Sunday, June 27, 2010

Easter Eggs

The term "Easter eggs" refers to features that are hidden inside of a software program, DVD, or other such technology.  For example, back in the original Nintendo days, there was a game called Contra.  You started with three lives, and that was a pain.  However, you could also enter a code (now known as the Konami code - after the game manufacturers) to give you thirty lives.  It's been years since I played the game, but I still remember you had to hit up, up, down, down, left, right, left, right, B, A, and then Start, and you would start the game with thirty lives.  That was my first experience with Easter eggs.  Nowadays, you can find many sites that list the Easter eggs in video games.  Aside from video games, many DVDs now come with Easter eggs built in, as you can find on this site

There are typically Easter eggs built in to software, as well.  For example, Microsoft Excel 97 used to have a flight simulator built in to it, but Microsoft apparently removed Easter eggs in their software in 2002.  Note that sometimes people get confused as to what is a hidden feature and what is an Easter egg.

Anyway, even Google has some Easter eggs in it, and I saw an article showing some of them.

Top 15 Google Easter eggs

Tuesday, June 22, 2010

Joe Biden and the war on piracy

The Vice President of the United States is working with groups to fight piracy of music, movies, and software on the Internet.  According to the article linked below, he considers it theft.  A government officer issued a report that sounds like it actually included intelligent recommendations, including working with file sharing sites based out of the United States (and therefore, not subject to our laws).  For example, sharing copyrighted files here is illegal.  However, in other countries it may not be, so how can the United States prosecute people doing it elsewhere?  (Short answer: we can not as it currently stands).  However, they can collaborate with these countries (and put pressure on them too), which is apparently what this report recommends.

This is part of a more widespread intellectual property proposal that includes things like counterfeit pharmaceuticals and other such things.

Sunday, June 13, 2010

Times Square Bomber and Computer Forensics

Most people think just because it is a free email address with no billing address, they are safe, but there are many ways they can be tracked.  Take for example the suspect in the Times Square bombing.  Technology helped lead to his arrest.   The car that was used was apparently purchased in cash after an ad on Craigslist. The guy was apparently somewhat clever in covering his tracks, according to reports. He switched license plates at a place where it was unlikely to be noticed (a garage - when was the last time you checked to see if your license plates are really yours anyway?).  He also attempted to remove the vehicle identification number.  Unfortunately, it is found in a number of places in most vehicles, and the suspect missed a few locations.

So, how did Craigslist play a role? The seller apparently got an email from the buyer, who paid in cash. With that email, authorities can determine what IP address that email was sent from.  With that IP address, it's an easy matter to determine who the Internet Service Provider of the sender was, and you can subpoena that ISP to get the name of the customer.

If that was a dead end, they could also trace the email address.  Let's say the guy signed up for a free Hotmail account.  He signed up from some computer somewhere, so law enforcement could subpoena Hotmail to find out what computers accessed that email account, and follow the trail as mentioned above.

Now, this guy was either sloppy or just did not think they would catch up to him quick enough for things to matter, because there were a number of ways he could have obscured his identity better.

First of all, he should have created this email address from a public computer, and only accessed it from a public computer.  Either that, or he should have "borrowed" someone's wireless Internet connection, because then the trail would lead back to them.  He could have driven around and found one easily (and this is part of the reason not setting up security on your wireless Internet can be a very bad thing).

Secondly, he should have made sure there were no cameras that could help aid in his identification, regardless of the method.  A nice, unsecured location could be helpful, and scouting is important.

Thirdly, he should have made sure to pay in cash (if this were a cybercafe), use a fake ID (in a library), or used a program to try to hide his computer's network card address (if he used someone else's Internet connection).  Each network card manufactured has a unique identifier, so if he connected to my router, I could browse my logs and find out the network card address (known as a MAC address).  Law enforcement could subpoena the manufacturer to get the name of the buyer.  If he was smart, he would have paid cash for a cheap network card (and bypassed the built-in wireless found in most laptops) and used a throwaway one.  Again, if it was purchased recently, store cameras could be used to track suspects.

Finally, he should have used some program to anonymize his Internet usage and/or mask his IP address.

I do not know the specifics of what he did or did not do right, but electronic communication is not difficult to track with a little technical knowledge and the power of a court order.

Link to Story

Saturday, June 05, 2010

Out of Office Message and Privacy Risks

I remember as a child my parents used to have an answering machine.  For those of you too young to remember those, they were basically like voicemail, except they plugged in to the wall.  I remember at some point my parents changed the message from "we are not home right now" to "we can't take your call right now".  I remember the explanation was that if you said "we are not home right now", a criminal would know you weren't home, but the other message might give them pause.  My parents did not lock the doors, by the way, so I do not think an answering machine message would deter them.  I suppose I can see not wanting to say "we are out of the country from June 1 through June 10", but do you really confuse criminals by saying "we can't take your call right now"?  I guess I never felt like it would be a deterrent.

The reason this came to mind is because as I mentioned I am going to be away from PCCC next year.  I am considering what to do with my out of office message.  By putting one out there, there is a slight risk of that information being used against the College.  A smart social engineer could in theory find a way to leverage that information.  However, the alternative is to check my work email, and I am in theory not supposed to when I am on leave.

We use Microsoft Exchange.  This will allow me to put up an out of office message.  I have the choice to reply only to people in the same domain ( or only to people outside our domain (everyone else), or simply everyone.  Most people would just put up an out of office message saying to contact their department chair, but the problem is that by doing so, I open up two accounts for spam.  If a spammer sends an email that gets past the email filters, they will get a reply not only showing my email is active, but also giving the spammer my department chair's email address. 

I could also make it a little more complicated, for example, say email
person at pccc dot edu
(which would of course translate to
...but some people would get confused with this.

Making matters more complicated is that I have some business contacts that I would like to be able to contact me.  If I want them to be able to find me, I should probably provide some sort of email address for them to use to contact me.  So, the end result is going to be me setting up a new email account, to protect my home account from spam, and an added risk to both my email address and my department chair's email address.

Now, to figure out what this message should say...

Wednesday, June 02, 2010

Web Celebrity Hall of Fame

Wow, this is an interesting site (though possibly not safe for work).  College Humor has put together a list of what has to be about 75 sites that have gained fame throughout the years...from "Chocolate Rain" "Numa Numa" "Angry Ginger Kid" (no relation) to the "GI Joe Spoofs".  This is apparently a part of their site that has been up for years, but I hadn't seen it until today.  Definitely very cool to see many of the Internet memes put together in one place.  At one point or another, I have seen most of these things show up in my mailbox or over an instant message.

Warning: This may suck hours from your day.