JDPFu.com 2025

So I got this email today from TiVo. Relatively short and too the point. Definitely appreciated. I hope they fire that email service. There needs to be repercussions for unauthorized data leaks. The company reported to have the breach is Epsilon. If you are a client, time to get out of that contract.

I use a very specific email alias just for TiVo, so I’ll know if anything comes from this leak. Anyone knowing that address and my first name … oh well … lot’s of people know my first name. I’ll wait until spam starts before disabling this alias created for TiVo. This is the 2nd time that my TiVo specific alias has been released without my approval. Nice job selecting partners TiVo. I still use a TiVo Series2, but haven’t paid them any money since 2004 due to the prior breach. At least they told me about it this time – perhaps due to the California law which requires customer notification of unauthorized data releases?

================================================== 
TiVo Service Announcement
================================================== 
 
Dear TiVo Customer,

Today we were informed by our email service provider 
that your email address was exposed due to unauthorized 
access of their system. Our email service provider 
deploys emails on our behalf to customers who have 
opted into email-based communications from us.

We were advised by our email service provider 
that the information that was obtained was limited 
to first name and/or email addresses only. Your 
service and any other personally identifiable
information were not at risk and remain secure. 

Please note, it is possible you may receive spam 
email messages as a result.  We want to urge you 
to be cautious when opening links or attachments 
from unknown third parties. 

We regret this has taken place and apologize for any 
inconvenience this may have caused you. We take 
your privacy very seriously, and we will continue 
to work diligently to protect your 
personal information. 

If you have unsubscribed in the past, there is no 
need to unsubscribe again. Your preferences will 
remain in place.

Sincerely,
The TiVo Team

Here is what Epsilon says on their website

IRVING, TEXAS – April 1, 2011 - On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.

If this was an insider job, there isn’t much that could have been done to protect against the releases besides paying their people well and giving stock options to them so they have a financial reason to protect company assets.

Whether the Do Not Track settings have any legal support or not, it is worth enabling this for anyone who would like to tell websites not to track them. It may be a worthless effort, but thankfully, it doesn’t take much effort, so why not?

On my Linux system, running Firefox 4.0, the Tell web sites I do not want to be tracked setting, yes, that is the exact wording, is under the Advanced tab of the General tab in the Firefox Preferences.

Steps:

• Edit
•   Preferences
•     Advanced
•       General
• then under the Browsing heading, check box to Tell web sites I do not want to be tracked
  
  Simple.

On other operating systems, it should be easy to find.

KeePassX is my password manager of choice.
Enigmail is the GnuPG signature and encryption add-on for Thunderbird.
Pinentry is used by Enigmail to enable secure entry of PINs, passwords and pass phrases. It blocks copy/paste and forces all keyboard entry into the pinentry textfield. That’s great if you have trivial or easily typed pass phrases. I do not.

These are all fantastic, until you depend on KeePassX to hold non-trivial pass phrases to gain access to your certificates. Since pinentry doesn’t allow copy/paste, there is a major issue. If your passphrase is non-trivial and long, then manually entering them whenever you need to read or send a sensitive email is beyond a hassle. It sucks. pinentry also grabs both the keyboard and copy/paste events, so you are probably unable to alt-tab to the window you really need. Anything typed on the system gets placed into the pinentry text field. How rude.

Workaround

There is a workaround – it is a hassle, but better than trying to type 50 characters of assorted keys.

Use the Perform Autotype option by mousing for your specific KeePassX entry. Doing this means that the Userid needs to be empty and you need to already have KeePassX unlocked before you begin any encryption work. Using the mouse to cause the paste/autotype works.

You’ll probably want to setup gpg-agent to hold your keys for a while too. Anything to avoid going through this crap to retype pass phrases for certificate access.

I’m running Enigmail v1.1.2, Pinentry-gtk2 v0.7.6 and Thunderbird v3.1.8.

We all know that Richard Stallman thinks Cloud Computing = Careless Computing. I tend to agree.

Here’s a funny-to-IT-people video that explains much:

Video Link

I use Firefox – whatever version that Ubuntu 10.04 LTS pushes. I don’t do beta testing – that is for the younger crowd.

