I am not a hacker, or even a coder. I am just a somewhat experienced computer user and a reasonably intelligent person. I have never done this before.
My friend didn't think e-mail security was anything to be concerned about, so I decided to put it to the test. I tried to hack into his e-mail.
Within 20 minutes, I had complete access to his XFinity home e-mail (and other things like DVRs and home security). Within 30 minutes, I had aquired new passwords to online vendors that he used. If he had credit card numbers on file with them, I could place orders. Here's how it went:
My friend has a comcast.net email address. I went to comcast and clicked "forgot password". The password reset function asks for answers to security questions. Each answer is like a tumbler in a lock. You have to answer all the questions correctly - at the same time - to open the lock.
In this case, comcast only asks for one answer. This is a lock with a single tumbler. That's the first security hole.
The process also asked for his zip code. Since I knew roughly where he lived, I knew his zip code from google maps.
The second security hole involved how many times you could guess. The answer: unlimited. Good systems will lock out the user after enough incorrect responses, or at least prevent any further guesses for a time period. Or change which security question is being asked.
In this case, the question was asking for a surname - the same surname - over and over an unlimited number of times. I took the 100 most common surnames and went down the list one-by-one. Number 47 opened the lock.
The enthusiasts can do their own thing, but average people who use the internet as part of their daily lives for banking and commerce come to rely on big brand names like comcast and assume that they will be taken care of. This level of lax security on such a large system is just unacceptable.
Tuesday, October 7, 2014
Saturday, March 29, 2014
T-Mobile
They used to be the only good national carrier left. Then they screwed me and stole $28 from me. Now they suck as much as the rest.
Wednesday, August 21, 2013
What we already knew
There are varying degrees of evil. For example, Taco Bell was evil for not including enough meat in their meat for it to be legally classified as meat. But at least they are providing you cheap food when you are hungry. Then there is the level of vile sliminess that only politicians and cable TV providers ascend to.
I used to think that SOME cellular providers had not quite gotten to that point yet. But they have arrived there, moved in, and redecorated.
I'm so tired of writing about cellphones and cellular providers. They all suck. They all suck the same amount. There's really nothing to talk about.
For the first time ever, I purchased a handset directly from a carrier (T-Mobile, the way most people do.) Guess what?! It sucked! I returned it. The re-stocking fee taught me a valuable lesson to never ever ever ever do that again.
But then,,, why even have a cellphone in the first place? I would much rather not. It's been quite a long time since I've had anything other than a hotspot. It's other people that want me to have one.
I hate this crap.
I used to think that SOME cellular providers had not quite gotten to that point yet. But they have arrived there, moved in, and redecorated.
I'm so tired of writing about cellphones and cellular providers. They all suck. They all suck the same amount. There's really nothing to talk about.
For the first time ever, I purchased a handset directly from a carrier (T-Mobile, the way most people do.) Guess what?! It sucked! I returned it. The re-stocking fee taught me a valuable lesson to never ever ever ever do that again.
But then,,, why even have a cellphone in the first place? I would much rather not. It's been quite a long time since I've had anything other than a hotspot. It's other people that want me to have one.
I hate this crap.
Saturday, July 6, 2013
JavaScript Sucks. Here's Why.
I hate JavaScript. It is ruining the internet. So I keep it off. Beware if you just updated to the latest version of Mozilla... they removed the option to disable JavaScript.
JavaScript can be used to improve the user experience on a website. But it virtually never is. Instead, JavaScript is used to load advertisements, track your activity, and add useless social media integration.
Something happened in the news today so I googled it. I clicked on the first link, an article from Forbes.com. The page took FOREVER to load on a fast broadband connection. Finally I realized the reason: I had left JavaScript on.
This particular website from Forbes used JavaScript to exchange data between my computer and the following additional list of domains:
facebook.com
optimizely.com
rfihub.com
doubleclick.net
insightexpressai.com
viewablemedia.net
visiblemeasures.com
adadvisor.net
ajax.googleapis.com
questionmarket.com
content.ad
krxd.net
scorecardresearch.com
rfihub.net
simplereach.com
gigya.com
truste.com
facebook.net
media.net
servedbyopenx.com
cloudfront.net
adsafeprotected.com
forbesimg.com
mookie1.com
bizographics.com
moatads.com
exelator.com
googlesyndication.com
crowdscience.com
2mdn.net
chartbeat.com
mmismm.com
bluekai.com
atdmt.com
bkrtx.com
google-analytics.com
Thats THIRTY SIX different web domains that my web browser contacted and downloaded and/or uploaded data to, in addition to the original Forbes domain.
