Why Apple’s Recent Security Flaw Is So Scary

I can’t say for sure whether the National Security Agency had anything to do with this Apple security flaw but it is certainly something the NSA could readily exploit. All the Agency needed to do is control a router between its target and the target’s destination and it would have clear view of the supposedly encrypted traffic.

I’ve said it before and I’ll say it again: America no longer has a monopoly on world-class cryptographers (if it ever did). By encouraging these types of flaws, our government leaves us vulnerable to attacks from foreign nations. Instead, our cryptographers should be working to make American software as secure as it can be.

I hope Apple will track down the developer responsible for this colossal blunder and fire him or her on the spot.

SSL stands for Secure Sockets Layer, and it’s what helps ensure that communication between your browser and your favorite websites’ servers remains private and secure. TLS, or Transport Layer Security, is a more recent protocol that does essentially the same. In brief, SSL/TLS is a cryptographic key that lets a browser and a server know they are who they say they are, a secret digital handshake that keeps your financial information safe when you make an Amazon payment or log into wellsfargo.com.

This all happens in the background; your only direct interaction with SSL/TLS is when you notice the lock icon in your search bar has clamped shut. That means you’ve got a direct, private, secure line.

The Apple bug in question—which, again, has been patched in iOS but not yet in OS X, though Apple tells Reuters that fix is coming "very soon"—means that Safari or one of these other affected applications can’t actually know for sure if the servers it’s talking to are who they say they are. Which leaves you and everything you transmit over the web vulnerable to a Man in the Middle attack.

via Why Apple's Recent Security Flaw Is So Scary.

More money mule opportunities!

Found another GREAT money mule opportunity, courtesy of my posted resume on CareerBuilder. This one’s great because I can use an alias of %1% %2%. What’s more, I’m GREAT at following “witten instructions!”

I just have one question: when are American banks going to get serious about credit card fraud?

Dear %1% %2%,

Are you tired of interviewing and ready to start working?
An excellent vacancy is open now!

Our company has found your Curriculum Vitae in a jobseeker’s database. It seems that you are a strong applicant for a vacancy of a “Check Assist Manager”.

General requirements include following:

– High School diploma or GED equivalent;
– US residency.
– Ability to work on your own and promptness in operations.
– Age: at least 21;
– Computer with internet access and e-mail address;
– 1-2 hours of free time per day for performing your duties business hours;
Hunger for Success is a MUST! Ideal candidate is attentive to details and self-motivated, has customer service mindset, a positive attitude, excellent verbal and written skills, ability to use PC and Internet and the ability to work independently.
Continue reading →

Receiving stolen goods for fun and profit

Got this in my inbox yesterday. If I don’t find a legitimate job soon at least I can always become a money mule.

Reply-To: Baratova.Eleonora@gmail.com
From: Rashad Prince adna133@hotmail.com
To: (me)
Subject: Great job opportunity for Mark Turner

Hello Mark Turner,
a successful organization is seeking people who are wishing to join our company and grow professionally daily.

We are pleased to make you the following job offer. The vacancy I am offering is that of Check Assist Manager. I have decided to contact you after reviewing your resume online. It appears that you have met our job requirements for successful job, and would be a right applicant to extend you an offer for our vacancy.
Continue reading →

How To Stop Facebook From Tracking You – Business Insider

Facebook’s cookies track you across the web. Here’s advice on how to curb Facebook’s appetite for your information.

Most people don’t realize that Facebook can continue to monitor their internet activity, even if they are no longer logged into the site.Using "Facebook Connect," and other social plug-ins, Facebook is able to set up a cookie on any site that has a "Like" or "share" button, giving Facebook access to a startling amount of user information. Technically, the purpose of these plug-ins is to authenticate users, but it still has the ability to collect personal information such as the IP address of your computer, browsing data, outside login information, phone numbers, etc.

via How To Stop Facebook From Tracking You – Business Insider.

Einstein … on humanity?

I saw a quote on a friend’s Facebook page, allegedly from Albert Einstein. It sounded a bit more metaphysical than I would’ve expected from a scientist and, having experience tracking down questionable quotes that were attributed to Einstein and other famous people, I figured the quote was bogus.

So I looked up the quote:

A human being is a part of the whole, called by us “Universe”, a part limited in time and space. He experiences himself, his thoughts and feelings as something separated from the rest — a kind of optical delusion of his consciousness. This delusion is a kind of prison for us, restricting us to our personal desires and to affection for a few persons nearest to us. Our task must be to free ourselves from this prison by widening our circle of compassion to embrace all living creatures and the whole of nature in its beauty. Nobody is able to achieve this completely, but the striving for such achievement is in itself a part of the liberation and a foundation for inner security.

