Thursday, November 24, 2011

Christmas is coming. You can get great gifts at Zazzle



...And the best part is, if you can't find the T-Shirt, mousepad, iPad skin, etc. that you want you can even design your own!

Wednesday, November 16, 2011

What kinds of WiFi Networks Are People Using

This video is the result of trying to answer my own curiosity about what kinds of WiFi networks are people actually using out there in the real world?




I decided that I wanted to know what other folks in my area were doing in the wireless space.

On the train ride home from this year's SecTor Security Conference this year I did a little survey.
This is actually the second time I've done this, the first was a year ago, on my way home from the November TASK meeting. but I never posted results of that.. I started to write a blog post but then scrapped it.
Anyway, I was curious...
...so I pulled out my netbook and fired up airodump-ng for a little war-driving (war-training?).

Please note, I did not attempt to connect to any of the networks I found. This was just a listening exercise to see who was out there. I chose the program airodump-ng specifically because I know it does not attempt to communicate with the Access Point, it just logs who was sending as it sees it. I also did not use it, like Google, to capture and record any transmitted payload data. I was not interested in who was connected, or what they were doing, just how the APs were configured.

When I got home I started compiling the data that I collected into a spreadsheet so that I could make some sense of it.

Note: this wireless survey only covered a small area, the stretch along the train tracks (and major highway) between downtown Toronto's Union Station, and the Whitby station to the east, about a 1 hour train ride.

Monday, November 14, 2011

ZoneAlarm Making Some Hefty Claims

I updated ZoneAlarm on one of my PCs today, and was greeted by this screen making some of the grandest claims I've ever seen from a computer security product.

Claim #1 isn't so bad. "Your computer is protected against hackers" I should hope that the firewall provides some degree of protection. ...of course, just like a condom, the firewall doesn't provide 100% effectiveness in that protection, but it does provide protection.

The second and third claims with their absolute statements are misleading. "Your Web browsing is safe from phishing" and "Your identity and data are safe from theft and loss".

Let's be realistic folks. Nothing is going to make you absolutely safe from these things. No phishing filter, no matter how good it is is going to stop you from going to every phishing site ever conceived. Nothing can provide absolute protection from identity and/or data theft. No matter how many ways they try to protct you, somone will think of a different way to get the info from you.

Since ZA does not provide a backup solution, I can't see how it even attempts to protect you from data loss.
Likewise, CheckPoint (the makers of ZA) isn't in the counselling business, they can't do much about your loss of identity. If you don't know who you are anymore I doubt there is much they can do to help.  :)


All that said, I still think ZA is one of the best software firewalls for Windows out there.  It is light-years beyond the built-in "firewall"....and it's free!


Thursday, September 29, 2011

New Kindles Announced Yesterday

I like the keypad on the Kindles of the current generation, but the touch would be nice. No mention in this article of whether the Fire uses LCD or the new colour E-ink, but it turns out it is only an IPS LCD panel (IPS is good for LCD, and being a tablet rather than a colour e-book LCD makes sense, but I was hoping to see some colour e-ink this fall.
The good news for consumers is that they're all priced below $200, with the low end, smaller kindle at only $79 USD.

Sadly, no new DX model yet. I like the DX size for reading Adobe PDF formatted e-books (computer manuals, text books, gaming books). Maybe the next DX will be the colour e-ink model???

Here's a link to the CNET story:

Thursday, August 11, 2011

A Win With SONY!!!

They have finally corrected the Terms of service... just in time for my, and Anna's vacation together.
[See this older post for info:http://rodstech.blogspot.com/2011/04/why-i-wont-be-buying-videos-from-sony.html]

Thank you SONY.

New revised ToS that allows Canadians to watch their Sony store content:
http://www.qriocity.com/us/en/legal-snei-tosua-redlines.html

Tuesday, July 19, 2011

Microsoft Dropping Patch Support for Vista SP1

If you still run Microsoft Vista (what are you crazy? update to Windows 7, it'll be like getting a new computer) and you haven't got SP2 (Service Pack # 2) installed yet, get on it.

MS is not going to offer any more patches to SP1.
 If you don't have SP2 installed download it now. You can use automatic update, or you can download it from here and burn it to a CD if you have more than 1 computer that needs it:
http://technet.microsoft.com/en-us/windows/dd262148

Thursday, July 14, 2011

Bad People Project Updated

I got this e-mail from ISECOM today:

Subject: Kids Don't See Hackers as Bad People

Apparently not, there's not a single hacker in the bunch at 
http://www.badpeopleproject.org   ;)

Guess they're not scary enough.

We upgraded the Bad People research project and gallery and now need 
your submissions too.

Hand a child paper and pencil to draw you a picture of a bad person. 
Don't give hints, suggestions, or influence the child in any way. Ask 
the child to explain the picture to you. Scan/photograph that picture 
with explanation and e-mail it to the Bad People Project. We don't 
need names but we do need regional location, gender, and age. It's 
that easy!

All your submissions count and you ISECOM readers are from all around 
the world which makes it even better as a cultural study in security.

Thanks in advance for your participation and enjoy the new gallery.

Sincerely,
-pete.


If you have kids in the taget age group help them do this research, have your kids draw what they think a bad person looks like. There are some really reallly bad looking people in the gallery already. (knife and gun toting mummies, etc.) but it's not a contest to see who comes up with the worst bad-guy, they want to see all of the the variety of what kids think real-life bad-guys are like.

Thursday, June 16, 2011

Advanced Evasion Techniques - Stonesoft and ICSA

I attended SC Congress Canada 2011 on Tuesday and Wednesday this week, and perhaps the most interesting talk I attended was Stonesoft and ICSA's Advanced Evasion Techniques.

Stonesoft discovered that with certain evasion techniques (particularly when combined in particular combinations) they could sneak common exploits past many (including their own, at the time) IDS/IPS systems. They built a tool to repeat these tests on a variety of systems, and proved that with the right know how, and the right tool set (including a custom TCP/IP stack) attackers could sneak past our best defenses. Packet captures were sent to ICSA along with info so they could try to reproduce these results in their own labs. They did!

This is real and they foresee a not -too distant future where things like botnet kits will have this as a checkbox feature.




These evasion techniques are not attacks on their own, but rather a sneaky way to get whatever attack you want to use past the network monitoring and policing systems to the target host.
It's not about the bad-guy asking "How can I hack in?", but "How can I hack in without being seen?"




Check out the research paper, and packet captures if you are really techie, at http://www.antievasion.com/

Monday, June 06, 2011

The Truth About Credit Card Expiry

I used to be dumb enough to give my credit card number to Sony PSN. (No more! From now on I will be using gift cards for online services like that)

I had a MasterCard registered with Sony. I bought some PSN credit in January.
My card changed in Feb. (same card number (PAN), new expiry and CVC numbers)
I had never given Sony my new expiry # so I thought I was OK despite the hacking. After all, when I got the new card the activation instructions said that once you activate the new card, the old one becomes useless and should be destroyed.

