Firesheep: what, why, and how to protect yourself from it

Firesheep has been out for a while and it has totally opened my eyes to how vulnerable we can all be when we don't think of Internet security. I'll try to make it as simple as possible that even my teen kids can understand it.

What is Firesheep

If you're unfamiliar with Firesheep, you can read this article from the creator. If you find it too geeky then you should watch this vid instead:



Yes folks, ANYONE with this Addon can takeover your account without knowing your username nor password. This affects famous sites like Facebook and Twitter.

Why create Firesheep in the first place?

Firesheep was created to open the eyes of the users to possible hijacking of accounts. According to Butler and Gallagher:

"I wrote Firesheep because I was tired of having to deal with websites that were ignoring this problem of user privacy," Butler told me in his first interview since releasing Firesheep. "Hopefully sites like Facebook and Twitter will see this and decide protecting user privacy is a priority for them."

Watch the vid below for more on why they created it:

How do I protect myself from Firesheep and its ilk?

According to the Firesheep creator, here are the ways to protect yourself when you're in an open WiFi location:

While companies are implementing fixes (described below) you can do a few things to increase your level of security, but there’s no silver bullet (aside from stopping use of the services which you don’t want hijacked.)

• HTTPS-Everywhere - This is a Firefox extension created by the Electronic Frontier Foundation which makes Firefox use only HTTPS connections for certain websites. Like Firesheep, it only works on a defined list of websites, so it won’t protect you if you use any websites that it doesn’t support. It does not appear to be immediately simple for users to add sites without some development experience. HTTPS-Everywhere is well respected for doing what it claims to do safely.
• Force-TLS - As mentioned earlier, some websites support SSL but don’t implement it properly, leaving you at risk. This Firefox extension is similar to HTTPS-Everywhere but allows you to specify your own list of domain names to force encryption on.
• VPN - In some situations a VPN (or something similar such as an SSH tunnel) can be great. All traffic sent through a VPN is likely secure from your computer to the VPN server. But be aware that this is not a silver bullet and there are potential problems. See below for our warnings on using a VPN.

Ironically, the authors have suggested Firefox addons over Google Chrome, which is the reason now why I've decided to go back to Firefox. Besides adding the addons above, I've also added most of the addons from The Paranoid Kit to make my browser even more secure than before. Although there are Chrome extensions like the KB SSL Enforcer, it seems to go HTTP before it goes HTTPS and is therefore not an option for me.

Another common sense way to secure yourself from such attacks is to log out of sites rather than just close them. As mentioned in the video above, not logging out of Facebook or Twitter will make you vulnerable when you go to sites with FB or Twitter buttons. Think about it, logging out takes only a few seconds.

Unfortunately there will be sites that go bonkers when it's forced to undergo HTTPS. One of the examples is Status.net. You won't be able to post anything there when you force the site to HTTPS. Although it's been discussed here, the message is clear: Using HTTPS is too expensive for them and would rather become a paid feature rather than a basic one. A total turnoff really. Another example is if you force-HTTPS Facebook, you'll be unable to use the chat feature--which is totally fine by me.

The future of the internet has been shaped because of this addon. I just hope that sites like Facebook, Twitter, etc. think of making HTTPS default when anyone enters their site. Until then Firesheep (and its ilk) will keep on making their sites less secure.

Sources:
Announcement of Firesheep
Interview with Firesheep creators

Windows-free for 2 months

Yup! Thanks to my Windows XP OS crashing on me, I've gone Ubuntu Linux for the last two months. So far I'm enjoying it. I was able to download, install, and try out a bunch of free programs (note they're not pirated folks--free as in beer/freedom programs/softwares exist!) I was also able to play Windows-based MMOs using Wine. Below is the list of just a few I've been playing since:

• Perfect World International
• Jade Dynasty
• Battle of the Immortals
• Savage 2
• Urban Terror
• Wolfenstein: Enemy Territory

My only problem is that not all games run well in Linux, like Allods Online. Too bad that Astrum Nival didn't think of Linux players in their thoughts when they created the game.

Nevertheless, I'll be on Linux for awhile until I get my DVD reader replaced. I may be focusing on Linux-friendly games/programs here until then.

