We [should] all know that trusting third party SSL roots is bad, but if you are still not convinced then read how Comodo's SSL service was compromised. In short a reseller account was broken into and from there the attacker requested certificates for 7 domain names.

What this means is that certificates are issued without being verified. Whether it is the reseller or an attacker that is trying to generate certificates, they are not really verified, they are simply issued. Again, why do people trust ANY of these Certificate Authorities ?

Maybe time to think more about Monkeysphere and/or an SSL verified over DNS system.

Today I found a copy of Metro in the tube and actually picked it up. of course the main news, like everywhere else this Monday morning, was about the earthquakes and subsequent tsunamis around Japan. What disturbed me a bit today was the special event advertisement that had gone out, today was special Pokémon.. . Not sure what to think about this, just plain bad taste or bad timing ?

It appears that some just want to help out the Libyan people so much that they are willing to help them by surprise.. . It's almost comical how MI6 and SAS officers got caught by some farmers and were then handed of to the rebels.

I can only wonder what were the real motivations for this ? Was it out of pure solidarity, that burning desire to do what you can to help ? Create good relations with the future new controllers of Libyan oil ?

Whatever may be the real motivations, I tend to think that a good way to help the oppressed would be to stop selling weapons to their dictators in the first place.

And what a shitstorm this could very well be.. Money is currently (no pun intended) being spread upon the peoples of Saudi Arabia in an attempt to prevent them from committing illegal actions like, protests.

The next move could be on March 11 2011. We will see if either the people settle for money or if the government gives in OR if shit rains and then the western governments get really confused about how to react...

Update - links

• Saudi activist shot dead
• Saudi Arabia on Wikipedia

After seeing this guy, Gregory D. Evans talk last year about Wikileaks, the Anon people, Mastercard and all that I seriously felt this guy was a bit of a phony. It turns out, his emails where got to and twitter accounts, personal and professional where broken into.

It only seems logic that a firm (Liggat) that boasts they can teach how to become a hacker in 15 minutes cannot realistically know anything about security. Anyway, links with more info here:

• Full article from TheTechHerald
• Copy of the announcement
• Gregory's C.V.
• T-shirts sold by Liggat - If they find the attacker they HAVE to offer him/her/them one of these !
• http://ligattleaks.wordpress.com/ - Ligatt leaks - Closed
• ligattleaks.blogs.ru - Not closed (yet?)
• twitter.com/ligattleaks - Close one and many others open..

Bonus image of Gregory D. Evans.

The new year dead birds mystery has been shortly followed by a other mysterious events. Indeed the streets of London have been invaded literally overnight by Christmas trees. They seem to have just fallen from the sky.

You may have noticed in your web server logs that there are a few visitors that seem to come from crappy websites, this is sometimes called referrer spam. This is profitable for a couple of reasons:

• Some people publish their statistics
  dodgy webmasters are happy as they get more links to their sites. Some have added "no rel" or things like that, but still, if the logs are published so are the domain names/urls.


• Google analytics
  Half of the Internet has voluntarily installed a Trojan Horse on their websites, it's called "Google Analytics" and it basically sends all your visitors footprints to Google exceptions apply [1]. I cannot say how Google measures it up, but I am going to guess that this might still be profitable to our dodgy webmasters web site ranking.

Some have started a blacklist of domain names or even IPs that produce referrer spam, I think any blacklist, especially like this one is really bad. For one, if a domain name blacklist became popular then the dodgy spammer could/would start referring competitor's websites. Public blacklists are bad. Always. If they are used then they can quickly get out of control (that's all another story).

For me a simple idea is to maintain my own private list of dodgy domains that I notice in my logs and reject visitors that are referred by them. I'm sure it's not the most efficient thing ever, but who cares, it's mostly to clear the statistics a bit and have a laugh with those that fake referrers manually.

This is a sample of the code I have written, as you can see it is extremely simple:

That should redirect bad referrers to the site they are referring to. The regular expression takes care of an eventual "www." and http|s so you do not need to list the protocol or the standard www subdomain.

[1] Google analytics wont work on those who don't execute javascript or have a special hosts file that includes: 0.0.0.0 google-analytics.com www.google-analytics.com ssl.google-analytics.com

Hello Anonymous. Some people have criticised your actions, called you a "kiddie script" and/or claimed you have hurt "the cause". I tend to disagree because:

• You made noise and raised awareness
• Nobody was hurt and no credit card numbers stolen
• You have been trying other things as well, faxes, phones, videos, paper etc. this shows your goal is not to simply take down web sites
• When things are so openly absurd reactions cannot be avoided
Oh and:
• "They" started it..

Some say you guys are a bunch of kids, if it is true it only adds to your credit.

DDOS does seem to be illegal in many places, but it is definitely not the worst thing that has happened to our world. For me (and many others) these actions were closer to protest then to attacks.

The past week or so has been quite interesting and seems this pending issue will not simply "go away", at least not that easily. I have gathered a few interesting links about what's up and down, I will try to update this.. (there are so many pages about this it's out of control).