I logged into PSN on the weekend to double check what card they had and it was that card.
I started a transaction for $5 worth of credit to see if it would show me for sure the expiry date was the old one... I clicked next and got back a thank you. A minute later an e-mail receipt arrived showing I had just purchased $5 of wallet credit in PSN. WHAT!?!!?

How was Sony able to process a purchase without the new expiry?

I got on the phone with the credit card company and asked them. They told me that because the old card has not yet expired, even though the new one is activated, they still keep the old one active too, and that is why they ask you to cut up the card when you have activated the new one. (funny that's not how they explain the process in the letter that comes with the new card)

So I reported my card lost and had a new one with all new numbers issued.

Tuesday, May 17, 2011

808 #11 keychain "Spy camera"

I have grown dissatisfied with the quality of the MD80 clone (D001) "spy" camera I've been using as a helmet cam.

So, I ordered an 808 #11 keychain "spy" camera from ebay.

This one was slightly more expensive. ($40 including shipping!) It provides 720P HD video with the time stamp that I like. (HINT: look in model rocket and RC hobby sites for a replacement firmware if you DON'T like the date stamp)

This one takes a slightly differently formatted file to set the time.
It didn't come with any instructions so I had to figure it out on my own. (with the help of google and some RC hobbyists who got them before me.)

Basically, you need a file called timeset.txt
It should be 1 line long and should look like this:

2011-05-17 23:38:51

You can edit the file yourself in your favorite text editor, or just use my scripts:

Linux: 808date.sh
#!/bin/sh
DATE=`date +%Y-%m-%d`
TIME=`date +%H:%M:%S`
echo "$DATE $TIME">timeset.txt
echo "808 #11 keychain camera date & time have been updated in the timeset.txt file."

Windows: 808date.cmd
@echo off
set YEAR=%date:~6,4%
set MONTH=%date:~0,2%
set DAY=%date:~3,2%
echo %YEAR%-%MONTH%-%DAY% %TIME:~0,8%> timeset.txt
echo "808 #11 keychain camera date & time have been updated in the timeset.txt file."

Just copy these files into the root folder (not DCIM, just stick them next to DCIM)
double-click the one for your operating system
eject the drive once you see the timeset.txt file appear
unplug it
turn it on
make a video
plug your keychain back into the USB
check that the timeset.txt is gone and the video has the right date and time.

[UPDATE June 2, 2011]
You can see some sample videos here: http://www.youtube.com/user/RodMacPherson
Videos after #8 are done with this HD keychain. From #13 on though they will not have Date and Time. I got the camera just a little bit wet in the rain a little while ago, and the clock has been "overclocked" ever since, counting seconds almost as if they were milliseconds. A clock that is always wrong is worse than no clock at all so I flashed it with one of the clock-less firmwares from the RCgroups.

[UPDATE April 7, 2012]
As some of you may have noticed, some of my helmet cam videos don't have a date stamp at all. You can remove it with firmware from the nicce people over at RCGroups.com

[UPDATE April 17, 2012]
Also... to add a little to the confusion with dates (as pointed out by E in the comments) The RC Groups firmwares that do leave the date on seem to use a different format for the txt file than the one that came on my camera. Now they expect it in YYYY-DD-MM HH:MM:SS instead of YYYY-MM-DD HH:MM:SS as before so, if your time is right and the year is right, but it always seems to have the wrong day and month try this:
@echo off
set YEAR=%date:~6,4%
set MONTH=%date:~0,2%
set DAY=%date:~3,2%
echo %YEAR%-%DAY%-%MONTH% %TIME:~0,8%> timeset.txt
echo "808 #11 keychain camera date & time have been updated in the timeset.txt file."
That should fix it. Of course, use E's suggestion if you are using a different date/time format on your computer.

Don't have a spy camera/dash cam yet? get one at DealExtreme.

Wednesday, April 20, 2011

Why I Won't Be Buying Videos from SONY PSN Anymore

[UPDATE, Aug 11, 2011: Sony finally corrected their ToS:http://www.qriocity.com/us/en/legal-snei-tosua-redlines.html  Thanks SONY!]

Even though the new Terms of Service for Sony Network Entertainment America (SNEA), formerly a part of Sony Computer Entertainment America (SCEA), came out on April 1 I have confirmed that what sneaky back-handedness they wrote into it was not an April fools joke.

For those who own a PS3 (or other PSN/Qriocity capable video device) in Canada SONY apparently doesn't like you.

...or at least they don't care about your continued loyalty and continued business.

They have written the terms so that everyone who clicked the I Agree button to log into their PSN account has agreed that even if they are in Canada they will not watch the videos bought on the PSN Video store outside the United States.  That means that if you are in Canada and purchased a video from SONY's PSN video store and you then watch it in Canada you are violating the Terms of Service and SONY is free to do whatever they want to your account.

I sought first a change to fix what looked like an embarrassing mistake on SONY's part, but then when that did not seem to be coming I asked for an official statement that what they said is what they meant.

This is the final e-mail I got back from them:

Hello Rod,

We do apologize for this inconvenience or confusion regarding this issue,

This is an official document listed below.

Please refer to the Terms of Use, section 8.

Terms of Use and User Agreement
Article Link: http://playstation.custhelp.com/app/answers/detail/a_id/1109

Regards,
Don K


For anyone interested, but not wanting to follow the link here is Section 8 of Terms of Service and User Agreement Version 9 (April 1, 2011)

I have highlighted in RED the part I'm talking about.


8. VIDEO CONTENT

You may use either your Qriocity account or PSN account to purchase video content. Subject to the terms of this Agreement and any additional terms and conditions for the particular item, SNEA licenses digitalized content, including television shows and movies ("Video Content") to you for your personal, private, non-commercial viewing in the United States only, using a limited number of activated PlayStation®3 computer entertainment systems, PSP® (PlayStation®Portable) systems, personal computers ("PSN Devices") and VOD Devices (collectively, "Authorized Devices") during the authorized viewing period ("Authorized Term"). Video Content may be made available to you as a rental for a limited duration ("Rental Content") or purchase ("Sold Content"). Use of Video Content is subject to certain digital rights management rules and terms and conditions of this Agreement. Except for rights explicitly granted to you, all rights in the Video Content are reserved by SNEA and its licensors.

Only one copy of Rental Content may be viewable on an Authorized Device and each copy will have a rental time period ("Rental Period") during which you can begin playback for that copy. The Rental Period for each copy of Rental Content will be displayed to you prior to finalizing your rental payment. Once you begin playback of your Rental Content copy, that copy is viewable for up to 24 hours. After such time, you will not be able to view the Rental Content. Rental Content may not be reproduced.

You may select the Authorized Device on which you want to view your Rental Content. If you have a Qriocity account, you may view your content from any one of your activated VOD Devices only. If you have a PSN account, you may view your Rental Content purchased on PSN or Qriocity from any one of your activated Authorized Devices, except that if the Rental Content is in high definition format, it may be viewed on one (1) activated PlayStation®3 computer entertainment system or one (1) VOD Device. Rental Content may not be transferred between a PSN Device and a VOD Device. Once playback has started on a VOD Device, you may not view that content using any other Authorized Device without a separate payment. If you start Rental Content playback on a PSN Device, the account that purchased the Rental Content may, during the Authorized Term, transfer that content to a limited number of activated PSN Devices, as described below.

