My password and pin number is …
By chris dalby | January 7, 2009
Photo courtesy of redspotted on Creative Commons License
The last couple of days have been a frantic time on twitter. First off was a phishing scam that spread like wildfire over the weekend, where users were being sent direct messages with a link that redirected to a website that looked exactly like the twitter homepage.  It’s a classic phishing scam, where the phisher lays a trap that looks like the real website, inviting you to log in, thereby getting your username and password. If you look closely, the URL is different.
This was then taken to another level that was unconnected to the phishing scam, when twitter was hacked. This is twitter’s account of what happened:
The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend. These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can’t remember or get stuck.
This really has been an accident waiting to happen. I have been expecting something like this to happen for months. Perhaps it’s a sign that twitter is now going mainstream, along with the recent flood of celebrities jumping on the bandwagon and the daily coverage in the mainstream media. I was expecting the first twitter phishing scam to be in the form of emails, which is why whenever I get an email informing me of a new twitter follower, I never click the link, but copy their username and paste it directly into the browser.
What this highlights is that we all need to be more sensible with the way that we conduct ourselves online. There are loads of twitter mashups online, each one asking for your twitter username and password in order to work. Each one of these mashups probably store our twitter username and passwords in plain text in their database. And I bet everyone uses the same username and password *everywhere*.
So this could be a lesson worth learning from. In my humble opinion, online security has gone backwards like this. Most of the mashups don’t use an ssl, we’re giving the key to our whole online existence and everything is stored and parsed in plain text. So mix it up. Work out an easy to follow way of mixing it up without making life difficult. We shouldn’t be using the same username and password everywhere, and be careful which mashups you use.
The reason I was thinking about this was tonight when I was waiting for the checkout in Waterstones the bookshop. The guy in front of me was keying his pin number into the credit card machine and making no effort to hide his key strokes. I could easily have peaked over his shoulder. I don’t care how fast your fingers are, if someone is watching for pin numbers, they will see it if they are monitoring an ATM or credit card machine with a camera.
In France, where they have been using chip and pin for many years, nearly everyone covers their hand when they enter their pin. Conversely in the UK, I don’t think I have seen anyone cover their pin number. It’s something I do every time and insist my wife does the same too.
So expect more of the same. The phishing and hacking scams on twitter will only increase from here on in. Personally I’m looking forward to seeing more of my non geek friends on twitter. After all, it’s where I spend most of my time.
Topics: Tech Watch | No Comments »
links for 2009-01-06
By chris dalby | January 6, 2009
-
working with flex, air and sql
Topics: Links | No Comments »
License to Hack
By chris dalby | January 5, 2009
Photo courtesy of Steffen M. Boelaars
A story broke yesterday, on the TimesOnline, and although there was initially quite a bit of talk on twitter about it, I am surprised there hasn’t been uproar.
THE Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people’s personal computers without a warrant.
I haven’t noticed anyone on my twitter stream talking about this today, nor have I seen this on any of the national news channels. According to the Daily Mail, there are already 4.2 million CCTV cameras trained on the public in the UK. We truly are a surveillance society. I have also previously read details about microphones being used on the streets of Westminster to eavesdrop on conversations. Although this appears to have been a trial that is not being rolled out.
Maybe we are so used to this surveillance culture, that we as UK citizens are resigned to the fact that we have nowhere to go without being monitored. And now we can’t sit in our own home without our IM, email, browsing habits and files being remotely scanned by the police. What’s to stop them having a sneaky peak through our webcams or listening through our microphones.
Don’t get me wrong, I have nothing to hide. But while CCTV does go a long way to help solving the increasing number of violent crimes in the UK, it is obviously no deterrent, otherwise we would all be leaving our front doors open when we leave the house and our streets would be the safest in the World rather than knife crime at an all time high.
I was listening to TWIT yesterday with Leo Laporte, John C. Dvorak, Robert Scoble, and Dwight Silverman and they were discussing this story and how the police will actually manage to pull this off. I mean, what sort of firewall will we need to prevent this type of infringement on our civil liberties?
I only wish the same amount of effort was being put into getting the country out of this massive economic mess we are in rather than adding another level of paranoia to this broken society.
Topics: Culture, Tech Watch | No Comments »
links for 2009-01-03
By chris dalby | January 3, 2009
-
a twitter poll. great idea.
-
Using python + N95 accelerometer. very cool. want to have a go at this when i get some spare time.
Topics: Links | No Comments »
links for 2009-01-01
By chris dalby | January 1, 2009
-
Bookmarking this for later. Had a quick skim and thought bah humbug. The days off discussing whether twitter is a good tool were a year ago. i'll comment on this after the new year hangover.
