Category Archives: Privacy

Reinventing the Web

Tim Berners-Lee
Tim Berners-Lee

We’ve seen some successful technical “reinventions” of the Web such as HTTPS/2 and HTML5 making sites faster and more responsive, but this “Web’s Creator Looks to Reinvent It” initiative is not new, but I will come to that later.

There are a number of issues that have concerned many people, not just in the IT Security industry, but many regular internet users.

Snowden’s leaks, whatever you may think of the rights and wrongs of him making these disclosures, the lengths government agencies go to snoop are a concern to anyone that understands them.

Facebook have been accused of meddling in US elections and Google has been caught out manipulating Brexit searches. There are many other cases, promises that they are not, it’s too complex to understand etc.. But really do you belive them, maybe you don’t care.

Google does have many alternatives, a couple are duckduckgo.com which addresses the bias and startpage.com which address the privacy issues, but neither have picked up many users, maybe if the close to half of English users who support leaving the EU were aware there was an alternative un-biased search engine they would use it. I tend to use Google a lot, as I use a lot of tools that they only have (Dorks etc.), But I am sure that is not the case of the loyalty shown by the majority of users, I think just familiarity and lack of knowledge of an alternative.

Facebook, now that’s an interesting one, they really have a monopoly in the Western world, there were a few competitors in the early days, but they are all gone now. Facebook has become a huge part of peoples lives, I default to skype if needing to contact friends or family, but there are some who will only respond to Facebook messenger contact.

There have been a number of open source alternatives, and to reinvent the Web as Tim Berners-Lee suggests an open source alternative to Facebook is what would be needed. The most upto date and vibrant alternative is the diaspora project, much of the initial funding came from Mark Zuckerberg (Facebook founder). It works, I have set up a few diaspora servers myself, but it is impossible now to unhook a large enough proportion of the population from Facebook, and get their involvement in anything else now, it is the nature of social networking.

Put it another way, not one of the top ten celebrities on facebook have a diaspora* account. I bet none in the top 100, but it would take me too long to confirm that.

I suspect that this very well meaning group of the technically able can create alternatives, but they do not have the ability to get people to switch over?

Switching a WordPress site over to HTTPS/SSL

WordPress.com, the official hosted version of WordPress have switched over to enforcing SSL, while this is mostly a political statement, there is some merit, firstly you might actually have some forms which should be secure, allowing users to communicate using the secure channel https provides, secondly there Google have started giving a slight boost to your PageRank when they see SSL in place.

ssl

But if you host your own server, you need to enable and provide a certificate yourself.

First check Apache is listening on 443

netstat -ntpl | grep 443

Create a Certificate Request

If all you need is secure forms and a green padlock as I have used here you can use a Rapid SSL Certificate @ $12.99 a year here.

You can also get a suitable free certificate from StartSSL, I have a walk through here for that. If you are able to use LetsEncrypt, they have a great free certificate thats generated from your server.

Here is a great walk through on enabling SSL and copying the certificate and key over to your server.

To redirect http URLs to https, do the following:

 ServerName www.example.com
 Redirect / https://www.example.com/
ServerName www.example.com
 # ... SSL configuration goes here

Enable SSL for apache

a2enmod ssl

Enable the new SSL config

a2ensite example.com-ssl

Test the new config

apachectl configtest

Restart

sudo /etc/init.d/apache2 restart

Quite often we see that while everything else is working, a firewall might be blocking port 443, check to see if IPTables is blocking

iptables -L -n

If not add the rule

iptables -I INPUT -p tcp --dport 443 -j ACCEPT
/etc/init.d/iptables-persistent save

check to see if UFW is blocking

ufw status

If you don’t see HTTPS or SSL listed

UFW allow https

If your padlock is broken, likely you have some non-ssl content that manually needs having it’s url altered. To check for non HTTPS content use this Why no Padlock tool.

This of course is another one of my reminder walkthroughs, that I will update as I find better instructions, and welcome any improvements.

Local man tricks upto 2000 boys into exposing themselves online

I don’t think kids are getting the message, allowing anything that you would not be comfortable for your mother to see, should never be allowed onto any digital device, from explicit text messages to embarrassing pictures, never, I don’t know if the effect on this preditors victims has been so fatal as this previous story where a number of kids lost their lives.

The Local RCMP have issued this video calling for victims to come forward.

 

 

From the RCMP Website here

The New Brunswick RCMP’s Internet Child Exploitation Unit is seeking the public’s help to identify victims of a man who had been sexually exploiting boys online from at least January 2012 until the fall of 2014.

Investigators have determined that this man was luring boys online by pretending to be a teenaged girl. The investigation indicates the possible victims are as young as 10 and up to 16 years old and may not even be aware they have been victimized. Police have charged a 24-year-old Moncton man, who cannot be named because of a court ordered publication ban, with several sex offences.

In addition to those offences, the investigation has shown the man contacted boys through live video chats on various social media sites. He used a video of a teenaged girl that appeared to be live and convinced the boys to undress and initiate sex acts which he then taped and distributed via the Internet. One chat website he used frequently was Omegle.com, a site that requires no username where people can chat with strangers from all over the world.

Investigators have determined that there could be as many as 2000 victims living in Canada, the United States, United Kingdom, the Netherlands, Australia and Russia and possibly elsewhere.  Police are asking anyone who may have been in contact with this man via video chat or email to contact their local police or call the Royal Canadian Mounted Police in New Brunswick at 1-506-452-3405 or by email at jdivice.divjueei@rcmp-grc.gc.ca

This man’s known online user names and email addresses are listed below.

Video Chat Names

  • Skype: Veronika.Maylae
  • Vichatter: Veronika69

Facebook Account

  • Vero May (www.facebook.com/vero.may.3950)

Email Addresses

  • boiyavi@hotmail.com
  • revolboy@hotmail.com
  • tigerjack@hotmail.com

“We know it may be difficult for victims and/or their families to come forward but their information is very important to the investigation and could help prevent similar crimes by online predators,” says Sgt. Jean Marc Paré of the New Brunswick RCMP.  “Police want to be able to speak to as many victims as possible to assist with the investigation.”

The RCMP investigation into this case in New Brunswick started in the fall of 2014 as the result of information uncovered by York Regional Police during an investigation entitled Project Hydra.

The RCMP in New Brunswick has released a video about this investigation on social media and is asking the public to view it and then share it via their social media channels in order to reach as many potential victims as possible.

Anyone with information on these crimes can report their information anonymously through Crime Stoppers at www.crimenb.ca or by calling 1-800-222-TIPS (8477).

Contact Information

Cst. Jullie Rogers-Marsh
Media Relations Officers
RCMP in New Brunswick
506-452-4252