Some Hackers Boldly Plan To Launch Their Own Satellites Into Space To Combat Future Internet Censorships

Internets = srs.biz. Parody motivator.

Image via Wikipedia

HowStuffWorks pointed out that the Internet became a reality was due to space race.  It was the Russians who launched Sputnik into space which prompted the Americans to form Advanced Research Projects Agency in 1958. ARPA was then formed ARPANET.  HowStuffWorks claimed without ARPANET, the Internet wouldn’t look and behave as how it’s today.  If the facts are true as how HowStuffWorks described in its article How did the Internet start? — we can somewhat come to a conclusion that the Internet was intentionally wired the way it had been wired.  This knowledge gives rise to some of us today that we could have also wired the Internet differently if we wanted to, right?  Perhaps, we might never know if the wiring of the Internet was different would be a bad thing, or it might be something even better than what we have now (i.e., today Internet).

Recently, SOPA creates worries for geeks and technical folks out there.  They fear the current Internet might become something much worse if SOPA gets pass soon.  SOPA was a reason why I’d mentioned in my other SOPA articles that smart and technical knowhow folks might create their own Internets if they so wish to not be affected by a post SOPA Internet era.  Today, I stumbled onto the article Hackers Said to be Planning to Launch Own Satellites to Combat Censorship, and I wasn’t surprised to see somebody else was already had a plan for the idea of creating a new Internet.  Since we know Internet was started by a satellite, therefore these hackers might be on the right track.  Perhaps, these hackers might even come up with new ways to create newer version of Internets without requiring of satellites.  You never know!  It does feel like once a hornet nest is poked, there isn’t a going back.

I sure hope the folks who support SOPA by now know that besides the integrity of the Internet structures, there is also the belief in the spirit of the Internet.  The spirit of the Internet is embodied by countless Internet users, and the majority of them believe the Internet should not be a draconian reality (relatively speaking a reality of a digital world of course).  Of course, it’s understandable stealing is bad.  So, I’m not arguing that downloading contents without permissions is bad, but I’m arguing that the approach to stomp out piracy should not be draconic and vague.  When a blanket approach such as SOPA is to be passed as a way to stop online piracy, it isn’t requiring a rocket scientist to figure out that any party with more money, influences, and power might be able to force another party to go out of business even though such a party might not violate the rules and regulations that govern by SOPA.

I think if the governments of the world are naively rolling out more vague/blanket rules and regulations to regulate the current Internet, they might find themselves not only have to regulate one Internet but many more Internets.  Also, they might have to find new rules and regulations to explain to their dear citizens why they have to even create new rules and regulations to regulate the particular Internets.  Will they come out a law that ban people from forming their own Internets?  I wonder how people will react to such a law.  I’m also curious, if there are more than one Internets, would it be a bad thing or a good thing for e-commerce?

Sources:  http://computer.howstuffworks.com/internet/basics/internet-start.htm,
http://www.pcworld.com/article/247147/hackers_said_to_be_
planning_to_launch_own_satellites_to_combat_censorship.html#tk.rss_news

About these ads

Ghost in the Wires Describes Riveting Details Of A Legendary Hacker Kevin Mitnick

Kevin Mitnick

Image by Vítor Baptista via Flickr

Kevin Mitnick was a man who had witnessed his reputation preceded him in ways that he could not have ever imagined.  His past reputation was so prolific in unbelievable manner which had myths built higher in stack, and the myths were about how he had stolen software worth more than $300 million, secrets from covert agencies, and much more.  In fact, he was more of a hacker who had taken the challenges to hack into various phone companies and big tech companies, and the successful penetrations of their servers and networks would most likely be his greatest trophies.  Instead of selling his trophies of source codes of various software he had siphoned away from various well known corporations, he kept them as proofs for how he had hacked into what thought to be digital fortresses.

Even after Kevin Mitnick was able to walk out of the prison, he was forbidden by law not to use any communication technology.  According to Wikipedia and I quote, “Mitnick fought this decision in court, eventually winning a ruling in his favor, allowing him to access the Internet.”  — source:  http://en.wikipedia.org/wiki/Kevin_Mitnick.  Now Kevin Mitnick is living a lifestyle which in a way is way better than how he had lived before, but he can go on hacking without getting into troubles with the law and getting jailed for.  How?  He is making more money by consulting various companies on computer security and ethically hacking into the companies that hire him for his knowledge.  He is currently running Mitnick Security Consulting LLC as a computer security consultancy company.

