Recent Posts
Traci Lords - Fallen Angel (Yes, that Traci Lords - techno/trance)-4wd (November 01, 2015, 10:16 PM)
They all rock.
But there's a very different "feeling" when you play them. The JP version totally feels heavier right from the start.-Renegade (October 31, 2015, 02:42 AM)
Did any/everybody receive the NANY 2015 mug (or other goodies) they ordered? I did order a mug way back in Januari/Februari but it never made it across the pond. Probably sunk on the way over because Cody got sea-sick, I guess
And I don't recall seeing any pictures either.-Ath (October 31, 2015, 03:22 AM)
^ I'll have to give that a listen.
In the meantime, Let There Be Rock! (The original video isn't on YouTube, and Bon Scott at the pulpit is just classic.)-Renegade (October 28, 2015, 10:25 PM)
Would you connect those devices to, say, your phone?-Deozaan (October 24, 2015, 06:50 PM)
I just wanted to point out that i think its a terrible idea for software to do bad things to a user's computer or files if it suspects that it has been pirated.
Now in this case, it seems the author is just making his software malfunction, in ways that wouldn't cause loss of work, so i don't have a problem with it.-mouser (October 24, 2015, 02:03 PM)
So, for people that think the negatives of IoT outweigh the positives and are willing to do some work, they can get a sense of control back by getting, "grokking" and applying router software.-Shades (October 24, 2015, 08:20 AM)
Why are air gaps considered one of the hardest security mechanisms to get around?-wraith808 (October 24, 2015, 01:04 PM)
How did we get from locking IoT in a (Pandora's) box to the trials and tribulations of Air Gapping?? I've been thinking for a while now about angling towards Shades' plan of using a completely controllable firewall/border on/to/between the internal and internet networks to try and mitigate WTF is going on with Windows these days.. So how does air gapping - with its range restricted attack surface - play into this?-Stoic Joker (October 24, 2015, 02:04 PM)
To have the hubris to think that understanding nullifies the risks- well, I'm not going to think that my understanding covers all that I don't know- or all of the ways to hack such an interconnected world. I've seen people do some pretty scary things to secured systems.-wraith808 (October 24, 2015, 01:04 PM)
So, for people that think the negatives of IoT outweigh the positives and are willing to do some work, they can get a sense of control back by getting, "grokking" and applying router software.-Shades (October 24, 2015, 08:20 AM)
The Klingon Pirates
When I released uBar 2 last year, it wasn’t long before cracked copies started appearing on the internet. uBar costs $20, which is more than reasonable for the amount of work put into it and what it does. But there’s always people who feel entitled to your work, and proclaim “it should be $X”, where X is the amount they arbitrarily have decided to be acceptable. That’s fair enough – nobody is forcing them to use uBar – but some people think that justifies pirating it. The “I’m pirating it because I don’t know if I like it enough to buy it” routine doesn’t work given the generous 4 week trial period. This is merely a case of people feeling entitled to other people’s work.
So a year ago, I decided to do something about it. Rather than change the protection mechanism and play cat and mouse with people that have nothing to do all day but crack software, I decided to play the long game, and have some fun while I was at it.
I made it so that if uBar detected that the registration mechanism was circumvented, after 10-15 hours it would begin substituting any app or window title with… Klingon.
I searched Google for “Klingon Dictionary”, and found a list of several hundred Klingon words. I then created a mechanism that would substitute the words of any sentence into a sentence with an equal number of random Klingon words. So “This is the title of a window” would become “Qus tay ngaS qlm lom wlv Qu'”, whatever that means.
So I implemented this system, and decided to wait and see what would happen. I figured the pirates wouldn’t suspect it had anything to do with a counter-piracy measure, but rather would assume it was a bug. They could solve it with a relaunch, but that would be annoying.
I was right. In fact, support emails began coming in from people who had the gall to actually request support when using a pirated copy of uBar.
It wasn’t who you would normally expect, and frankly, forgive, such as teens without any income. Many people have pirated high-end software in their youth, so I can empathize. The difference is that people with a conscience tend to do the right thing once they enter adulthood and earn a living. They understand that other people also earn their living writing the software they use, and that paying for what they use is what makes it work.
Instead, we got emails from grown adults using their corporate email addresses, replete with management job titles. These people actually pirated a $20 piece of software, and then had, again, the gall to email the uBar team for support. Example, with identifying information mercifully redacted:
Just reporting a bug. Every now and then the bar writes gibberish for the titles.
[image here]
These are Lotus Notes, Adium, Rdio. A re-launch of the application fixes the issue.
