Sunday, January 23, 2011

Brown's Mobile Hacked?

Nice little earner for somebody if it was - please, having to re-hack the replacement every time the heffalump used it to 'express his displeasure'?

Sunday, January 09, 2011

Having problems with this, too

I've been posting a few comments, mostly about email discovery, on James Doleman's excellent Sheridan Trial blog. And I've been getting quite a lot of "414 Request: URI too large to process" responses. It's caused a few issues - nothing serious.

So, this morning, I put up a comment - get an error, and then try to log on to this gmail account.

We've detected evil things happening. Please jump through some fiery hoops to verify ...

Okay - what? Enter my country and my mobile number and I get an unlock code SMS'd to me. Which gets me in to the email (and the blogger account had been locked too.)

Who is this protecting? If I was an evil hacker, spammer or other assorted nefarious toe-rag who had gained illegitimate access to this account, I'm still there and all Google now have is an SMSable number (and I'd have used a free or hacked VOIP account in an irrelevant country to get the code.) Clearly, it doesn't protect the "real" Surreptitious Evil, either.

So, we have a bit of security protocol, triggered by something (quite possibly the stream of 414s) that doesn't appear, at first or second glance, to do anything constructive. I'll have a bit more of a think about it, I suppose.

Saturday, January 08, 2011

I'm having problems understanding this ...

Okay, so there's a "news story":

US 'wants Wikileaks Twitter data'

An Icelandic MP says US officials have subpoenaed personal details from Twitter relating to her activities with the whistle-blowing website Wikileaks.

Birgitta Jonsdottir says the US Department of Justice also asked Twitter for all of her tweets since November 2009.

Now, what "personal information" does Twitter hold about you? The only thing I can think of that isn't generally publicly displayed is the list of Twitterers you follow?

Anyway, she puts up lots more information on her blog!

Your Tweets are public anyway - so a list of them is hardly fundamentally damaging? It all seems like pointless posturing from the Yanks and a knee-jerk response from her. Oh, well ...

Update

Okay, they are asking for, from 1 Nov 2009:

A

1. subscriber names, user names, screen names, (sic) or other identities;

2. mailing addresses, residential addresses, business addresses, e-mail addresses, and other contact information;

3. connection records, or records of session times and durations;

4. length of service (including start date) and types of service utilized;

5. telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address; and

6. means and source of payment for such service (including any credit card or bank account number) and billing records;

B

1. records of user activity for any connections made to or from the Account, including the date, time, length, and method of connections, data transfer volume, user name, and source and destination Internet Protocol address(es);

2. non-content information associated with the contents of any communication or file stored by or for the account(s), such as the source and destination email addresses and IP addresses;

3. correspondence and notes of records related to the account(s)

Amazing - either this is just a standard "subpeona the ISP" template that has been rolled out, not recognising that Twitter are neither an ISP nor an email service, or, if they have thought about it, Tracy McCormick (or possibly her wingwoman, Vivian) really don't grok Twitter.

I still don't get this. The only thing that might be useful in there, given that Twitter is free, are the IP addresses which they might then cross reference with data from other services. And I'll bet Twitter doesn't keep those for very long.
 
HTTP Error 403: You are not authorised to access the file "\real_name_and_address.html" on this server.

(c) 'Surreptitious Evil' 2006 - 2013.