Kevin Mitnick has a book out which he tells all about his past experiences of avoiding the law and on the run while he was deeply into hacking phone companies and various other tech giants.  Ghost in the Wires was written by two men team.  Kevin Mitnick had teamed up with bestselling author William L. Simon for the writing of Ghost in the Wires.  In the acknowledgements section, Kevin Mitnick called William L. Simon as Bill Simon if I’m not mistaken.  Within this book, Kevin Mitnick described how he was able to social engineer just about anybody on the other end of the phone so he could gain valuable information to further his hacking activities.  With quick thinking and was able to be uncanny in remembering long phone numbers, Kevin Mitnick had no trouble in combining his social engineering and computing skills together to successfully hack into well known phone companies and tech giants.  In fact, Kevin Mitnick was so successful at social engineering and computer hacking, he was able to manufacture his own fake identities.  The book goes on describing how Kevin Mitnick had to hack social security administration, department of motor vehicles, and others so he could manufacture his own fake identities.  Even fake birth certificates were within Kevin Mitnick’s reach.

Ghost in the Wires has some funny moments that describe how naughty Kevin could be with his hacking skill.  I don’t want to spoil such funny moments for you, and so it’s best that you read his whole book on your own and laugh at how naughty Kevin Mitnick was with his social engineering and hacking skills.  Besides the few hilarious moments, I have to admit Ghost in the Wires shows us that determined hackers can accomplish digital magics which we like to think such tricks cannot be done.  Fortunately for those entities which Kevin Mitnick had hacked into while he was living the life of a fugitive, Kevin Mitnick wasn’t out to sell their secrets and made big profits for himself.  Nonetheless, can we say the same for some hackers of today?  Of course, there might be few hackers who have the same spirit as the old and the new Kevin Mitnick, but I think there might be more crackers than hackers.

In summary, Ghost in the Wires was a great read for me.  The writing style was down to earth.  I’d moments of laughter as how Kevin Mitnick had coyly tricked the adversaries through his social engineering and computer hacking skills.  The book was written with everyday people in mind, and so even the readers who could not understand the technical details might not have to miss much.  In fact, reading Ghost in the Wires, I thought I was reading a thriller novel or watching a thriller film.  Honestly, it was great to finally read what Kevin Mitnick had to say for himself in his very own book.  I found his details were riveting.  Especially how he had described his encounters with law enforcement.  Hard to forget moments were how law enforcement officials convinced the judge that Kevin Mitnick could start a nuclear war by whistling into a pay phone and how Kevin Mitnick himself would think the judge at one point thought he could connect to the Internet in prison through a laptop which had not a connection to the Internet (she did not allow Kevin Mitnick the use of a laptop to review the evidences that pertained to his case with a lawyer).

Cory Doctorow Speaks Out About The Coming War On General Purpose Computation

Cory Doctorow, a Canadian blogger/author, at a...

Image via Wikipedia

I don’t know by now if SOPA has already become a household word yet or not, but I think it should have been so.  Nonetheless, not everyone cares what is SOPA since the Internet has always been huge and the word SOPA has yet to deal real damages against their frequent Internet activities.  Of course, SOPA is subtle and so it’s obvious that not everyone would make a big deal out of stomping SOPA at its inception.  Nonetheless, SOPA is a word which ties to a bill which might be passed and affected the Internet as a whole on many levels when not enough bodies scrutinize what will go into the bill.  So, it’s for certain that SOPA is not a word to be jokingly threw around, but it will be threw around nonetheless for whatever purposes there will be.

With SOPA makes headlines as often as it has been, perhaps enough eyeballs and brains are coming to an understanding that it’s something important enough to be addressed and publicized.  Publicizing it enough so even people who have no idea how SOPA would affect them might come to a small degree of understanding that SOPA may create unintentional negative consequences for the general population who regularly visit the Internet for whatever purposes.  Furthermore, some people may come to understand once SOPA becomes law, SOPA will have a high potential in encouraging even more new rules and regulations that have nothing to do with common sense, relatively speaking in regarding to the Internet.  Instead, such rules and regulations might exist so someone would be able to quickly plug each loophole there is one at a time, in regarding to their specific bottom line.

