I narrowly avoid a charity scammer


If eternal vigilance is the price of freedom, then I still have a great debt to pay!

Standing in Paris’ Gare de Nord terminal today a young lady in a headscarf approached me with a clipboard. It seemed to be soliciting donations for “deaf mute” kids and others seemingly had already filled in their names, e-mail addresses and donation amount.

Before you despair of me too much I was faintly suspicious – the form was in English but since Gare de Nord is frequented by other English people who are traveling back to London via Eurostar, I let it slide. I had a two Euro coin in my pocket which I couldn’t change back to Sterling anyway, so I took the pen.

Immediately as I did so, she snatched the pen and clipboard back from me and walked away! I was baffled until I saw that four members of the French Rail Transport Police were walking past.

A legitimate chugger is an annoyance but as far as I know soliciting donations for a legitimate charity isn’t illegal. I decided to get out of there before she returned and marched purposefully across the concourse. 

Moments later I felt a tugging at my arm – Monsieur, Monsieur! I smiled at the lady who by now had actually grabbed the crook of my elbow and explained I needed to use the bathroom. 

She then said chillingly – “I just need your name!”

Until then I had believed this was a straight up scheme to fleece me for cash. However when it became clear her mark wasn’t going to get out his wallet, she then tells me tells me she’ll settle for my contact details.

Needless to say I kept walking and when it became clear to her I wasn’t stopping she cleared off too.

What was the scam, however? Was it a straight up cash swindle with a spot of ID fraud on the side? Was this woman legitimately representing a charity but harboured a dark criminal past? Perhaps she planned to pick my pocket as I filled in her form?

What I can say is that from my short but colourful time in security research, it’s easy to be complacent. Scammers prey on your sense of decency (think of all those deaf AND blind kids out there!) and will cynically exploit you.

Legitimate collectors will be able to provide the registered charity number and website for their organisation. Take the time to do your homework before forking out. 

Advertisements

Why AGRA’S USB sticks are the silliest idea ever.

Imagine you are part of a an elite four person mercenary crew.

Imagine also that rather implausibly you trust these people enough to turn your back on them when they’ve a gun in their hand but still think they may betray you.

What solution would you devise? Mary Watson claims in the latest episode of Sherlock that her own team decided to keep everyone’s entire personal history on USB sticks, so that if someone were to betray the others they could be easily tracked down and bloody vengeance extracted.

In the latest episode The Six Thatchers Sherlock and John seem to accept this as gospel, despite the fact that firstly they are aware the team was betrayed without the use of the USB sticks and that also a former member has been able to hunt down Mary without one.

According to John’s wife, her Soldiers of Fortune were at the “Top of [their] game”, so how did the sticks help?

The episode didn’t make clear to me whether everyone had a copy of everyone else’s secret data or whether each individual person had only info about one of the others. Either way from a security standpoint it’s ludicrous.

Aside from the fact that the system was demonstrated to have failed within the episode, it’s not clear how AGRA ever hoped it would work.

If each member of the team was responsible for creating their own identity, safe houses and keeping a log of all jobs done to date, clearly someone interested in betraying their comrades wouldn’t provide accurate information.

If there’s some central database against which the facts can be checked though, for instance a computer which doles out fake ID’s, then doesn’t this defeat the entire point of walking around with data sticks around your neck?

Let’s assume for the sake of artistic licence however that your fellow mercenaries are trustworthy enough to provide entirely accurate information but are still bent on betraying you, would the sticks help?

A key point in the episode is that one AGRA team member Ajay had to hide his USB stick prior to being captured. He also (mistakenly) believes that he must have been betrayed by Mary who he assumed gave or sold the information on it to the enemy. Sherlock later on claims he “glanced” at the information on the stick.

All of the above seems to suggest that the data on the stick wasn’t encrypted. This means in the event someone is killed or captured, the stick with any details of living team members becomes a huge liability. This said the two other members’ USB sticks aren’t even mentioned despite the fact they must have fallen into the hands of Terrorists.

What then could have been done to avoid this digital noose around their necks? Aside from putting a password on the stick or better yet using a hardware based PIN to unlock data, the team had any number of options to ensure that they couldn’t be betrayed. 

Assuming the data is sensitive, trusting it to a third party would be out of the question, as that person would then be in on the secret. The fact that if someone were betrayed, they wouldn’t be able to make use of the data around their neck seems lost on Sherlock writers Messrs. Moffat and Gattis. 

