May 14 2015

what is wrong with this sentence?

Yesterday the new Government published a press release about the forthcoming first meeting of the new National Security Council (NSC). That meeting was due to discuss the Tory administration’s plans for a new Counter-Extremism Bill. The press release includes the following extraordinary stement which is attributed to the Prime Minister:

“For too long, we have been a passively tolerant society, saying to our citizens: as long as you obey the law, we will leave you alone. “

Forgive me, but what exactly is wrong with that view? Personally I think it admirable that we live in a tolerant society (“passive” or not). Certainly I believe that tolerance of difference, tolerance of free speech, tolerance of the right to hold divergent opinion, and to voice that opinion is to be cherished and lauded. And is it not right and proper that a Government should indeed “leave alone” any and all of its citizens who are obeying the law?

Clearly, however, our Prime Minster disagrees with me and believes that a tolerant society is not what we really need in the UK because the press release continues:

“This government will conclusively turn the page on this failed approach. “

If tolerance is a “failed approach”, what are we likely to see in its place?

Permanent link to this article: http://baldric.net/2015/05/14/what-is-wrong-with-this-sentence/

May 08 2015

back on topic

Theresa May hasn’t wasted any time. The Independent reports today that Ms May (Home Secretary in the coalition administration) has said that the new Tory administration will bring the Draft Communications Data Bill, previously blocked by the Liberal Democrats, back to the House of Commons with the intention of getting it passed into law. As the Independent also reports, dear Dave, who is let us say, technically challenged, has in the past expressed the view that no form of communication should be unreadable by the Goverment. This implies severe restrictions on all forms of encryption.

Given that the Tories now have the majority they lacked in the last administration, it is clear that they will see themselves free to attack the kind of liberties I, and millions like me enjoy and cherish. The Open Rights Group maintain a wiki devoted to the relevant points of each political party’s manifesto devoted to surveillance or other possible attacks on privacy. As they point out, the Tory party is committed to:

  • introducing “new communications data legislation”;
  • scrapping the Human Rights Act;
  • requiring internet service providers to block (certain) sites;
  • enabling employers to check whether an individual is an extremist;
  • requiring age verification for access to all sites containing pornographic material.

There are, of course, huge practical and technical difficulties in implementing much of what the Tories wish to do (consider for example the idiocy of attempting to outlaw VPN technology) but that won’t stop them trying. Indeed, some of the technical difficulties may cause the new administration to bring in mechanisms to get around those problems. An obvious example would be the requirement for key escrow for anyone wishing to use encryption.

Excuse me if I find that unacceptable. Time to encrypt much, much more of my everyday activity from now on.

Permanent link to this article: http://baldric.net/2015/05/08/back-on-topic/

May 08 2015

do not be ordinary

The early results of yesterday’s poll are depressing beyond belief. It looks almost certain that the Tory party will have sufficient seats to form the next government.

I don’t often make party political points here (though my political leanings may sometimes be obvious) but I was reminded today of Neil Kinnock’s heart rending speech in Bridgend, Glamorgan, on Tuesday 7 June 1983, two days before the election in which Margaret Thatcher was returned as Prime Minister.

Kinnock said:

“If Margaret Thatcher wins on Thursday, I warn you not to be ordinary. I warn you not to be young. I warn you not to fall ill. I warn you not to get old.”

Those words resonate even more today than they did 32 years ago. I fear for the old, the poor, the disposessed, the weak, the young, the sick and yes, indeed, the ordinary people of this country. David Cameron and his cronies both inside and outside Government will now return to the task of dismantling all that is good and admirable about our society. A society should be judged on the way it treats its weakest and less able members. Cameron’s Tories are, at heart, brutal and uncaring. That frightens me.

Permanent link to this article: http://baldric.net/2015/05/08/do-not-be-ordinary/

Mar 30 2015

the russians are back

About four years ago I was getting a huge volume of backscatter email to the non-existent address info@baldric.net. After a month or so it started to go quiet and eventually I got hardly any hits on that (or any other) address. A couple of weeks or so ago they came back. My logs for weeks ending 15 March, 22 March and 29 March show 92%, 96% and 94% respectively of all email to my main mail server is failed connection attempts from Russian domains to dear old non-existent “info”. Out of curiosity I decided to capture some of the inbound mails. Most were in Russian, but the odd one or two were in (broken) english. Below is a typical example:

From: “Olga”
To: Subject: Are you still looking for love? Look at my photos!
Date: Thu, 12 Mar 2015 15:22:08 +0300
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331

Sunshine!
Are you still looking for love? I will be very pleased to become your half and save you from loneliness. My name is Olga, 25 years old.
For now I live in Russia, but it’s a bad time in my country, and I think about moving to another state.
I need a safer place for life, is your country good for that?
If you are interested and want to get in touch with me, just look at this international dating site.
Hope to see you soon!
Just click here!

Sadly, I believe that many recipients of such emails will indeed, “click here”. Certainly enough to further propagate whatever malware was used to compromise the end system which actually sent the above email.