I have an analogy to why SOPA can create a chain reaction of negative consequences, and eventually the chain reaction gets so bad that it might break the Internet altogether.  This analogy would be someone found a leak on a boat made out of wood, and this boat found itself in the middle of the vast ocean.  He or she thought it was a good idea just to have someone quickly stomped on the leaky hole for now.  Eventually, such a measure would not help and so more able bodies had to scoop the rising water out of the boat.  Finally, it was obvious to the captain of the boat that one action which supposed to solve the problem was not really the solution, but it had created a chain reaction of negative consequences which led to an eventual, unsolvable problem at the end.  The boat would sink to the bottom of the deep blue ocean.  The ocean was nice, but the passengers on a sinking boat had not such a notion since they were on the way down to their deaths.

Without enough voices that would speak out against something as SOPA, I think the Internet might not be able to thrive for the small people.  Remember this, the small people are the majority of the Internet users.  Understandably, no matter how noble the purposes that justify the naive existence of a thriving Internet, the Internet will always be a commodity.  Then again, who to say the Internet should only be a commodity but not some other meaningful means that could be really useful and convenient for the small people (i.e., the majority users of the Internet).  After all, without these small people who have been eagerly found themselves to be attracted to the Internet as bees to honey, there won’t be much of the Internet anyway.  Without the worker bees, there won’t be much of a beehive anyway, and the queen bee would not be able to matter much since the population of the bees is basically about to be wiped.  I think a smaller, less interesting, heavy regulated, and insensitive toward small people Internet might not be a hot commodity in the end.

Some people might argue that it’s fine to go back to the old ways of doing things. Unfortunately, once you let the genie out of the bottle, it would be almost impossible to have the genie back inside the bottle.  Majority of people might just go on creating their new little pockets of Internets and circumventing the heavy censored Internet anyway.  Little pockets of new Internets would spring into existences, but none would be better than the original Internet.  Perhaps, things would move forward, but things pertain to the Internets would go on to be scattered, and nothing good would come about to have many disconnected Internets.  Or I could be wrong and good things might come about to have many disconnected Internets for the small people, but the big people might have the worst time in trying to regulate many more disconnected Internets.  Things get expensive for the regulators, and nothing would have stopped the small people from enjoying getting together through the means of Internets.  I can be very wrong though, because such Internets have yet to exist, and I’m just speculating.

Cory Doctorow is one of those people who think SOPA and other insensitive DRMs might not address the problems but might bring about even bigger problems in the end.  It could be that I misunderstood him, but I thought he insinuated the idea of having DRMs for contents would have similar eventual consequence to how the authorities went about the war on drugs, it would go on unending.  Nonetheless, he also pointed out the future of general purpose computer and the free as now Internet might not be viewed in the same category as war on drugs, because these things we care about aren’t the fixes for getting the next bigger, better high; instead, these things are excellent at bringing people together for whatever purposes, and nothing which came before now was able to do the same.  Therefore, we might not want to view waging wars against insensitive Internet censorships that have had many gripes against small people (i.e., the majority users of the Internet) as to how we have viewed the war on drugs.  Check out Cory Doctorow’s speech right after the break.

Source:  http://boingboing.net/2011/12/27/the-coming-war-on-general-purp.html

With The Release Of Reaver, Now Anyone Can Exploit Wi-Fi Protected Setup Flaw Freely; Reaver Releases As Open Source Software

English: Internet wireless router

Image via Wikipedia

Just recently, I had touched on how easy it’s for hackers to exploit and acquire PINs from routers that have Wi-Fi Protected Setup feature enabled (Wi-Fi Protected Setup PIN Method Has Flaw, Allowing Hackers To Deploy Brute Force Attack For Valid PIN Number In Lesser Time Than Before), because there has always been a flaw which associates with this particular feature, consequently allowing hackers to deploy brute force attacks and correctly guess PINs in less time than ever before.  It’s not a surprised for us to see someone has already had a tool which could hack a router for Wi-Fi Protected Setup PIN.  In fact, someone is releasing such a tool to the public already.  So, in a way, we can say once the exploits are known, smart hackers who write their own codes usually can come up with new tools to penetrate the flaws of most computer systems.  In this case, it’s no different, because the folks at Tactical Network Solutions has had such a tool known as Reaver which they probably use to do their own penetration tests on their own networks and clients, as a way to stay ahead of the curve so they can prevent their own networks and clients from being hacked.

