Tag Archives: hacker
I don’t know things. I just like to posit The Possible with the most negative spin. I guess in my world that makes it The Probable. As you’ll see, I have an active imagination. Imagine the worst to avoid surprises on down the road. -Ed
Have you been worried about what the NSA is up to since the big Snowden season finale reveal? Allow me be the first to say you ain’t worried about nothin’ yet. Or something like that.
That’s the one thing about technology. It’s a curse but it’s also a bigger curse. It’s funny that way.
Tom’s Law #42
Every leap in technological prowess is accompanied by an exponential leap in the Machiavellianism of human beings.
I know that sounds complicated and confusing and chock full of jargon. In layman’s turns it simply means that technology is the means by which we get to be extra shitty to each other. Like always, this can take many forms.
The government, it turns out, likes to make secret arrangements known as “Gentlemen’s Agreements” with the innovators and makers of technology. The public is generally not privy to these manufacturer deals.
In one case, “tiny yellow dots” were generated by color printers and added to printouts. The dots were invisible to the naked eye and could only be seen using a “special kind of flashlight.” These dots are used to watermark the print and encode information specific to the printer like serial number and date and time. The program reportedly existed during the 1990s and was discovered and cracked by the Electronic Frontier Foundation (EFF) in 2005.
Officials at Xerox said that the encoded dots were added at the request of the United States Secret Service which had asked for help and that the program was designed to provide information useful to law-enforcement authorities in tracking down criminals. (Source: Washington Post.)
The process required the involvement of a U.S. consumer (known as the “sucker”) and worked like this:
- Sucker buys a printer.
- Sucker fills out the warranty “registration” card with factual information and sends it in.
- Sucker prints a document using an MS-Word template with help from a paper clip: “It looks like you are writing a death threat and/or extortion demand. Would you like help?”
- Law-enforcement cracks the code and is led to the sucker like Hansel and Gretel following a trail of bread crumbs.
- Sucker is transformed into a criminal and gets free meals and lodging for a long time to come.
In this particular example, we get a fairy tale outcome and everyone is happy. But the moral, so obvious to you and me in this jaded age, is that the program could have been applied to any of us at any time and for any reason.
Another moral of this story: “Registration” is not required for full warranty eligibility. (In some cases a manufacturer can require it for limited warranty.)
So what’s the deal with those cards often euphemized with adorable names like: Warranty Card, Warranty Registration, Product Registration, etc.
Product registration and warranty cards don’t do very much for the consumer, but they are a gold mine for marketing companies. Notice that many cards go way beyond asking for your name, address and the serial number of the product. Questions such as your age, marital status, salary, education, do you own or rent and what kind of car you drive are common.
“Product warranty cards are information collected under the pretense of a benefit where the information goes straight to marketers. The purpose of a product warranty card is not to protect you, it’s to collect marketing information.”
Voluntarily filling one of these cards out when you don’t have to is the proper procedure for earning the “sucker” moniker. And, for bonus points, you’ve also signed up as a participant in a secret government program. Congratulations.
So that covers one example. What else ya got?
You know those blank CD-ROMs you buy to burn your stuff? Did you know that when you do you’re paying a “royalty” to organizations like the RIAA with the federal government acting as the gatekeeper? The theory goes that you couldn’t possibly want blank CD-ROMs for any other purpose than the illegal sharing of copyrighted content, therefore intellectual property holders are entitled to a piece of the action. Yeah, just like that episode of Star Trek.
Initially, in the United States, there was a market separation between “music” CD-Rs and “data” CD-Rs, the former being several times more expensive than the latter due to industry copyright arrangements with the RIAA. Physically, there is no difference between the discs save for the Disc Application Flag that identifies their type: standalone audio recorders will only accept “music” CD-Rs to enforce the RIAA arrangement, while computer CD-R drives can use either type of media to burn either type of content.
Source: Wikipedia – CD-R
17 U.S.C. § 1008 bars copyright infringement action and 17 U.S.C. § 1003 provides for a royalty of 2% of the initial transfer price for devices and 3% for media. The royalty rate in 17 U.S.C. § 1004 was established by the Fairness in Music Licensing Act of 1998. This only applies to CDs which are labeled and sold for music use; they do not apply to blank computer CDs, even though they can be (and often are) used to record or “burn” music from the computer to CD. The royalty also applies to stand-alone CD recorders, but not to CD burners used with computers. Most recently, portable satellite radio recording devices contribute to this royalty fund.
Source: Wikipedia – Private copying levy
The moral of this story is really fun. If you’re the sad sack, that one poor son of a bitch who actually obeys the law, you still get to pay the royalty fee. In essence, for being a good person you are rewarded by subsidizing everyone else’s criminality. Of course, if your only use of blank recordable CD-ROMs is backing up your weekly Quickbooks file, you pretty much deserve what you get. Because, what a shitty piece of software.
For a long time the makers of CD-ROM burners secretly installed “generation” controls. This basically prevented people from burning “copies of copies.”
