A Geek With Guns

Discount security adviser to the proles.

Archive for April, 2011

The Kurian Invasion Begins

without comments

Several people I know were reporting sightings of aliens in the Como area of St. Paul last night. Normally I’m just as skeptical as the next guy but when I put it all together it makes sense. Think about it for a second; we’re experiencing massive natural disasters such as earthquakes, tsunamis, and tornadoes during a time of economic downturn. That must mean the Kurian invasion has begun!

It’s been nice knowing all of you but I’m off to the Ozarks to jump start the resistance.

* I really need more opportunities to make Vampire Earth references on this blog.

Written by Christopher Burg

April 29th, 2011 at 1:30 pm

Rand Paul Delivers a Political Bitch Slap to Donald Trump

without comments

I’m liking Rand Paul more and more every day. Today I must say I like him because he can really deliver an old fashioned politial bitch slap:

“I’ve come to New Hampshire today because I’m very concerned,” Paul said. “I want to see the original long-form certificate, with embossed seal, of Donald Trump’s Republican registration.”

“Seriously don’t you think we need to see that?” he said, adding that Trump had donated to Democrats such as Senate Majority Leader Harry Reid.


Written by Christopher Burg

April 29th, 2011 at 1:00 pm

Posted in Humor

Tagged with , ,

TomTom Sending Customers’ GPS Data to Police

with one comment

With the recent fiasco facing iOS and Android devices and their retention of location data it’s nice to know one company out there isn’t leaving speculation to chance but is openly admitting that they provide customer location data to government officials:

Dear TomTom customer,

Customers come first at TomTom.
When you use one of our products we ask for your permission to collect travel time information on
an anonymous basis. The vast majority of you do indeed grant us that permission. When you connect
your TomTom to a computer we aggregate this information and use it for a variety of applications,
most importantly to create high quality traffic information and to route you around traffic jams.

We also make this information available to local governments and authorities. It helps them to
better understand where congestion takes place, where to build new roads and how to make
roads safer.

We are actively promoting the use of this information because we believe we can help make roads
safer and less congested.

We are now aware that the police have used traffic information that you have helped to create to
place speed cameras at dangerous locations where the average speed is higher than the legally
allowed speed limit. We are aware a lot of our customers do not like the idea and we will look at
if we should allow this type of usage.

This is what we really do with the data:

  • We ask for your permission to collect historical data. You can opt in or opt out and can disable the data collection function at any time.
  • If you are using a LIVE device, you receive traffic information in real time and you automatically contribute to generating traffic information.
  • We make all traffic data anonymous. We can never trace it back to you or your device.
  • We turn anonymous data into traffic information to give you the fastest route available and route you through traffic jams in real time.
  • We are working with road authorities around the world to use anonymous traffic information to help make roads flow more efficiently and safer.
  • Our goal is to create a driver community capable of reducing traffic congestion for everyone.

Although they anonymize the data it’s still quite possible to retrieve who location data applies to. For instance you can use records of credit card translations, cell towers the person’s phone was connected to, cameras to find what car was where and when, etc. It would be possible to setup a system to tie this anonymized data to drivers and write them speeding tickets using that system as evidence.

That’s a theoretical problem, a real problem is the fact that the data is being used to setup police revenue sources such as speed cameras. A Dutch firm has openly admitted that they use TomTom customer data to setup speed traps. So this anonymized data is actually being used to cost you money for something that isn’t actually dangerous as currently implemented (in other words speed limits aren’t actually a safety limit but an arbitrarily selected number).

Anonymous collection and transmission of data is a threat with any device capable of determining a location and sending data. Cell phones are the best tracking devices on the planet as a side effect of how they work. But TomTom has openly admitted they send not just location data but data relating to customer travel times which is then given to government entities. This providing of data sets up a mechanism that could allow for government agencies automatically writing tickets or performing other actions that will cost you money. Personally I find that disgusting.

Let this also be a lesson to those who don’t actually read the end user license agreements of the devices and software they use.

Written by Christopher Burg

April 29th, 2011 at 12:30 pm

Never Bring a Knife To a Gun Fight

without comments

Even if you’re a fucking ninja you’ll still lose:

A Fayette County man attacked by a “ninja” with a sword quickly ended the encounter by pulling a gun.

“The only word that comes to mind is, ‘seriously?'” Santino Guzzo, 29, of South Union said today. “I know this isn’t a laughing matter, but how many people get attacked by a ninja? Really, a ninja?”

I’d like to point out that the confrontation was concluded without shots fired just in case somebody wants to make some comment about how this situation escalated unnecessarily. Many anti-gunners often claim introducing guns into a scenario ensures all confrontations turn into shooting wars but in reality that usually isn’t the case. An asshole with a blade because far less ballsy when his intended victim turns out to have bigger teeth.

