Scary Parts of the Internet, round 2

So, last time I did a post like this, I had stated that it was probably a bad idea to let the US into a treaty that was built around data mining your computers.

It was then generally excepted that this idea sucked. Mainly because we all have things on our personal computers we really would not like to share. With anyone. Ever.

That's just your average American, and that's just your average laptop. Opinions aside, one could just not travel with a laptop, and thus avoiding the main clause that I had problems with in the treaty. Besides, laptops (in comparison to today's technology) are heavy. They're bulky. You need to take them out and have them x-rayed separately when clearing the security checkpoint, which is not only a real pain, but also annoys the people behind you to no end.

Besides, people need to take more road trips anyway. They're an American tradition, dangit. Its an easy, no tech solution to the problem. You don't even have to sacrifice much, and maybe you'll get off your lazy butt and see the Grand Canyon.

Now, lets start getting our hands (and pants) dirty once again, as we delve into other terrifying things about the Internet.

This one is longer than my last post, and due to that it isn't as scary as some things around here on the web. Yet, its also more scary because most people don't get WHY its scary. Aside from someone telling them that it is, at any rate.

And if you believe anything people tell you, then thanks for actually calling up the number on your screen during infomercials, jerk.

So, I dug into the dark depths of the web, slew a kraken and pulled out this treasure:

http://www.securecomputing.net.au/News/214707,goatse-security-claims-gaping-hole-in-ipad-users-data.aspx

First things first: Hi Apple guys who claim their OS rocks because no one can hack it! How ya' doin? What we're looking at here is called a "front door" in hacker language.

It pretty much means that instead of finding a vulnerable spot in your OS code, we simply get your username and password from somewhere else.

This is known to people who still speak English (and not texting gibberish) as "circumvention". I know that's a big word, and you text-speakers out there have used shorthand for so long you can no longer type normally, so I'll define that for you.

Going around a wall rather than knocking it down. So, your data can be protected by the equivalent of the great wall of China, but here we see that if you have personal info stored elsewhere- that data better be protected by the great wall of China too.

And there is only one great wall, so you're SOL.

We have the "usernames" of about 117,000 iPad users. This should scare the crap out of anyone with an iPad. Its not hard to query a server (ie, the one with all your data) for results. There are only two things keeping your info from going all over the net.

And one is about as strong as paper.

First- the fact that AT&T's servers with your personal info are secure. This is probably true. Except for the fact that AT&T's servers are safe against a blackbox software attack. Or, in not nerd- they are safe against a team of hackers that have no foreknowledge of the system. The guys attacking the servers are flying blind and dealing with protections on the fly.

Hacking isn't easy, I'm not claiming it is. Most solo hackers are idiots who just happen to get a hold of a bit of hacking software and run it. They have no idea (mainly) how it works. AT&T is a serious company. Getting hacked would take their profit margin, give it chloroform in a sleazy bar, take it home, and do unspeakable things to it.

And, companies are serious about their profit margin. They'll throw money at lobbyists, who throw words (and probably money) at governments to keep it in the black. As, per-say, the last post on this series.

AT&T is damn sure they're secure against the idiots. Except that it was an "idiot script" that got us the damn usernames in the first place.

The people who can really hack (it takes a combination of insanity, luck, and Zen) are mainly stopped by the fact that a system that is getting hacked flips a shit about it. And then the software protection people mobilize and start fighting back.

But, now, the hackers have a bit of the puzzle- a username. Its a powerful piece- a system generally will not throw up alarms if a username is entered in without a valid password. They can just brute force there way into the system.

The process is similar to guessing some one's telephone number by going,
"111-1111. Damn. 111-1112. Damn. 111-1113 Damn."

Computers can do this at very fast rates. Like a trillion combinations a second.

Which brings us to the second thing saving your ass- your password. The harder it is to guess, the safer you are.

Which brings us back to square one: So, apple users, did you ignore all those password generation ideas and just use "password" because you have an apple product and no one is ever going to hack it?