Since the Wi-Fi Protected Setup exploit has been discussed publicly, the folks at Tactical Network Solutions are now releasing Reaver to the open source community, and this means anyone can download it and start using it.  Of course, like any tool, bad people can use it to break into other people’s networks, or good people can use it to do penetration tests on their own networks so they will know how resilient their networks would be against certain hack attacks.  The folks at Tactical Network Solutions also release Reaver as a commercial version which they claim it would be even more feature rich than the open source version.

Basically, once Reaver allows the hackers to attain the correct Wi-Fi Protected Setup PINs, the hackers can further more use Reaver to recover WPA/WPA2 passphrase in 4 to 10 hours range.  As long the owners of the routers/networks aren’t yet disabling Wi-Fi Protected Setup feature, no matter if the owners change their WPA/WPA2 passphrase to anything, the hackers will always be able to recover WPA/WPA2 passphrase using Reaver.  This is quite serious, because Reaver is just a tool where anyone can download and use freely.  So, if the manufacturers of most routers aren’t going to patch the flaw, then it’s really up to the users of such routers to disable the Wi-Fi Protected Setup feature.

It seems to me that the folks at Tactical Network Solutions suggest that once hackers guess the Wi-Fi Protected Setup PINs correctly, hackers can take control of the routers.  Worse, I think hackers can also insert themselves into the middle of the compromised networks to listen and sniffing and recording, consequently reading the network traffics for plain text data.  Of course, they can also read the encrypted data in encrypted form only, but hackers who have the will to decrypt the encrypted data might also have tools that allow them to decrypt encrypted data in time.

In summary, if your router hasn’t yet had Wi-Fi Protected Setup feature disabled, it’s currently an easy target for just about anyone who has the will to download Reaver and use it for hacking your router.  Usually, if someone hacks your router, they might have an even more insidious intention than just stealing your bandwidth.  Perhaps, they might use your bandwidth to do some serious hacking against some big corporations, and you would be the one to take the blame.  After all, once the hackers done with what they had to do, they could always clean up their trails and leave almost no trace of theirs behind.  The authorities would have a hard time to believe your story as in “It wasn’t me,” kind of thing.  So, I recommend you to turn off Wi-Fi Protected Setup feature at all cost and wait till the manufacturer who produces your router to come up with a patch that can address this particular exploit.

Sources:  https://threatpost.com/en_us/blogs/attack-tool-released-wps-pin-vulnerability-122911,
http://www.tacnetsol.com/news/2011/12/28/cracking-wifi-protected-setup-with-reaver.html,
http://code.google.com/p/reaver-wps/

I Wish To See Cloud As An Open Source Cloud As A Service

English: Cloud Computing Image

Image via Wikipedia

Cloud computing is usually shortened for just cloud.  Cloud is now a word that most people carelessly throw around, because it’s one word which has been promoted heavily by the tech industry.  And I quote Wikipedia, “Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a metered service over a network (typically the Internet).” — Source:  http://en.wikipedia.org/wiki/Cloud_computing.  I’m surprised that Cloud hasn’t yet becoming an open source cloud as a service.

I think I need to clarify on what I mean by “cloud” as an open source cloud as a service.  Imagine having someone whips up an open source cloud as a service software that would allow strangers to come together and share computing resources, consequently allowing each participant to have more cloud storage space, cloud computational resource, and cloud this and that.  Of course, such an open source cloud as a service software needs to provide or implement a unique security protocol so it would be almost pointless to decrypt and pry for information without proper authorization.

Such open source cloud as a service software should be freely distributed to anyone who wants to promote their own open source cloud as a service environment/ecosystem.  I guess, someone just needs to start a first node, then the rest can join!  Once again, I like to emphasize on the security implementation; if a security implementation isn’t done right, instead of having an open source cloud as a service, people who participate might find their personal open source cloud as a service ecosystem to become a zombie service where hackers use this particular computing ecosystem to deploy attacks such as Denial-of-service.  It would be bad indeed.

Furthermore, if proper brains come together and agree, who would say a business model might not spring into existence from having an open source cloud as a service, right?  Anyhow, this idea of mine might be a foolish idea, but I don’t mind throwing foolish idea into the cyberspace.  Then again, this foolish idea might already be in the work by someone else who has yet to announce his new creation to the world; he who quietly codes away from his tiny table somewhere in this world.

