Skip to content

Deepwater Horizon

image

Posted 09 May 2010 § Comments Off °

The Union Forever Video

I found a video worthy of updating my very popular post on the White Stripes song, The Union Forever.

Posted 07 May 2010 § Comments Off °

American Express and Security

This originally started as an email to some coworkers, but I think people here might find it more interesting.

If you have an amex online account they limit your password to 8 characters and you can only use numbers and letters. That’s not very secure (I could write a program to guess every password in those restraints in a matter of minutes.). So someone complained. (Note: I’ve complained by phone myself and got no response.)

I wish that I could use a stronger password for this site. 8 characters are NOT enough.
Response (Gaurav Sharma) 02/06/2010 05:53 AM

And the response.

Thank you for your email regarding your online password.

I would like to inform you that our website has a 128 bit encryption. With this base, passwords that comprise only of letters and alphabets create an algorithm that is difficult to crack. We discourage the use of special characters because hacking softwares can recognize them very easily.

The length of the password is limited to 8 characters to reduce keyboard contact. Some softwares can decipher a password based on the information of “most common keys pressed”.

Therefore, lesser keys punched in a given frame of time lessen the possibility of the password being cracked.

Moreover, American Express is committed to protecting the privacy and security of all of our Cardmembers, both on-line and off-line. We believe that our current security measures, which include our sophisticated monitoring systems to detect unusual or fraudulent card activity, provide strong, ongoing protections for our Cardmembers.

Rest assured, I have forwarded your comments to our webmaster for review. During this review, we may contact you if additional information is required.

We value your membership and wish goodness and health to you and your family.
Sincerely,
Gaurav Sharma
Email Servicing Team
American Express Interactive Services

American Express Company
Image via Wikipedia

Eight characters makes a pretty weak password. The rationalization is twofold. First, when looking though a keylogger's output the password will be hard to identify, and if it was really long and random it would be easy to pick out. (Think the output of virus that is reporting back thousands of people's keystrokes.)

Secondly when a password is stolen or guessed that they can detect the fraud with their "special sauce" monitoring and take care of things after the fact.

I'll assume that the credit card companies want to protect themselves from losses of which fraudulent charges are a large part. I can attest to credit card companies alerting me my number was stolen way before I noticed it. (It's happened a couple times, I even had my card copied by a cashier once.) So I figure they must have run tests and figured out this was the best way to protect their money.

The problem is I think they're wrong and the limitation is part of a hold over from old computer systems. They wouldn't lie would they?

Posted 25 March 2010 § Comments Off ° Tagged:

Brooklyn Technical High School Alumni Today!

Brooklyn Technical High School

Image via Wikipedia

I hate the feeling of being sold.

I've been getting a lot of emails and letters in the mail from my Alumni Association asking for me to update my info. Let me correct that.

I've been getting a lot of emails and letters from a book company that my Alumni Association has sold my information to. If you're a Brooklyn Technical High School alumni you've probably been getting them too. So I called them up, give them my info they so desperately needed.

They said I'd probably be surprised to know how many other Alumni might be in the area of Brooklyn that I live in. I told them, "No I wont, everyone is on facebook." Going downhill from there, I was hard sold on the $100 book (two easy payments..) and then the $80 softcover book , and then the $40 CD-ROM.

I can't honestly figure out why they're selling a CD-ROM.

I guess I can, most of their customers are going to be older alumni. (Like my dad, who didn't buy the book either. Hi dad!) I can actually think of a few good reasons to own the book, like getting in touch with older alumni mostly. But I can't justify spending that much for a list of names with pictures and stories.

I figure if they're going to use my info for their business I'll use my info for my business.

My education at Brooklyn Tech gave me an extra edge when I entered college and the workforce. I have applied the lessons I learned there, in both classes and  clubs, to my work and my life. Notably, founding BTHSnews.org taught me what it takes to lead a team of people, and the CCNA classes taught me how to take care of complex networking issues with ease, allowing me to concentrate on higher level problems when I started Wizard Computing, LLC, my computer consultancy.

Seeing the directions the people I met in school, and continue to meet though BTHSnews.org, are going makes me proud to be an alum.

Posted 24 March 2010 § Comments Off ° Tagged: ,

H2K2 — Email Hacking

I found my original post from two years ago on this subject. I didn't tell the story then, so consider this an update. ;-)

H2K2 — Email Hacking from reconbot on Vimeo.

This is an old one, we used ettercap to sniff the wifi at h2k2.

http://en.wikipedia.org/wiki/Hackers_on_Planet_Earth#H2K2

A lot of fun was had in those few days.

