesses for which I'm already a customer. Bell Canada is a great example, attempting to up-sell current telephone customers with STS (Smart Touch Services) or Rogers Communication with their attempted up-selling of Rogers Home Phone service to customers with Cable TV and Internet through them. Well guess what, they'll still be able to call you... Bill C-37 has an exception for organizations with whom you are already doing business. Two more annoying groups that call repeatedly and refuse to stop calling even after you talk to them: Charities and Newspapers. The Diabetes Society called me 6 times one month to ask if I had any clothes to donate and the Toronto Star calls at least twice a month asking if we're interested in a subscription. Another group that politicians decided should be exempt is, surprise surprise, politicians. That's right... if they are running for office they are free to call you.

The Do-Not-Call List has been rebranded the Do-Not-Hesitate-To-Call List and that may be more accurate in the end... and that's only if we ever see it. Another interesting point is that DoNotCall.ca closed their doors June 23, 2006 because the CRTC would be introducing the government DNC List within the year... that didn't really happen.

While we wait for the official DNC List, the CMA has a Do Not Contact service. You can subscribe here and all customer lists associated with the CMA will have your name removed.

Canadian DNC List Wikipedia Entry

Or at least some of them anyways. It's part of a promotion of sorts and has apparently been done by 7-Eleven and not by Fox.

Not a lot to say on this one... I learned of this via YumSugar.com and took a look at the 7-Eleven Locate a Kwik-E-Mart page. Unfortunately in Canada it seems to only be happening in BC, but I've got my fingers crossed that this will happen in Toronto still.

Those of you near one of these stores can take advantage of mythical food items such as Squishees, Buzz Cola and Krusty-O's

Greetings,

I felt that I should follow up on this, while I haven't heard much else about it (and I'm not a charter customer) based on the continued comments to my last post, I'm guessing that this is still occurring.  A number of people who commented have a massive letter writing campaign needs to occur. So this post is my contribution to a fight I'm not overly involved in, to gather the masses of irritated and irked Charter customers. My motivation? If one ISP gets away with this, then others may follow suit.

So I'm suggesting a daily letter writing campaign by Charter customers. I also suggest that those of you that aren't Charter customers write-in... let them know that this is why you won't switch to their server. You don't want to lose your freedom and have your queries hijacked.

Suggested Contact List:

To: abuse@charter.net; dblack3@chartercom.com; anita.lamont@chartercom.com; joe.stackhouse@chartercom.com; mmoehle@chartercom.com; mfawaz@chartercom.com; nsmit@chartercom.com; rquigley@chartercom.com

Tyler.

I thought I'd share these pictures of my "computer room" as it currently sits.

The panoramas were taken with my cell phone (UTStarcom 6700 Pocket PC) and the "close-ups" were taken with my Kodak EasyShare CX6200.

Panorama #1

Panorama #2

Close-Up #1

Close-Up #2

I was just taking a quick look at my RSS Feeds and, specifically the Security Bloggers Network. I enjoy having a compilation feed, so that I don't have 50+ feeds to go through. I came across the latest post from the Technology Security Blog and was appalled. Half of the post was Tags for various services... del.icio.us, livejournal, technorati, icerocket, etc... Because it's an RSS feed, the HTML formatting that decreases the font is lost and we're left with these in the same font size as the article. Now, even with the font size is decreased, they are still overkill. I look at the website for the blog and it's these lists of links. Now maybe I don't get tagging... I don't mind Alan Shimel's list of like 10 at the bottom of every post (but his blog spans a good portion of the page so the line is longer, making for fewer lines used)... but I can't stand seeing a page where there are more Tags than content? Is anyone else finding this trend ridiculous?

I came across an interesting article today. The article, "Is Big Brother in your car?" (via Thoughts of a Technocrat), informed me that cars have a "black box"... Not all cars, the manufacturers are listed in the article as: Ford, Mazda, Mitsubishi, Subaru, General Motors, Isuzu, and Suzuki. Harris Technical (a black box recovery company has a "complete" list of cars with black boxes (or EDR/CDRs). Apparently more than half of all new cars carry these devices, located in the cars underbelly, tied into the air bag system.