Rental Content in standard definition format downloaded onto a PlayStation®3 computer entertainment system or a personal computer may be transferred to up to three (3) PSP® (PlayStation®Portable) systems. Rental Content in standard definition format for use with a PSP® (PlayStation®Portable) system may be transferred to up to one (1) PlayStation®3 computer entertainment system and two (2) personal computers.

You may view Sold Content for an unlimited number of times on an activated PSN Device only. The account that purchased the Sold Content may copy that content to a limited number of PSN Devices, as described below.

Sold Content in standard definition format downloaded onto a PlayStation®3 computer entertainment system or a personal computer may be copied for use on up to three (3) PSP® (PlayStation®Portable) systems. Sold Content in standard definition format for use with a PSP® (PlayStation®Portable) system may be copied for use on up to one (1) PlayStation®3 computer entertainment system and two (2) personal computers. Sold Content in high definition format may be viewed on only one (1) activated PlayStation®3 computer entertainment system.

You may have the option to purchase Video Content in high definition and standard definition format. You acknowledge that delivery of content is dependent on variables not under SNEA's control, including but not limited to, the speed and availability of your broadband or network connection. You may experience delays or technical difficulties caused by or related to such variables. If you have purchased Video Content and view it using a VOD Device, you may not be able to view your content in the format that you've purchased due to such variables. To the extent permitted by applicable law, you will not receive a refund or credit for any content that you are not able to view or have difficulty viewing due to such variables. We strongly encourage you to purchase content suitable for your viewing capabilities. You bear all responsibility for ensuring that you have the viewing capabilities to view content in the appropriate format or at all.

Proper activation of an Authorized Device by the account that purchased the Video Content is required for all downloads, transfers, copies and viewings. Purchase of Video Content is connected to the purchasing account. An account can activate no more than the maximum number of Authorized Devices, regardless of the number of copies of Video Content purchased. Video Content may not be transferred from one account to another. You may not exceed the total number of accounts on any Authorized Device. Please refer to http://playstation.com/ and http://qriocity.com/ for more information on the total number of permitted Sony Online Services accounts. SNEA reserves the right to limit the number of times an Authorized Device may be activated or deactivated.

Downloading or streaming is not permitted outside the Authorized Term. In addition, once Video Content has been downloaded or accessed, you will not be able to download it again without purchase of another copy.

Some content such as movie trailers may not be representative of the actual feature presentation. Digitalized versions of some content may not be identical with the original formatted content or previously released versions of the same titled content.

Video output in certain formats may require additional equipment, sold separately.



So there you have it Canadian PS3 users, SONY wants you to only watch your PSN video content in the USA, if you watch it at home you've violated the terms of your contract with SONY.

What were the e-mails leading upto all this you ask?

Here is the whole conversation. In typical e-mail style, it's best to start at the bottom and work your way up:


Subject
Dear Sony, I cannot agree to your April 1 terms of service. Sect. 8 Video Conten...

Discussion Thread
Response Via Email (Don K) 04/20/2011 08:40 AM
Hello Rod,

We do apologize for this inconvenience or confusion regarding this issue,

This is an official document listed below.

Please refer to the Terms of Use, section 8.

Terms of Use and User Agreement
Article Link: http://playstation.custhelp.com/app/answers/detail/a_id/1109

Regards,
Don K
Customer By Email (ROD MACPHERSON) 04/19/2011 04:58 PM
I think you misunderstood me.
I am not asking for a refund of wallet moneys or to cancel my account.

I just want one of two things. Either a correction in the Terms of
Service so that it makes sense, or clarification from SONY that you (as
a company) really meant what you said and that it is no longer legal to
watch movies and TV shows I purchased in Canada on a Canadian PSN
account outside the USA.

As it stands, your Terms of Service say that I cannot watch videos from
PSN outside the USA. That means that if I watch my videos I am in breach
of this contract. I am holding off on accepting until I get either a
statement that that is indeed SONY's intent, or a new Terms of Service
appears with the mistake corrected.

If you do intend to make it a breach of contract for me to watch videos
that is fine, I will simply continue to use the PSN's other services and
no longer buy videos. .... although, if that is true, it'd be nice of
you to refund me for the videos you are stealing back, but I am not
going to force the issue. I'll just continue to play my games and watch
videos on other services.


Please let me know which it is. I want an official statement that the
terms of service are correct as they stand, or some indication of what
SONY's plan is to fix the error.