A hat tip goes to Alexi for bringing this hilarity to my attention.

Written by Christopher Burg

April 29th, 2011 at 12:00 pm

Minnesota H.F. 1467 Passes Public Safety Committee

with one comment

H.F. 1467, the omnibus gun rights bill passed the House Public Safety and Crime Prevention Policy and Finance Committee with a 10 to 7 vote. Now the bill will move to the House Judiciary Committee for yet another round of fun and games. We’re making progress, now let’s just hope we can get this bill through and finally have castle doctrine and stand your ground laws in Minnesota.

If you want to watch a video of the debate an archive is available here.

Written by Christopher Burg

April 29th, 2011 at 11:30 am

More on Open WiFi Networks

without comments

A couple of days ago I mentioned my reasoning for not running an open WiFi network. Funny enough the Electronic Frontier Foundation (EFF) posted an article about why one should run an open WiFi network. As I said in my previous post on the matter I would like to run an open WiFi network so those who needed WiFi access could get it but I don’t want to deal with the fact anything an anonymous person accessed on my open network would appear as though I accessed it.

This has lead me to ponder a means of setting up an open WiFi network that could be publicly used while keeping my traffic secure, separate, and not having anything a third party does on my network reflect badly on myself. What follows is the solution I’ve thought up so far with no real concern yet for implementation.

Obviously I want my wireless traffic to be encrypted as I value my privacy. This is easy enough to do with good old WiFi Protected Access (WPA) using a strong key. Thus ideally I would have two access points, one open for third party use and one secured for my use. The other feature I would desire is keeping the publicly accessible network completely separate from my private network. This is easy enough to accomplish by using a gateway device with Virtual Local Area Network (VLAN) capabilities. I could setup one VLAN for the public network and another for my private network which would prevent the public network from talking to my private network.

The final and most difficult requirement is avoiding any legal ramifications that could be directed at me because of the web traffic generated by a third party. Like many network problems requiring anonymity I believe I’ve found my answer in the form of the Tor project. Tor is a network that can be used to anonymously access the Internet. Anonymity is achieved by encrypting all traffic and bouncing it between multiple nodes until that traffic reaches an exit point and is decrypted and sent to its destination. The benefit for me is the fact you can’t trace the source of any data going across the Tor network back to either its source or destination meaning anything accessed on my public network wouldn’t reflect on me.

What I would need to setup is a mechanism of ensuring all traffic that goes across my public network would be sent through the Tor network (not really the intended use of Tor I realize but alas it fits my needs here). I would want to set it up in a manner where inability to connect to the Tor network would disable the public network from reaching the Internet. This wouldn’t be difficult once I actually setup the Tor gateway system. There would likely be a problem of a slow connection as the Tor network isn’t speedy but honestly I don’t care, you get what you pay for. Likewise multiple peoples’ traffic would be going through a single Tor relay but again that’s not my problem nor is the fact I can’t control what happens at the Tor exit node my problem.

So this is my initial proposal for setting up a publicly accessible WiFi network without having to worry myself with personal security or the actions taken by those accessing my public network. I’ll probably investigate this a bit more and may even try to setup a trial and see how it turns out. Or I may instead do something else and leave this proposal untested and assume somebody will like the idea, implement it, and tell me how it worked out for them.

Written by Christopher Burg

April 29th, 2011 at 11:00 am

Posted in Side Notes

Tagged with ,

If You’re Not Going to Do Something Well Don’t Do It at All

with 3 comments

Glock is celebrating their 25th year in the United States. This celebration is being done by the released of 2,500 limited edition Glock 17 pistols. What makes them limited edition? A small metal plate on the grip that says 25 Years. Whoopty do!

Although I love Glock pistols I fully admit that they have an ugly and uninspired design lacking anything beyond the necessities for functionality. I’m fine with this because their guns work well. But if this is all Glock can manage to come up with for their limited edition pistol they might as well not even bother trying.

Still congratulations on 25 years in the United States Glock and here’s to another 25.

Written by Christopher Burg

April 29th, 2011 at 10:30 am

Senator Frank Lautenberg Hates Due Process

without comments

A story recently surfaced dealing with the Federal Bureau of Investigation’s (FBI) so-called “terrorist watch list” and the rights of those on it. This post will demonstrated two things; how bias can be spun into two identical stories and that Frank Lautenberg is a complete asshole.

