Thoughts of a Cyber-LOONATic - General

Bitcoins and Geek Security = ?

nospam@example.com (Junaid Loonat) — Fri, 01 Jul 2011 21:47:00 +0200

Many tech-savvy geeks over-engineer the simplest of solutions, solely for extensibility.
Moreover, security-minded geeks tend to be unusually paranoid and enforce (sometimes complex) security practices accordingly.
Neither of these should be seen as faults, but rather as unique traits that us (as geeks) often share.

Bitcoin, the first P2P crypto-currency, has gained much popularity in recent months with its value reaching a peak of over $30 on one of its supporting money exchanges.
Being supported mostly by geeks, it's not surprising that a number of e-businesses and services have been established to support the virtual currency.
As expected, there have already been a number of breaches by malicious users seeking some Bitcoin booty.
Although the cryptography behind Bitcoin is interesting, I find the behavior of the Bitcoin community more fascinating.
This is especially concerning security and privacy matters.

As a penetration tester, I regularly assess applications/infrastructure with direct contact to real-life currency e.g. online personal/business banking solutions.
Furthermore, having also worked on (fraud) forensic investigations, I have a good understanding of the average banking client.
With this in mind and after comparing the attitudes of my other non-security-aware geek friends, I find it truly inspiring the manner in which most Bitcoin community members have a burning desire to ensure that their (Bitcoin) wallets are kept safe from theft.

The forums showcase some of the proposed ideas that, while not always practical or effective, illustrate how far a member would go to ensure that earnings are not stolen. Below are a few threads, in no particular order, that I found interesting:

Bitcoin Stock Exchange Security Standards (... it's like the start of a Bitcoin PCI-type standard)
Swapping Wallets for Increased Anonymity
Secret keys could be memorizable
How I manage and protect my wallets
HOWTO: have a safe BTC storage w/o - encryption, backups, or a clean computer!
Idea for a hardware-based Bitcoin savings account (... my favourite)

Whether (or not) Bitcoin will succeed in the long run is questionable.
But in a world where the top 10 hacks resemble the previous year's list, I have found a sparkle of hope to believe that the next generation of internet users just might be smart (or determined) enough to eradicate the age-old vulnerabilities that plague applications/infrastructure today.

[side note: The hacker/cracker arms race will never end as new vulnerabilities will always be discovered, but I can at least hope that some of the older vulnerabilities will eventually become extinct.]

Enabling KDE Plasma Netbook Workspace on OpenSUSE 11.4

nospam@example.com (Junaid Loonat) — Thu, 05 May 2011 19:08:40 +0200

Update: After many years away from RPMs, I still cannot stand them and have uninstalled OpenSUSE. Also, Unity-2D is available through the base repositories. While this is closer to the 10. Unity than the 11. Unity, it's fine. I'm still sticking to KDE4 on the netbook though, but using Kubuntu instead.

Since the arrival of the resource-crazed Unity 3D interface with 10.10, I knew my poor little Acer Aspire A110L netbook would never again taste the pleasure of another Ubuntu Linux installation ... even though I did still have two options:

Install Ubuntu 10.04 Remix again
Install Unity 2D

Although I enjoyed 10.04 remix, I wanted something new. Regarding Unity 2D, I'm surprised that it was not included by default with the Ubuntu releases and was not prepared to install it ... even though it is a dead-simple process.

So, I decided to go look for some excitement in the form of KDE 4 and old-school RPM dependency-hell.
You just wait until old-school makes it return again... hopefully

Prior to my current liking for Gnome, I went through a very long (flux|black)box phase where I also enjoyed other minimalistic environments.
I believe the last KDE that I may have installed on any of my own boxen could very well be roughly version 1.1.2

However, I really wanted to check out KDE 4 and specifically their KDE Plasma Netbook workspace. Having heard a lot of good comments regarding OpenSUSE and KDE4, I decided (against my better judgement) to go along and download the DVD.

Coming from a slackware/gentoo/ubuntu background, it is and will always be my view that RPM distributions are mostly bloatware. Sorry.

For some reason though, I stuck with my decision of OpenSUSE and after completing the installation, I found the default KDE4 environment pretty comfortable on the netbook (although a bit slow).

I knew I had to enable the Plasma Netbook Workspace but unfortunately had no idea how to do so. Googling for an answer brought up numerous short+vague responses that lead me to sections/pages/components that didn't seem to exist. I can only assume that either OpenSUSE has renamed their menu items, or OpenSUSE 11.4 comes with a newer KDE4 with menu items that differ to the answers found during Googling.

This blog entry is dedicated specifically to anyone whose installed OpenSUSE 11.4 and wants to enable the KDE Plasma Netbook workspace ... without getting frustrated!

Assuming you are using the default application-style launcher menu:

Click on the Applications tab at the bottom
Scroll down and click on Configure Desktop
Look under the Workspace Appearance and Behaviour section and click on Workspace Behaviour
Click on the Workspace option within the scroll window on the left
Finally, change the Workspace Type from Desktop to Netbook

To be honest, I'm flabbergasted that OpenSUSE runs like a dream on my netbook without any performance hits. Maybe I'll post another update sometime, but for now, I'm going back to fiddle on the netbook that was given a breath of fresh air

[side note: No RPM dependency hell yet, nor any other issues]

HP Printer Bloatware & Wifi Security

nospam@example.com (Junaid Loonat) — Sun, 13 Feb 2011 07:50:00 +0200

After experiencing each of the major printer brands, I quite like HP for their quality and reliability.
A short while back, I was on the prowl for a new printer and happened to come across a couple of wireless printers.
Being a geek, I immediately knew this was some tech that I definitely needed in my life...

Continue reading "HP Printer Bloatware & Wifi Security"

Copyleft Hardware: Ben NanoNote

nospam@example.com (Junaid Loonat) — Thu, 25 Mar 2010 22:40:00 +0200

All geeks know that new (and sometimes not so new) hardware doesn't always work with our chosen operating systems. Often it's not a lack of drivers or driver developers holding back progress, but rather hardware manufacturers who prolong the release of chipset information and documentation.

Many companies would rather:

Bastardize an older chipset to create a newer version instead of investing time into better R&D.
Release new hardware instead of updating firmwares for older hardware. (Belkin are notorious for this)
Reduce resources on newer device models in order to limit the capabilities of third-party firmwares ... instead of ... embracing the functionality-enabling hacks. (*cough* Linksys)
Horder chipset documentation ... instead of ... releasing it so that more people can develop, and make use of their product.
Release bug-infested BLOBs ... instead of ... usable source code which could be forked for improvements.

[side note: Before I continue, Linksys should be commended for their continued release of open-source devices. Additionally, I do understand that in some cases points 4 and 5 can be argued, especially regarding wireless hardware and its respective regulations.]
Continue reading "Copyleft Hardware: Ben NanoNote"