The New Goo.gl vs. Bit.ly

Google just made Bit.ly 's life a little harder with the inclusion of stats to their URL shortener.

There are many shorteners out there with great features, so some people may wonder whether the world really needs yet another. As we said late last year, we built goo.gl with a focus on quality. With goo.gl, every time you shorten a URL, you know it will work, it will work fast, and it will keep working. You also know that when you click a goo.gl shortened URL, you’re protected against malware, phishing and spam using the same industry-leading technology we use in search and other products. Since our initial release, we’ve continued to invest in the core quality of the service:

• Stability: We’ve had near 100% uptime since our initial launch, and we’ve worked behind the scenes to make goo.gl even stabler and more robust.
• Security: We’ve added automatic spam detection based on the same type of filtering technology we use in Gmail.
• Speed: We’ve more than doubled our speed in just over nine months.

It's all good and all but it still lacks some things that Bit.ly and J.mp (yes, it's also Bit.ly powered) has:

• Usability in any Browser: For example: in order to use J.mp you only need to type "j.mp/" in front of the "http://" of the url and you're all set to go! No need for extensions nor bookmarks, therefore you can use it in ANY browser (you need to type "j.mp/http://" in Google Chrome and Chromium though).
• Ease in Sharing: You can share straight to any of the major social networking sites from Bit.ly.
• Shorter Characters: J.mp beats the two as it only has 4 characters and therefore is better with the 140 character limit in Twitter.

Although I've been a bit.ly/j.mp fan for the last few months, i'll give goog.gl a try.

Motorola goes Statusnet!

Just received news that Motorola, Inc. will be using Statusnet as their way of communicating internally. According to the press release, it all started as an experiment as to whether Statusnet would be good enough as a way to communicate between different business units.

However, something else happened!

Rami Levy, Motorola's team leader of Open Source Technologies, says in the case study, "One unexpected benefit [of using StatusNet] is a reduction in company email. We initially just wanted to increase social communication and such in the company. As the value became obvious and usage grew, we decided to leverage this to reduce corporate email volume.”

Lesser email blasts!

Although I would think that emails still revolve around Motorola, with Motmot (yep, that's what they called their Statusnet over there) the heads would just need to send out a dent (equivalent to a "tweet" to you Tweeter users out there) to necessary parties and they should be able to receive and reply to the message either through the web, their Statusnet Desktop client, or probably through their mobile (since they ARE a mobile phone company).

I hope more companies would try out Statusnet because of this.

Would you like to try a free and personal Statusnet account? Go here! And then subscribe to my Statusnet at http://robsanchez.status.net.

My Top Influential Blogs of 2010

Let's get straight to the point: I like a LOT of blogs and some of them influence me more than others. Therefore I'd like to put some names in the hat for The Top Influential Blogs of 2010. For more information on this list, kindly go to http://influentialblogger.net.

1 and 2:
MMOshpit and The Gamedok Chronicles: These bloggers not only blog and play MMOs, they BREATH it. Both bloggers are leaders of prestigious guilds in various games, but they became well-known in Perfect World PH. These guys should be in top of the must-read list in the MMO Philippines scene.

3 and 4:
Trizzone and Search and Connect are two blogs I have been following as I know both bloggers on a personal basis. Both deal with tech and web-related subjects. They're just starting out but they seem to be on their way to becoming one of the better bloggers out there.

5: Every Juan 's blog may seem to be a personal blog, but it's from a techie's point of view, in that way I can relate.

6: Around The Buzz Prime Time (ATBP) is a local entertainment blog and it has quite a lot of readers and it has been posting consistently. I used to be an entertainment blogger as well and appreciate how the blogger has worded the articles well.

Well, there they are, my top 6 blogs. What are yours?

How to subscribe to Google Buzz, Posterous, and Tumbr using Statusnet

Thanks to OStatus, Statusnet / Identica has become more than just a microblogging platform. It's a way to follow other social networks right in the comfort of your Stautsnet / Identica site.


As of the moment, Statusnet 0.9.2 can only follow these sites. Take it from me when I say that the Livejournal following does not work at all, but I read they're working on it.