Today, I found another extension that I’ll probably enable for shopping, but disable the rest of the time.

InvisibleHand

InvisibleHand is a browser extension that watches as you shop on 20-100 websites and suggests alternative, cheaper places to purchase the same item. When you finally get to a specific item page, it looks for that same item on all those other websites and show you where you can find it cheaper. It isn’t perfect, but WOW! For some items, you’ll see over 50% savings and for others, just a few dollars. Some of the suggested cheaper websites are not places that I’ve shopped before and for a few dollars, I’d probably go to NewEgg or Amazon first. Still, when Amazon isn’t priced right, seeing a $30 savings another company I’ve heard of before is nice. I found that most of the time, the alternative was exactly the same item, however, once it suggested the wrong model device, so definitely check that the suggested alternative really is what you want.

Some days I feel like a broken record. For the last 5+ years, ever since USB v2.x has been available, people have been spending WAY TO MUCH to have an inferior portable hard disk. We won’t get into all the reasons that you’d want an external hard disk here – just know that they are fantastic. Also, we aren’t talking about the flash memory kind, rather the spinning HDD kind.

Here’s What You Should Know About Portable HDDs

Came across this article form 2004 about a small business that dumped Microsoft after the BSA showed up and discovered 8 installed, but not used, pieces of software on their systems. Keeping up with software licenses is tough. The software marshals arrived, closed his business for the audit and found about 8 pieces of unlicensed software. $65K in fines and $35K in legal fees forced him to settle rather than fight.

The CEO got mad and told his IT guys to dump Microsoft. This was back in 2004. Back then, things were harder than today. That company doesn’t use any Microsoft products anymore, but they do use proprietary tools. Redhat Linux was their choice back then. I’d be curious to find out whether they’ve changed to CentOS on their servers or a different desktop.

Key Takeaways

Stolen from my comment over at LH …

1. Launch a Distributed Denial Of Service attack, DDoS
2. Setup your own botnet
3. Spread spyware
4. Release huge password databases
5. Release hacks for PS3s

Most of the time, Cloud Computing = Careless Computing.

Just because something is free and easy, doesn’t mean you should actually use it.

OTOH, there are times where using the Cloud makes perfect sense. When you want the widest distribution of data/info possible. In that case, remote, carefree computing is perfect.

When in doubt, don’t put it into the cloud because you can never get it back regardless of what the ToS say. IT security professionals are split on whether anything can be secured in the cloud. Certainly there are ways to accomplish it, but those methods are probably out of reach for individuals. I would have zero expectation of any real security on shared hosts or shared storage, but many people consider me paranoid. If it were your corporate data in the cloud, wouldn’t you want someone who is paranoid validating the security architecture?

I was listening to a Linux Outlaws podcast where I heard a quote from Mr. Richard Stallman that caught me as true. I looked up the real quote.

“I suppose many people will continue moving towards careless computing, because there’s a sucker born every minute. The US government may try to encourage people to place their data where the US government can seize it without showing them a search warrant, rather than in their own property. However, as long as enough of us continue keeping our data under our own control, we can still do so. And we had better do so, or the option may disappear.” Here’s the source link.

Careless Computing. Your data is stored someplace else and no longer under your control. A good, clear, and accurate term.

There are good uses of Cloud Computing, but not without lots of very careful thought.

Notice to in-house SONY PS3 Developers

is not how real programmers create a random number to seed public/private key encryption.

If you haven’t heard, the PS3 private key has been cracked. . There may not be anything that SONY can do to solve this, but there may be. It is too early to tell and perhaps they thought ahead like the Blu-Ray guys did and have a way to invalidate the key stored on the device and replace it with something new. It is unknown what effect that will have on existing games, settings, and networking. This could be impossible to solve. OTOH, how many customers will really do this in the real world? Less than 1% I’d guess. What I’d be worried about are BluRay and Netflix perfect copies of content getting out.

BTW, I do not own a PS3. I’m still rockin’ a PS2 from about 10 yrs ago. ;)