X-Geek

Extreme geekiness

There are 699 posts filed in X-Geek (this is page 31 of 70).

Email to Facebook

I posted this in Facebook’s Help forum tonight. I don’t know if it will do any good but I thought I’d use Facebook’s meager feedback channels to at least attempt to alert them to this.

It seems that sometime today I unknowingly became a “fan” of the Mitt Romney page. I never clicked like on Romney’s page, nor does my Facebook activity log show any likes for Romney’s page for at least as far back as October 14, 2011.

I strongly suspect that someone has manipulated Facebook’s database to set this like status without Facebook properly logging it as it would’ve with any other likes I have chosen. Please research this and tell me when I became a fan of Mitt Romney’s page and, if you CAN’T tell me when I became a fan, please explain WHY you can’t tell.

I suspect a hack or virus is to blame. Or a breach of Facebook security.

Thanks much!

Mark Turner
Sysadmin and network security geek
Raleigh

Facebook virus forces me to “like” Mitt Romney

An unlike but no like? Something’s going on here!

Update 10 Oct 2012: Hello Mother Jones readers. Check here for my response to Erika Eichelberger’s story.

I checked Facebook this evening to find status updates from Mitt Romney’s campaign in my Facebook news feed. Thinking this was one of those stupid “promoted” updates that you see on Twitter, I gave it no mind. That is, until I found yet another update from the Romney campaign in my news feed. It was then that I surfed over to the Mitt Romney Facebook page and discovered to my shock that I was listed as “liking” that page.

Umm, no. Obama has raised my ire more than once, of course, but there is no way I’m voting for that clueless millionaire buffoon I call “Rmoney.” How Facebook came to think I would like the Romney page is quite the mystery.

A fellow geek suggested (I assume half-jokingly) that a Romney virus might be responsible for the status change. While I laughed at the suggestion, now I’m wondering if there might be truth to it. I have seen updates saying some friend of mine liked Mitt Romney, only to be surprised that person would do so knowing what I know of them. Not everyone wears their politics on their sleeve the way I do, but when you see multiple instances of this kid of thing you do begin to wonder if these choices aren’t being made without the knowledge of the account holders.
Continue reading

Why passwords have never been weaker—and crackers have never been stronger | Ars Technica

Dan Goodin of Ars Technica wrote an eye-opening piece on the astonishing state of password cracking. Passwords once thought a few years ago to be safe enough to outlast a century of cracking attempts can now be broken in a matter of days (or even hours) – with a $1000 computer, no less.

The ancient art of password cracking has advanced further in the past five years than it did in the previous several decades combined. At the same time, the dangerous practice of password reuse has surged. The result: security provided by the average password in 2012 has never been weaker.

A PC running a single AMD Radeon HD7970 GPU, for instance, can try on average an astounding 8.2 billion password combinations each second, depending on the algorithm used to scramble them. Only a decade ago, such speeds were possible only when using pricey supercomputers.

via Why passwords have never been weaker—and crackers have never been stronger | Ars Technica.

Google Image search is creepy powerful

Google Image Search can read T-shirts


When I want to see if a particular photo on the web is of a real person or just a stock photograph (also of a real person but a model, of course), I like to plug that photo into Google Image Search (GIS). Google can now search the web for similar images and often if several duplicates of an image show up there’s a good chance that image is a stock photo.

In an effort to see if he is who he says he is, today I searched on an image of a man wearing a T-shirt. Google did not find any matching images to the one I provided, which was somewhat expected. What was not expected was that the Goog was able to identify the man’s T-shirt and provide links to stores selling that same T-shirt! Google’s search actually read the wording on this shirt and matched it up with others!

This capability is quite astonishing, and also quite worrisome. Google’s motto is “don’t be evil.” If the company chose, it could become the best friend of any repressive government.

Turning my Ubuntu laptop into an access point

Our beachhouse for the week was advertised as having an Internet connection, so I was looking forward to being able to do some blogging while I’m here in addition to checking out the area’s attractions. It turns out the Internet connection advertised consisted of one wired connection to a dead cable modem. WiFi would have been great, but having no connection whatsoever simply burned me up.

I called the management office on Monday, Tuesday (twice), and today in order to get someone to fix this broken cable modem. As we walked off the beach today at 3:30 PM, the guy from the local cable company was waiting to get into the home. He quickly determined that the cable modem’s AC adapter was the culprit and got the blinky lights working with a fresh replacement. After a few fumbles in fixing things, he was on his way and we had at least a wired connection to the Internet. But how to share this with the other devices in our geeky family?
Continue reading

Cheap thoughts: digitally-signed images

Why aren’t cryptographic signatures wrapped around digital images in order to bolster their authenticity? Such a scheme would be strong proof that an image taken with a digital camera did in fact originate from that digital camera. Thus, if someone claims to have photographed E.T., we could at least say that the image hadn’t been digitally altered.