If you want to follow people in Tumblr, Posterous, or Google Buzz, then follow the instructions below:

1. Open the Posterous/Tumblr/Google Buzz Profile site you want to follow
2. Copy the URL
3. Open your Statusnet or Identi.ca page
4. Go to Subscriptions
5. Click on Remote
6. Paste the URL you copied
7. Click on "Continue"
8. Click on "Confirm"

Easy as that and you'll be seeing their posts soon! However, only Google Buzz posts with notes before the Google Reader shares and direct inputs will appear.

Conan O'Brien visits Google and explodes!

...with laughter!

Testing Out Twitter Embedding

OMG! My post on #statusnet was included in @rejon 's post here! http://bit.ly/90e6FPSat May 01 16:30:14 via status.netRobert Sanchez Jr.
robsanchezjr

IT WORKS!

More info on how to do this here

Google Chrome Beta 5.0.375.29 unleashed!

Image by Getty Images via Daylife

Google has just released Google Chrome Beta 5.0.375.29, possibly making it one of the fastest browsers out there.

Today’s new beta release incorporates one of Chrome’s most significant speed and performance increases to date, with 30% and 35% improvement on the V8 and SunSpider benchmarks over the previous beta channel release. In fact, looking back in time, Chrome’s performance has improved by as much as 213% and 305% on these two benchmarks since our very first beta.

There's a lot of new features included in the new update, but the one I really like is the Bookmarks/preferences/theme sync. It's like I can pull my home browser anywhere! However there's one thing you need to be careful of, once you install the sync, it'll stay there unless you delete or uninstall it. One more thing to improve upon I guess.

What is Opensource?

If you're curious about what Ubuntu, Linux, or Opensource is, then you'd better watch the movie below: Revolution OS.

Revolution OS is a 2001 documentary which traces the history of GNU, Linux, and the open source and free software movements. It features several interviews with prominent hackers and entrepreneurs (and hackers-cum-entrepreneurs), including Richard Stallman, Michael Tiemann, Linus Torvalds, Larry Augustin, Eric S. Raymond, Bruce Perens, Frank Hecker and Brian Behlendorf.

The film begins in medias res with an IPO, and then sets the historical stage by showing the beginnings of software development back in the day when software was shared on paper tape for the price of the paper itself. It then segues to Bill Gates's Open Letter to Hobbyists in which he asks Computer Hobbyists to not share, but to buy software. (This letter was written by Gates when Microsoft was still based in Arizona and spelled "Micro-Soft".)

Richard Stallman then explains how and why he left the MIT Lab for Artificial Intelligence in order to devote his life to the development of free software, as well as how he started with the GNU project. Linus Torvalds is interviewed on his development of the Linux kernel as well as on the GNU/Linux naming controversy and Linux's further evolution, including its commercialization. Richard Stallman remarks on some of the ideological aspects of open source vis-á-vis Communism and capitalism and well as on several aspects of the development of GNU/Linux. Michael Tiemann (interviewed in a desert) tells how he met Stallman and got an early version of Stallman's GCC and founded Cygnus Solutions. Larry Augustin tells how he combined the resulting GNU software and a normal PC to create a UNIX-like Workstation which cost one third the price of a workstation by Sun Microsystems even though it was three times as powerful. His narrative includes his early dealings with venture capitalists, the eventual capitalization and commodification of Linux for his own company, VA Linux, and ends with its IPO.

Frank Hecker of Netscape tells how Netscape executives released the source code for Netscape's browser, one of the signal events which made Open Source a force to be reckoned with by business executives, the mainstream media, and the public at large. (this text is available under the terms of the GNU Free Documentation License)

Thanks to Andrew Maxwell for the share!

Google Reader Shares to Status.net

If you have a Status.net account (mine is http://robsanchez.status.net) and you want to share your Google Reader stuff over there without using Ping.fm then follow the instructions below:

1. Log-in to your Google Reader Account
2. Click on Settings > Reader Settings > Send To
3. Click on Create a custom link
4. Input the following in the fields (replace yourstatusnet with your status.net's URL)

Name: yourstatusnet
URL: http://yourstatusnet.status.net/?action=newnotice&status_textarea=${title} ${short-url}
Icon URL: http://status.net/favicon.ico

Code was inspired by Thanos Lefteris' Google Reader to Identi.ca code
More on Statusnet

Ping.fm supports RSS! The end for Notify.me and Tweeterfeed?