On 04/19/2011 11:29 AM, PlayStation Consumer Services wrote:
>
>
> * Subject*
> Dear Sony, I cannot agree to your April 1 terms of service. Sect. 8
> Video Conten...
>
> * Discussion Thread*
> * Response Via Email (Don K)* 04/19/2011 08:29 AM
> Hello Rod,
>
> We do apologize for this inconvenience.
>
> Thank you for contacting us regarding your decision to decline our Terms
> of Service and User Agreement. If you are serious about not
> being in agreement with the Terms of Use, then in order to close your
> PlayStation®Network account and return the funds in the wallet
> associated with your account, we will need the following information:
>
> PSN Sign-In ID (email address used to create your PSN account)
> PSN Online ID
> First Name
> Last Name
> Complete Mailing Address (where you would like to receive your refund)
>
> You may reply to this email directly if you're already using your PSN
> Sign-In ID email address to read this email. Otherwise, if you have a
> different email address associated with your PSN Sign-In ID, you MUST
> use your PSN ID email address to send us the above information. You can
> send your email to:
>
> TOS_PSN@playstation.sony.com TOS_PSN@playstation.sony.com>
>
> The refund is only for the remaining funds in your PSN wallet. We will
> not refund any money for content that has already been purchased. Once
> the refund request has been processed, your PSN account will be
> terminated. You will lose access to any content that has been purchased
> with this PSN account, as well as any trophies awarded to the account.
> You will also not be able to use this email address to create a new PSN
> account. The termination of your account is final and cannot be reversed.
>
> If you wish to terminate more than one account, you must follow this
> process for each account (we will need to receive an email directly from
> each email address used to create the separate PSN accounts to validate
> that you are the owner of the email accounts).
>
> We value your input and appreciate you bringing this to our attention.
> Please rest assured that we will convey your feedback to Sony Computer
> Entertainment America, LLC's ("SCEA") appropriate management.
>
> Regards,
> Don K
> * Customer By Email (ROD MACPHERSON)* 04/18/2011 05:43 PM
> Nothing against you guys personally, but as I am sure that you are not
> able to contractually bind SONY in any way, I cannot accept you saying
> "I am pretty sure you found an error...." and "Please keep using your
> account" as if it is a contract that supersedes the April 1 2011 Terms
> of Service/User Agreement.
>
> It has been 10 days since my initial contact with your department and I
> still have not received a satisfactory resolution to my concern.
> I will not click Accept, binding me to that agreement until it changes
> to resolve this or until I have in hand a contract from SONY legal dept
> that supersedes the April 1 Terms of Service.
>
> I am sure that this Terms of Service document was reviewed by at least a
> dozen people at SONY and it is an absolute embarrassment that it made it
> to being presented to your customers in it's current form.
>
> Please forward this to the Legal Department, I eagerly await their response.
>
> Sincerely,
> Rod MacPherson.
>
>
> On 12/04/2011 6:45 PM, PlayStation Consumer Services wrote:
>>
>>
>> * Subject*
>> Dear Sony, I cannot agree to your April 1 terms of service. Sect. 8
>> Video Conten...
>>
>> * Discussion Thread*
>> * Response Via Email (James G)* 04/12/2011 03:45 PM
>> Hello Rod,
>>
>> I am pretty sure you found an error in the wording. I will report this
>> and say thank you.
>>
>> Once this is updated you can probably rest easy and not worry about
>> this since it was likely in error.
>>
>> Please keep using your account, as it would seem that is really your
>> intent.
>>
>> Regards,
>> James G
>>
>> Are you a member of the PlayStation®Network yet? Play games online,
>> chat with friends, access exclusive titles, downloadable games, PS
>> one®Classics, free demos, movies, TV shows and more! Highly connected
>> and endlessly entertaining.
>> Welcome to the PlayStation®Network. Join now
>>
> !
>>
>>
>> * Customer By Email (ROD MACPHERSON)* 04/12/2011 03:14 PM
>> Can I have an update on this?
>> surely I'm not the only one who refused to agree to these terms based on
>> the limitation of only being allowed to view purchased content in a
>> country I don't live in.
>>
>> An update would be appreciated.
>> I'm a loyal Sony customer, having bought 3 PS2s, a PSP and 2 PS3's over
>> the years, but I cannot agree to terms that disallow me from watching
>> content I've purchased. ...even if I'll technically be able to I won't
>> agree to the contract the way it is.
>>
>>
>> On 04/09/2011 05:43 PM, PlayStation Consumer Services wrote:
>> >
>> >
>> > * Subject*
>> > Dear Sony, I cannot agree to your April 1 terms of service. Sect. 8
>> > Video Conten...
>> >
>> > * Discussion Thread*
>> > * Response Via Email (Richard K.)* 04/09/2011 02:43 PM
>> > Hello Rod,
>> >
>> > I understand the concern caused by the mention of content purchased from
>> > the PlayStation®Store's Video Download Service only being viewable in
>> > the United States. I am glad to say the PlayStation Store's Video
>> > Download Service is still available in both Canada and the United
>> > States. I am having the appropriate department within Sony Computer
>> > Entertainment America (SCEA) look into the mentioned clause so that it
>> > can be checked for inaccuracies. I appreciate you bringing this to our
>> > attention. Please let me know if you have any other questions or
>> > concerns in the future.
>> >
>> >
>> > Regards,
>> > Richard K.
>> > * Auto-Response* 04/08/2011 07:10 PM
>> > *** PLEASE DO NOT REPLY TO THIS MESSAGE. THIS IS A SYSTEM-GENERATED AUTO
>> > RESPONSE. ***
>> >
>> > Thank you for contacting Sony Computer Entertainment America, LLC
>> (SCEA).
>> >
>> > You have received this auto-acknowledgement to confirm that we received
>> > your message. We will respond to your message within 24 - 48 hours. For
>> > immediate online support, please visit our PlayStation Knowledge Center
>> > at http://us.playstation.com/support 24 hours a day.
>> >
>> > Thank you for your patience.
>> >
>> > SCEA Consumer Services
>> > * Customer By Web Form (ROD MACPHERSON)* 04/08/2011 07:10 PM
>> > Dear Sony,
>> > I cannot agree to your April 1 terms of service. Sect. 8 Video Content
>> > says "...viewing in the United States only" I'm in Canada.
>> > I am not going to drive my Playstation3 4 hours to the nearest border
>> > crossing just to watch a video I PURCHASED from you. Update the
>> > agreement please.
>> >
>> >
>> >
>>
>>
>> --
>>
>> Rod MacPherson
>> rod@macphersonclan.com rod@macphersonclan.com>
> rod@macphersonclan.com rod@macphersonclan.com>>
>> * Response Via Email (Richard K.)* 04/09/2011 02:43 PM
>> Hello Rod,
>>
>> I understand the concern caused by the mention of content purchased
>> from the PlayStation®Store's Video Download Service only being
>> viewable in the United States. I am glad to say the PlayStation
>> Store's Video Download Service is still available in both Canada and
>> the United States. I am having the appropriate department within Sony
>> Computer Entertainment America (SCEA) look into the mentioned clause
>> so that it can be checked for inaccuracies. I appreciate you bringing
>> this to our attention. Please let me know if you have any other
>> questions or concerns in the future.
>>
>>
>> Regards,
>> Richard K.
>> * Auto-Response* 04/08/2011 07:10 PM
>> *** PLEASE DO NOT REPLY TO THIS MESSAGE. THIS IS A SYSTEM-GENERATED
>> AUTO RESPONSE. ***
>>
>> Thank you for contacting Sony Computer Entertainment America, LLC (SCEA).
>>
>> You have received this auto-acknowledgement to confirm that we
>> received your message. We will respond to your message within 24 - 48
>> hours. For immediate online support, please visit our PlayStation
>> Knowledge Center at http://us.playstation.com/support 24 hours a day.
>>
>> Thank you for your patience.
>>
>> SCEA Consumer Services
>> * Customer By Web Form (ROD MACPHERSON)* 04/08/2011 07:10 PM
>> Dear Sony,
>> I cannot agree to your April 1 terms of service. Sect. 8 Video Content
>> says "...viewing in the United States only" I'm in Canada.
>> I am not going to drive my Playstation3 4 hours to the nearest border
>> crossing just to watch a video I PURCHASED from you. Update the
>> agreement please.
>>
>>
>>
>
>
> --
> Rod MacPherson
> rod@macphersonclan.com rod@macphersonclan.com>
> * Response Via Email (James G)* 04/12/2011 03:45 PM
> Hello Rod,
>
> I am pretty sure you found an error in the wording. I will report this
> and say thank you.
>
> Once this is updated you can probably rest easy and not worry about this
> since it was likely in error.
>
> Please keep using your account, as it would seem that is really your intent.
>
> Regards,
> James G
>
> Are you a member of the PlayStation®Network yet? Play games online,
> chat with friends, access exclusive titles, downloadable games, PS
> one®Classics, free demos, movies, TV shows and more! Highly connected
> and endlessly entertaining.
> Welcome to the PlayStation®Network. Join now
> !
>
> * Customer By Email (ROD MACPHERSON)* 04/12/2011 03:14 PM
> Can I have an update on this?
> surely I'm not the only one who refused to agree to these terms based on
> the limitation of only being allowed to view purchased content in a
> country I don't live in.
>
> An update would be appreciated.
> I'm a loyal Sony customer, having bought 3 PS2s, a PSP and 2 PS3's over
> the years, but I cannot agree to terms that disallow me from watching
> content I've purchased. ...even if I'll technically be able to I won't
> agree to the contract the way it is.
>
>
> On 04/09/2011 05:43 PM, PlayStation Consumer Services wrote:
>>
>>
>> * Subject*
>> Dear Sony, I cannot agree to your April 1 terms of service. Sect. 8
>> Video Conten...
>>
>> * Discussion Thread*
>> * Response Via Email (Richard K.)* 04/09/2011 02:43 PM
>> Hello Rod,
>>
>> I understand the concern caused by the mention of content purchased from
>> the PlayStation®Store's Video Download Service only being viewable in
>> the United States. I am glad to say the PlayStation Store's Video
>> Download Service is still available in both Canada and the United
>> States. I am having the appropriate department within Sony Computer
>> Entertainment America (SCEA) look into the mentioned clause so that it
>> can be checked for inaccuracies. I appreciate you bringing this to our
>> attention. Please let me know if you have any other questions or
>> concerns in the future.
>>
>>
>> Regards,
>> Richard K.
>> * Auto-Response* 04/08/2011 07:10 PM
>> *** PLEASE DO NOT REPLY TO THIS MESSAGE. THIS IS A SYSTEM-GENERATED AUTO
>> RESPONSE. ***
>>
>> Thank you for contacting Sony Computer Entertainment America, LLC (SCEA).
>>
>> You have received this auto-acknowledgement to confirm that we received
>> your message. We will respond to your message within 24 - 48 hours. For
>> immediate online support, please visit our PlayStation Knowledge Center
>> at http://us.playstation.com/support 24 hours a day.
>>
>> Thank you for your patience.
>>
>> SCEA Consumer Services
>> * Customer By Web Form (ROD MACPHERSON)* 04/08/2011 07:10 PM
>> Dear Sony,
>> I cannot agree to your April 1 terms of service. Sect. 8 Video Content
>> says "...viewing in the United States only" I'm in Canada.
>> I am not going to drive my Playstation3 4 hours to the nearest border
>> crossing just to watch a video I PURCHASED from you. Update the
>> agreement please.
>>
>>
>>
>
>
> --
>
> Rod MacPherson
> rod@macphersonclan.com rod@macphersonclan.com>
> * Response Via Email (Richard K.)* 04/09/2011 02:43 PM
> Hello Rod,
>
> I understand the concern caused by the mention of content purchased from
> the PlayStation®Store's Video Download Service only being viewable in
> the United States. I am glad to say the PlayStation Store's Video
> Download Service is still available in both Canada and the United
> States. I am having the appropriate department within Sony Computer
> Entertainment America (SCEA) look into the mentioned clause so that it
> can be checked for inaccuracies. I appreciate you bringing this to our
> attention. Please let me know if you have any other questions or
> concerns in the future.
>
>
> Regards,
> Richard K.
> * Auto-Response* 04/08/2011 07:10 PM
> *** PLEASE DO NOT REPLY TO THIS MESSAGE. THIS IS A SYSTEM-GENERATED AUTO
> RESPONSE. ***
>
> Thank you for contacting Sony Computer Entertainment America, LLC (SCEA).
>
> You have received this auto-acknowledgement to confirm that we received
> your message. We will respond to your message within 24 - 48 hours. For
> immediate online support, please visit our PlayStation Knowledge Center
> at http://us.playstation.com/support 24 hours a day.
>
> Thank you for your patience.
>
> SCEA Consumer Services
> * Customer By Web Form (ROD MACPHERSON)* 04/08/2011 07:10 PM
> Dear Sony,
> I cannot agree to your April 1 terms of service. Sect. 8 Video Content
> says "...viewing in the United States only" I'm in Canada.
> I am not going to drive my Playstation3 4 hours to the nearest border
> crossing just to watch a video I PURCHASED from you. Update the
> agreement please.
>
>
>


