home

Archive for the 'Security' Category

The Sports Network hacked

Monday, April 21st, 2008

An ominous message showed up early Sunday on the Web site of The Sports Network (TSN), one of the more popular sports news destinations in the US:

Please Note

The Sports Network website and other major news sites have been hacked by a political entity from China, and as a result are temporarily unavailable. We apologize for any inconvenience and hope to be back up and running as soon as possible. Thank you for your patience and understanding.

Sports Network Management

Reached by phone at TSN’s main office in Pennsylvania, statistician Bob Nelson said the site was hacked “by a group out of China” early Sunday morning around 2 a.m. EST. It was after the Mets-Phillies game where the public site and the data TSN sends to clients were affected.

Staff took down the public website after it had been vandalized with the message, “Tibet was, is and always will be a part of China.” It’s not clear what “political entity” the site outage message refers to.
TSN was working to get the site back up sometime Monday.

For a snapshot of The Sports Network site in normal operation, please see the Google cache.

Telecom immunity

Wednesday, February 13th, 2008

I have never been a political animal and have purposely steered clear of cheerleading in that arena. But when the very core of civil liberties in my ‘homeland’ of the US are being flushed down the toilet, it’s not politics but an absolute imperative to wake people up.

This is the case with telecom immunity, the move by Bush and every single Republican senator to give blanket immunity to whatever actions the telcos took to assist the US government to tap phones or monitor conversations (with or without a warrant) since Sepember 11, 2001. What’s even more disgraceful is the “opposition” party — voted in as a check to the corporate friendly Republicans — has been splintered and cannot even fight this provision.

So let’s just take a look at the big three candidates left, all senators, on this issue. Their vote on Feb 12.

  • Bill: S 2248
  • Vote description: Dodd Amdt. No. 3907; To strike the provisions providing immunity from civil liability to electronic communication service providers for certain assistance provided to the Government.
  • McCain: no
  • Obama: yes
  • Clinton: no vote

That by itself makes up my mind, unequivocally, who should be America’s Next Top Leader.

US Tourism Decline

Thursday, November 1st, 2007

For folks who frequently travel, news about a decline in U.S. tourism is not a surprise given the frustrations of security searches, tiny small bottles, rude immigration officers and an infuriating visa process. The stats are discouraging.

The number of foreign visitors to the United States has plummeted since the September 11, 2001 attacks on New York and Washington because foreigners don’t feel welcome, tourism professionals said Thursday.

“Since September 11, 2001, the United States has experienced a 17 percent decline in overseas travel, costing America 94 billion dollars in lost visitor spending, nearly 200,000 jobs and 16 billion dollars in lost tax revenue,” the Discover America advocacy campaign said in a statement. [link]

Interestingly, at the same time the process of travelling to China has improved greatly. The immigration and security checks at the China border are faster and more courteous. At the metal detectors, all the body frisking is done by young female security officers. Female travellers appreciate that, and as for male travellers, (cough) it’s the highlight of their trip.

Compared to the US passport check, they’ve actually inverted the model when it comes to customer service. Every immigration official at the Beijing airport immigration has a “rate this officer” box so you can punch one of four buttons to give your satisfaction score. Since it’s been installed, the lines move considerably faster.

I can’t imagine United States DHS doing this any time soon.

Rate your Chinese immigration officer

Psiphon Tool

Monday, December 4th, 2006

This week, Citizen Lab released the Psiphon tool for surfing the Net “freely and securely” by having trusted friends and family members run a special version of a personal p-r-o-x-y server via SSL. Its biggest advantage is that it does not require any client software whatsoever.
I’ll post a full rundown of the tool this week. It’s an impressive accomplishment that, while not the magic silver bullet, is another excellent utility for the tool chest.

Effective Censorship

Thursday, July 27th, 2006

EFF’s co-founder John Gilmore talks to CIOL, a tech publisher in India, about the latest India blocks. One particularly interesting quote from the article:

Do you think, as a trend, Internet censorship is increasing over the past few years?
People who wish to control what other people are allowed to read or think have not given up those wishes. I think that Internet censorship is increasing, but I think it is increasing less than the growth of the Internet. Thus, the Internet is pulling ahead of the censors despite their efforts.

I think there are many folks who disagree, finding that the Great Firewall in China is doing quite an effective job of filtering. As Nart Villeneuve of Citizen Lab said recently:

Filtering does not have to be technically foolproof, the reality is that *most* people won’t even try to access banned content let alone attempt to circumvent filtering.

That is, imperfect “leaky” censorship is still very effective at restricting general access to critical content.

