In the past I already removed Flash and Mono from my systems due to security concerns, but since CVE-2011-3544 it was the final call for Java. It took some dependency checking as Debian was replacing OpenJDK with GCJ or vice versa in most cases, but the command below finished that on a lot of systems. I said farewell to NetBeans a long time ago since it was to slow on my system and the only thing left was LibreOffice Base that needed to be removed as well.
$ sudo apt-get remove --purge libgcj12 libgcj-common gcj-4.6-jre-headless \
libgcj12-awt default-jre-headlessThis action also made me wonder about the state of LibreOffice as it is mainly a big blob of code on the system like Firefox is as well btw. I read on there website somewhere that making Java an option is a long term goal, but will it be enough? For now it should be, as I prefer my documents in OpenDocument-format. When the next GTK3 based version of Abiword and Gnumeric are released I need to do some testing again to see if they support OpenDocument now better.
In a previous post it became clear that censorship in The Netherlands has started. Due to the nature of the Internet and how it has been implemented in most lands, it means there is no central point of control to stop all to an IP-address. This means every network owner needs to take action, but how do they do it?
In the case of thepiratebay.org it looks like it has been done by manipulating DNS-answers. The first attempt is just using the DNS-resolver from the internet access provider and the second is an attempt using Google public resolvers.
$ dig thepiratebay.org
; < <>> DiG 9.8.1 < <>> thepiratebay.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6811
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;thepiratebay.org. IN A
;; ANSWER SECTION:
thepiratebay.org. 10 IN A 194.109.6.92
;; ADDITIONAL SECTION:
thepiratebay.org. 10 IN TXT "Forged by XS4ALL for Stichting B.R.E.I.N."
;; Query time: 19 msec
;; SERVER: 192.168.178.1#53(192.168.178.1)
;; WHEN: Sat Feb 4 08:15:35 2012
;; MSG SIZE rcvd: 104
$ dig thepiratebay.org @8.8.8.8
; <<>> DiG 9.8.1 < <>> thepiratebay.org @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 4847
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;thepiratebay.org. IN A
;; ANSWER SECTION:
thepiratebay.org. 2596 IN A 194.71.107.50
;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb 4 08:16:16 2012
;; MSG SIZE rcvd: 50
By just changing DNS resolvers on the client or internet router the censorship can be bypassed for now. The question remaining is how long this is going to stand when the first article is published by a big computer magazine on how to bypass it. Or when sites also get an .onion to bypass DNS completely.
A picture says more than a thousand words, but censorship in The Netherlands has started thanks to Stichting Brein.
As from now all my DVD’s are for sale on Bol.com and yes in March I’ll join the month of not spending a penny on the entertainment industry which was proposed for SOPA and PIPA. It only make me wonder how ACTA is going to influence the Internet when it gets approved.
Firefox 10 beta 6 was released on last week and with the final release coming soon it was time to have a closer look at Firefox 10. I must say that this is a release worth installing like Firefox 5 was with decent HTML5 video support. But what makes Firefox 10 different then previous releases? Then answer is simple, WebGL. WebGL is a way to do 3D programming and rendering directly from within JavaScript.
With Firefox 10 WebGL works and there for also Google Street View works without the need of Flash. Yes, another dependency on Flash has been removed. The previous major dependency was YouTube, but as some may have noticed they also are in a transition from Flash to HTML5 video where you get the HTML5 variant when Flash doesn’t work.
As more and more websites switch from a Flash-player for video toward HTML5 in under a year it makes you wonder what WebGL is going to change. Was HTML5 a year ago only for the geeks and cutting edge, now more and more starts to depend on it. With HTML5 Canvas a lot of Arcade games where rewritten to run in a webbrowser. With WebGL the question comes when Doom has been rewritten to run in a webbrowser. Maybe something for a Google Summer of Code project?
I stumbled on a phishing site for a Dutch-bank in my junk-folder and for once I decided to have closer look to see if the filter was working correctly. Is was, but after reviewing the phishing site I saw two things and it was time to act.
The first one was the hosting service. It was a free hosting service so no defacing or whatever. That makes live very convenient for hosting a phishing site that looks pretty safe. The seconds was the use of a free hosting service for submit and collect forms. The funny part is btw, that the seconds appears to very if a certain tag is in the referral page, but doesn’t check if it really shows up. So to eliminate the inclusion in the webpage, the have added then after the closing HTML-tag. Maybe using XPath was a better design choice over just search for a certain string to enable the service.
As the form was asking for all kind of funny details to do perfect phishing I decide to report this to all involved parties. The site being phished, Rabobank in this case, the hoster T15.org and Formbuddy for processing phishing data. After so checking and didn’t found enough leads on alternative mail-addresses to report this I decide to use RFC 2142 reserved mail-addresses and the following happend.
<abuse@rabobank.nl>: host mail01.rabobank.nl[145.72.107.42] said: 550 #5.1.0
Address rejected. (in reply to RCPT TO command)
<security@rabobank.nl>: host mail01.rabobank.nl[145.72.107.42] said: 550 #5.1.0
Address rejected. (in reply to RCPT TO command)
<security@formbuddy.com>: host ASPMX.L.GOOGLE.com[74.125.79.27] said: 550-5.1.1
The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient’s email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596
d15si7088885eei.16 (in reply to RCPT TO command)
The one that worries me the most is that a bank appears to have no working mail-addresses as described in Section 4 of RFC 2142. Those are basically key for contacting parties in case of emergencies or trouble. The abuse-reject was already noticed by someone last year, but I really wonder how a /16 network can ignore this. Also since there is no abuse-c entry know for there /16.
Update 2012-01-06: The nice guys at T15.org have taken the website down within a few hours after reporting.
Recent Comments