These "black boxes" (actually silver boxes) are being called a privacy concern by the ACLU. Both the police and your insurance company could have access to these devices to know all the details of how you were driving when an accident occurred.

I see this as a minor issue... I actually was more interested in learning that these devices existed... I decided to contact one of the companies that provide Crash Data Recovery, Harris Technical, and get answers to a few questions I had... I was impressed with how quickly Jim Harris replied to me. Below you will find the questions I posed to Jim as well as the excellent answers that he provided. Thanks Jim.

Jim was also kind enough to include a Sample Report. I found all of this rather interesting... Is it a big invasion of privacy... not really, could it affect insurance claims definitely... Anyways... now you know as much as I do on the subject.

Actually they want to know much more than that... They want to know everything you do online and they don't want to have to obtain a warrant to find out the information. An article posted not long ago on Canada.com tells us that the RCMP are pushing for the re-introduction of the "lawful access" law. This is the bill that was abandoned in 2005. A private members bill (C-416) has been put forward on this issue and the Conservatives are expected to introduce their own bill on the subject.

So here's the deal... should the RCMP or any law enforcement agency come across an IP Address during an investigation, and a time stamp related to the malicious activities, I believe they should have the right to obtain information on that person from the ISP. The RCMP sees things differently. This was the text of a note attached to a meeting briefing.

A lack of legislation to obtain (customer name and address information) has already had serious consequences for investigations and victims.

Had they stopped there, I'd fully agree. However the note went on to include, "obtaining subscriber information is essential not only to cybercrime investigations, but even general, "non-investigative" police duties". "Non-investigative police duties" that's where I draw the line... That's an invasion of my privacy and it essentially says, "We want to watch what you're doing for shits and giggles."

Right now, the RCMP needs a court warrant to access contact information related to an IP Address... the proposed bill would allow them to bypass the court warrant and access the information any time they wish. The same bill would require that ISPs build monitoring capabilities into their networks. Now I'm naive enough to believe that my ISP can't do that right now if they really wanted to, but for any government entity to have that available to them on demand... That frightens me.

Michael Geist (Law Bytes) blogged on the subject. While the entry was pretty much an overview, one of the comments interested me. The person suggested that this could be a sort of "honeypot surveillance". While they incorrectly used the term honeypot, the concept is interesting. What's to stop members of various law enforcement agencies, since they want this power for non-investigative purposes, from using this power to visitors to the NDP website or the Communist party website.

Introducing this concept under the guise of "public safety" is bullshit. It's something we have to stand up against. We need to fight for our right to privacy. Not that I'm out breaking the law... that's better left to 16 year olds and organized crime but I don't want people knowing how many hours a day I spend on Facebook, or that I read various political websites. That's what this concept would give them... the ability to watch every move we make, to become "big brother".

This is no longer about watching out for our safety and finding the bad guys... This is about controlling the population. This is bullshit and needs to be fought. There is no legitimate purpose for this. This is akin to entering someone's house because you want to know what they keep in their underwear drawer. Our laws protect us from this and they should protect us from the electronic form of this as well. Our judicial system exists to perform checks and balances... this proposal is requesting we cut out those checks and balances. That we give way to a form of police state.

Now I'll sit back and wait for the RCMP, the people who are supposed to protect me not seek to control me, to request that Canada ban encryption... after all it would make their lives a lot easier. Hell, let's just abandon the concept of innocent until proven guilty... Let's go with guilty until proven innocent and make the RCMP judge, jury and executioner. I hope that someone in government is intelligent enough (I know... I have astronomically high hopes) to realize that any move of this sort is a bad idea and to blow it out of the water.

Our national anthem contains the line, "God keep our land glorious and free!" I can see the change now.. All future versions of the song will go more along the lines of "God keep our land glorious and fr". That gunshot will be the RCMP attempting to repress our freedom.