Topics: Links | No Comments »
links for 2008-12-31
By chris dalby | December 31, 2008
-
The US Air Force rules of engagement for blogging. could be a great resource for any organisation.
-
a twitter air client with the code. what's not to like?
Topics: Links | No Comments »
Essential Windows Apps
By chris dalby | December 31, 2008
A couple of weeks ago I did a format and reinstall of Vista which is on my MacBook using Bootcamp. After the Vista installation completed, I thought I’d write down the applications that I installed and in the order they were installed. So this is my list of essential windows applications that I must install to help me get my stuff done. I have missed some things that have since been installed, but this list is pretty close to the majority of tools I must have:
AVG Free
Vista SP1
Firefox
Filezilla
TextPad
Office 2007 Enterprise + SP1
IIS
One Note 2007
Visual Studio 2008 + SP1
Java
Flash Player
Skype
Adobe CS4
Nokia Software for N95
ASP.NET Ajax Extensions
ASP.NET Ajax Control Toolkit
WinRAR
Silverlight (IE ony)
Adobe Air
Live Messenger (the download was down for a couple of days)
SQL Server 2008 Client Tools and Management Studio
Adobe Flex
Tweetdeck
WinSCP
Putty
Arduino
Firefox Developer Plugin
Topics: Tech Watch | No Comments »
links for 2008-12-29
By chris dalby | December 29, 2008
-
A great open source chart tool producing stunning graphs in flash.
-
simple gateway for using sms text from most programming languages.
-
date and time formatting in php.
Topics: Links | No Comments »
links for 2008-12-28
By chris dalby | December 28, 2008
-
running a php script with a cron job.
Topics: Links | No Comments »
links for 2008-12-22
By chris dalby | December 22, 2008
-
script to monitor arduino serial port in perl.
Topics: Links | No Comments »
links for 2008-12-20
By chris dalby | December 20, 2008
-
some excellent visualisations using arduino.
-
excellent arduino tutorials.
Topics: Links | No Comments »
My blinking arduino
By chris dalby | December 20, 2008
Tonight I have spent a few hours tinkering with my arduino board. I bought a few arduino bits after Home Camp and haven’t had chance to try them out until tonight. I have to say, arduino rocks! The syntax, the programming language, the way everything is plain and simple. A big ++.
So it wasn’t too hard for me to get up and running with a Hello World. I have since drawn up a list of components that I am hoping to get from maplin in the morning.
I am also heading out tomorrow to buy some kids toys after seeing this excellent Ray Gun twitter alert thing. I love this stuff!
Topics: Tech Watch | 1 Comment »
links for 2008-12-19
By chris dalby | December 19, 2008
-
a great project for an arduino and a kids ray gun toy. might have a go at this one.
Topics: Links | No Comments »
Tweetup Kent - Join us for a festive tweetup
By chris dalby | December 17, 2008
It’s official, there is a tweetup happening this Saturday at 6pm in the Man of Kent pub, Rochester, UK. The truth is, I am having a beer with @fellowcreative (Carl Jeffrey) and we thought it a good excuse to see if we can tempt some fellow Kentish tweeters to join us.
Tweetupkent is on Saturday 20th December from 6pm at the Man of Kent Pub. Not far from Rochester train station, according to google.
So come and join us for some festive cheer. It will be good to tweetup with Kentish tweeters.
Topics: Tech Watch | No Comments »
Viglen MPC-L Useful Commands and Tips
By chris dalby | December 15, 2008
This weekend I have mostly spent installing and configuring my Viglen MPC-L. It turns out the current Viglen distro image has no way of updating using the normal update process. It fails and you get errors. Basically the image that Viglen are currently using uses a really old Feisty version of Xubuntu that has had it’s archive repositories removed. I found that out earlier in the week with a couple of hours of headscratching.
You have to download the right distro and upgrade in the right way. I followed the excellent blog post by Nicholas O’Leary and Andy Stanford-Clark’s Hints and Tips for Ubunu on a Viglen. Both these posts saved me a huge amount of time and give you everything you need to know to get up and running with the Viglen. Albeit it took the best part of a day for everything to upgrade through the different OS releases.
So the Viglen is now running Xubuntu Hardy 8.04.1. I have configured it to be my home automation hub. It is currently running rsmb that is publishing and graphing electricity usage data from my Current Cost meter using rrdtool. I will be adding services and more devices like arduino when I can find time. Pachube is high up on my list as I reckon I know how I can do this, now I have the Viglen, I have the right platform to simply publish data to this service.
