Wiretapped Government

Today the Government announced that for many many months members of the Greek Government, the main opposing party and some other businessmen wire wiretapped through their cell phones.

We are living in a country that even the Government cannot secure itself from others. The Prime Minister had his cell phone wiretapped. How long can these people govern our lives ? How can they protect us when they can’t protect themselves? They can’t protect their country they are supposedly serving…After about a year of pre-investigations what do they know about the people who had done the wiretapping ? Nothing! Just …nothing! Null!

This is so ridiculous…

more news on the wiretapping case: http://news.ert.gr/en/newsDetails.asp?ID=14811

*Update
BBC reports on the wiretapping
*Update #2
Bruce Schneier blogs about the wiretapping
*Update #3
Slashdot article on the subject
*Update #4
Vodafone SpyLine, humourous Vodafone advertisment in Greek…enjoy it 🙂

A list of interesting things to find on Google :)

How many network cameras are unprotected ?

Cameras ?
No, No, Mooore Cameras
I was sure there were some more!
And what about a list with even more cameras with a screenshot of each one ?

Enough with cameras…I know I can find mp3s on Google, but is there anything more worth searching for ?

just enjoy the power of Googling 🙂

Google messed up ?

It’s the first time I see such a message 🙂

Med Associates total lack of security

Last week I went to Athens, Greece to set up a laboratory with a pc connected with 2 mice cages(!). Mice are put inside the cages and then one can monitor their movements through some infrared sensors. Data is sent to the pc where a program (Activity Monitor 5) made by med-associates is used to analyze those movements.
It was saturday when I tried to install the program. I inserted the cd inside the cd-rom, and started the installation process. After 2-3 “Yes, I Agree, Next,etc” I faced a password entry field. But I was given no password! I checked the manuals and I saw that I should sent them an application form filled with some names, location and so on, to be sent a password via email. I started calling them, but noone would answer at their offices, it was saturday and pretty close to Halloween…so there was no chance of ever finding anyone at their office.
Luckilly one of my friends was with me and he was looking inside some dlls to check if there was any sign of the password checking algorithm, so that we could extract any infos about it. He didn’t find anything, and then I told him to start looking inside the installer. He started looking for the error message while I was calling a proffessor that I know, that was using the same program. There was a chance that the password for the program the proffesor uses could work for our case as well. After 10-15 minutes I got the password, and when I went to the pc to enter it my friend had located the error message, some garbage beside it and then a string of 8 letters and numbers.
I first tried the previous password that the professor gave me…it did not work. Then we tried the string that we found next to the error message…GUESS WHAT! IT WORKED! !!

Was what we did “illegal” or was the company plain stupid ? We had bought the program but we had no password so we had to “hack it”. I think it’s rediculous for a program that costs more than 1000$ to have it’s password hardcoded inside the installer. They could have a password checking algorithm inside the installer and a password generator at their offices. That sounds more “secure”.

Anyway…it’s a program meant to be used by doctors…its real price should be around 50-100$. There’s nothing really special about it…but hey..doctors have money…they should pay 😛

jabberd2 starttls client problems

I’ve recently setup another jabberd2 installation. This time I had option, in c2s.xml , enabled. Unfortunately this created a ton of problems with clients other than gaim…Users using clients like exodus, miranda and psi for example had problems with that and could not login. Is it SO hard for programmers to write secure code ? Is it so hard to implement starttls ?

Introduction to TOR

Today I’ve decided to use Tor a bit. One can say it’s an anonymity tool…but it’s not only that. It’s something more like an underground internet community. You can read an excellent article about Tor too.

Some quotes from the Tor site:

Tor: An anonymous Internet communication system

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and more.

Your traffic is safer when you use Tor, because communications are bounced around a distributed network of servers, called onion routers. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several servers that cover your tracks so no observer at any single point can tell where the data came from or where it’s going. This makes it hard for recipients, observers, and even the onion routers themselves to figure out who and where you are. Tor’s technology aims to provide Internet users with protection against “traffic analysis,” a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security.

To the point…Using Tor and privoxy you have access to what’s inside the Tor network. There are hidden wikis, book collections and even more.
This link goes to Tor Network Hidden Wiki and this one goes to KIRA – online list of Tor featured sites.
Notes from the Underground is pretty cool too.

The complete details of connecting to the Tor world are here: Tor Documentation
Oh…if you want anonymous P2P with Tor…check this page about Tor+azureus.
Check this graffiti I’ve found while surfing a site inside the Tor network…I think that it’s great…

P.S. This was posted using the Tor network…my apache logs are clear about this 🙂