I went to the store to buy an Apple TV. It’s a device, like a Roku, that streams content from an internet connection to a television. I asked the salesperson if it could be used to send content from the iPad to the TV. “Yep, it does that! Airplay makes it easy as pie! Airplay allows you to share anything from your iPad and project it onto your TV. Your TV essentially becomes a monitor for your iPad.”
“Golly, gee,” I said, forking over my money. “That sounds good to me!”
At no time was I informed that some restrictions may apply. The box (which I still have) said nothing of this. It wasn’t on the store receipt. I don’t recall seeing it on the instructions inside when I finally got home and opened it up. To this day I have no knowledge of ever participating in an “informed consent” decision. Yet, there it sits, on my TV. The message that says, “No, we will not do what you ask. Your TV does act like a monitor, only that it also has the power to refuse requests, albeit politely.”
It’s like a car that won’t drive you to a strip club. Actually, to be honest, it’s like a car that will happily drive you to the Apple Store but suddenly displays a friendly apology when you try to go to the Microsoft Store. (Not that anyone would ever try that.)
The moral here is that the concept of “informed consent” in a retail context is bullshit. You can’t consent to that which was deliberately concealed. “Gotcha,” exclaims Apple. “All your money belong to us.”
What else is going on? Lots and most of it (or all?) takes place without court orders or subpoenas.
- Location tracking via mobile phones.
- DNA databases.
- Social media compliance with government requests.
- Collection of phone call records.
- Eavesdropping on international conversations.
It doesn’t have to be secret and it doesn’t necessarily always come from the government, either. Researchers recently did a study where, using only publicly available “like” information on Facebook, they could deduct, with amazing accuracy, things like an individual’s “intimate personal attributes.” Things like “race, age, IQ, sexuality, personality, substance use and political views.” And that’s using only the Facebook “like” button. Information that Facebook users make publicly available by default. Researchers refer to this sort of data as a “generic class” of digital record. (Source: University of Cambridge.)
Hell, even Pandora, the online music streaming service, recently got in on the act claiming that it can determine the political leanings and voting preferences of its members based on their up/down votes on songs. (Source: Wall Street Journal.)
Data is being collected. And, as incidents like Target and Kickstarter tell us, data is being successfully hacked on a massive scale at an alarming rate. Assuming we trust the collectors to always take our best interests to heart (which we shouldn’t) what about the interests of the people who steal it away? I wonder how much regard they’ll have for us? Dangers like these used to be esoteric thought experiments. Now they are here and growing routine.
If you know me, you know that I like to take what is knowable, that which is established, and treat it like the tip of a giant iceberg. I like to ponder. What else is out there? What else might be going on? Take what is known and extrapolate. Deduct. Guess. Use your imagination.
How would you feel if you went into a job interview and they could pull up a history of everything you had ever search for on the internet? Including phrases like “rubber hose plumpie porn” and what not? Technology makes that scenario not only possible but probable. Don’t forget that computing power is expected to continue to double on a regular basis until it will exceed the combined thinking abilities of every human brain on Earth. That power is going to be used for something.
Police cars currently have the ability to drive through parking lots and scan, in real time, all the license plates. If a car is stolen or the drive has wants and warrants the computer immediately lets them know. What if this scanning technology was extended beyond parking lots and didn’t require a human to operate the system? What if a technology was developed so these types of scanners could be cheaply and easily deployed everywhere that cars go?
I’m also the guy who predicted the NSA Masturbation Database. Imagine if that ever got in the wrong hands? (Meh!) Hackers steal the database, sell it to the Catholic church, and next thing you know, your entire block is being denied holy communion, is excommunicated, or worse!
A lot of people have worried about the day humans will be bar-coded or have RFID-style devices implanted under their skin. But what if the reality turns out to be much more subtle and nefarious than that? “Devices? That hurts. We would never do that to you. You wound us.” What if technological advancement makes it possible to do that, and so much more, using non-invasive means that the individual is literally helpless to prevent?
What then? What will that society look like?
Today’s homework exercise: What else can you imagine? What might be out there right now? Or in the near future? Can you think of any specific examples? Please share them in the comments section below. The NSA will automatically receive a carbon copy.
And now your daily serving of cheeseballz:
Still running Windows XP like me on my home computer? Read on and enjoy:
We’ve all heard about computer exploits and security dangers. Recently announced was a good one. It affects Microsoft Windows (of course) and get this: multiple versions of Windows including the shiny new Windows 7 and all versions back to Windows XP.
The exploit can run malicious code on your computer, and that’s not a good thing.
Microsoft previously announced that it has ended support for Windows XP SP2 so that means Microsoft won’t be issuing a security patch for you folks. Too bad, so sad.
For those with more recent operating systems, yes, Microsoft is willing to help you out. They’ll be releasing a patch in an upcoming Windows update.
The flaw is apparently pretty serious. One article says that experts are predicting “extensive attacks.”
If you’re curious about the term “zero day,” like I was, this is what I found out: A zero-day exploit is one that exists and is known and/or used my malicious hackers prior to the software developer being aware of the flaw. Once again Microsoft is caught with their pants down.