I’m not sure what to say about this article, other than it’s immediately relevant for everyone. I know the author personally, though will respect the authors anonymity.
I believe this will end up being a seminal reading for me as it so expertly addresses and focuses the political feelings and worries I’ve had towards all sorts of things over the years.
If I had to give a teaser, here’s the pull quote I would offer:
“The history of man can be written as an effort by one group of men after another trying to gain power over the life and death of his fellow man, to gain control over the actions and thoughts of his peers, to claim ownership over the fruits of the labors, wealth, and property of his neighbor. And it has worked… for a time… for so many of history’s tyrants… benevolent or otherwise.
Conquest, however, is destined to fail each and every time… because conquest never comes alone.”
And it gets better, or worse.
But the 8-hour workday is too profitable for big business, not because of the amount of work people get done in eight hours (the average office worker gets less than three hours of actual work done in 8 hours) but because it makes for such a purchase-happy public. Keeping free time scarce means people pay a lot more for convenience, gratification, and any other relief they can buy. It keeps them watching television, and its commercials. It keeps them unambitious outside of work.
We’ve been led into a culture that has been engineered to leave us tired, hungry for indulgence, willing to pay a lot for convenience and entertainment, and most importantly, vaguely dissatisfied with our lives so that we continue wanting things we don’t have. We buy so much because it always seems like something is still missing.
There’s a new virus out there that I want to raise awareness of, it’s called CryptoLocker. I normally don’t post warnings or alerts about virus, but this is probably one of the more insidious viruses I’ve ever seen.
You can read additional information about CryptoLocker at:
- The Guardian: CryptoLocker attacks that hold your computer to ransom
- Malwarebytes: Cryptolocker Ransomware: What You Need To Know
- Emsisoft: CryptoLocker – a new ransomware variant
- TrendLabs: Threat Refinement Ensues with CryptoLocker, SHOTODOR Backdoor
- Ars Technica: You’re infected–if you want to see your data again, pay us $300 in Bitcoins
Basically what this virus does is locates all your important files on any drive attached to your computer (hard drives, flash drives, USB sticks, network drives/shares) then encrypts the files it finds.
The only way to unlock the files again is to pay $300 to get the key used for the encryption. The encryption method used is RSA with a 2048 bit key, which makes it extremely hard to crack — impossible with the time span and todays computers.
Once infected, you will be presented with a ransom note stating you have 72 hours before the perpetrators destroy the key making it impossible for you to ever get your data back.
Let me put that another way: If you are infected, you will have to pay $300 if you want your data back. There is no way around it and most cases I’ve read about report that once the ransom was paid, the files were successfully recovered.
Nevertheless, this can be extremely devastating if you are running a business and all your files are gone; or if all your family pictures disappear.
If you sync your files to the cloud, you’re still not safe, it syncs the encrypted files as well. If you are able to restore to previous versions of your files in the cloud, you could be okay.
Also, if your backup files are accessible directly they could also be held ransom as well.
Let your friends, family and co-workers know about this.
Here are some simple ways to avoid getting a virus in general:
- Don’t open e-mails from people you don’t know
- Don’t open attachments in e-mails unless you were waiting for the attachment
- Don’t go to websites/click links that you don’t fully trust
- Don’t download and execute files that you don’t fully trust
It might seem obvious to the most of us to don’t do the above, but to a lot of friends, family and co-workers it might not be.
Imagine waking up and having to pay $300 to get your data back. However, the police tracked down one of the servers that serves the keys and shut them down which means the keys were not delivered and the data was lost, this means even if you do pay the $300, there is no guarantee that you will get the data back.
Raise awareness of this and avoid having your files lost.
I was really excited when Pressgr.am first came out. It was supposed to cut out the Instagram middle man.
I’ve had issues getting it work with my site, in particular it would upload the image put it would often not create the post. I started digging around, running TCPDUMP on my router to capture the XMLRPC requests that should have been going between my iPhone and my web server. But I could never capture the traffic I was expecting. As it turns out, there’s a reason:
So what does this all mean?
Well, it means that Pressgram is storing your credentials in plaintext (or potentially encrypted alongside a decryption key) on your behalf, without notifying you or doing anything publicly to indicate that this is the case. No matter how high entropy your passwords may be, if you hand it to someone and they get hacked, it doesn’t matter. You are vulnerable – doubly so if you use that password for other accounts as well.
To some folks, this may be a worthwhile tradeoff. But as I look at it, I don’t see it as a necessary tradeoff. Your credentials could just as easily be kept private between the app on your phone, and your WordPress site. Just have your phone upload the photo directly to your WordPress install. It wouldn’t be difficult to do, it’s already making XMLRPC requests to the server. And it fulfills the initial Kickstarter promise of “your filtered photos published directly to your WordPress-powered blog”. It also would provide the added security that if Pressgram is eventually shut down or sold off, the app would still function, as it’s not needlessly dependent on the Pressgram Servers.
To protect yourself, you may want to consider making a seperate account for your WordPress site with the Author role, and using those credentials with Pressgram, and make sure you’re using a distinct password – as well as with any service that you provide a password to.
My data should be going directly to my server. But it’s not. And that’s, honestly, troubling for an app that promised “complete creative control and publishing freedom with the ability to publish filtered photos directly to your WordPress blog!”1
For the time being, I’ve deleted Pressgram and changed my password. On to looking for a better solution.
This shutdown of the government is not an issue with Republicans. It’s not an issue with Democrats. It’s an issue with a group of people who transcend both parties: politicians.
The potential good news?
Amid the government shutdown, 60% of Americans say the Democratic and Republicans parties do such a poor job of representing the American people that a third major party is needed. That is the highest Gallup has measured in the 10-year history of this question. A new low of 26% believe the two major parties adequately represent Americans.