Kind regards,
[Redacted full name]
Development Manager
[Redacted company name]
[Redacted company address]
[Redacted company phone and fax]
I don’t know what “Mismoh pon” means in Klingon, but we can rest assured that Mr. Development Manager knows it’s Lotus Notes, which he may or may not have decided he didn’t have to pay for.
He got the boiler-plate response:
Dear [redacted],
As you are using a pirated copy of uBar, it is unavoidable that you must begin learning Klingon. It is the life you have chosen. Dujeychugh jagh nIv yItuHQo’!
Sincerely,
The uBar team
It’s been a year since this little experiment started, and it’s been interesting to say the least. uBar is used by thousands of Mac users every day, and I’m glad to conclude that the overwhelming majority are legitimate, paying customers who appreciate the effort put into it.
Qapla’!
I had one guy complaining about how my software didn't work after he bought it... he couldn't open any files, etc. etc. Turns out he never even installed it!!! You just can't compete with that kind of ignorance.-Renegade (October 22, 2015, 12:39 PM)
That new (to the USA) chip and PIN system for credit cards has had a known vulnerability for 5 years, which has been successfully taken advantage of in the wild:
http://www.wired.com...p-and-pin-card-hack/-Deozaan (October 22, 2015, 12:17 AM)
I've pledged for a minimal wallet on Kickstarter: Wally Micro - The Minimal Wallet with a Few Surprises.-wraith808 (October 21, 2015, 03:15 PM)
Going a little off-topic, nice looking idea except the price kind of kills it - for the last 30+ years I've just been using the plastic card wallets the bank provides free as my cash/card wallet. About 3mm a side bigger than a card and can hold up to eight.-4wd (October 21, 2015, 07:04 PM)
The cheapest I've gotten is the Dash 4.0. The most expensive, I don't even want to talk about. But there's quite a few choices out there, and each has its advantages and disadvantages. I just don't like back pocket wallets anymore.The real threat to credit card hacking is in the form of ATM skimmers. Thieves place readers into any ATM or point of sale device where cards are read, and all of your data is collected. For them, it's much more efficient and they can gather thorough data in large quantities this way. Unfortunately, a foil sleeve or lined wallet can't protect you from this. The good news is the U.S. is finally adopting the Euro-style chip and pin pairing called EMV cards. They've been using this across the pond for nearly a decade, and it seems to be an effective redesign for minimizing fraud.
Oh and yes, we need to make the messages mandatory to read, so use UAC prompts (why don't more antivirus apps do this when they detect problems!?).-JavaJones (October 21, 2015, 01:56 PM)
That's actually simpler than my method. I didn't even realize that worked! Seems like quite a hole... and quite obvious once you think about it. And not much different than my method.(As an aside, there's a cheat for logging in as NT AUTHORITY\SYSTEM. Let me know if you're interested).A new one, or the usual of running cmd.exe as a scheduled job?-wraith808 (October 21, 2015, 01:23 PM)-f0dder (October 21, 2015, 01:49 PM)
And when you do it, you turn it completely off until you reboot again and turn it on. It's hard enough to get people not to run as admin when they don't have to- rebooting? Not going to happen.Well, while I'm not fond of the way Apple is doing this, you don't really need SYSTEM/root privileges often, neither on OSX nor Windows. And normal admin privileges don't (yet...) require this switcharoo, so it's not too bad in and by itself. It's the reason behind it that's worrying-wraith808 (October 21, 2015, 01:23 PM)-f0dder (October 21, 2015, 01:49 PM)
It's not just Apple. Microsoft has a built in account that's a level above Administrator now. If it creates a file or folder, you can't delete or modify it even if you are the admin (i.e. root) on your system.Hasn't NT always had the SYSTEM AUTHORITY?-40hz (October 21, 2015, 11:17 AM)-f0dder (October 21, 2015, 11:40 AM)
IMHO it's a very good idea to not let your OS admin account run as root/SYSTEM (just like it's a good idea to user a less-privileged account for your daily work!). But of course it should still be possible to elevate to root/SYSTEM rights, and I believe having to reboot to do this is a bit overkill...-f0dder (October 21, 2015, 11:40 AM)
Most importantly, force people to get in the habit of actually reading the messages that are presented to them. I've been informally training both our in-house staff, and the staff at our clients for years, and it's been quite successful. I do frequently get calls from client locations asking about strange messages/behavior from time to time ... But it's at the 'Just click no!' stage that I can get them out of on the phone now about 95% of the time.-Stoic Joker (October 21, 2015, 05:56 AM)
It's not just Apple. Microsoft has a built in account that's a level above Administrator now. If it creates a file or folder, you can't delete or modify it even if you are the admin (i.e. root) on your system.-40hz (October 21, 2015, 11:17 AM)