I thought it would be a good thing to share the list of commands that I have used, to act if nothing else as a reminder for me.
How to find out the version of ubuntu installed:
lsb_release -a
List the installed packages:
dpkg –get-selections
lsmod - list loaded modules
Dmesg -Â tells you what port connected to
To connect to the serial port:
cu -l /dev/ttyUSB0
Then to set the baud rate:Â cu -l /dev/ttyUSB0 -s 2400
Get the serial port working:
Wget
http://search.cpan.org/CPAN/authors/id/C/CO/COOK/Device-SerialPort-1.002.tar.gz
perl should be already installed. You can get the serial module here: http://search.cpan.org/CPAN/authors/id/C/CO/COOK/Device-SerialPort-1.002.tar.gz
Install it like this:
tar -xzvf Device-SerialPort-1.002.tar.gz
cd Device-SerialPort-1.002
./configure
perl Makefile.PL
make
sudo make install
To change permissions to allow writing on /var/www
sudo chmod o=rwx /var/www -R
then copy your files over and when you are done:
sudo chmod o=x /var/www -R
DHCP Setup
sudo apt-get install dhcp3-server
# Sample /etc/dhcpd.conf
# (add your comments here)
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers 192.168.1.1, 192.168.1.2;
option domain-name “mydomain.example”;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
range 192.168.1.150 192.168.1.200;
}
Cron Tabs:
crontab -e -u ‘me’
Then the crontab itself to run rrdtool:
# USER=name
SHELL=/bin/bash
# HOME=/home/name/
PATH=/sbin:/bin/usr/sbin:/usr/bin:/home/name
0-59 * * * * /home/name/currentcost/bashfilename
Install a lamp server on ubuntu
sudo tasksel install lamp-server
Install RddTool
Apt-get install rddtool
You must have a dev compiler running to be able to run the serial port stuff:
Re: C compiler cannot create executables
You must have libc6-dev-i386 (not just libc6-i386) installed
Also these installed:
apt-get install gcc
apt-get install g++
Shutdown command
sudo shutdown -h now
Set root password:
ssh root@<server-ip-number>
passwd
Install Essential Tools:
sudo apt-get install build-essential man
Time Zone Stuff and install NTP server:
sudo dpkg-reconfigure tzdata
# Check time is correct
date
sudo apt-get install ntp
Topics: Tech Watch | 1 Comment »
links for 2008-12-14
By chris dalby | December 14, 2008
-
installing and configuring dhcp on ubuntu.
-
Great guilde for installing and configuring ubuntu and ruby.
-
cool video service.
Topics: Links | No Comments »
links for 2008-12-13
By chris dalby | December 13, 2008
-
Validating email syntax with regular expressions in .NET
Topics: Links | No Comments »
links for 2008-12-12
By chris dalby | December 12, 2008
-
How to upgrade the vidlen. Great blog post detailing the same issues and head scratching I had this week.
Topics: Links | No Comments »
Home Camp Review
By chris dalby | December 10, 2008
It has been a couple of weeks since homecamp and I haven’t written a blog about it. Henous I hear you say. But seriously, I am so busy at the moment. Pulling off Home Camp in 3 weeks was hard enough, but the follow up was almost as hard. Juggling it amongst client work, was even harder.
There has been some great blog posts about Home Camp and I’ll not attempt to regurgitate their content about the day. Here are a selection, and if you are missing from the list, let me know.
Homecamp by Dale Lane
Home Camp Unconference - inspired me by the thoughts
The Inaugural Homecamp
Home Camp Deman Shifting
Homecamp from Phoebe Bright
I have forgotten loads of blogs that have mentioned Home Camp. The community support has been unbelieveable. Please do not be offended, I have just been so busy.
There was also a couple of home camp logos created over the weekend. These were beyond my wildest dreams. The community took over and sorted out what was needed.
For me, the ultimate was meeting Andy Stanford-Clark - the guy monitors his mousetraps, what’s not to like?Â
You can see his session on Andy Piper’s blog. Andy can check the resistance of the cheese in the mousetraps to determine whether the cheese is desirable to a mouse or not. Genius. Genius in lab coat proportions. I want to go out and buy a labcoat and do experiments.
We had a great day and I am looking forward to the next event in March 2009. We paved the way for the next event and I am excited by the reaction we have had from the first event.
My favourite video from the day is the community interviews:
Home Camp - What the community says from chris dalby on Vimeo.
Roll on March 2009!
Topics: Tech Watch, Video | 1 Comment »
links for 2008-12-09
By chris dalby | December 9, 2008
-
Resizing images in .net
Topics: Links | No Comments »