Oh, and it would appear that several important people in big name positions have an iPad- with a username now out in the public domain.

And the hackers already have your e-mail address. I'll let you ponder that after realizing how many websites ask only for an e-mail address and a password.

You guys are sooooo screwed.

If you use the net, it is time you know about the scary parts

I don't know if this will turn into a series or not, but there are some outright scary things going down in places that should have most of you scared out of your wits.

Most of this is just the facts, from where I can snag them. Any extrapolation is mine.

A lot of the info I pull for this stuff comes from the web, which means that I've a 60/40 chance of it being true. At best.

And that's the best news your getting, so lets strap in, set an away status on the instant messenger of your choice, and grab a soft drink, its time to look at the ugly things hiding underneath your average Internet.

And the normal pits of the Internet? That's getting factored as average. If you've been around the net for more than facebook, then please go get a new pair of pants. I'll wait.

So, let us begin.

http://acta.us.to/ is our starting spot, and, frankly, is by no means tame.

This is like a house cat- you think its all cute and cuddly (and they are!) but then you remember that they commonly prey on more than 200 different species.

At a first glance, this is a treaty signed among nations to stop piracy. That's something I can (aside from being a hypocrite the size of a hippogriff) get behind. Exceptions non-withstanding (and if the product/IP I would like is no longer sold in retail? What if the artist of that album I'm torrenting is dead?) piracy screws over businesses. Probably not as bad as they think, but yes, I am willing to admit that it does cut into profits.

And not all of it can be rationalized away by absurd prices- with some people pirating things just to get them early. And come now, even if they sold games for 5 bucks, we'd still pirate the hell out of them, because its free. Screw quality drops, free things are always better.

Its like the first rule of college.

Ok, fine. Maybe I don't like the idea, but its a morally good one. Just like the fact that I can't break the shins of people who wait until they are at the register to order something after being in line for an hour. I can't get everything I want.

Fine.

Now its time for the scary stuff, the dagger held by the little cute child, if you will.

There is a clause in this agreement that states that they want to also be able to randomly search computers for pirated material a-la random terrorist search at the airport.

Oh, HELL no.

Problem A) Unlike a terrorist search, this has no threat to national security, or the business of running a country. We have nations stepping in for businesses. Last I checked, most of us don't have businesses. I, quite frankly, don't care about your business, I care about your product. Nations should never enter the private sector- at least not on this level. I can understand a state run competitor company, but this is WAY different. You are acting on the market as it stands to keep current businesses in the black.

That violates the best part about a free market- that it is fluid. Businesses grow, and businesses fail. The market works like evolution- those that can adapt, stay afloat. Those that can't, sink. This gives the consumer power over businesses- we can pick which places stay up, and which die. This treaty goes against that in a big way.

Problem B) This is actually an issue that goes against the whole random screening in general, but it applies in a big way here. There is no bounds on the data they can mine from your computer. They'll trawl the whole damn thing.

Examples?
Your search history from when it was 3 am and you were bored.
Your search histories from all the times you were drunk and horny.
Any and all passwords/user names your browser may have saved for quick entry.

And this stuff can be saved in ways and places you might not expect. All it takes is a system restore to before the point you started clearing your Internet history to get any old info. And, a lot of this is saved in more places than just your browsers history- and in ways you might not expect.

And I'm still assuming they don't put anything new on your computer. A virus can trawl up more info than you've ever dreamed. And, of course, leave a nice backdoor.

Now, I know. Most people won't do such a thing, and most places do have securities to prevent some broke TSA agent from stealing your identity. But, that is the big difference between a standard passenger screening and this new digital screening- OK, people ruffle through you bags- you don't keep a lot there. Someone goes through your laptop or computer- and all of the sudden they are seeing a whole lot more than just what type of hand sanitizer you like to use.

Readers: "we're protected by the constitution! They need a warrant!"

Does TSA need a warrant to do a random strip search in the airport? Not currently. And may I remind you that congress has the power to agree to treaties- even if they conflict with the bill of rights?

That's OK. I need to change my pants now too.