This would also be useful for protection against phishing. A image’s signature could include the website an image is supposed to be viewed from. Any scammer including a logo from the FBI in their email would raise flags in the recipients’ email client, which would compare the image’s source to the source encoded in the signature. If the FBI logo was intended to be served from www.fbi.gov, the email client could immediately warn the recipient that something funny is going on.

Yes, there would be ways around it but faking a legitimate image would be challenging. A scammer could always design his own, unsigned image or remove the signature through a screen capture. However, without the FBI’s cryptographic key being used to sign the image, the scammer could not fake the image’s signature as being from the FBI’s website.

It wouldn’t be a perfect solution to prevent fraud but it would be an important tool to prove a digital image’s validity.

Thunderbird 13 is buggy


I’ve been a fan of Mozilla Thunderbird for a while now but a recent upgrade to Thunderbird 13.0.1 has shaken that faith. Since I upgraded to this latest version, TB has been slow, the message preview pane has never correctly shown the email it supposedly is displaying, it never cleanly exits, it has unexplained CPU spikes, and overall it’s basically is slow as Christmas.

I Googled “‘thunderbird 13’ buggy” and came upon this post from a fellow Linux user who seems to have the same issues:

Florian Monfort
Jun 29, 2012 – Public
Question for all of you guys !

If there is any of you using Fedora 17, is Thunderbird 13 buggy ?

I have to end the process ALL THE TIME to close it, because after a few minutes it would just keep on “loading message” forever…

Sometimes also I have to wait for ages for my sending message to be copied to the “Sent” folder…. So I have to cancel…

Thing is I used to have Evolution but Evolution is no better …

Can someone help me ?

I’m considering downgrading to a prior TB version to fix things, because the current version frustrates me more than pleases me.

Light-Bot: A fun way to learn programming

Now that their school is out for the summer, I was looking for a simple yet fun way for the kids to learn programming. There are plenty of programming languages I could start them on but that seemed like it might seem like too much work.

Thanks to a blog post from Marshall Brain, though, I found this Adobe Flash game called Light-Bot. Players devise a series of commands to move Light-Bot across a grid and light up all the blue tiles on the grid. The number of commands the player can use is limited and there are two functions that the player can use to automate repetitive tasks. Using these tools, the player can have fun playing while at the same time learn a little about logic and programming.
Continue reading

Microsoft’s Downfall: Inside the Executive E-mails and Cannibalistic Culture That Felled a Tech Giant

As a techie, I could see Microsoft’s decline as it unfolded. Still surprising, since Microsoft seemed invincible for so long. I suppose every industry titan becomes lazy from success.

Vanity Fair always has great writing. I might actually buy the dead-tree edition just to read this.

Analyzing one of American corporate history’s greatest mysteries—the lost decade of Microsoft—two-time George Polk Award winner (and V.F.’s newest contributing editor) Kurt Eichenwald traces the “astonishingly foolish management decisions” at the company that “could serve as a business-school case study on the pitfalls of success.” Relying on dozens of interviews and internal corporate records—including e-mails between executives at the company’s highest ranks—Eichenwald offers an unprecedented view of life inside Microsoft during the reign of its current chief executive, Steve Ballmer, in the August issue. Today, a single Apple product—the iPhone—generates more revenue than all of Microsoft’s wares combined.

via Microsoft’s Downfall: Inside the Executive E-mails and Cannibalistic Culture That Felled a Tech Giant | Blogs | Vanity Fair.

Scientists crack RSA SecurID 800 tokens

Remember when I said we are living in a world without secrets? The security tokens that provide two-factor authentication for a number of companies and organizations have been broken. Instantly, countless confidential files became unprotected.

In the age of globally-distributed mathematic expertise, high-speed computers, and Internet collaboration, codes and ciphers that once looked impenetrable now fall on a weekly basis.

Scientists have devised an attack that takes only minutes to steal the sensitive cryptographic keys stored on a raft of hardened security devices that corporations and government organizations use to access networks, encrypt hard drives, and digitally sign e-mails.

The exploit, described in a paper to be presented at the CRYPTO 2012 conference in August, requires just 13 minutes to extract a secret key from RSA’s SecurID 800, which company marketers hold out as a secure way for employees to store credentials needed to access confidential virtual private networks, corporate domains, and other sensitive environments. The attack also works against other widely used devices, including the electronic identification cards the government of Estonia requires all citizens 15 years or older to carry, as well as tokens made by a variety of other companies.

via Scientists crack RSA SecurID 800 tokens, steal cryptographic keys | Ars Technica.