Image via CrunchBase

Ping.fm has just enabled RSS Support!

Over the weekend, we released a feature in Ping.fm that will allow you to post an RSS feed to all your social networks. All you simply need to do is choose the RSS selection under Services / Tools (right there in the Dashboard), and then enter in your RSS feed to the blog of your choice.

I used to have a one click process from my blog to Notify.me then to Ping.fm, but with this feature, it takes out the middle man entirely. Does this mean that services like Notify.me and Twitterfeed is dead? Not necessarily.

Notify.me does more than just send my RSS to Ping.fm as it also serves as my IM notification when someone retweets/replies to me on any of the social networks I'm in. Tweeterfeed allows users to have a real-time stat on hand to see how well their tweets have sent others to their sites. Until Seesmic/Ping.fm does these, the two services will be safe.

Youtube takes down Chatroulette viral video

Image via CrunchBase

While Youtube is defending itself from Viacom, by saying that it:

...has become a metaphor for the democratizing power of the Internet and information. YouTube gives unknown performers, filmmakers, and artists new ways to promote their work to a global audience and rise to worldwide fame;

So much for helping unknown artists/performers in promoting their work as they took down Merton's Chatroulette video. According to Mashable, Youtube didn't take down the vid because it violated copyrights, but rather that the people in the video didn't know they were going to be posted in Youtube. My question here is why did they go to Chatroulette if they DIDN'T want to be seen online. The whole reason for the site is for them to be seen.

Here's what Merton's comment on what happened as he uploaded a new version of the same video:

This is a new, edited version of the original Video #1. I had to make some changes in order for YouTube to be happy with it.

My apologies to all of the subscribers for being summoned here just to see a repeat post, but there was no way around it.

For the record, the original video had 4,238,658 Views. At the time of its demise, it was the Top-Rated YouTube Video of All Time. No shit.

Here's the new, and edited version uploaded by Merton:



Weird, and I thought Google was fighting against censorship...

Merton's Youtube Channel

Related articles by Zemanta

• Ben Folds Jokes About Online Impersonator in ChatRoulette Set (rollingstone.com)
• Ben Folds Plays Live in Concert with Chatroulette (crenk.com)

Google to China: No more censorship!

Google is moving on the offensive against China by uncensoring their search engine and being redirecting it all to Google Hong Kong.

So earlier today we stopped censoring our search services—Google Search, Google News, and Google Images—on Google.cn. Users visiting Google.cn are now being redirected to Google.com.hk, where we are offering uncensored search in simplified Chinese, specifically designed for users in mainland China and delivered via our servers in Hong Kong. Users in Hong Kong will continue to receive their existing uncensored, traditional Chinese service, also from Google.com.hk.

Most of you may remember the reason why Google is so pissed off at China and they have a reason to. Although it was mentioned that the hacker was not getting support from the Chinese Government, the company is still hellbent on ensuring that the Google Hong Kong site is uncensored.

The company is also saying that the decision came from the executives in the United States and not from its China counterparts. Hopefully they won't be arrested for decisions that were out of their hands.

China responds to Google's Search Uncensorship

On the otherhand, the Chinese government is saying that Google needs to abide by their rules:

"Google has violated its written promise it made when entering the Chinese market by stopping filtering its searching service and blaming China in insinuation for alleged hacker attacks," said the official.

"This is totally wrong. We're uncompromisingly opposed to the politicization of commercial issues, and express our discontent and indignation to Google for its unreasonable accusations and conducts," the official said.

Is Google fighting for free information or just being a brat?

Is Google saying that they're "not evil" by imposing their ideas of free information in the web? Are they doing this for the good of the web or are they just pissed off because of the hacking incident? Why just now?

So many questions and there's quite a lot of analysis going on, but i think it's best to wait it out and see what happens in the end of this fight.

Will both sides will lose in the end?

This will be a landmark in web history whatever happens:

If Google gets its way with China, it's going to show how weak the country is against a Demcoracy-backed company, but may get the ire of some countries/societies that don't like foreign companies mucking around with their laws.

If China successfully kicks out Google or the company submits to Chinese rules (as it did before all this happened), it's going to leave a bad reputation for both parties. China will look like an even bigger bully and the company will lose face in front of the web community.