--

Rod MacPherson
rod@macphersonclan.com
Response Via Email (Don K) 04/19/2011 08:29 AM
Hello Rod,

We do apologize for this inconvenience.

Thank you for contacting us regarding your decision to decline our Terms of Service and User Agreement. If you are serious about not
being in agreement with the Terms of Use, then in order to close your PlayStation®Network account and return the funds in the wallet associated with your account, we will need the following information:

PSN Sign-In ID (email address used to create your PSN account)
PSN Online ID
First Name
Last Name
Complete Mailing Address (where you would like to receive your refund)

You may reply to this email directly if you're already using your PSN Sign-In ID email address to read this email. Otherwise, if you have a different email address associated with your PSN Sign-In ID, you MUST use your PSN ID email address to send us the above information. You can send your email to:

TOS_PSN@playstation.sony.com

The refund is only for the remaining funds in your PSN wallet. We will not refund any money for content that has already been purchased. Once the refund request has been processed, your PSN account will be terminated. You will lose access to any content that has been purchased with this PSN account, as well as any trophies awarded to the account. You will also not be able to use this email address to create a new PSN account. The termination of your account is final and cannot be reversed.

If you wish to terminate more than one account, you must follow this process for each account (we will need to receive an email directly from each email address used to create the separate PSN accounts to validate that you are the owner of the email accounts).

We value your input and appreciate you bringing this to our attention. Please rest assured that we will convey your feedback to Sony Computer Entertainment America, LLC's ("SCEA") appropriate management.

Regards,
Don K
Customer By Email (ROD MACPHERSON) 04/18/2011 05:43 PM
Nothing against you guys personally, but as I am sure that you are not
able to contractually bind SONY in any way, I cannot accept you saying
"I am pretty sure you found an error...." and "Please keep using your
account" as if it is a contract that supersedes the April 1 2011 Terms
of Service/User Agreement.

It has been 10 days since my initial contact with your department and I
still have not received a satisfactory resolution to my concern.
I will not click Accept, binding me to that agreement until it changes
to resolve this or until I have in hand a contract from SONY legal dept
that supersedes the April 1 Terms of Service.

I am sure that this Terms of Service document was reviewed by at least a
dozen people at SONY and it is an absolute embarrassment that it made it
to being presented to your customers in it's current form.

Please forward this to the Legal Department, I eagerly await their response.

Sincerely,
Rod MacPherson.


