The Political Hackonomist

Wer heute als unbedarfter Internetnutzer die englischsprachige Version der Wikipedia ansteuert wird vielleicht überrascht sein, nicht die übliche Startseite vorzufinden. Stattdessen sieht man einen Hinweis darüber, dass und weshalb Wikipedia heute nicht die üblichen Informationen bereitstellt. Genau wie Wikipedia beteiligen sich hunderte anderer US Websites in verschiedener Weise (durch teilweise oder vollständige Selbstzensur, durch Hinweise oder durch Petitionen) am Protest gegen SOPA (Stop Online Piracy Act) und PIPA (Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act) beteiligen. Doch warum sollte das uns in Europa oder Deutschland etwas angehen?

Continue reading "Die Rückverdummung des Internets - Warum SOPA und PIPA ein globales Problem sind!"

Christopher Soghoian a Washington, DC based Graduate Fellow at the Center for Applied Cybersecurity Research, and a Ph.D. Candidate in the School of Informatics and Computing at Indiana University has recently written an op-ed for the NY Times, and now Will DeVries, Google's top DC privacy lobbyist, posted a link to the article on his Google+ page agreeing with Soghoian's concerns.

Continue reading "2 Top-Execs at Google say Google's Privacy Model not Suitable for Journalists, Bloggers, Small Businesses"

Very interesting read on how Google Personalized Search makes us perceive individualized search results as facts, when instead they are a distorted view on "reality", heavily based on our previous reading (clicking) habits.

The article argues, that when 2 people google for the exact same search term, e.g. "climate change", people who, in similar searches before, read more articles talking denying man-made effects on climate change, are likely to see more articles of that sceptical kind. Instead, people who previously clicked more sites which say that climate change is in fact influenced by us, will see more of that kind of sites. The problem is, most people don't know about this, and usually both sides falsely assume, that they are presented the same results, when instead they see "results they'd probably like more than other results".

That's all fine with me as long as you Google for shoes, music or receipes and see stuff you'd probably like, because you liked similar things before. That's what Google, Facebook and all these companies have been doing for a living since the beginning: showing you stuff advertisements that match your interests.

But this really is a big problem when researching complex issues, and especially topics that can stir up emotions and make people take extreme points of view. 

Of course, if you don't have a Google account or aren't logged in, then personalized search is not affecting you. As in many other cases, i guess, anonymity really is a good thing...

As www.torrentfreak.com writes (original research paper included there) researchers proved that it is possible to call Skype users (even those who aren't on your contact list) without those users noticing. By using firewall rules they can initiate a call but the Skype client on the callee's side won't ring or otherwise show any activity. Furthermore they prove, that the obtained IP address can be linked to public data from BitTorrent trackers to link the respective Skype account to downloads via BitTorrent. As the researchers write, they tried to disclose the security hole responsibly and informed Skype about the problem months ago, but Skype did not do anything about it, so they went public.

Watch the youtube clip below to see how anybody can easily unlock an iPad2 and access all apps that were running before the device was locked. Essentially, this allows the attacker in the worst case to write emails in your name, access your local files and impersonate you on all web services you were logged in. If you own an iPad, you might want to make sure nobody has physical access to your gadget while you are not around. 

Continue reading "iPad security flaw allows unlocking without PIN"

After India announced to shut down Blackberry services in India if the company wouldn't provide access to otherwise encrypted customer data in August last year, it became known now, that RIM opened a small facility in Mumbai earlier this year, which is providing exactly that. India is now, after Saudia Arabia, the second country where RIM has given in to such demands. However, RIM claims that enterprise users of Blackberry services are not affected, as RIM does not have a backdoor or a 'master' key to the encryption used for enterprise customers.

Continue reading "RIM grants India access to encrypted customer data"

After Anonymous made headlines for going after pedophiles two weeks ago, yesterday they again surprised us with their latest nemesis: Zeta, a Mexican drug cartel in the state of Veracruz. Zeta apparently abducted one of their activists from a street protest and now Anonymous is threatening the cartel to publish names of politicians, judges, journalists and other people supporting the cartel if Zeta doesn't release him immediately. It remains to be seen how the cartel will react, but Anonymous demonstrated they aren't joking and defaced the first web site yesterday, claiming Gustavo Rosario Torres, the former attorney general of the state of Tabasco, is involved with the syndicate (screenshot).

Check out the youtube video announcement after the break... 

Continue reading "Anonymous vs. Mexican Drug Cartel"

All over Berlin, i.e. at many 'Spätis' (small shops selling anything from drinks and cigarettes to groceries) you can see ads and posters for this (relatively) new mobile phone provider Lebara (www.lebara.com). They claim to be really cheap, especially for international calls, and although this is actually true (PDF price list for calls from Germany), it's not the reason why I'm writing this entry...

Continue reading "Anonymous, cheap calls with Lebara"

Fantastic shot of a double rainbow over London by photographer Leon Neal

This is brilliant, go check it out:
Brilliantly Sarcastic Responses to Completely Well-Meaning Signs

Check out these photorealistic handpainted pictures by artist Juan Francisco Casas. Incredible work for sure!