All of that... Just so I could read a lousy article that was barely 6 kilobytes of uncompressed text.
Sad...
The silver lining of this story: When I completely disabled javascript and re-visited that same website, the 6-kilobyte article still loaded. It loaded fast. And without JS.
Why the hell would anyboby surf with JS enabled?!?!
Too many people don't know better.
JavaScript can be used to improve the user experience on a website. But it virtually never is. Instead, JavaScript is used to load advertisements, track your activity, and add useless social media integration.
Something happened in the news today so I googled it. I clicked on the first link, an article from Forbes.com. The page took FOREVER to load on a fast broadband connection. Finally I realized the reason: I had left JavaScript on.
This particular website from Forbes used JavaScript to exchange data between my computer and the following additional list of domains:
facebook.com
optimizely.com
rfihub.com
doubleclick.net
insightexpressai.com
viewablemedia.net
visiblemeasures.com
adadvisor.net
ajax.googleapis.com
questionmarket.com
content.ad
krxd.net
scorecardresearch.com
rfihub.net
simplereach.com
gigya.com
truste.com
facebook.net
media.net
servedbyopenx.com
cloudfront.net
adsafeprotected.com
forbesimg.com
mookie1.com
bizographics.com
moatads.com
exelator.com
googlesyndication.com
crowdscience.com
2mdn.net
chartbeat.com
mmismm.com
bluekai.com
atdmt.com
bkrtx.com
google-analytics.com
Thats THIRTY SIX different web domains that my web browser contacted and downloaded and/or uploaded data to, in addition to the original Forbes domain.
All of that... Just so I could read a lousy article that was barely 6 kilobytes of uncompressed text.
Sad...
The silver lining of this story: When I completely disabled javascript and re-visited that same website, the 6-kilobyte article still loaded. It loaded fast. And without JS.
Why the hell would anyboby surf with JS enabled?!?!
Too many people don't know better.
Friday, July 5, 2013
Random stuff
Wow... 10 weeks into typing on a Dvorak and now I have serious trouble typing on a querty!
My tech predictions for the year were way off. Microsoft seems to be taking the "if we build it, they will use it" approach, and they aren't wrong. The market share for their mobile OS has gone up from 1.9% to 2.9%. Hot damn!
I have a feeling windows 7 is going to be the new windows xp. Now that I disabled the system tray and got a stable virtual machine running, I'm happy with 7. Tried 8. I don't see myself using 8 any time in the forseeable future.
My tech predictions for the year were way off. Microsoft seems to be taking the "if we build it, they will use it" approach, and they aren't wrong. The market share for their mobile OS has gone up from 1.9% to 2.9%. Hot damn!
I have a feeling windows 7 is going to be the new windows xp. Now that I disabled the system tray and got a stable virtual machine running, I'm happy with 7. Tried 8. I don't see myself using 8 any time in the forseeable future.
Bitcoin PoS
Someone needs to make a business model to manufacture and sell point-of-sale bitcoin transaction machines.
Hmmm... It seems there are android apps for this...
My country 'tis of thee
I have become involved in politics.
That is a problem. I hate politics and if the system worked I never would have needed to get involved.
But the system is broken. Congressmen no longer represent constituents... they represent dollars. And with that- the country is doomed.
Every industry is now slowly moving toward an oligopoly.
The credit card industry: VISA/Mastercard, American Express, Discover.
The wireless industry: Verizon, AT&T, T-Mobile, Sprint.
The airline industry: United/Continental, Delta, Southwest, and US/American.
Package delivery: FedEx, UPS, DHL, USPS
In all these industries the companies follow each other to fix prices and avoid competition. It is in their interest to keep the number of players low to keep cooperation simple. Major mergers are common and desired. Multiple brands are kept to give the public the illusion of choice. For example, VISA and MasterCard are owned by the same company. AT&T tried desperately to merge with T-Mobile after successfully merging with Cingular.
