Email and ISP Hell…

SlovokianWeddingShot.jpg

I chose to leave my ISP last month and move to a new service that actually delivers high speed 200mbs broadband… unlike my incumbent whose promised broadband faster than 3mb for the last 4 years and consistently failed to deliver.

In the style of Austin Power you may say “Whoopdy Doo”

However leaving my incumbent supplier of 26 years turned out to be more traumatic than it should be.  I’d like to think it was more incompetence rather than petty tactics, that my email briefly ceased to work, in fact email for many days now gone astray to the great white data processing cloud in the sky and at this point its pretty much unreliable.

At first they were putting whitelisted mail in the Spam folder forcing me to logon to my ISPs web mail service (something I rarely do) to discover this when some important emails hadn’t been received (No I’m not a fan of IMAP and do prefer POP3), so who knows how much has been lost over the years before I discovered their over protective SPAM measures….

The next phase is no emails at all, and it came to ahead over the weekend when I gave the security firm I was engaged with, a hard time for not sending me quotes for a new CCTV system installation…

Of course, since I have left the service, I have very little to none negotiation or influence with my old supplier…

Losing email addresses you’ve owned since the mid 90’s is a real bind and damn frustrating… I don’t know the way forward….

Grrrr so frustrating….. Anyone else have horror stories when leaving their ISP’s? or is it simply just me that attracts these kind of issues?

Ah, you’re probably wondering why the photo accompanying today’s blog? I was trying to find a photo that best symbolised the fiery depths of hell and failed, so chose one of candles in a paper bag which I took during a wedding in Slovakia (Bratislava) a couple of years ago.

 

Posted in Personal, Ramblings | Tagged , , , | Leave a comment

Stolen Mountain Bikes, Please Help…

The two images below will give you an idea of the two bikes I had stolen from me on 29th February 2016.

The Landrover Discovery Zamora is not a common bike for sale on eBay or Gumtree and hopefully much easier to identify/track down.  The Carrera (the photo is representative of the bike) is a 2006 Carrera Mes with 16″ Wheels.

If you have been offered for sale/trade these bikes since 29th February 2016, please contact your local police on the non-emergency number of 101 (UK).

LandroverDiscoveryZamora.png

Carrera2006Example.png

Both bikes had Mud Guards (front and rear), Reflectors and LED lights (front and rear), Shimano Gears, Water Bottles.  The Zamora had a cycle lock fitted to the frame and a black bell.

Both had been in Storage and only used a couple of times and so were in near mint condition (before the theft).

I would dearly like to get these bikes back, and with your help, I would ask that you share this post far and wide and help me get my property back.

Thank you.

Posted in Uncategorized | Leave a comment

Who Says Crime Doesn’t Pay?…

DSC_5691.jpg

Unfortunately I was a victim of crime at some point overnight.  

I’d discovered that my Garage door had been Jemmied open and the thieves stole two bikes, a Land Rover Discovery Zamora with mud guards, Shimano Gears, Disc Brakes, LED Lights front and rear, water bottle and cycle pump, the other is a Carrera (Both Mountain Bikes) and kitted out with the same equipment.

So I called the local police using the non-emergency number and spoke to the operator, explained the situation…  It seemed they were more interested in my Date of Birth, Nationality and Ethnicity as opposed to my address, the items stolen and any relevant information.

Eventually, they advised it would be unlikely they will send anyone round to investigate, here’s a crime reference number and good luck!

Has policing gotten that bad over the years they are more interested in speeding motorists?  The lady explained to me that they are unlikely to get finger prints or anything useful so no point in trying….

In 1990/1991 the flat I was living in was broken into over winter, when I returned home at midnight and discovered I’d been burgled, I called the police, within an hour CID turned up on my doorstep, took statements and dusted for fingerprints, within three months I’d received a follow up that they’d caught the burglars and within a year I was sent another follow up saying they’d prosecuted and sentenced the toe rags …  Fast forward to 2016 and crime has become a mere statistics game, no investigation, issue a crime reference number for your insurers and don’t darken our doors again…

Ok, so the items are insured, but now it becomes a balancing act doesn’t it?  Everyone has an excess to pay on the insurance, when you factor that in, the cost of the item and depreciation, along with your premiums going up on renewal and your postcode becoming a crime hotspot, the loser is still … me!

