Nov 15, 2008

Once it's out, it's out

Have you ever said anything you wanted to take back right after you finished the sentence? Well maybe you got lucky and there were only a few people around. But once you put something on the web, it's there forever. Internet doesn't have concept of delete button.

There is always omnipresent cache and archives, so even deleting content from you site doesn't help. This happened recently when Apple pulled biography of their new executive Mark Papermaster from their website, after court barred him from reporting to work in Apple until his lawsuit with IBM is closed. I will not go into details (you can read Ars Technica coverage of the issue) because my point lies elsewhere. You can say what you want, if it is connected to the Internet it is public FULLSTOP

Internet is full of stories where people wanted to hide their humiliations and errors from public by injunctions, lawsuits and whatnot. The end result is almost always Streissand effect. If you read the wiki, there are some nice examples why you should keep your private things private. Once it's out, trying to censor it will only make it worse (the more famous/sexy you are the worse for you). It might be a good time to read guides to privacy right now. I know you are not going to do that anyway, but it is still my dream that once, a new generation will be able to protect their privacy online. Unfortunately anecdotal evidence suggest otherwise.

By the way. Anyone knows a simple list of things to improve your privacy online?

Nov 14, 2008

Earn money sending spam!

Seriously. According to joint study by security researchers, Storm botnet can create as much as $ 3.5M of revenue per year. It was definitely one of the most ingenious research and analytical papers I have read so far.

In order to measure effectiveness of spam campaigns, researchers joined Storm botnet with bots that were used to conduct MITM attack on Storm itself. These bots changed spam campaigns slightly and redirected targets of spam campaign (users) to servers controlled by researchers. These servers mimicked websites of spammers and counted number of visitors and number of actual victims who fell for the scams and provided their information (credit card number, social security number, etc.). If the results are correct, spam campaigns are effective in less than 0.00001% of cases. This number is indeed extremely low, but if you consider size of the Storm and number of emails that it sends every day, you get to more interesting numbers ranging from $7000 to $9500 of revenue per DAY.

I left out few interesting details so if you have some time, consider reading the whole paper (12 pages).


Xorg evdev madness

It is really astonishing how easy it is to find topics for blogging when one looks around :)

I recently upgraded my Xorg installation to latest ~x86 version. For Gentoo virgins, this means unstable version, although it is usually considered stable upstream, just integration with other apps can be sometimes problematic. Stable version was really old and had problems with recent kernel versions. I was very happy with the upgrade, which made my 5 year old Thinkpad more alive than ever. I decided to recreate my xorg.conf because most of the stuff that was there was not needed anyway, since XRandR 1.2 is used.

What is my problem then? Well after the upgrade some features of my touchpad stopped working (most notably circular scrolling) and I could not switch between different layouts of my keyboard. First thing I did was of course look at Xorg.0.log. Important part follows:

(II) XINPUT: Adding extended input device "AT Translated Set 2 keyboard" (type: KEYBOARD)
(**) Option "xkb_rules" "base"
(**) AT Translated Set 2 keyboard: xkb_rules: "base"
(**) Option "xkb_model" "evdev"
(**) AT Translated Set 2 keyboard: xkb_model: "evdev"
(**) Option "xkb_layout" "us"
(**) AT Translated Set 2 keyboard: xkb_layout: "us"
(II) config/hal: Adding input device ThinkPad Extra Buttons
(**) ThinkPad Extra Buttons: always reports core events
(**) ThinkPad Extra Buttons: Device: "/dev/input/event3"
(II) ThinkPad Extra Buttons: Found keys
(II) ThinkPad Extra Buttons: Configuring as keyboard
(II) XINPUT: Adding extended input device "ThinkPad Extra Buttons" (type: KEYBOARD)
(**) Option "xkb_rules" "base"
(**) ThinkPad Extra Buttons: xkb_rules: "base"
(**) Option "xkb_model" "evdev"
(**) ThinkPad Extra Buttons: xkb_model: "evdev"
(**) Option "xkb_layout" "us"
(**) ThinkPad Extra Buttons: xkb_layout: "us"

As it happened evdev found additional "keyboards" and IGNORED my layout settings for keyboard. I found few forum posts dealing with the same problem on Gentoo and Arch Linux. I will not go into details, if you really want to know all the crazy solutions people found, read the forums. But easiest solution? Uninstall evdev driver for now if you don't need it (you probably don't). Similar effect could be probably reached by adding Option AutoAddDevices "boolean" to Serverflags section of xorg.conf, however I didn't try this approach.


World is spinning too fast

And while it's spinning faster every day (perhaps because of her?) my blog themes are getting cold and old. I wanted to write about many topics but instead I was living my life. Go figure...So first let me just post simple summary of links I found worth reading in past weeks:
There were also few others but just like 2001: A search oddysey they became outdated some time ago.

There is however one article that sparked my interest more than others in past weeks. Title of the article is "Tips for getting started in information security". Why was this interesting to me? I have quite a few feeds in my RSS reader. Some of them are dealing with security, some with more general IT topics, some are just plain fun. My problem is that I like security as much as I like software development. It is however not that easy to find basic-level stuff that is dealing with application security. When I read about attack on Adobe Flash virtual machine my head started turning. I know thing or two about stack, buffer overflows etc. but this is just too much for me now. So I decided I have to change my approach a bit and start catching up on application security. Otherwise I will just turn to one of those old school wannabes that actually know something about everything nut not really everything about something.

Unfortunately I don't suspect I will have much time in upcoming days for blogging but we'll see.