Some Tech Security & Oh Bother Stuff

Mostly from “browsing on” after Larry sent me to a link on the A Register site ;-)

Never Say Anything Mean – Mommy State is watching

Don’t like something? Want to call a piece of crap a piece of crap? Want to call out dirty politicians as dirty? You too might be made into a criminal and there’s lots of folks looking to make money off of watching you.

A smooth Quarter £Million to spy on folks on Twitter and make sure everyone is appropriately happy and never ever grumpy.

Cardiff researchers get £250k to monitor Brexit hate crime on Twitter
Pre-crime snoops study spread of cruel chatter
By Alexander J Martin 9 Feb 2017 at 12:54

Cardiff University’s Social Data Science Lab has been awarded a £250,000 grant to set up a centre to monitor “Brexit-related hate crime” on Twitter.

The lab – based in Wales, UK, and dubbed the Centre for Cyberhate Research and Policy – will develop “a monitoring tool that displays a live feed of the propagation of hate speech as it happens on Twitter.”

Cyberhate, a term coined by Cardiff’s Dr Peter Burnap, co-director at the Social Data Science Lab at Cardiff University, refers to a form of antagonism without reference to the legality of the speech, he told The Register. He added that the ultimate aim of the research is to help the government identify areas that require policy attention and improve “interventions to stop hate crime from spreading”.

The grant of £250,000 will help it do this, and comes thanks to the UK’s Economic and Social Research Council, one of the nation’s seven research councils which funnel taxpayers’ cash to academics.

Yeah, your money being spent so you can be forced to take your Soma every day and “never be heard a discouraging word”.

One wonders which attitude will be “hate”: Saying leaving is stupid or saying staying in is stupid…

Google And DNS Privacy

Google wants to keep others from seeing your DNS lookups, so only it has that information to sell…

Google slides DNS privacy into ‘Droid developer stream
Encrypting domain queries with TLS
By Richard Chirgwin 26 Oct 2017 at 06:01

Android users might get better protection for their browsing records, if a Google experiment takes off. spotted the entry in the Android Open Source Project, which adds DNS over TLS, along with an option to turn it off.

The idea of sending DNS queries over TLS is simple: it’s in line with the IETF’s (and the Internet Architecture Board’s) belief that standards need to protect users from snooping by default.

DNS-over-TLS is described in RFC 7858. It proposed using TCP port 853, an implementation would establish a TLS tunnel, and send the DNS query over that encrypted tunnel (with fallback mechanisms if client or server can’t support it).

That would protect DNS queries from snooping by prying spies.

Few implementations exist at the time of writing. Google has an implementation for its resolvers, described here, and in November getdns published their own “Stubby” project.

Such efforts are important because if your ISP doesn’t offer TLS protection, your DNS queries are visible to it – but if you’re calling on an upstream resolver which does encrypt, then the ISP will only see you querying (for example)

So IMHO right idea but wrong DNS provider… Still, it’s a “watch this space” thing for the future.

Automated Tools To Annoy Friends & Co-workers

Some folks have a truly cruel sense of humor…

So you know the drill of using an l vs a 1 vs a L vs a | in passwords? Well how about a tool to use such similar visual symbols from multiple languages and stuff the confusion into some code one of your co-workers is trying to get running? Sit back and enjoy the “mirth” as they spend days trying to fix their code when visually there’s nothing wrong it. Imagine the joy of watching them blowing past hard deadlines and being pulled into the boss’s office for “help”… /sarc;

Ruin your co-developers’ life with Mimic, the Unicode substitution tool
Don’t try this if your co-workers have access to weapons
By Richard Chirgwin 25 Oct 2015 at 21:58

This is an idea of superlative malice: a developer has posted a GitHub project that replaces ASCII characters in C# code with near-homoglyphs from the Unicode character set.

Nobody would miss the substitution if emoji started popping up in their code, but “Mimic” from Greg Toombs is more subtle than that.

His script, inspired by a Tweet suggesting that the Greek question mark in Unicode “;” (U037E) is so close to the ASCII semicolon “;” that the bugs C# would raise would be nearly impossible to identify.

So Toombs took the idea further, and created Mimic on the premise that “There are many more characters in the Unicode character set that look, to some extent or another, like others – homoglyphs. Mimic substitutes common ASCII characters for obscure homoglyphs.”
The implications go far beyond mere pranksterism, however: Toombs notes that Unicode substitutions can be used to evade indexing or censorship, get phrases past spam filters, or to hide plagiarism (since substitution in stolen code would make it hard for auto-detection software to pick up the copying).

Sigh. As if the world was not difficult enough already…

Subscribe to feed


About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Political Current Events, Tech Bits and tagged , , , . Bookmark the permalink.

3 Responses to Some Tech Security & Oh Bother Stuff

  1. D. J. Hawkins says:

    The plagiarism thing is going to so not work. So, I’m a teacher, now that I know this is out there, what do I do? First, I’m usually going to require students to send their work in as a PDF. I print the work, hard copy, and scan it back in as a PDF, do OCR, and run my plagiarism software. Done and done. Why bother with the hard copy? Well, the PDF you make from Word is probably going to preserve the Unicode look-alike information so you scrub that by making the hard copy. Or be old-fashioned from the get-go and have the students turn in hard copies to begin with.

  2. philjourdan says:

    I do not need mimic. It seems I have a knack for doing that to myself as it is.

Comments are closed.