In terms of user experience, the circumvention tools often require some tech knowhow to install and maintain. Even those with the best tools need to go through the hassle of firing up the resources in each particular instance of blocking. Even then, there is often a big performance hit in response time or download speed. Each obstable dissuades another set of folks, to the point where even with the clear technical means to avoid a block, the user has lost interest or determines it’s not worth the effort. (It is the tech equivalent of demoralizing the opponent.)

It is perhaps a bitter compliment, but the GFW has scaled up quite well so far.

technorati tags:, , , , ,

India Internet Filtering

Monday, July 17th, 2006

A favorite topic for Asia watchers is to debate India vs. China - who to put your money on, and who will succeed? I say it’s not either-or. Both will work together and be powerhouses.
But I was surprised by this headline in Boingboing.net:

Report: Indian gov blocks Blogspot, Typepad, Geocities blogs

So it seems India has followed in China’s footsteps (for now) and blocked popular blog sites like Blogger.com and Typepad.com. Reports are rolling in that it is indeed true, with “fighting terrorism” being the justification and no announcement about when it will end.

For those in India, welcome to the life behind the Great Firewall. Essential reading:

We hope your stay will not not be long.

Internet filtering in US newsrooms

Tuesday, June 20th, 2006

Boingboing has a story about how some newsrooms in the United States have restricted Internet access using filtering such as Smartfilter or Surfcontrol. Among the newsrooms mentioned - LA Times and CBC (Canada). Goes to show you - tools for getting around censorship are not just for folks in China, Pakistan, Saudi Arabia or Tunisia. I gave a talk earlier this year at the Foreign Correspondents Club about practical security tools, and I emphasized it even then - these are tools for all journalists, not just for those working in locales that are non-democratic or have a weak rule of law.

There is a reason why medical, legal and journalistic work are clinical professions - practitioners require complete access to “direct observation” of evidence to perform their jobs.

A doctor needs access to view unclothed patients without being labeled a sexual pervert; a lawyer needs to consult with a client without being called an accessory to the crime; and a journalist needs an unfiltered information feed, without being called a loafer, slacker or prurient observer.

Ironically, there are likely sites that can be seen from the newsroom of China Daily, but not from the LA Times.

Google access update

Sunday, June 4th, 2006

In Beijing, it’s June 5, but the Google inaccessibility seems to persist. Even more, the unavailability of www.google.com on my DSL connection (and it seems, most CNC connections) has dribbled over to affect Google Mail in secure mode.

To recap - on May 28, I documented how to use Gmail in https secure mode. Then starting just before the fourth of this month, I reported on the widespread outage of www.google.com and a hack to get around it by using the naked IP address of Google’s US servers.

Now, the inaccessibility of www.google.com does not affect accessing Gmail in normal http mode (http://mail.google.com), but it does mess it up in https mode (https://mail.google.com/mail). It seems a redirect or some other URL during secure mode hits www.google.com, and when that’s not accessible, the whole thing fails.

The solution is to employ the hack described in the post on May 31. To recap:

Put an entry like this:
216.239.37.104 www.google.com

into the appropriate place in your operating system. See the following directions: for Windows and Mac.

Since most folks use Windows, edit this file, make the mod above, save, quit:
c:\windows\system32\drivers\etc\hosts

For now, that will work around this problem for Google searches and using Google in secure mode.

Google Mail via Secure Connection

Sunday, May 28th, 2006

If you use Google Mail, you should ALWAYS take advantage of a great feature - accessing mail over a secure connection via https. It’s easy. Just access Gmail using the address https://mail.google.com. Not only is your password not passed over the Internet in the clear, the entire session is encrypted and untappable. This will prevent anyone from snooping on your email as it travels from Google’s server (likely in California) to where you are. Gmail is so quick, you’ll never notice the difference in speed. This is not very well publicized, but it’s an excellent feature.

Is it only for the paranoid? No. Reasons for using this feature - you’re using a Wifi hostspot where Internet traffic can be snooped; you’re using a broadband connection in a hotel where others can read your mail; you don’t want a government agency snooping on your messages; you’re in China and don’t want your incoming/outgoing mail to be filtered; you don’t want your contacts viewed by others; and it’s just a good idea.

(If you are using it in China, it can mean the difference between an outgoing email making it through, or being blocked.)

If you are not a user of Google Mail, it really is the best one around. And Yahoo, Hotmail and other free Web-based email systems don’t offer this feature. They may securely transmit your password, but the rest of your session is in the clear. If you can, make the move.

(For other security tips, see the page here called Security Tips for Journalists.)