On 12/04/2011 6:45 PM, PlayStation Consumer Services wrote:
>
>
> * Subject*
> Dear Sony, I cannot agree to your April 1 terms of service. Sect. 8
> Video Conten...
>
> * Discussion Thread*
> * Response Via Email (James G)* 04/12/2011 03:45 PM
> Hello Rod,
>
> I am pretty sure you found an error in the wording. I will report this
> and say thank you.
>
> Once this is updated you can probably rest easy and not worry about
> this since it was likely in error.
>
> Please keep using your account, as it would seem that is really your
> intent.
>
> Regards,
> James G
>
> Are you a member of the PlayStation®Network yet? Play games online,
> chat with friends, access exclusive titles, downloadable games, PS
> one®Classics, free demos, movies, TV shows and more! Highly connected
> and endlessly entertaining.
> Welcome to the PlayStation®Network. Join now
> !
>
>
> * Customer By Email (ROD MACPHERSON)* 04/12/2011 03:14 PM
> Can I have an update on this?
> surely I'm not the only one who refused to agree to these terms based on
> the limitation of only being allowed to view purchased content in a
> country I don't live in.
>
> An update would be appreciated.
> I'm a loyal Sony customer, having bought 3 PS2s, a PSP and 2 PS3's over
> the years, but I cannot agree to terms that disallow me from watching
> content I've purchased. ...even if I'll technically be able to I won't
> agree to the contract the way it is.
>
>
> On 04/09/2011 05:43 PM, PlayStation Consumer Services wrote:
> >
> >
> > * Subject*
> > Dear Sony, I cannot agree to your April 1 terms of service. Sect. 8
> > Video Conten...
> >
> > * Discussion Thread*
> > * Response Via Email (Richard K.)* 04/09/2011 02:43 PM
> > Hello Rod,
> >
> > I understand the concern caused by the mention of content purchased from
> > the PlayStation®Store's Video Download Service only being viewable in
> > the United States. I am glad to say the PlayStation Store's Video
> > Download Service is still available in both Canada and the United
> > States. I am having the appropriate department within Sony Computer
> > Entertainment America (SCEA) look into the mentioned clause so that it
> > can be checked for inaccuracies. I appreciate you bringing this to our
> > attention. Please let me know if you have any other questions or
> > concerns in the future.
> >
> >
> > Regards,
> > Richard K.
> > * Auto-Response* 04/08/2011 07:10 PM
> > *** PLEASE DO NOT REPLY TO THIS MESSAGE. THIS IS A SYSTEM-GENERATED AUTO
> > RESPONSE. ***
> >
> > Thank you for contacting Sony Computer Entertainment America, LLC
> (SCEA).
> >
> > You have received this auto-acknowledgement to confirm that we received
> > your message. We will respond to your message within 24 - 48 hours. For
> > immediate online support, please visit our PlayStation Knowledge Center
> > at http://us.playstation.com/support 24 hours a day.
> >
> > Thank you for your patience.
> >
> > SCEA Consumer Services
> > * Customer By Web Form (ROD MACPHERSON)* 04/08/2011 07:10 PM
> > Dear Sony,
> > I cannot agree to your April 1 terms of service. Sect. 8 Video Content
> > says "...viewing in the United States only" I'm in Canada.
> > I am not going to drive my Playstation3 4 hours to the nearest border
> > crossing just to watch a video I PURCHASED from you. Update the
> > agreement please.
> >
> >
> >
>
>
> --
>
> Rod MacPherson
> rod@macphersonclan.com rod@macphersonclan.com>
> * Response Via Email (Richard K.)* 04/09/2011 02:43 PM
> Hello Rod,
>
> I understand the concern caused by the mention of content purchased
> from the PlayStation®Store's Video Download Service only being
> viewable in the United States. I am glad to say the PlayStation
> Store's Video Download Service is still available in both Canada and
> the United States. I am having the appropriate department within Sony
> Computer Entertainment America (SCEA) look into the mentioned clause
> so that it can be checked for inaccuracies. I appreciate you bringing
> this to our attention. Please let me know if you have any other
> questions or concerns in the future.
>
>
> Regards,
> Richard K.
> * Auto-Response* 04/08/2011 07:10 PM
> *** PLEASE DO NOT REPLY TO THIS MESSAGE. THIS IS A SYSTEM-GENERATED
> AUTO RESPONSE. ***
>
> Thank you for contacting Sony Computer Entertainment America, LLC (SCEA).
>
> You have received this auto-acknowledgement to confirm that we
> received your message. We will respond to your message within 24 - 48
> hours. For immediate online support, please visit our PlayStation
> Knowledge Center at http://us.playstation.com/support 24 hours a day.
>
> Thank you for your patience.
>
> SCEA Consumer Services
> * Customer By Web Form (ROD MACPHERSON)* 04/08/2011 07:10 PM
> Dear Sony,
> I cannot agree to your April 1 terms of service. Sect. 8 Video Content
> says "...viewing in the United States only" I'm in Canada.
> I am not going to drive my Playstation3 4 hours to the nearest border
> crossing just to watch a video I PURCHASED from you. Update the
> agreement please.
>
>
>


--
Rod MacPherson
rod@macphersonclan.com
Response Via Email (James G) 04/12/2011 03:45 PM
Hello Rod,

I am pretty sure you found an error in the wording. I will report this and say thank you.

Once this is updated you can probably rest easy and not worry about this since it was likely in error.

Please keep using your account, as it would seem that is really your intent.

Regards,
James G

Are you a member of the PlayStation®Network yet? Play games online, chat with friends, access exclusive titles, downloadable games, PS one®Classics, free demos, movies, TV shows and more! Highly connected and endlessly entertaining.
Welcome to the PlayStation®Network. Join now!
Customer By Email (ROD MACPHERSON) 04/12/2011 03:14 PM
Can I have an update on this?
surely I'm not the only one who refused to agree to these terms based on
the limitation of only being allowed to view purchased content in a
country I don't live in.

An update would be appreciated.
I'm a loyal Sony customer, having bought 3 PS2s, a PSP and 2 PS3's over
the years, but I cannot agree to terms that disallow me from watching
content I've purchased. ...even if I'll technically be able to I won't
agree to the contract the way it is.


On 04/09/2011 05:43 PM, PlayStation Consumer Services wrote:
>
>
> * Subject*
> Dear Sony, I cannot agree to your April 1 terms of service. Sect. 8
> Video Conten...
>
> * Discussion Thread*
> * Response Via Email (Richard K.)* 04/09/2011 02:43 PM
> Hello Rod,
>
> I understand the concern caused by the mention of content purchased from
> the PlayStation®Store's Video Download Service only being viewable in
> the United States. I am glad to say the PlayStation Store's Video
> Download Service is still available in both Canada and the United
> States. I am having the appropriate department within Sony Computer
> Entertainment America (SCEA) look into the mentioned clause so that it
> can be checked for inaccuracies. I appreciate you bringing this to our
> attention. Please let me know if you have any other questions or
> concerns in the future.
>
>
> Regards,
> Richard K.
> * Auto-Response* 04/08/2011 07:10 PM
> *** PLEASE DO NOT REPLY TO THIS MESSAGE. THIS IS A SYSTEM-GENERATED AUTO
> RESPONSE. ***
>
> Thank you for contacting Sony Computer Entertainment America, LLC (SCEA).
>
> You have received this auto-acknowledgement to confirm that we received
> your message. We will respond to your message within 24 - 48 hours. For
> immediate online support, please visit our PlayStation Knowledge Center
> at http://us.playstation.com/support 24 hours a day.
>
> Thank you for your patience.
>
> SCEA Consumer Services
> * Customer By Web Form (ROD MACPHERSON)* 04/08/2011 07:10 PM
> Dear Sony,
> I cannot agree to your April 1 terms of service. Sect. 8 Video Content
> says "...viewing in the United States only" I'm in Canada.
> I am not going to drive my Playstation3 4 hours to the nearest border
> crossing just to watch a video I PURCHASED from you. Update the
> agreement please.
>
>
>


--

Rod MacPherson
rod@macphersonclan.com
Response Via Email (Richard K.) 04/09/2011 02:43 PM
Hello Rod,

I understand the concern caused by the mention of content purchased from the PlayStation®Store's Video Download Service only being viewable in the United States. I am glad to say the PlayStation Store's Video Download Service is still available in both Canada and the United States. I am having the appropriate department within Sony Computer Entertainment America (SCEA) look into the mentioned clause so that it can be checked for inaccuracies. I appreciate you bringing this to our attention. Please let me know if you have any other questions or concerns in the future.


