Tag: Security

A Potential Solution for Shortened URLs

I’m not a fan of URL shortening services such as TinyURL. In my eyes they are nothing more than a security risk as you have no idea where a shortened URL is actually going to take you. That’s a huge problem and hence why I will not click on a URL from one of those services and automatically delete any comments containing shortened URLs. For a while now I’ve been hoping somebody would create some kind of plug-in for Firefox that would automatically expand shortened URLs.

Well somebody has released a plug-in that offers exactly this service. The plug-in is called Long URL Please. Simply put when a page loads Long URL Please replaces all the shortened ULRs with the URL that the URL shortening service redirects to. I installed it and am testing it on a virtual machine to see how well it works. So far it’s doing a pretty decent job although it seems to require knowledge of each shortening services and will only work with those known services. Either way if this plug-in pans out it will be one of those must installs for Firefox.

Everybody Draw Mohammad Day After Shocks

I’m sure most of you who read gun blogs realize that yesterday was Everybody Draw Mohammad Day. The idea was to spit in the fact of censorship by committing sacrilege. A lot of funny and well done drawings were produced. Obviously I didn’t partake in the day’s festivities because I’m incredibly lazy.

But now we have the day after and the person who is credited with the idea, Molly Norris, is apologizing profusely. She’s pretty much doing everything she can to separate herself from the idea she sparked via her cartoon.

So what are some of the after shocks from the event? Well Pakistan went and blocked Facebook and YouTube because they were hosting images and videos for the day’s events. Threats are being made by extremists and one cartoonist is trying to back peddle in an effort to avoid possible attack against her person.

Censorship is dangerous stuff.

Your Daily Dose of Irony

It appears IBM slipped up a little bit:

Delegates to AusCERT, Australia’s premier information security event held this week on the Gold Coast, have taken home a little of the stuff they spent the week agonising over – a virus.

In an email this afternoon, IBM advised visitors to its AusCERT booth that its complimentary USB key was infected with a virus. An IBM spokesman and conference organisers confirmed the email was genuine.

There has to be an award for distributing a virus at a security conference.

This is Why I Have a No Shortened URL Rule

One rule I have here is any comments containing a link that uses a URL shortening service gets removed, no questions asked. I do this because as Bruce Shcneier shows us those shortened URLs are a huge security risk. Cory Doctorow recently got screwed by a phishing attack via a good old URL shortened link:

I opened up my phone fired up my freshly reinstalled Twitter client and saw that I had a direct message from an old friend in Seattle, someone I know through fandom. The message read “Is this you????” and was followed by one of those ubiquitous shortened URLs that consist of a domain and a short code, like this: http://owl.ly/iuefuew.

Never click on a URL from a URL shortening service. You have no idea where they will lead you or what the page they link to will contain.

Real Terrorist Prevention

Bruce Schneier once again points out how our government’s policies and methods for preventing terrorism are wrong. He wrote a recent article for the New York Times that describes what is being down incorrectly:

Think about the security measures commonly proposed. Cameras won’t help. They don’t prevent terrorist attacks, and their forensic value after the fact is minimal. In the Times Square case, surely there’s enough other evidence — the car’s identification number, the auto body shop the stolen license plates came from, the name of the fertilizer store — to identify the guy. We will almost certainly not need the camera footage. The images released so far, like the images in so many other terrorist attacks, may make for exciting television, but their value to law enforcement officers is limited.

Check points won’t help, either. You can’t check everybody and everything. There are too many people to check, and too many train stations, buses, theaters, department stores and other places where people congregate. Patrolling guards, bomb-sniffing dogs, chemical and biological weapons detectors: they all suffer from similar problems. In general, focusing on specific tactics or defending specific targets doesn’t make sense. They’re inflexible; possibly effective if you guess the plot correctly, but completely ineffective if you don’t. At best, the countermeasures just force the terrorists to make minor changes in their tactic and target.

Exactly. Our government agencies focus on specific threats and put in countermeasures for threats that have already been used. When somebody put explosives in their shoes TSA made you remove your shoes at their “security” checkpoints. When somebody tried using a liquid bomb on a plane TSA barred you from carrying bottled water on board (unless you purchased it at an exorbitant rate behind the “security” checkpoint). But bad guys are creative and think up new methods that avoid the implemented specific threat countermeasures.

More On Arizona SB 1070

As I mentioned earlier I do not like Arizona’s new law on grounds that it’s vaguely written and ignores presumption of innocence. Of course with all the screaming, pissing, and moaning over this bill I’ve been trying to figure out why the Hell it was passed in the first place.

Like most issues this one is not black and white. I admit I don’t pay a whole lot of attention to the crime rates of other states unless it comes up in an anti-gun article trying to use those rates to promote their campaign of disarmament. Looking further into SB 1070 the main argument appears to deal with the fact that Arizona has a slight crime problem. First and foremost Phoenix kidnapping capital of the country.

This seems to be the main justification for the passing of the bill, crime. But of course the issue isn’t black and white even with that information. See most of the kidnappings appear to be drug and gang related. But most importantly most of the crime committed by these illegal immigrants is against… illegal immigrants:

Police in the desert city say specialized kidnap rings are snatching suspected criminals and their families from their homes, running them off the roads and even grabbing them at shopping malls in a spiraling spate of abductions.

“Phoenix is ground zero for illegal narcotics smuggling and illegal human smuggling in the United States,” said Phil Roberts, a Phoenix Police Department detective.

“There’s a lot of illegal cash out there in the valley, and a lot of people want to get their hands on it.”

Last year alone, Phoenix police reported 357 extortion-related abductions — up by nearly half from 2005 — targeting individuals with ties to Mexican smuggling rings.

So now I have the justification of the new bill. By targeting illegal immigrants specifically Arizona could stand to dramatically lower their overall crime rate. The problem is the implementation still sucks as it’s vague and gives the police the authority to target individuals without anything more than reasonable suspension.