These companies have enough money to completely control congressmen and by extension, the law.
I mentioned delivery companies for a very specific reason. This is one area where a government agency - the US Postal Service - is competing directly with private industry. This situation exists because the USPS pre-dated any of the private companies. It also exists because the USPS has not (since the 1980's) accepted any tax dollars (so citizens aren't forced to pay for one service when they prefer to use another.)
There have been numerous attempts by city and local governments to establish free city-wide wireless internet networks to provide free internet to everyone. In every single case, the project is squashed by wireless companies crying foul and throwing big bags of money at congressmen. In reality, such a project would be perfectly legal and fair as long as they were not funded with mandatory taxes. If instead there was a service fee levied against users, or the service was supported by ad revenue, or had some other business model then all would be good.
But this won't happen because the people no longer have control over their government. Companies can donate unlimited amounts of money anonymously to representatives, thus buying whatever vote or legislation they want.
A new age is coming. The digital age. We have only begun to scratch the surface of what the internet can do. A new form of currency has been birthed into existence. A digital currency called bitcoin, which the banks and government do not control. Bitcoin serves a very specific purpose. Bitcoin is digital cash.
If I wanted to digitally transfer money to another individual, how would I do that? I would have to use a service like PayPal, or a commercial bank, which all charge service fees. I couldn't do it like a cash trade, where there is no fee.
As more and more commerce moves to digital transactions, the commercial institutions processing these digital transactions just keep making more and more money. The money itself is minted by the federal government, but the government is never going to develop and issue a form of digital cash because the credit card companies pay the government not to.
That's why it's so important for us to use bitcoin as much as possible - if money has taken over control of our government, then we need to take back control of our money!
That is a problem. I hate politics and if the system worked I never would have needed to get involved.
But the system is broken. Congressmen no longer represent constituents... they represent dollars. And with that- the country is doomed.
Every industry is now slowly moving toward an oligopoly.
The credit card industry: VISA/Mastercard, American Express, Discover.
The wireless industry: Verizon, AT&T, T-Mobile, Sprint.
The airline industry: United/Continental, Delta, Southwest, and US/American.
Package delivery: FedEx, UPS, DHL, USPS
In all these industries the companies follow each other to fix prices and avoid competition. It is in their interest to keep the number of players low to keep cooperation simple. Major mergers are common and desired. Multiple brands are kept to give the public the illusion of choice. For example, VISA and MasterCard are owned by the same company. AT&T tried desperately to merge with T-Mobile after successfully merging with Cingular.
These companies have enough money to completely control congressmen and by extension, the law.
I mentioned delivery companies for a very specific reason. This is one area where a government agency - the US Postal Service - is competing directly with private industry. This situation exists because the USPS pre-dated any of the private companies. It also exists because the USPS has not (since the 1980's) accepted any tax dollars (so citizens aren't forced to pay for one service when they prefer to use another.)
There have been numerous attempts by city and local governments to establish free city-wide wireless internet networks to provide free internet to everyone. In every single case, the project is squashed by wireless companies crying foul and throwing big bags of money at congressmen. In reality, such a project would be perfectly legal and fair as long as they were not funded with mandatory taxes. If instead there was a service fee levied against users, or the service was supported by ad revenue, or had some other business model then all would be good.
But this won't happen because the people no longer have control over their government. Companies can donate unlimited amounts of money anonymously to representatives, thus buying whatever vote or legislation they want.
A new age is coming. The digital age. We have only begun to scratch the surface of what the internet can do. A new form of currency has been birthed into existence. A digital currency called bitcoin, which the banks and government do not control. Bitcoin serves a very specific purpose. Bitcoin is digital cash.
If I wanted to digitally transfer money to another individual, how would I do that? I would have to use a service like PayPal, or a commercial bank, which all charge service fees. I couldn't do it like a cash trade, where there is no fee.
As more and more commerce moves to digital transactions, the commercial institutions processing these digital transactions just keep making more and more money. The money itself is minted by the federal government, but the government is never going to develop and issue a form of digital cash because the credit card companies pay the government not to.
That's why it's so important for us to use bitcoin as much as possible - if money has taken over control of our government, then we need to take back control of our money!
Subscribe to:
Posts (Atom)