Will there be a middle ground? That's up to both China and Google to figure out.

A New Approach to China: an Update
China responds to Google

Related articles by Zemanta

• Google.cn now rerouting to Hong Kong domain, an 'entirely legal' workaround to censorship woes (engadget.com)

Neil Gaiman receives Chocnut as a gift from the Philippines!

Neil Gaiman, writer extraordinaire, has left the Philippines with a box of these:

Two boxes of gifts are being sent home. In my luggage, just one box of chocnut, a package of dried mangoes, a book and a bottle of local rum (because posting alcohol is sometimes problematic).

In my parent's time, this chocolate was the "in" thing to give to someone you loved.

We love you Neil!

Source

Youtube: Viacom is secretly uploading their videos

Image via Wikipedia

Youtube bites back at Viacom with this civil yet very obviously pissed blogpost. What's interesting is that Youtube is accusing Viacom of the following:

1. hiring 18 different marketing agencies to upload vids to Youtube
2. creating accounts with phony email addresses
3. uploading their videos and "roughing" them up to look like it was illegally uploaded

Wow, I'd like to see these "roughed" up videos for myself if YT will allow it so.

They also mentioned that after Viacom demanded the vids be taken down, then they turned around and ask them to be set up again.

If this is all true why is Viacom doing this? Is this for marketing and promotional purposes? Do they just want to throttle Youtube for the heck of it? According to the post, it's the former:

Executives as high up as the president of Comedy Central and the head of MTV Networks felt "very strongly" that clips from shows like The Daily Show and The Colbert Report should remain on YouTube.

Is Viacom biting the hand that feeds or are they the real victim in this case?

Related articles by Zemanta

• YouTube vs. Viacom (youtube-global.blogspot.com)
• YouTube: Viacom secretly posted its videos even as they sued us for not taking down Viacom videos (boingboing.net)

Social Network Niche Sharing

After reading Kurt Starne's article on Going Native In The Age Of Aggregation, I knew there were people like I who are tired of jumping hoops, making social network services connect with each other, and seeing duplicates in the same sites. I used to do a one click sharing to the SNS world, but doing that just made my sites feel like soup with too much water in it.

In response, I'm thinking of approaching these sites like how I would write for blogs: niche sharing. Niche sites cater to a community that has particular needs and interests (example, MMORPG.com is for MMO gamers, TechCrunch is for techies and gadget lovers, etc.). Looking at my main SNS (Twitter, Identi.ca, Facebook, and Plurk), I see a trend in my audience's interests and shares that will be the basis of what I'm going to share with them.

Google Buzz and Allods Online: Fail?

The recent events in both the Allods Online Cash Shop controversy and Google Buzz chaos reminded me of two things:

• Just because something seems good now doesn't mean it'll be good in a few weeks.
• Always keep a positive outlook that things will change for the better, with or without that service/product.

Allods Online: Massive Multiplayer Online Fail?

Allods Online was to be one of  THE BEST MMORPG OF 2010, until they unveiled the Cash Shop. Saying that the items for sale there is overpriced can be considered as a massive understatement. For example, a bag costs $20--$5 more than a monthly MMO subscription that offers everything.

The forum has been covered in flameposts and threats of boycotting that any questions about builds and questing questions are almost non-existent. Some of it's premier players have voiced out their disgust at the current events and are now contemplating of leaving the game (with their entire guild) entirely.

Buzz: Google's Waterloo?

Google Buzz was supposed to be one of the best social network services that will make Twitter/Facebook/etc. make a run for their money. But instead their lack of filtering features, user control, and security flaws have deemed it to be a failure. It's coincidental that Buzz was created in Waterloo, closely named in the phrase, "meet one's Waterloo": a word signifying a great test with a final and decisive outcome- usually a negative one.

Most of the reaction has been negative: confusion, frustration, and even borderlining on hate. There are still bloggers supporting the service, but most have left it completely or just using it sparingly.

Both situations are at their worst tight now, but we've all been through this before: a service starts good, but ends up worse. Yet there are some services/products that have gone through these things and ended up better than originally thought.

Let's give them both a chance to do a strategic retreat and recover their losses.

