Friday, February 24, 2006

Personal Information Leak

I was exposed to a bunch of very interesting blogs writen by people considered ranging from above-average to brilliant. The blogs were quite interesting and I was losing hours reading them during my daytime in my weekdays!

The blogs themselves were very good and in English. They were created in mid-2004 and though not updated very regularly due to personal reasons quoted in the blogs, have been updated quite a few times. As mentioned before, the authors themselves (even though I do not know them personally) atleast dont sound stupid.

As I was reading through one of the blog entries, I found that at one point it had supported anonymous comments even without the CAPTCHA requirement for commenters. But later it has corrected both and the comment spam had reduced almost completely.

Coming to the crux of this blog entry, there was a serious security flaw. The blogs had accumulated enormous amount of personal information over the months. Though instinctively the authors have always made an effort to not let dangerously personal information public, they had obviously overlooked the fact that they have infact made public a lot of their personal information amortized over about 50 articles or various sorts.

The personal information I was able to filter out includes but not limited to,
1. Date of births of the author and other family members
2. The family members and their gender, names and pet-names
3. Industry, occupation and education
4. Friends and their details
5. Her/His regular eating habits, sleeping habits, commutation to work
6. Marital status

This is a serious problem to make public a large part of the set of personal information. The problem is made much more difficult to solve because many people have grown fond of writing blogs, also encouraging others to write blogs with content similarly leaking information. They all fail to see that the accumulation of a string of such small leaks could potentially be exploited by any entity for malicious reasons.

I could not really think of anything to do but show to them that they have a problem and they need to look at it, by posing as a psychopath, commenting in their blog. I hope this document is a valid proof of my intentions. Apologies run ahead to parties concerned.

Sunday, February 19, 2006

Poem or integrity check?

Recently, Apple confirmed that it had included a poem in its Intel based machines as a message to hackers of its operating systems.

Your karma check for today: There once was a user that whined
his existing OS was so blind he'd do better to pirate
an OS that ran great but found his hardware declined.
Please don't steal Mac OS! Really, that's way uncool.
(C) Apple Computer, Inc.

Looks like they have copywrited this too!

Anyway, this looks like a clever trick and I have not seen this before. This poem for which they have not even tried to rhyme, being unique, when looked at by the hacker would definitely be made public by the hacker. And if this piece of poem was embedded deep enough the kernel that would have been seen only by the successful of the hackers, the public knowledge of which gives a very high accuracy signalling the cracking of OSX.

A clever one!

Wednesday, February 15, 2006

Rude reminder !

I am quite good at dreaming and "Red Litmus" was really being dreamed in real life, when I was rudely waken up by a stress fracture (left Tibia). I guess I will not be able run to my dream, my darling angel, for the next 2 weeks.

But, why do I need legs when I can fly? ha ha ha!

Monday, February 06, 2006

Negligence/Indulgence Part - II

As a man of his word, as a person of the finest calibre I have successfully upheld the basic decency. I chickened out 5 times before and nailed the job at 9 pm CST on Feb 05, 2006.

I have risen.