To demonstration the first point I direct you to this story and this story. The one from The Greenfield Reporter is titled More than 200 people on US terror watch list were able to legally buy firearms in 2010 while the Fox News article is titled FBI: 247 People on Terror Watch List Bought Guns in U.S. in 2010. It’s seldom that I can actually point to Fox News as being less biased but this is one of those rare cases.

The proper title The Greenfield Reporter should have used was More than 200 people not convicted of any crime by any court of law were able to legally buy firearms in 2010. This title would be far more factually correct as those on the FBI’s “terrorist watch list” haven’t actually been put through trial and found guilty of anything. There is a vast difference between having your name on the FBI’s “terrorist watch list” and being a terrorist. Although this escapes Lautenberg the difference is quite obvious in that a terrorist is somebody who has committed an act of terror while a person appearing on the FBI’s “terrorist watch list” have done nothing.

In this country the right to keep and bear arms stops the second you’ve met one or more criteria points. If you have been convicted of a felony, domestic abuse, have been diagnosed as mentally ill, etc. you can not legally possess a firearm in the United States. What all of these criteria points have in common is that you must have been convicted of them, not simply accused (although some politicians are trying to change this as well because they’re assholes).

Here is where I demonstrate that Lautenberg is a complete asshole:

It is not illegal for people listed on the government’s terror watch list to buy weapons. For years, that has bothered Sen. Frank Lautenberg, D-N.J., who is trying again to change the law to keep weapons out of the hands of terrorists.

Lautenberg is trying to take away a right guaranteed in the United States Constitution without so much as due process. I’m not surprised a “representative” from New Jersey is looking to enact a backdoor gun control measure by making it illegal to purchase a firearm just because the FBI thinks you have the same name as somebody they suspect might have ties to a terrorist maybe. The criteria for getting on the FBI’s watch list is secret so it wouldn’t be difficult to toss on anybody’s name.

I will also come out and say that it’s a good thing that 247 people on the FBI’s “terrorist watch list” were able to buy firearms. Those people have done nothing illegal. Their only “crime” is appearing on a list controlled by a government agency. If such criteria becomes acceptable for denying a person his or her rights then we’re all fucked because each of our names makes an appearance on dozens of government operated lists.

Why Have a House When You Can Have a Fortress

without comments

These are uncertain times and you never know when a stray velociraptor or a horde of zombies are going to make their way onto your property. In such times the only safe place is a fortress and by Thor I’ve found a rather stylish one. It’s a house that is basically a large reinforced structure that can be sealed up in minutes.

It looks as though it would work well against zombies but I question it’s safety against man’s greatest threat, velociraptors. There are many large windows for a raptor to jump through and let’s be honest and admit no early warning will exist if you’re being hunted by one of these clever girls.

Written by Christopher Burg

April 28th, 2011 at 12:00 pm

FBI To Remove Coreflood From Infected Computers

with one comment

I’ll be honest and admit I’ve heard little about the botnet being referred to as Coreflood. Apparently it did something nasty enough to gain the attention of the Federal Bureau of Investigations (FBI) though:

Two weeks ago, the DOJ and the FBI obtained an unprecedented temporary restraining order that allowed them to seize five command-and-control (C&C) servers that managed Coreflood. Since then, the U.S. Marshal’s Service has operated substitute C&C servers that have disabled the bot on most infected PCs.

But that’s not the most interesting part of this story. It seems that the FBI have been able to identify the owners of some infected machines and are going to offer to uninstall the botnet software from those owner’s computers:

The FBI has also identified infected computers, and in some cases has linked names to the static IP addresses. Those are the PCs targeted for remote Coreflood eradication.

“While the proposed preliminary injunction is in effect, the Government also expects to uninstall Coreflood from the computers of Identifiable Victims who provide written consent,” said the DOJ in the memo.

I’m not sure how the written consent will be dispatched but I do have some advice if you should receive such a consent form. First of all turn it down, the last people you want in your system is the government. Thor knows that they’ll probably uninstall the botnet software but will also install something that monitors your network activity to “verify property removal.” Yes I’m actually that cynical but I trust nobody inside of my machines be it government officials or just regular people off of the street (although I’m inclined to trust the latter more).

The second thing you should do after burning that consent form is to wipe the machine and reinstall the operating system plus all available updates. Only one means exists to uninstall malicious software and ensure it’s actually gone, wiping the entire computer clean and starting from scratch. Software is incredibly complex and there is no way to know if every backdoor for a piece of malicious software has been removed. Do yourself a favor, if your system has been infected just start over. Anti-malware software can make an attempt to remove malicious software and may or may not be successful but you have no way of knowing.

Written by Christopher Burg

April 28th, 2011 at 11:30 am

Posted in Technology

Tagged with ,