Continue reading →

Carded

In the mail today we got a new set of credit cards. Our current ones have been working fine and are valid for another year but since the Target data breach I suppose the banks aren’t taking any chances.

A letter from the bank reads:

“Dear Customer:

Please begin to use this new credit card to protect yourself after the Target breach.

Thank you for being a loyal customer. Here’s your new credit card to help protect you after the recent data breach at Target stores.”

I noted that, like the old cards, the new cards do not include a smart chip that would go a long way towards preventing the next data breach.

Cheap Thoughts: Food Labeling

I was packing the kids’ lunches today, putting in a pack of granola bars as I normally do, when I became curious. These Nature Valley “Oats ‘n Honey” granola bars from General Mills are tasty and have an appealing photo of the bars next to a fat spatula dripping with honey goodness.

Nature Valley Oats ‘n Honey granola bar box

Putting aside the fact that the dry, brittle granola bars in the packaging look absolutely nothing like the moist granola bars in the package photo, I had to wonder how much “oats ‘n honey” were actually in these bars. A look at the ingredient list told me all I needed to know:
Continue reading →

Back on my old IP?

I’ve noticed more cable modem strangeness this afternoon. I reflashed my router today and noticed that my home cable modem is once again on its old 24.40.133.50 address. I have no explanation for what happened to the 24.40.133.16 address I have been using for the last 24 hours.

It’s not been my experience that TWC/Earthlink swaps out IP addresses so quickly. Normally I get an IP address for many months without it changing. It’s very unusual to have one flip in just an afternoon.

Thinking I liked my newer IP address better, I tried to force a new assignment by unplugging my cable modem for ten minutes. Apparently that wasn’t long enough to do the trick, though. I will have to consider other options.

I still have no explanation for the earlier phantom response. Well, no rational explanation, anyway. I could say it was another quick DHCP assignment but that still wouldn’t account for the missing Microsoft ports which otherwise get filtered at the cable modem of every subscriber.

Are these Time Warner Cable shenanigans?

Mystery host answers for mine

I decided yesterday morning to reflash my home firewall’s version of OpenWRT. This involved rebooting the router, of course, and when the router came up the friendly folks at Earthlink (or Time Warner Cable, depending on who runs the DHCP servers) had assigned my home cable modem a new IP address.

As I worked out a few issues with the new firmware, paring down modules and processes in order to make it all fit inside my modest little router, I decided to test the firewall rules to see whether things were working. From my server hosted outside of my network, I ran a simple nmap test to see which ports were open:

[root@tranquil /home/markt]# nmap -sT -P0 maestro.markturner.net

Starting Nmap 5.51 ( http://nmap.org ) at 2014-02-02 11:44 EST
Nmap scan report for maestro.markturner.net (24.40.133.50)
Host is up (0.035s latency).
rDNS record for 24.40.133.50: user-0c2h19i.cable.mindspring.com
Not shown: 955 closed ports, 40 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
587/tcp open submission
993/tcp open imaps
8080/tcp open http-proxy

Nmap done: 1 IP address (1 host up) scanned in 6.86 seconds

That’s about what I expected, so I turned my attention to other issues, including running another test twenty minutes later:

[root@tranquil /home/markt]# nmap -sT -P0 maestro.markturner.net

Starting Nmap 5.51 ( http://nmap.org ) at 2014-02-02 12:04 EST
Nmap scan report for maestro.markturner.net (24.40.133.16)
Host is up (0.028s latency).
rDNS record for 24.40.133.16: user-0c2h18g.cable.mindspring.com
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
587/tcp open submission
593/tcp filtered http-rpc-epmap
993/tcp open imaps
8080/tcp open http-proxy

Nmap done: 1 IP address (1 host up) scanned in 38.88 seconds

For the second test you can see I’ve got a few other ports showing up (TCP 135, 139, 445). These are supposedly filtered by the ISP somewhere down the line (probably the cable modem-level) to block clueless Windows users from exposing their networks to teh Internets.

You can see that these tests produced different results. It what was the same about these results, however, that caught my eye!
Continue reading →

H1N-What? Wading Through the Alphabet Soup of Flu Names | Molecules to Medicine, Scientific American Blog Network

Judy Stone of SciAm explains the alphabet soup that describes flu viruses.

Muddled about all the new flu viruses?

It’s hard to keep up with the changing names in the news. H1Nwhat? Bird flu. Pig flu. MERS. SARS. Here is a quick overview of this dizzying, dyslexia inducing array, with what you need to worry about, even if some aren’t yet in your backyard.

via H1N-What? Wading Through the Alphabet Soup of Flu Names | Molecules to Medicine, Scientific American Blog Network.