This presumably means that the data has to be all stored offline and/or a copy of the unencrypted contents of the USB sticks can’t be given to anyone else. (The episode doesn’t explain how AGRA made sure other team members weren’t doing this, it seemed a given that data on the USB was the only copy.)

One choice could have been for each of them to encrypt data about their murky goings on and leave it with a trusted friend or in a bank safe deposit box. The password could then be left on a remote server, set to email the password every 24 hours unless reset manually.

For lovers of low – tech solutions, the dirty secrets of each AGRA member could also have been encoded using a One Time Pad or the rather less secure Book Cipher as shown in the Season 1 episode The Blind Banker. This would have not involved trusting any one party with the particulars, as one person would have the encoded ciphertext and another the key itself. 

You may be thinking this is all rather elaborate compared to having a USB stick around the neck but this is rather the point – it would ensure that in the event someone betrays you that the information would get out. By making your own arrangements, you’ve no need to trust the fact that the stick will fall into the wrong hands or simply never be used. 

Of course, Sherlock is just a TV series. Sadly though, the USB sticks serve as a McGuffin for most of the episode, which is why I was left dumbfounded as to why more thought wasn’t put into it.Better luck next time boys. 

How to lock down your Facebook

xxl_facebook20lock-970-80

While working in Tech Support I often received calls from people who were being stalked and were convinced there must be some kind of tracking software on their machine as their stalker seemed to know intimate details about them.

One woman complained her husband had known about a new man she had been seeing. A man told me his ex wife had known about a recent visit to a Railway Museum. Another girl complained to me her ex boyfriend seemed to know her new phone number.

In every case we were able to find out that there was no bug, or keylogger. The information was already available to anyone with a Facebook account.

Aside from worrying invasions of their own into your privacy Facebook by default does not protect your confidential information as well as it might. Your name is linked to public search engines. People can search for you using your e-mail address and telephone number.

Over the years, I have become so alarmed about how much can be discovered about people online, I regularly archive my account, delete it and create a new one every few months. This can be a bit of a nuisance for your friends however who have to add you as a new friend each time.

If you choose to delete your account permanently, Facebook will give you a 14 day grace period to change your mind, during which you can log in and stop the deletion. The website warns it may take up to 90 days to delete everything.

For those people who like me aren’t ready to abandon Facebook altogether, then there are some important steps you can take to make sure that your account is fully locked down.

Have a dedicated e-mail address for Facebook

If your account is ever hacked and you use the same e-mail address for Facebook as you do for online banking and so on, simply changing your password may not help. You do not necessarily have to create an entirely new e-mail address for this purposes, using an e-mail alias is fine. Many major providers like Gmail will allow you to create an alias for your account so your original identity is hidden.

Use a fake name if possible

Facebook has a fairly strict policy about anyone using anything other than their legal name. Their website states:

‘Facebook is a community where people use their authentic identities. We require people to provide the name they use in real life; that way, you always know who you’re connecting with. This helps keep our community safe.’

They also add:

‘Pretending to be anything or anyone isn’t allowed.’

This has had some bizarre and occasionally funny consequences, such as for this poor woman who happens to share a name with Kate Middleton, the Duchess of Cambridge and was booted off the site for being an Impostor.

It’s not quite as funny for those who are victims of stalking or those who come from cultures whose names don’t marry up with US naming conventions. The controversy has become so strong that there’s even a dedicated Wikipedia page for it.

In practice, thousands of people regularly roleplay as comic book characters, people from the Twilight film series or the Harry Potterverse. The risk in creating an account like this is that anyone can report you for not being a real person.

My own experience from roleplaying as a comic book character has shown that Facebook doesn’t seem to mind you using a different surname, provided they have a real cellphone number on file for you.

Make sure your number is visible to confirmed friends only.

By default anyone can find you using your telephone number. Log into the desktop version of the website and click on Settings > Privacy.

You’ll see a setting saying ‘Who can look you up using the phone number you provided?’. Choose ‘Friends’.

While you’re here you may wish to do the same for your e-mail address.

Stop Search Engines outside Facebook from linking to your profile

Again by default, anyone typing ‘Your name + your location’ into Google is likely to come across your Facebook account. If your account is properly locked down then they should only be able to see your name, current profile picture and current timeline picture but you can’t be too careful.