Regards,
Richard K.
Auto-Response 04/08/2011 07:10 PM
*** PLEASE DO NOT REPLY TO THIS MESSAGE. THIS IS A SYSTEM-GENERATED AUTO RESPONSE. ***

Thank you for contacting Sony Computer Entertainment America, LLC (SCEA).

You have received this auto-acknowledgement to confirm that we received your message. We will respond to your message within 24 - 48 hours. For immediate online support, please visit our PlayStation Knowledge Center at http://us.playstation.com/support 24 hours a day.

Thank you for your patience.

SCEA Consumer Services
Customer By Web Form (ROD MACPHERSON) 04/08/2011 07:10 PM
Dear Sony,
I cannot agree to your April 1 terms of service. Sect. 8 Video Content says "...viewing in the United States only" I'm in Canada.
I am not going to drive my Playstation3 4 hours to the nearest border crossing just to watch a video I PURCHASED from you. Update the agreement please.

[---001:021920:26014---]

Monday, April 18, 2011

Epsilon: Be wary of Phishing attempts coming from legitimate looking e-mails

We all subscribe to e-mail newsletters in some form or another.
We all get those deal of the day e-mails telling us the latest deals at our favourite retailers or Air Miles updates with links back to the Air Miles site and vacation deals.

We all need to be a lot more careful.

Last month Epsilon, a marketing firm that deals with many of the retailers we all know and trust was hacked.
At first it was downplayed as not important because the hackers only got names and e-mail addresses. No credit card data was ever stored by Epsilon on the systems that were breached, and in fact they would not have that info in most cases because they are just the guys who send out those e-mail newsletters on behalf of retailers and banks.

Not long after, people started to realize the implications of this breach, but the problem is, even the tech press never really got the point across very well, and it was usually ignored by readers because the news sites only ever listed a handful of companies that were affected.

Most people reading about the breach are probably thinking, "I don't deal with those companies, I'm ok" looking at the short list of 3-4 examples in most news stories about it, or "so they got my e-mail address who cares, I get spam all the time".

The issue is they got e-mail addresses, and names linked to retailers and banks that you DO deal with and that you are already used to getting e-mails from. ...e-mails that already link to a 3rd party, that takes stats then forwards you to the retailer's website. So you are used to seeing links in these e-mails pointing to somewhere other than the official website, but eventually taking you there.

This is prime data for a wide spread, and likely to be highly successful, Phishing expedition.

They send you an e-mail that looks like every Sears ad you've gotten on a monthly basis for years, it has a great bargain on BBQs... You think "It's spring, I should probably check out this deal on BBQs" and you click it. It takes you to what looks like a Sears website (and yes they can be VERY convincing) but it is not. It is a fake Sears website that they set up just for the purpose of collecting more info about these people that they already know are Sears customers... Maybe you will attempt to order that BBQ and they will get your credit card, and you won't know it till it is way too late.

The other scam that they are running is a fake Epsilon breach news update site (copied from the actual press release site) that offers up a downloadable tool that they tell you to run to see if the hackers have your e-mail address... That tool is a Trojan!

So do they have your e-mail address? Probably. Do you get regular e-mails from any of these companies?

1-800-FLOWERS
AbeBooks
Abercrombie & Fitch (WFNNB)
AIR MILES Reward Program (Canada)
Ameriprise
Ann Taylor (WFNNB)
AshleyStewart (WFNNB)
Avenue (WFNNB)
Barclays Bank of Delaware
Beachbody
Bealls (WFNNB)
bebe
Best Buy
Best Buy Canada Reward Zone
Benefit Cosmetics (see below)
BJ’s Visa (Barclays Bank of Delaware)
Brookstone
Capital One
Catherine’s (WFNNB)
Chadwick’s (WFNNB)
Charter Communications
Chase
Citigroup
City Market
College Board
Crate & Barrel (WFNNB)
Crucial
David’s Bridal
Dell Australia
Dillons
Disney Destinations (The Walt Disney Travel Company)
Domestications (WFNNB)
Dressbarn (WFNNB)
Eddie Bauer Friends
Eileen Fisher (doesn’t name Epsilon but same template letter)
Ethan Allen
Eurosport Soccer (Soccer.com)
Express card (WFNNB)
ExxonMobil Card (Citi)
Fashion Bug (WFNNB)
FINA (WFNNB)
Food 4 Less
Fred Meyer
Fry’s
Gander Mountain (WFNNB)
Giant Eagle Fuelperks! (WFNNB)
GlaxoSmithKline Consumer Healthcare (GSK)
Goody’s (WFNNB)
Hilton Honors
Home Depot Card (Citi)
Home Shopping Network (HSN)
J Crew (WFNNB)
J.Jill
Jay C
Jessica London (WFNNB)
JPMorgan Chase
Justice (WFNNB)
KingSize Direct  (WFNNB)
King Soopers
Kroger
Lacoste
Lane Bryant (WFNNB)
L.L. Bean Visa (Barclay’s)
M & T Bank
Marriott Rewards (FAQ on site)
Marks & Spencer
Maurice’s (WFNNB)
McKinsey Quarterly
MoneyGram
MyPoints Reward Visa
New York & Company
NTB Card (Citi)
One Stop Plus (WFNNB)
PacSun (Pacific Sunwear) (WFNNB)
Palais Royal (WFNNB)
Peebles (WFNNB)
Polo Ralph Lauren
PotteryBarn/PotteryBarnKids (WFNNB)
Quality Food Centers (QFC)
QualityHealth
RadioShack (WFNNB)
Ralphs
Red Roof Inn
Reeds Jewelers (WFNNB)
Ritz-Carlton (FAQ)
Robert Half International
Scottrade
Sears (Citi)
Shell (Citi)
Smile Generation Financial
Smith’s Food & Drug Centers (Smith’s Brands)
Sportsman’s Guide (WFNNB)
Stage (WFNNB)
Stonebridge Life Insurance
Target
Tastefully Simple
TD Ameritrade
The Limited (WFNNB)
The Place (Citi)
TIAA-CREF
TiVo
Trek (WFNNB)
United Retail Group (WFNNB)
US Bank
Value City Furniture (WFNNB)
Verizon
Victoria’s Secret (WFNNB)
Viking River Cruises
Walgreens
Woman Within (WFNNB)
World Financial Network National Bank




For more info:

http://www.databreaches.net/?p=17374

http://www.net-security.org/malware_news.php?id=1696&utm_source=Help+Net+Security+Daily+News&utm_campaign=6de5c5076e-RSS-hns&utm_medium=email

Friday, April 08, 2011

Take Back The Light

I know that the programme has been running for a year now, but I still get people asking me what to do with the used Compact Flourescent (CFL) light bulbs AKA twisty bulbs when they die.