UPDATE: gPotato has given their comment on the dev concerns and Cash Shop prices.

Related articles by Zemanta

• Allods Online: Video of a Battle in the Astral! (geekpapa.blogspot.com)
• The Negative Buzz About Google Buzz (dougkrile.com)
• Google Buzz takes on Facebook, Twitter (nationalpost.com)

Google Buzz and Dunbar's Number

Image by Thomas Hawk via Flickr

With both Robert Scoble and Jason Calcanis (and Steve Rubel thinking of) stopping their Tweets from entering Google Buzz, they have joined the movement of lessening the noise on the said social network.

A much more drastic (and I think even better) Google Buzz noise effect was on Damond Nollan when he decided to unfollow a ton of people on both his Twitter and Google Reader.

...I made the decision to unfollow around 3,400 accounts on Twitter and another couple hundred in Google Reader. 

He did this on order to have deeper engagement, more value, and less noise when it comes to social media. I'm liking his idea a LOT.

All these actions remind me of the theory of Dunbar's Number which states that the number of social interaction is limited to 150 only because:

"this limit is a direct function of relative neocortex size, and that this in turn limits group size ... the limit imposed by neocortical processing capacity is simply on the number of individuals with whom a stable inter-personal relationship can be maintained."

Whatever the "right" number would be, I have no clue, but reducing the massive number of people you follow to what you can handle is essential in making your social network really work for you.

I'll be posting soon on how I will do this on ALL of my social networks. There might even be some social sites that I will totally leave in order to put some sort of order in all of this noise and chaos.

Related articles by Zemanta

• Google Buzz - anatomy of a slow motion train wreck (broadstuff.com)
• Google: Buzz off! (accmanpro.com)
• Google Buzz And Their Social Strategy (cloudave.com)
• Five Reasons Why Google Buzz Will Continue to Buzz Out (rotorblog.com)

Zemanta helped me add links & pictures to this email. It can do it for you too.

Google Buzz: What happened?

Image by COG LOG LAB. via Flickr

I am a big fan of Google. I love Chrome, Reader, Wave and almost anything else Google ( I even have an Orkut account for pete's sakes), however their newest foray into the socialsphere, Google Buzz, needs to be overhauled immediately.

On the first two days (gosh, even on the Q & A portion of the Google Buzz launch), all I read was how it was almost like Friendfeed. However, I consider Google Buzz as Friendfeed vanilla ultra lite. It doesn't even come close to what Friendfeed is today even after its creators left for Facebook.

A large concern for its early users was the security flaw that opened up their Google Profiles to outside people to look at who their contacts are and who they chat most with. With so much noise on this issue, Google has decided to do something about it by emphasizing the option to have the people you follow and contact with remain private. 

My personal concern here is how to reign in all the noise. For example: I'm a Robert Scoble follower because I like reading his status updates but his Buzzes (jeesh even his Friendfeed posts before) gets quite a lot of responses  that it keeps popping on top of the Buzz list that I fail to see other Buzzes below. I know it's a testament to the man's power to connect with a lot of people, but I'm now muting his lengthy buzzes just to read the other people I'm following. I'm not sure if he likes being muted by hundreds of people, but I definitely won't like it.

There's no way to categorize people I follow. Reading my Buzz list is like reading a newspaper that updates itself every few minutes and not knowing whether I'm at the Sports or Business page. Again, comparing to my Friendfeed experience, I was able to sort out the noise by putting people I follow in different categories thus allowing me to view them whenever I feel like it. Unlike in Google Buzz now where different topics pop up, making me feel disoriented.

Since Google Buzz is still a few days old, I expect it to make strides in its development, but until they've been able to put in user controls that makes the noise easier to organize, I'll be hanging out somewhere else.

Related articles by Zemanta

• Google Buzz Privacy Problem Makes It A 'Privacy Nightmare' (huffingtonpost.com)
• Google: Buzz off! (accmanpro.com)
• Google Buzz Love: TechCrunch Adds Buzz It Button, Mashable Runs Nexus One Contest (techie-buzz.com)
• Ultimate List of Tips And Tricks for Google Buzz (techie-buzz.com)

Zemanta helped me add links & pictures to this email. It can do it for you too.