Choose the option saying, ‘Do you want to search engines outside of Facebook to  link to your profile?’ Choose ‘No.’ Facebook warns that if you only recently enabled this feature then some search engines like Google may still link to some of your content, another good reason to delete your account every few months!

Limit Visibility of Past and Future posts

By default anyone on Facebook, even those who you haven’t confirmed as friends can see your public posts. In the first instance it’s a good idea to head over to Settings > Privacy and under the section ‘Limit The Audience for Old Posts on Your Timeline’, click ‘Limit Posts’.

Bear in mind this action cannot be undone. It simply means though that there’s less likely that the profile picture of you swilling tequila while wearing a pirate hat will probably not be found by the next prospective employer who searches for you.

You can also choose when making a post to make it visible to the public or your friends only. As of 2016, Facebook will remember your preferences but it can’t hurt to check the icon.

If you choose ‘more options’ you can choose to show a post to all of your friends except people you specify.

xl_choose audience-650-80

Enable Tag review…

This is especially popular for those people pulling a sickie so their friend won’t tag them in a photo visiting the local brewery when they’re supposed to be laid up with the flu.

Going to Settings > Timeline and Tagging will allow you choose to approve posts to your Timeline before they appear.

In case your backstabbing friends decides to tag you in a post on your own timeline, you can also choose to approve all tags before they appear.

Use an anonymous cover photo and profile picture

Your current profile picture and Facebook cover photo are visible to everyone. If you don’t want people shallowly adding you just for your looks then you may wish to use a generic photo for your profile picture. You can still upload photos of yourself to your timeline that will only be visible to your friends.

If you do choose to use photos from the internet, bear in mind if you use a picture of the Eiffel Tower for your profile picture, working out what city you’re in will be easier than playing Where’s Waldo with a magnifying glass.

Friends can still add you on Facebook if you give them the link to your username e.g http://www.facebook.com/jane.doe.123

You can find this by going to Settings > General. Write it down and request that people add you there. Alternatively just have them search for your name while you’re there and point out which account is yours! Of course this method won’t be very effective if you have a rare name, in which case you should consider using an alias.

Turn off location services

The main issue I have with this is not that the phone shares your location (it’s usually possible for people to work this out anyway) but that it often gets the location wrong. You can disable this in the Settings for your Messenger app on your mobile device. The steps to go through to do this differ from device to device though so you’ll need to google this one.

If you’re familiar with the Tor browser, you can also connect to Facebook over the dark web which will mask your real location at all times.

Install browser extensions to disable tracking and ads

By default Facebook is able to track your browsing habits and will display ads on every page. There are a few browser add-ons which will reduce this by the factor of “quite a bit”.

Which ones you use are a matter of personal preference. The most popular adblocker is AdblockPlus although as it still lets some adds through I prefer UBlock Origin.

Two of the most popular extensions for prevent tracking cookies are Ghostery and my personal favourite, Disconnect.

Note that these extensions aren’t just helpful for Facebook. For instance AdblockPlus will prevent Youtube from showing pesky 30 second ads before you play a video. It’s best to have only one Adblocker and one Tracker blocker only to avoid them interfering with one another.

Remember it’s not foolproof

Facebook shouldn’t be trusted if you have extremely private data to protect. There are plenty of Messaging apps which encrypt your communications without storing them on a central server like Facebook does like ChatSecure, which also uses Off the Record Messaging. You can also send photos and videos int the mail or exchange them in person.

N.

 

 

 

Top 5 reasons to use a Typewriter

olivetti_lettera
An Olivetti Lettera 32 Portable Typewriter

After Edward Snowden blew the lid on governments spying on their citizens’ computers in 2013, I read in the Guardian that the Russian Government had decided to respond by switching to using manual typewriters for all their important documents.

At the time, I found this rather surprising as the Russians must have been aware that it’s fairly easy to bug a typewriter, as the Soviets did this to the typewriters used in the American Embassy in Moscow in the 70’s.

The illusion of safety notwithstanding, my brother and I both learned to type on a typewriter, gifted to us by our grandmother who had done a secretarial course back in the day. Granny had long ago decided to make it as a Canteen Lady and had put her typing behind her, so when we happened to come across the machine in her cupboard, she was only too happy to gift it to us.