Mainly they ask because with very few exceptions (a few vanity bulbs in the bathroom) all of my lights have been converted to CFL or halogen. (Halogen because low wattage halogen was available before high power dimmable LED) While CFL bulbs are available cheap in quantity these days, people are still reluctant because they don't know what to do with them when they die. It says right on the package that you shouldn't put them in the garbage because they contain mercury which could poison the water supply.

Anywhere in Ontario you can return ANY flourescent light tube, CFL or long tube style, to ANY Canadian Tire store.You just take it to the customer service area, and they have a bin specifically for CFL recycling. If you can't fit the bulb into the bin (because it's a long blub, or because the bin is full) just hand it over the desk to the clerk. Done.

They have them picked up and taken to a recycling facility in Ayr, Ontario, where they are safely recycled.

For more info read http://www.takebackthelight.ca/retail_take_back

Thursday, April 07, 2011

MD80 "spy camera"

I recently bought a very cheap little "spy" camera on ebay. (a little over $8 including shipping)

I wanted a helmet cam for my e-bike vlog on Youtube.

This cheap little camera fits right inside my motorcycle helmet. (it is tiny, so it doesn't get in the way at all) and records standard definition video to a microSD card. It runs off a built in rechargeable battery and charges via USB.

The video has a time stamp in the lower right corner, which is good for if there is an accident and I want to hand over the video to my lawyer or the police. The problem is that the date and time needs to be reset every time

you connect to the computer
the battery runs out. That doesn't sound bad except that it is not an automatic process, you need to manually edit a file called TAG.txt on the SD card and reboot the camera. (switch it off and on again)

I wrote a little BASH script (I use Linux as my primary Operating System) to handle that for me, so all I have to do is double click the MD80date.sh file and it generates the TAG.txt file for me.

MD80date.sh:
#!/bin/sh
DATE=`date +%Y/%m/%d`
TIME=`date +%H:%M:%S`
echo "[date] ">TAG.txt
echo $DATE" ">>TAG.txt
echo $TIME>> TAG.txt
echo "MD80 date & time have been updated in the TAG.txt file."



Here is a similar version for Windows

MD80date.cmd:
echo off
set YEAR=%date:~6,4%
set MONTH=%date:~0,2%
set DAY=%date:~3,2%
echo [date] >TAG.txt
echo %YEAR%/%MONTH%/%DAY% >>TAG.txt
echo %TIME:~0,8%>> TAG.txt
echo "MD80 date & time have been updated in the TAG.txt file."
So, if you pick up one of these dirt cheap cameras and need an easy way to set that timestamp, just copy these files into the SD card (in the root folder, or main folder, right next to the DCIM folder) then you just click on the one that corresponds to the OS you are using (Windows or Linux) before you eject and reboot the camera.

[NOTE: I've since upgraded to an 808 #11 keychain 720P HD camera]

Don't have a spy camera/dashcam yet? Get one at DealExtreme.

Tuesday, February 22, 2011

Using Ninja to Monitor And Kill Rogue Privilege Escalation

In the world of hacking, getting in is just the start. Once a hacker (if they have malicious intent we'll call them crackers) has found a way onto a system s/he then usually needs to jump to the Administrator or system or root account to be most effective.

Ninja is a program for Linux (and presumably most Unix like OSes) that monitors for such privilege escalation. Privilege escalations might not be crackers though. The common administration programs like passwd, sudo, etc. also set UID to root, so Ninja has white-listing for who is allowed to run what processes as root.

The white-list function of ninja makes it useful for enforcing policy. You can have a group of users who are allowed to run file editors as root to make changes to system configs and another group who are allowed to restart services, thus providing separation of duties. 

When you first install Ninja, it is set to logging only. This allows you to run it in log mode for a while until you are sure your white-list covers all of the normal use cases for your system before you put it into the proactive process killing modes.

There are 2 modes for process killing, one that kills the process running as root, and one that also kills the process that spawned it.

When first installed (on a debian based system like Ubuntu) it will tell you where it's configs and logs are:

Setting up ninja (0.1.3-2) ...
log: reading configuration file: /etc/ninja/ninja.conf
log: ninja version 0.1.3 initializing
log: magic group: gid=0 (root)
log: logfile: /var/log/ninja.log
log: whitelist mapped in memory at 0x7f851ba0b000
log: entering daemon mode



After install If I run a program in sudo, it will be logged as below:


rod@rod-ubuntu:~$ sudo nano /etc/ninja/ninja.conf


rod@rod-ubuntu:~$ more /var/log/ninja.log
[Tue Feb 22 06:12:23 2011] ninja version 0.1.3 initializing
[Tue Feb 22 06:12:23 2011] magic group: gid=0 (root)
[Tue Feb 22 06:12:23 2011] logfile: /var/log/ninja.log
[Tue Feb 22 06:12:23 2011] whitelist mapped in memory at 0x7f851ba0b000
[Tue Feb 22 06:12:23 2011] entering daemon mode
[Tue Feb 22 06:12:23 2011] entering main loop
[Tue Feb 22 06:12:23 2011] generating initial pid array..
[Tue Feb 22 06:12:23 2011] now monitoring process activity
[Tue Feb 22 06:25:55 2011] NEW ROOT PROCESS: nano[3686] ppid=2740 uid=0 gid=0
[Tue Feb 22 06:25:55 2011]   - ppid uid=1000(rod) gid=1000 ppid=2722
[Tue Feb 22 06:25:55 2011]   + UNAUTHORIZED PROCESS DETECTED: nano[3686] (parent
: bash[2740])
[Tue Feb 22 06:25:55 2011]   - nokill option set, no signals sent
rod@rod-ubuntu:~$


This logging alone, makes ninja worth the install because it gives you a way to track who did what as root no matter how they got to be root. (sudo, SUID, or a privilege escalation hack) Turn on the defensive modes and your system learns a little bit of self defense.

Now if only I could find a version of this for Windows machines. Anyone know of something similar (free or for a fee) for Windows?

Thursday, January 13, 2011

Illegal Content On The Internet?

What do you do when you find illegal content on the internet?

We all have heard the jokes that the main content of the internet is pornography.
So, what if you happen to be looking at some Adult content on the internet and you stray a little off the beaten track and find yourself in questionable territory, and maybe you find your way to something that looks suspiciously like images of children...

Maybe you are researching Nazis for history class and you come across some hate literature...

There are online hot-lines to report this, and if you don't know who to report it to, there is an association of these hot-lines, called INHOPE,  to help you find the right one.

https://www.inhope.org/en/makereport.html