Permanent link to this article: http://baldric.net/2015/03/30/the-russians-are-back/

Mar 30 2015

kidnapped by aliens

An old friend of mine has expressed some concern at the lack of activity on trivia of late. In his most recent email to me he said:

“You really should revive Baldric you know. Everyone will believe it if you just say you were kidnapped by aliens, and then you can just resume where you left off.”

So Peter, this one is just for you. Oh, and Happy Birthday too.

Mick

Permanent link to this article: http://baldric.net/2015/03/30/kidnapped-by-aliens/

Dec 24 2014

merry christmas 2014

As I have noted before, 24 December is trivia’s birthday. Since my first post dates from 24 December 2006, today is trivia’s eighth birthday. It seems like only yesterday.

I haven’t posted much in the last few months. I have a lot of material I need to cover, and a backlog of articles I want (or at least wanted) to write so I will endeavour to get back into a writing routine as soon as I can. Meanwhile, since it is yet again christmas time, and it’s trivia’s birthday, I couldn’t let today pass unblogged.

Let’s hope 2015 brings all that you wish for.

Best Wishes

Mick

Permanent link to this article: http://baldric.net/2014/12/24/merry-christmas-2014/

Dec 13 2014

solidarity with the tor project

On Thursday 11 December, Roger Dingledine of the Tor project posted the following email to the “tor-talk” mail list (to which I am subscribed).

I’d like to draw your attention to

https://blog.torproject.org/blog/solidarity-against-online-harassment
https://twitter.com/torproject/status/543154161236586496

One of our colleagues has been the target of a sustained campaign of harassment for the past several months. We have decided to publish this statement to publicly declare our support for her, for every member of our organization, and for every member of our community who experiences this harassment. She is not alone and her experience has catalyzed us to action. This statement is a start.

Roger asked those who deplored on-line harassment (of any person, for any reason) and who supported the Tor project’s action in publicly condemning the harassment of one of the Tor developers to add their name and voice to the blog post.

I am proud to have done so.

Permanent link to this article: http://baldric.net/2014/12/13/solidarity-with-the-tor-project/

Nov 27 2014

independent hit

On trying to reach the website of the Independent newspaper today (the Grauniad is trying my patience of late), I received the following response:

Screenshot-www.independent.co.uk - Chromium

Closing the popup takes you to this page:

Screenshot-Hacked by SEA - Chromium

I haven’t checked whether this is simply a DNS redirect or an actual compromise of the Indy site, but however the graffiti was added, it indicates that the Indy has a problem.

Permanent link to this article: http://baldric.net/2014/11/27/independent-hit/

Sep 26 2014

CVE-2014-6271 bash vulnerability

Guess what I found in trivia’s logs this morning?

89.207.135.125 – – [25/Sep/2014:10:48:13 +0100] “GET /cgi-sys/defaultwebpage.cgi HTTP/1.0″ 404 345 “-” “() { :;}; /bin/ping -c 1 198.101.206.138″

I’ll bet a lot of cgi scripts are being poked at the moment.

Check your logs guys. A simple grep “:;}” access.log will tell you all you need to know.

(Update 27 September)

Digital Ocean, the company I use to host my Tor node and tails/whonix mirrors, has posted a useful note about the vulnerability. And John Leyden at El Reg posted about the problem here. Leyden’s article references some of the more authoritative discussions so I won’t repeat the links here.

All my systems were vulnerable, but of course have now been patched. However, the vulnerability has existed in bash for so long that I can’t help but feel deeply uneasy even though, as Michal Zalewski (aka lcamtuf) notes in his blog:

PS. As for the inevitable “why hasn’t this been noticed for 15 years” / “I bet the NSA knew about it” stuff – my take is that it’s a very unusual bug in a very obscure feature of a program that researchers don’t really look at, precisely because no reasonable person would expect it to fail this way. So, life goes on.

Permanent link to this article: http://baldric.net/2014/09/26/cve-2014-6271-bash-vulnerability/

Aug 13 2014

net neutrality

My apologies that this is a few weeks late – but it still bears posting. John Oliver at HBO gave the best description of the net neutrality argument I have seen so far.

Following that broadcast, the FCC servers were, rather predictably, overwhelmed by the outraged response from the trolls that Oliver set loose.

Unfortunately, as John Naughton reports in the Observer, the FCC are unlikely to be moved by that.

Permanent link to this article: http://baldric.net/2014/08/13/net-neutrality/

Aug 11 2014

levison on dime

Ladar Levison and Stephen Wyatt presented the upcoming Dark Internet Mail Environment (DIME) at Defcon22 this week. According to El Reg, Levison, who shut down Lavabit, his previous mail service rather than comply with FBI demands that he divulge the private SSL certificates used to encrypt traffic on that service, said:

“I’m not upset that I got railroaded and I had to shut down my business … I’m upset because we need a mil-spec cryptographic mail system for the entire planet just to be able to talk to our friends and family without any kind of fear of government surveillance”.

I think that puts the problem into perspective.

Permanent link to this article: http://baldric.net/2014/08/11/levison-on-dime/

Jul 28 2014

punctuation matters

There is a nice tweet over at @NSA_PR. It reads:

We take your privacy, seriously.

Beyond parody.

Permanent link to this article: http://baldric.net/2014/07/28/punctuation-matters/

Older posts «