A photo of me walking home at dinner.

Posted on May 14, 2013 by Scott Herbert

If you’re interested, here is a photo of me walking home from work for dinner last year.


Yep I’m on Google street view.

Posted in Uncategorized | Leave a comment

The Liberator – Not a gun issues, a censorship one

Posted on May 10, 2013 by Scott Herbert

So I’m sure by now you know about the Liberator, the gun you can almost make just on a 3D printer (you can’t print the metal firing pin). Well the US government has just called for it to be pulled from the Defense Distributed web site and the Mega web hosting site by request of the US goverment.

While the rights and wrongs of gun ownership and second amendment to the US constitution are one thing, this isn’t a gun ownership issue it’s a censorship issue.

Donna Sellers, from the American ATF told BBC News that the 3D-printed gun is perfectly legal in the US but it appears they have changed their minds.

Clearly this is becoming more of a censorship issue then an issue of gun control.

The gun itself can still be downloaded via BitTorrent or via DirectDownload form my site (based in the UK if some government wants to write to me).

 

Note: I’m not a lawyer but… While I believe that owning the plan in the UK isn’t a crime, owning the gun is, outside the UK I’d check your local laws on the issue.

Note2: I’m not a ballistics expert but… While you may be legally safe to print the gun in some jurisdictions I wouldn’t fire it. The pressure caused by the explosion that sends the bullet out could well blow the gun to bit’s. Also as the barrel a smooth bore barrel it will be highly in accurate even at very short ranges (e.g. 5 meters). In other words your much more likely to hurt yourself then hit a target.

Posted in Uncategorized | Leave a comment

Free BitCoins, are they a scam?

Posted on March 21, 2013 by Scott Herbert

If your into BitCoins I’m sure you’ve seen the “get free Bitcoin” links and thought “this is too good to be true, it looks like a scam” and put simply some of them are.
The idea is you do something for them (look at ad’s) and they give you free bit coins. If you’ve been on the internet as long as I have you may be thinking this sounds a lot like the Get Paid to Surf scams of a few years ago, where you added a BHO to your browser, got bombarded with ad’s and never got any cash because the payout level was so high you never reached it. Free Bitcoin services however are a little better however, while you still don’t get very meany bitcoins per visit you do at least get them.

Their are two main services, BitVisitor and EarnFreeBitcoins both of which work in the same way, you input a Bitcoin address pass a Captcha and view an ad for a few minutes.

both BitVisitor and EarnFreeBitcoins offers you decreasing additional rewards per visit, EarnFreeBitcoins however offeres you the option of viewing higher prices NSFW content and you only have to view the ad for 3 minutes, as opposed to BitVisitor’s 5 minutes. However EarnFreeBitcoins has a daily limit where as BitVisitor doesn’t.
The payouts are small and you can bet the site’s owners charge much more per add then they dish out. however you do get the payouts (unlike the old Get Paid to Surf) and some of the ad’s are even interesting.
So are they a scam? well no, their not going to make you rich, but if your busy doing something else in foreground (writing a blog post for example) then their a way to earn a small amount of BitCoins.

Posted in BitCoins, News, review | Leave a comment

A random observation on Sniper 2

Posted on March 17, 2013 by Scott Herbert

This post has nothing to do with Cybersecurity, it’s just a random thing I’ve noticed.

Russia players are great snipers, but play by the rules, running up to the base and sneaking round with a pistol works well.

U.S. players are less good snipers and don’t play by the rules.

Posted in Uncategorized | Leave a comment

A quick review of Asrar Al-Dardashah

Posted on February 15, 2013 by Scott Herbert

Note, all links are shortened via Adf.ly This is a new policy here because… well I need money (you know to eat, pay for my internet connect etc.) Let me know via the comment if you strongly object to that.

If you’re interested in cryptography and/or security related events you may have come across the news that the PR arm of Al-qaeda (AQ), the “Global Islamic Media Front” have released an plugin for the popular open source chat client, Pidgin. The client uses the RSA public key cypher to encrypt messages send (and decrypt messages received) via pidgin.

I thought I download and have a look at this plugin (mostly so I can play with IDA and hopefully find a nice little hole in it }: ). Below is a initial quick review of the plugin.

Download it from the GIMF (Warning dodgy terrorist site)

Download it from MEGA

While the virus total report for the installation file reported it as fine, I wasn’t about to run the risk of installing something nasty on my machine by mistake. So I used a great little application called Universal Extractor to unpack the installation file and access the plugin dll.

Not the first.

Asrar Al-Dardashah isn’t the first public key crypto plugin for Pidgin and initially I thought it was just a re-packaged version of Pidgin-Encryption a project last updated in 2010. However doing a binary diff between the two plugins shows their quite different however Asrar Al-Dardashah does appear to use some of the same code as Pidgin-Encryption.

Not the best.

One of the worrying things about Asrar Al-Dardashah is the amount of debugging information that’s dumps from it to the user’s hard drive.

When you consider it’s designed to be used by people committing very bad acts do you think it should be logging when it’s decrypted something

Information about the key you’ve just deleted (I think it’s the user’s name but it may be the key signature or even the key itself)

 

Yet another crime!

Pidgin makes it very clear, *ALL PLUGINS* (even ones written by islamofashists) need to be released under a GPL or compatible license, (this is why I can re-distrbute the plugin). Now clearly a breach of the GPL is hardly the most serious crime that AQ has committed, however if the police do catch the people involved in the Global Islamic Media Front and can’t do them for a terrorist offence they can be done for a licence violation.

Where next?

 

There is still a lot of work to do in looking at this plugin, including looking at some very interesting data (primes, hashes and what looks like an S-Box) stored within the code. I’ll be sure and report back what I find.

Posted in review, security, Uncategorized | Tagged , , , , | Leave a comment