Monthly Archive

I have finished the update process of the CMS, currently running Drupal 5.7.

I also changed the template, I must say I like this one. It kinda grows on ya, don't ya think?

Comments and rants welcome!

This post only serves to inform my readers that starting today, I am upgrading my CMS - a task that should have been done a long time ago. 

Please accept and excuse inconveniences that this process may cause you. I plan to have it all sorted out during a couple of days, but knowing technology, things may take much longer. 

:) 

--> Update: The new platform is in place, now I will experiment with templates and usability... <--

In Norway, where I am currently located, advertising for gaming is illegal. The same goes for alcohol, tobacco and many other things. 

Still, there are a couple of Norwegian TV-channels that floods its poor watchers with gaming adverts - because the company is located in London, and not within the Norwegian jurisdiction. And the past 3-4 months, the ads for gaming in these channels has increased dramatically. 

What I have noticed in the same period, is a dramatic increase in spam emails promoting craps, poker and a large amount of related ads. This led me to asking one of my security buddies in the US if the same is going on in the US. He said that no, no such trend was evident over there.

This has led me to consider that Spammers are no longer only using geographic data to tune their spam, but also offer to target particular areas and times when the clients are buying ads in other medias too - thus strengthening the message to the customer. 

This cross-branding, or cross marketing, is nothing new in RL - you see it in TV, papers and magazines around the year. What I find interesting is that now you can cross-brand yourself in magazines, TV, Radio AND by using spam - at the same time. 

A while back, I blogged about an unfortunate event where a 14-year old girl had to change her name and move to a different location because she had undressed in front of her boyfriend - using a webcam.

Since then, I have had a steady growth of visitors targeting that particular post. Some days, this post even shows up on my list of "Most visited" stories, as shown under:

Of course, me being in Norway, I am culturally obliged to be naive. And for a while, I can accept that. But after 6 months, and the same story keeps pulling visitors, even my limits are reached.

I mean - what kind of sick bastards are searching for the text in this image? (No I am not concerned about the "wep hacker" search...)

Now, I immediately picture some crazy predator like the ones over here.

But - giving it a little more thought, perhaps not all the hits are from wankers - but from young, frustrated guys looking for same-age girls?

If there are predators only, I'd love to do something with it. You know, some ball-crushing or similar exercise.

But - if even only one of the visitors are a young person looking for others in the same situation, or someone who plans to do something similar - then I hope that the post actually may do some good. Either by helping out someone in a difficult situation, or by avoiding such a mistake to repeat itself.

---

If you are still looking for 14-year old girls stripping - you might want to try this YouTube clip! Just be warned - you have to be 18 years or older!

Facebook (and a number of other platforms in the Social Networking revolution) enables great minds to do great things. Many of us uses these services on a regular basis (daily, hourly, or even every moment of the waking hours). 

I for one is a huge fan of networking, and using networking sites enables me to communicate and stay in touch with old and new contacts easily. On the other hand, I recognize the security challenges - namely the ID-theft and the social engineering (SE) possibilities that is enabled through such services. 

One of the messages I try to convey in speeches and trainings is the threat that Facebook Apps may be. Granting an application access to your profile, automatically enables that application to harvest a huge amount of data about you and your friends. Now, most applications are "for real" - thus doing only the thing it claims to do. Still, imagine a business manager sitting on 10s of thousands of users and their data, in need for money. It would be extremely easy to use the data already harvested,  as well as rewrite the application to be more aggressive in it's harvesting. 

The other scenario is malicious apps appearing cool and fun and a "must have". These apps would offer you a service (chocolate) as a killer app - something you just have to have. And you would invite all your friends to use it too. By offering the coolest, it will become popular, and thus the road is open to harvest and use information. Information that you normally only would share with friends only.   

---

In enters the Social Engineer. Uses the information about you, collates it with other info shared on other sites, creating a complete profile of you, your interests, your family, friends, co-workers, neighbors and so forth. 

Perhaps one day he bumps in to you at the local mall. Or calls you because "someone said that you could be interested in ..." 

Having a complete profile of you, he (she) would know all the answers, and thrill you into doing anything. Given enough time, and a valuable target, there are no limits to what can be achieved. 

---

Given this outlook - perhaps it is best to continue as before - in ignorance. Hoping that "it will never happen to me".  

---

I gotta run.

Just got this incredible, almost unbelievable, opportunity! This complete stranger called me out of nowhere!

See you in a bit!  

---

Ka-zing. 

---

(Thanks to Liquidmatrix / Dave Lewis. And man, do I love that cartoon!)

Following this Security mindset by Bruce Schneier, Alex Hutton adds some very insightful thoughts.

Where Bruce focus on "is it possible" and "how can I do that", Alex adds the equation of probability. "Yes, it is possible, but how probable is it?"

I am a great fan of Alex, and reading this post and his replies to the comments reminds me why!  

Gnucitizen established a new community project called House of Hackers. The purpose is to create an area where 

"...support the hacker culture, mindset, way of life, ideologies, political views, vision, etc."

If you are into hacking, and interested in keeping with the community, I suggest you pop over and take a look.

Just a few hours ago, the Tromsø airport in Norway was evacuated due to a hand grenade found in the luggage (Norwegian link).

The hand grenade was found in the hand luggage of a passenger moving through security. I can only imagine the eyes of the security clerk who discovered it.

Eyes Wide Open comes to mind. Certainly, the Big Red Button was very close indeed.

ALARM!

The hole airport was evacuated, secured and shut down.

Only to be reopened 25 minutes later, when the Grenade was discovered to be a belt buckle!

I got a feeling that the security clerk would wish to move forward and dismiss this event as an error. I for one will go on and order a couple of belts. Imagine the disorder to be created if these buckles keeps trying to enter the airports around the world!

Obviously, when it becomes customary to wear and carry grenade look-a-likes as belt buckles, it will be much easier to bring actual grenades hidden as a buckle. So, sometimes soon, I predict the politicians to enforce a

"No Grenade look-a-like Belt Buckles allowed on Airports!"

---

Edit: Just read about the complete opposite experience at the Digital Soapbox! Thanks, Rafal!