The criminals will probably never get caught with today’s lethargic policing, so the criminals sell the bikes on and profit and continue unhindered their criminal careers…

Muggins here on the other hand, has property stolen, increased insurance costs, the time and hassle of sorting everything out…

So the winners are the Criminals (Free goods), The Insurance Company (Price Hikes) and the Police (don’t bother investigating but can report some lovely annual statistics to insurers).

Who says crime doesn’t pay?

Posted in Ramblings, Security | Tagged , , | Leave a comment

First Love?

AmstradCircuitBoard.png

We all remember our first loves don’t we?  Whether its the kid in the same class at school as you, 80’s taste in music, or your favourite pop-star…  Well, technically this isn’t my first love, this computer has survived more house moves than I can remember.

As a kid in the 80’s I’d save my pocket money for an Amstrad CPC 6128 Computer and eventually became the proud owner after purchasing from our local retailer.

What made it special? It was one of the first to come with its own colour monitor and a disk drive, this was more affordable than the superb BBC Micro Model B computer we had a school.

The Amstrad CPC also came with a “grown up” operating system called CP/M at the time (the pre-cursor to MS-DOS) so you had the best of both worlds.  Over the next couple of years I learned to code almost anything in Assembly language and created programs and games that were published in the 80’s.  I spent an inordinate amount of time learning the machine inside out, its circuitry, the hardware, the firmware, the hidden op-codes, you name it I studied and understood…

Then along come the 90’s with better music, Oasis, Blur, Snap, Adamski, The Beautiful South, Vanilla Ice, 2 Unlimited, Shakespeare’s Sister etc, the clubbing scene took off and I set aside my trusty Amstrad to pursue clubbing, girls and I bought my first PC, an Escom 486 DX4-100 with 8MB of memory and 540mb hard-drive, and finally my Amstrad was relegated to the back of the wardrobe for its final time.

Fast forward to today and the 8-Bit revival Scene is truly underway with many of us 80’s gamers, coders and enthusiasts forsaking our emulators and sourcing the real thing!

I dug my Amstrad out of the Garage where it sat for many years in non-ideal conditions (for storing hardware).  I wasn’t hopeful she’d survive the order, but non-the-less with screwdriver in hand and compressed air I took the Amstrad apart and cleaned her up.

AmstradDiskDrive.png

The drive will most likely not work and I have ordered replacement parts.

Although today’s emulators are rather mature and emulate the Amstrad and other 8Bit machines very well, the real reason is to transfer my source code for many of the programs I’ve written transferred to SD Card/USB Stick with the intent to share the original source and release a number of games I’d created but never gotten round to releasing.

Because the Retro scene is thriving, there are a number of solutions available that enable me to take advantage of modern hardware like SD Cards to transfer data either way.  (more on this in a future article).

The next phase was to examine the monitor.  My initial thinking is a family of spiders have probably made a home for themselves near the tube, so I expected it to be more dusty and cob webby inside.

AmstradMonnitorPreClean.png

It could have been a lot worse, but with a vacuum in one hand and compressed air can in the other, I manage to get a resemblance of 1st stage clean to the circuit boards and inside the monitor casing.

AmstradMonitorCleanUp.png

I let both the computer and monitor acclimatise inside the house in addition to using Silica Gel sachets to absorb any moisture inside the hardware.

Will this piece of kit that’s been in storage for over two decades still work?  

I have to admit I was a tad nervous that it would… go up in smoke… fuse the electrics or worse…

As a precaution I plugged the monitor in on it’s own and powered it up, at first I didn’t think anything was happening, when I switched the power off I saw a familiar white flash, so thought something was working.  I then plugged the computer into the monitor and powered up.

The result was astonishing!  It actually worked!  I was so excited I put the camera down, typed in a quick program and executed it as you can see in the video.

The video shows the initial test.

So what next?

Well the Disk Drive needs a repair to get that back up and running, after that I will start the task of copying my disks of old to memory stick and start sharing the code.

What could go wrong?

Lots!