Update:  Imagine an open source cloud as a service as an open source Internet (but a small cohesive cloud Internet ecosystem which can grow quite large), because people would be using one another computational resources, whether that be hardware and software, to create an open source cloud ecosystem which isn’t that different from a commercial cloud service/ecosystem.  Imagine Amazon S3, EC2, and other Amazon web services as open source services, and the participants don’t really need to spend cash/credit other than their already available physical hardware, software, and bandwidth.  Come to think of it, bandwidth might be a problem.  Nonetheless, BitTorrent works out just fine, and so open source cloud as a service might work out just fine too, I hope.  And yeah, I don’t think open source cloud as a service will be similar to BitTorrent, because this isn’t about peer to peer protocol, but it’s probably something else entirely.

Update:  I can see energy cost and frequent unplug/shut-down of hardware and shoddy hardware might hamper the idea of open source cloud as a service, but dedicated users/participants might not have such problems, I guess.

Wi-Fi Protected Setup PIN Method Has Flaw, Allowing Hackers To Deploy Brute Force Attack For Valid PIN Number In Lesser Time Than Before

According to threatpost’s article “WiFi Protected Setup Flaw Can Lead to Compromise of Router PINs,” your router with Wi-Fi Protected Setup enabled can allow hackers to take less time to figure out the PIN number and have access to your wireless network.  The article suggests that Wi-Fi Protected Setup reveals too much information when it tries to authenticate a device, consequently allowing hackers to take less time in acquiring the valid Wi-Fi Protected Setup PIN number through brute force hacking method.

I’ve always disabled my Wi-Fi Protected Setup, because it seems to me as if it’s just another door for hackers to break into.  When reading the piece from threatpost, I’m glad that I’d been careful all along.  Most modern routers provide Wi-Fi Protected Setup feature so users don’t have to actually enter long WPA2 passphrase for connecting to a wireless network, because Wi-Fi Protected Setup requires a PIN number (e.g., 1234567…).

I’m no expert on Wi-Fi Protected Setup, because I had avoided using it from the very beginning.  It seems to me Wi-Fi Protected Setup feature has several methods which it’s associated with.  One involves in pushing the Wi-Fi Protected Setup button on the router and then on the client in a short time frame (i.e., less than 2 minutes or so).  After the user pushes the Wi-Fi Protected Setup buttons, user can just stand idle by and wait for the client and the router to automatically communicate with each other, allowing the client to connect to the router, thus the client would be able to surf the Internet using the wireless network which the router provides.  The second method requires PIN number registration, but this very method has two sub methods of its own.  The first sub method requires less work for users, because the users can just hand their devices’ Wi-Fi Protected Setup PIN numbers (i.e., printed on the back of their devices or generated by their devices’ software) to the administrators.  The administrators then have to enter users’ Wi-Fi Protected Setup PIN numbers into a router or access point‘s administration control panel (e.g., https://192.168.1.1) to register users’ Wi-Fi Protected Setup PIN numbers with the access point, consequently allowing users’ devices to connect to the particular wireless network.  The second sub method requires the users to enter the Wi-Fi Protected Setup PIN number of the router or access point onto their devices’ software, consequently allowing the client devices and the router or access point to communicate with each other (i.e., granting wireless network access).  The piece from threatpost emphasizes the weakness in the second sub method of the Wi-Fi Protected Setup PIN number method, because the hackers only need the Wi-Fi Protected Setup PIN number and not having to be within certain distance of the access point or the router.  The third method of Wi-Fi Protected Setup feature involves with Near Field Communication method.  Wikipedia‘s article “Near field communication” explains rather well on how Near Field Communication method works.

threatpost suggests that most modern routers tend to enable Wi-Fi Protected Setup feature by default.  If you are aware about the flaw of Wi-Fi Protected Setup PIN number method, then you might want to disable Wi-Fi Protected Setup feature so the hackers won’t be able to use brute force attack to acquire the Wi-Fi Protected Setup PIN number of the specific access point or router.  threatpost suggests many well known brands are all being affected by Wi-Fi Protected Setup flaw; as long any router has Wi-Fi Protected Setup feature with PIN method enabled, then the hackers who aware of the Wi-Fi Protected Setup PIN number flaw can brute force attack the router for the Wi-Fi Protected Setup PIN number in less time than ever before.

Sources:  https://threatpost.com/en_us/blogs/wifi-protected-setup-flaw-can-lead-compromise-router-pins-122711
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
http://www.wi-fi.org/knowledge_center_overview.php?docid=4614

Follow

Get every new post delivered to your Inbox.

Join 982 other followers