For those readers who have never had the tactile sensation of pressing down on the keys, to hear the click-clack of the hammers as you punch out your message, please accept my heartfelt sympathies. You may comfort yourself with the fact that when typing on your computer or tablet you haven’t had to adjust the ink ribbon, or liberally apply correcting fluid every time you make a typo instead of just pressing backspace, usually upending half the bottle over your fingertips in the process…

Although Granny’s Olivetti typewriter has gone the way of all things, thanks to the Gods of eBay I replaced it with an identical model two years ago. Given the obvious advantages of using a computer such as spellcheck, Google etc. it may be hard to understand why every now and then I scrabble around in the bottom of my wardrobe, lug out the battered case of my typewriter and begin punching way.

To this end, I’ve decided to put together a few reasons justifying my love affair with the humble typewriter:

No Americanised spell check.

Spell check is an excellent tool for the semi-literate and for those writing in a language other than their native tongue. Unfortunately there are very few applications which will allow you to set the language specifically to British English. As such you can write words like ‘colour’ without being distracted by red squiggly lines. (N.B The free Office Applications OpenOffice and LibreOffice do have versions available in British English only).

Better Structure

Making a mistake when using a typewriter is nowhere near as easy to correct on a computer. You can either 1) apply correcting fluid to your mistake, wait for it to dry then type over it or 2) yank out the sheet you’re working on, put in a new one, type out the corrected line/paragraph, then do a literal cut and paste over the original paper with nail scissors and glue.

Experience will therefore teach you to plan out your writing carefully in advance and to be as concise as possible – the less you say, the less mistakes you’ll make.

Less distractions

This is probably my principal reason for using a typewriter. Typewriters don’t have access to Google, Facebook, Twitter, video games etc. which means there’s much less temptation to take a break to clean up at MineSweeper or to tweet about the ham and cheese toastie you’re enjoying as you pen your writings. Naturally it helps to switch off your cellphone while writing too.

Form Filling 

Whether it’s applying for a television licence, joining your local library or applying for a loan, it seems that many companies have not fully entered the 21st Century and require you to fill in pages of forms by hand rather than online.

Using a typewriter to fill in the form not only means you’re completing it in crisp, clear text but because you have to align each section with the hammers, you’re less likely to skip over an important part.

Less Eye Strain

Another excellent reason to favour mechanical devices. All you have to look at is a sheet of paper rather than the glare of a monitor. We have come a long way with LCD monitors and anti-glare devices in recent years but a typewriter doesn’t give out waves of blue light to keep your brain awake – if you really want to be rustic, try typing by candlelight, though be sure to keep the flame well away from the paper!

N.

 

 

 

 

 

 

 

Petition : Criminalise adding milk to tea first.

8591006684ecd1524419b6_large

Target : HM Government of Great Britain and Northern Ireland

Goal : Introduce a specific Act of Parliament to require all her Majesty’s Citizens when making a cuppa, to add milk, then tea, not the other way around. Citizens will be subject to inspections and infractions will be punished with a sliding scale of fines and confiscation of offending tea bags.

It’s a common misconception that British people are born with an innate genetic knowledge to help make the perfect cup of tea. Please sign this petition today to end the cruel and unusual practice of inspid tea with milk added afterwards.

PETITION LETTER :

Your Majesty,

I need hardly tell you that you preside over an Empire fuelled by regular intake of fine English tea.

Since George Orwell undertook pioneering research in 1946 we have long been aware that when making tea, adding milk to boiling water is incorrect.

The consequences of this are dire including:

– Changing protein structure.
– Risk of milky ‘skin formation’
– (Worst of all) A blander and less satisfying taste.

It has come to our attention however that certain Heathens, mainly to be found in work canteens, service stations and even, as much as it pains me to admit it, mainstream cafes and restaurants have flouted the painstaking and careful research performed by our English forefathers, resulting in a cloudy and dubious lukewarm concotion unworthy of your great Empire.

We ask that you request and require in the name of your most excellent Majesty that :

– A moratorium is declared on all individual servings of UHT milk and small jugs are provided for all customers in cafes and service stations.

– Members of the public be subjected to regular searches of their homes upon presentation of a written complaint by any Citizen who has been given such an insipid drink (hereafter known as “Devil’s Brew”.

– On the spot fines be issued for the creators of Devil’s Brew and those who knowingly drink it on a sliding scales. Repeated infractions should result in confiscation of all tea-making equipment and suspension of all brewing privileges.

Sincerely,

[Your name here]