The drive might not be repairable…

The Disks may have become corrupt or corroded…

To name but a few…

The project may take all year to complete though, due to my day job taking me to work around the world, so a lot depends on what time I have available to work on this project.

The most surprising thing is that 80’s may have been a bad music era (That’s not surprising), but Amstrad, Sinclair et al, certainly knew how to build computers to last!

So who/what was your first love and what fond memories do you have today?

Posted in Amstrad, Ramblings | Tagged , , , , , | Leave a comment

New Beginnings?

IMG_4011wm.jpg

As I sit with my empty suitcase in front of me, I have to decide what to pack and what to keep on the next part of life’s journey.  You see, I’ve picked up a consultancy job out in Europe which means several things…

Travel… Lot’s of it! Planes, Trains and Automobiles…  You do get to see many familiar faces at the airport, business travellers making ends meet, a scene not dissimilar to the film with George Clooney “Up in the Air“.

Decide what essentials I need to pack to make the months away in hotels and leased accommodation more bearable….

The possibility of weekend exploring new locations…

You do get the initial rush of excitement and anxiety of going to new places, meeting new people, making new friends and experiencing different cultures, you also get to miss old familiar faces and friends.  Thankfully in today’s technological age of Skype its even easier to stay in touch (provided you have an internet connection), and the time difference isn’t huge in Europe, compared to working outside the EMEA region.

Any hoo…  As doors of opportunity open and close fairly regularly, I was reminded of this photo I took in Slovakia (The map to its location is below).  The strange thing  was the proportions of the door.  You’d think I’d applied a Tilt-Shift lens effect to the picture, but no, this is the unprocessed image of that one door.

Who knows what opportunities lie behind the door, if only we’re brave enough to take that step and look inside.

Posted in Bratislava, Slovakia, travel | Tagged , , | Leave a comment

How Anonymous is Anonymous?

ThinkPrivacyPencil.png

With the Internet of Things, companies and researchers are finding innovative ways to collect and process data about our habits, thoughts, desires, usage and even what we search for on the internet.  Take the very recent case of a professional footballer who had some relevant search history presented during his court case…

What’s that got to do with anything?

I was contacted by a friend to help with their son’s Higher Education Survey that was designed to collect some personal data to be used for analysis and help with their homework project.

The Education department had provided their internal survey engine for the student to use, all he had to do was supply the engine questions and it will take care of the rest.  All he has to do is publicise the survey, hope it goes viral and wait for the answers to come rolling in.  At this point the job of analysing the data received can begin and he completes the assignment with a gold star.

I’d alerted the friend that the survey wasn’t anonymous, however I was informed that all information is anonymous and had undergone all the basic rigour, approvals and compliance to be undertaken for protecting the data in this way…

So what’s the problem?

With any discipline, there are multiple levels of understanding of subject matter, and sometimes the “Wisdom of Crowds Mentality” takes over logical and researched thought.  After all, if Alan and Amanda and their mates say it’s ok, it must be ok right?  How can that many people get it so wrong?

Wrong…  Hence why I’ve created the blog to highlight the dangers of sharing personal information over the internet, and hopefully make you think about the art of the possible to the right motivated group of professionals.

I’d taken a look at the survey, there was some basic information on the student, and straight into the questions and thought “hmmm…. This is going to need some thought”…  I closed my browser, and returned a while later, clicked on the link that was shared on social media networks and instead of the cover page, I was returned to point I had last reached in the set of questions.

The old spidey senses were tingling …

If you have a top level web address (URL), i.e. mybrilliantsurvey.com/surveyname and that page is created by some backend Code, then in order to remember your last position the site needs to store a file called a “Cookie” on your computer or smart device.

If you live in the EU and need to store data on a user’s device from a webpage, you must obtain explicit consent in accordance to the EU Cookie Directive which came into effect in the UK from 26th May 2011. 

In a nut shell, All websites serving pages in the European Union have to comply with the Law by clearly stating their intent to store information on your computer and you are given the choice to accept or decide to navigate away from the web page itself.

Failure to comply with the law may result in a Fine or worst case Imprisonment.

In reality, the organisation or owner responsible for the web pages will get a warning if reported in the first instance to the ICO.