A few years later, I found this video and checked the user/pass reading from the video. They worked! I contacted him to change his password. He was shocked about the event, and I was shocked nobody has seen the video and messed with him. Instead of being angry he felt it was stupid of him to check his email at a hacker's conference.

I should also add it was outlook web access 2000(?) without ssl. But if it was SSL I could have MITMed it. ;-) I even think back then it would have been SSLv3.0 which you could just break.

Aww, Those were the days.

Posted 23 March 2010 § Comments Off °

Haiti — 2010

This week Haiti was destroyed.

Most of the country. Haiti not without it's problems before have now overnight lost about 100,000 people. To put it in scale that's over 50 times the number of people who died in hurricane Katrina, and that's only in the first few days.

The U.S., China, and the EU are all stepping up to help and give aid. The country will need to be rebuilt. This will be the first time I'm going to get to watch a country be rebuilt that isn't at war. (Other countries may have been destroyed and rebuilt in my lifetime but I haven't watched them.)

The concept of Country building blows my mind. I have a feeling that there is already large power plays going on around which country gets to rebuild (and possibly own or control) Haiti. Interesting times ahead.

The Haiti Dominican Republic Border showing how logging for charcoal has destroyed the Haitian side.

Posted 14 January 2010 § Comments Off °

Steps to overthrow a country

I'll rewrite this post when I'm more educated. The heightened "random" security restrictions on air travel bothers me immensely. We can now more then ever be restricted from travel for any reason. I'm waiting to hear 3rd party candidates delayed from attending rallies. (There's a story from Russia to this effect.)

I'm angry, but I'm even more angry that it doesn't matter how angry I am.

–Francis

Posted 27 December 2009 § Comments Off °

This American Life #348: Tough Room — Act 4: Malcolm Gladwell

I've been sitting on this one a while. Its a story about how not to act in a newsroom.

This American Life #348: Tough Room — Act 4: Malcolm Gladwell

Posted 10 December 2009 § Comments Off °

Cat in RAW

I like to think RAW images are a far superior way to take images because you get more data and can mess with the white balances etc. The problem always being I don't know how to mess with the data to get better photos. And when I tout "Oh well don't worry we'll just use Raw" when referring to light conditions etc, I often get jeered because I don't know what I'm talking about.

It's true, but I'm not wrong.

Using nothing but "auto" settings, I've doctored up a photo I took of Alex in two formats (I used Sara's camera which can take both Raw and Jpeg at the same time. A Canon Digital Rebel XTi E05 if you're wondering, but that doesn't mean much to me.)

If this looks odd below you can click through to the comparison tool's page itself.

Posted 29 October 2009 § Comments Off °

My thougts on the kindle and techonology advancing past books

I write more for other people's blogs then I do my own.

When I think of the Kindle, I think of an awesome device (the big one is wonderful to use) with a free data connection that needs to be hacked to be useful. Hacked to remove the ability to remove books. Hacked to allow browsing of the web. Hacked to allow my own content to be freely placed on the device. The hacking negates the free data plan because the device no longer functions along Amazon’s business model, but it’s your device – so you can use it how you like. You should be able to get your own data plan. ($20/month)

I don’t see why “E-Readers” would have to remove community behind books and libraries. I can argue that “social networks” could work around the devices and books. Especially around trading books – I’ll get into the legality of that–how authors could still get paid and the usefulness and harmfulness of DRM Encryption in that situation–some other time.

I can also argue that libraries are a place for more then retrieving books. You have librarians who are paid experts and curators of knowledge. A Kindle may have a library of books, but it doesn’t have librarians. On a side note, they don’t have quiet work areas or comfy chairs either.

But even though I have a library down the block from my house, I haven’t had the need to be in one for a long while. I have my own comfy chair, and don’t read books that often.

One thing the Kindle does facilitate that a library can’t is that I could write a book and publish it on the Kindle for free, and distribute it worldwide without cost and with an excellent margin. Sites like Lulu allow me to make print copies, but their costs are non-trivial (good rates, but not cheap). That kind of freedom is liberating. I wont argue that publishing companies are worthless, as they are not, but they’ve had a monopoly on publishing for a long time. Devices like the Kindle allowing for self-publishing make me very happy.

In my head, preferring a paper book over a kindle is akin to preferring a small black and white TV over a larger color one. I don’t see the technology being the problem; it’s a tool like any other, and it can be just as enabling for you and me as it can for companies like Amazon and BookSwim.

Comments?

Posted 14 October 2009 § Comments Off ° Tagged: , ,