Wikileaks

• Petition to governments
• Mass-mirroring Wikileaks - Become a mirror
• twitter.com/wikileaks
• Mirror list status
• Australia blames the U.S.
• Don't shoot messenger for revealing uncomfortable truths - a word from Julian Assange
• WikiLeaks Shines a Light on the Limits of Techno-Politics
• DataCell's word on Visa's behaviour
• Dear PayPal: Wikileaks is not a terrorist organization
• OVH and Wikileaks - "That's how it should work under the rule of law.
• Federal Bureau of Irony
• Bolivian government publishes cables related to them ! - AWESOME !

Internet Protests

• Cyberattacks Are Retaliation for Pressure on WikiLeaks
• Visa.com taken down by botnet volunteers
• MasterCard attacked by voluntary botnet after WikiLeaks decision
• Wikileaks Twitter account (while it lasts ?)
• Hacker toolkits attracting volunteers to defend WikiLeaks
• Tis the Season of DDoS – WikiLeaks Edition - good ddos timeline with crispy details
• Thousands download LOIC software for Anonymous attacks
• A message from Anonymous
• 2600 Magazine condemns DDoS attacks - It's the comments that I like
• Netcraft attack summary: Part 2

Anon sites/channels (many down)

A few Anonymous channels have been taken down, there are plenty of others coming up, going down, moving around etc..

• AnonOps communication - active
• twitter.com/Anonops - active
• facebook.com/anonops - active (if you happen to use facebook....)
• anonops.net - Seems like Enom has removed the name server for the domain on Dec 8 2010: Domain Name: ANONOPS.NET Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com Name Server: No nameserver Status: ok Updated Date: 08-dec-2010 Creation Date: 26-oct-2010 Expiration Date: 26-oct-2011
• anonops.info - domain has been de-activated today (Dec 14 2010): Domain ID:D35610231-LRMS Domain Name:ANONOPS.INFO Created On:29-Nov-2010 18:03:09 UTC Last Updated On:14-Dec-2010 01:08:48 UTC Expiration Date:29-Nov-2011 18:03:09 UTC Sponsoring Registrar:eNom, Inc. (R126-LRMS) Status:INACTIVE Status:TRANSFER PROHIBITED
• twitter.com/Anon_Operation - suspended
• twitter.com/Anon_Operationn - suspended

Some people have been deleting their Paypal accounts and leaving a comments about how they feel.

Today I would like to talk/rant about URL shorteners, these things that take a good old link and turn it into something short and obscure.

One day people realised that sending long links over some mediums such as email or instant messaging could be a pain as the link would sometimes be cut up into pieces, and lose clickability. One of the reasons (IMHO) was that in those days fancy clean URLs were not so common so it would be easy to come across some of those crazy long links.

Then came the tweeting days, when the Internet decided it was time that everybody published content, and because most people have difficulties with literary expectations that exceed one sentence they came up with the brilliant 140 character limit (also to be compatible with SMS). In this situation even a normal optimised pretty link looked super fat, it's like putting a normal healthy human being next to Kate Moss..

This was already becoming a problem but then people took it to the next level, links nowadays get shortened even when posted on websites.. It makes absolutely no sense.. .

So what is wrong anyway ?

• It hides the destination of the link
• It adds a layer of failability, now you depend on the url shortening service, if they go down or moderate/filter your link.. .
• There is a major leak of privacy
• The clicker generates statistics at the URL shortener's service
• The statistics are linked with the person who generated the URL and all the others that have followed the link

These statistics are available to whoever creates the link (you need to create an account generally for this function), there could be more things done with them. I am sure it can be quite interesting to see how a link gets propagated especially if you include IPs, User-Agents and most interesting maybe: the referrer (the site where the link was posted). I am sure with this kind of information you could map a viral movement of clicks a la Hans Rosling.. But as we all know, the Internet is power tool for marketing and the knowledge gained from these services will not benefit science nor the general public, au contraire.

So why ? Why do people use such things ? Even on those Twitter/Identi.ca type things I found that most links can actually fit and with room for a short description. I've even seen some privacy rights organisations who cannot restrain themselves from the urge to use such links, in emails and on their websites. Hello, it's like a vegetarian protesting in leather boots !

I am surprised to be writing this in 2010, I thought this obsession with having the shortest URL would have passed a few years ago.. . What next, maybe The Pirate Bay will start using Bit.ly as well ?

I have been receiving some spam from authenticated hotmail users lately, so I thought it could be useful to report it to them. Remembering some of the Microsoft logic I decided to use the Bing search engine to find out what kind of process they may have set up for the common people to use. Of course I did this because they do not respond to the recommended "abuse@domain.tld" addresses, they are above that sort of thing anyway.

I finally found this very informative page on how to report spam to hotmail and I think "what if I click the link titled How to report abusive e-mail with full headers to MSN?". So I do just that, and guess what, it's a link to a a page titled Dealing with Pornography Online, and the page does not even contain any information on how to deal with porn online... . It's the same for the link to the page that is supposed to explain how to identify if the mail has been sent using their systems. It's hopeless.

It seems I spoke to soon, they have taken note of my email, however their auto replies have been blocked because the ACK emails are sent from misconfigured SMTP servers:

I of course set up some stuff to at least be able to see where this goes.. .. I will update this article when they send the actual response.