In fairness, the student is a consumer of IT and by no means an IT Subject Matter Expert and in creating the survey he may or may not have been aware of the directive or need to meet compliance.  The Education Facility and staff are responsible for ensuring their IT systems are compliant and that students are fully informed when using their applications/software.  In this example, they are putting the student at risk of being in line for being non-compliant as they are clearly named on the form.

Clearing Cache’s, removing cookies and using different browsers, I was able to confirm that the website does not warn me about the use of cookies prior to continuing on it’s information quest, and therefore is clearly in breach of the EU Cookie Law.

So what?
It’s just a cookie isn’t it?
What harm can that do?
It’s no big deal I hear you cry…

Well…

Although this survey site didn’t have any requirement for creating an account and signing in, it does stores a session cookie.

The cookie contains a string…

XSRF-TOKEN   XSRF_8Aab00bMA7NfegN     xxxxxxxx

Which can easily be discovered be enabling Developer mode on your web browser.

I’ve deliberately masked out the URL and IP Address to ensure some privacy.

CookieCrumb1.png

CookieCrumble2.png

This is interesting… by manipulating the XSRF-TOKEN you are able to see any current, incomplete or abandoned session data another user has started.  You can even modify that data…

Modifying cookies in this manner is one of many basic Penetration Tests Security Consultants undertake on websites, and is commonly referred to as Cross Site Scripting or XSS for short.  This enables you to hi-jack session data from another user without requiring to authenticate yourself against the target platform.

Armed with this information and some other pieces, it was possible to perform reverse lookups that would lead to the identity of the user who entered the initial data.  An explanation of how, would probably not be the wisest thing to do here…

When all is said and done, who would be interested in a school survey site?  What is the risk to data?

You can argue a case for either way, saying it’s of no interest.

But… with today’s technological Millenials who are more interested in living every aspect of their lives on-line will find little room for privacy, and make social profiling much easier for todays tech savvy fraudster.  The new generation are more accepting of IT and will happily provide data for themselves, their friends and family without thinking through the consequences of security or safety first, and at the same time need education around acceptable internet usage and it’s associated laws designed to protect our data.

When you are next approached to complete a survey on-line ask yourself the following :-

  • Am I happy that the information I provide may become public.
  • Am I happy that the information provided may be traceable back to me?
  • How will the researcher store and manage my data?
    • It is likely the data will be downloaded to their laptop or server.
      • It is even more likely that data will be unencrypted.
    • How will researcher destroy the data after it’s served its purpose?
      • The data collated is still covered by the 1998 Data Protection Act (amended in 1999)
  • How would you feel if your data was breached or compromised and made available on the open market?
    1. Both now.
    2. In 10 years time?

Makes you think doesn’t it?

 

The Eight Guiding Principles of the UK Data Protection Act

The Data Protection Act controls how your personal information is used by organisations, businesses or the government.

Everyone responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

  • used fairly and lawfully
  • used for limited, specifically stated purposes
  • used in a way that is adequate, relevant and not excessive
  • accurate
  • kept for no longer than is absolutely necessary
  • handled according to people’s data protection rights
  • kept safe and secure
  • not transferred outside the European Economic Area without adequate protection

And there is stronger legal protection for more sensitive information, such as:

  • Ethnic Background
  • Political Opinions
  • Religious Beliefs
  • Health
  • Sexual Health
  • Criminal Records

Useful References

Cookie Law:

https://www.cookielaw.org/the-cookie-law/

https://www.cookielaw.org/faq/

ICO – Information Commissioners Office

https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/

The Data Protection Act

https://www.gov.uk/data-protection/the-data-protection-act

Cross-Site Request Forgery

https://en.wikipedia.org/wiki/Cross-site_request_forgery

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet

Posted in Personal, Ramblings, Security | Tagged , , , , , , , , , | Leave a comment

Paris City Skyline

ParisSkyline2009wm.jpg

I think this has to be the first city skyline I’ve had the opportunity to photograph, and I would love to go back to Paris one day and do it all again to see who much the city has grown and changed in the 7 years it’s been since I was there.

This is one of the four magnificent views you can see from the top of the Eiffel Tower.

Posted in France, Paris, travel | Tagged , , | Leave a comment