How to turn your old iMac into an aquarium:
http://inhabitat.com/macquariums-iconic-candy-colored-apple-imacs-recycled-into-aquariums/

Apple has apparently sent a cease and desist letter to a small family-run cafe called 'Apfelkind' in Hamburg, over the use of their logo. Apple argues that the logo could be confused with the Apple logo, and Apple is not happy with that. I am not happy with Apple!

Sad world...

Anonymous, otherwise notorious for hacking, DDOSing and defacing big corporates and governmental institutions, have decided to use their collective anger and hacker skills for something different lately. And for the first time, a lot of people stand behind them and endorse their activities taking down child porn websites and hosters supporting those pedophiles.

If you want to read up on what's happened go straight to the source (OpDarknet's pastebin) and skip most of the badly researched articles you find elsewhere.

Good news for people in Iran! Tor is secure and working again from Iran after an outage of less than a day. From the official Tor blog:

How did the filter work technically? Tor tries to make its traffic look like a web browser talking to an https web server, but if you look carefully enough you can tell some differences. In this case, the characteristic of Tor's SSL handshake they looked at was the expiry time for our SSL session certificates: we rotate the session certificates every two hours, whereas normal SSL certificates you get from a certificate authority typically last a year or more. The fix was to simply write a larger expiration time on the certificates, so our certs have more plausible expiry times.

Looks like the German state of Schleswig Holstein or rather the ULD (Unabhängiges Landeszentrum für Datenschutz / State Center for Data and Privacy) is thinking about banning Facebook "Like" buttons on websites (not on Facebook itself) due to privacy concerns. Although I usualy take the side of the privacy activists, i am not sure if this isn't going a bit too far. There's talk about a 50.000€ fine for whoever hosts a website that includes the "Like"-button. Guess it will take some time until it becomes really clear what that means to individuals, companies or institutions using it...

Alex from www.datenschutzberatung.org also has an article on it.

Update: Find the complete communication between the ULD and Facebook on the ULD website

Short abstract:
This post has a double purpose:
1. YES, you can use the opsi VMWare Appliance in VirtualBox (a 10min google search did not yield one hit of somebody who did this before, so: eat this google!)
2. It won't boot without modification, the very easy solution is below :)

Long version:
Wanted to check out opsi without installing it. So i downloaded the VMWare image that is also provided. However, i got rid of VMWare about a year ago in favour of VirtualBox (there were plenty of reasons for that...). The good thing about VirtualBox is also that it allows to use VMWare's vmdk files as virtual harddisks, so i thought it should be easy to check it out. After setting up the new machine in VirtualBox with the downloaded opsiserver.vmdk I booted for the first time and was greeted by:

Waiting for root file system ...

The fix is really easy though, once you understand what the problem is: the underlying system of the appliance is a Debian GNU/Linux with Grub as boot loader. The problem is that the original VMWare installation used virtual SCSI or SATA devices, so the line in /boot/grub/menu.lst contains /dev/sda2. On VirtualBox (at least with the default config) the system uses virtual IDE disks, so you need to simply change /dev/sda2 to /dev/hda2. To do this on every reboot you can use the built-in editor of grub (press "e") and change the device. Once you booted successfully, you can change it permanently by editing /boot/grub/menu.lst.

Now comes the fun part: learning how to use opsi to save me time. But as far as I know / read about it, it's just what I am looking for. I guess it even makes sense in a small environment like ours here (6 Windows clients but loads of common software that needs to be installed on all our machines...). Maybe I will blog about it again after I got to know it better.

Ah, versions used:
VirtualBox 3.0.8 r53138 (equals app-emulation/virtualbox-bin-3.0.8 in Gentoo)
opsi3.4-servervm (2009-09-16)

In case it helps anybody...

If you don't know the DSL password which connects your Beetel 220BX to the ISP network (Airtel in India does never provide it to the customers, they'd rather send a guy to enter it by hand...), but the router still functions, you can get the passwords even though you only see ******** in the web-interface. It's really easy:

1. Connect to the router IP with telnet (user: admin, password is the same as for the web-interface)
2. Go to Management (press 9)
3. Go to Settings (press 1)
3. Dump settings (press 3)
4. Look for the line that starts with: ppp_conId1 userName="***********_dsl@airtelbroadband.in" password="cGFzc3dvcmQ=" ....
5. Copy and paste the value of password into a base64 decoder (locally or i.e. you can use an online decoder, such as here: http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/)
6. Congrats, you now have your DSL password which Airtel wouldn't tell you ;)

As a foreigner in India one often enough has encounters of the strange kind. Fair enough...

As a German in India however, you are in for some odd encounters that non-German people most probably don't come across. Yes, you guessed it, it has got something to do with Adolf Hitler (ok, maybe the title gave you a good hint). So, I just give you an example of a situation that happened to me at least 5 or 6 times during the time i spent in India (which is altogether something like little less than 2 years):  

Continue reading "One for the Hitler"