Weekly Axis Of Easy #8
In this issue:
• Theresa May calls for “Global Internet Regulation” to deprive Terrorists of “Safe Spaces”
• Canadian RCMP to bring charges in Morocco for remotely launched cyber-attack
• Does easyDNS know your passwords? No. Here’s how we analyze credential dumps.
• Creative Destruction: Society is eating itself and rebuilding for the networked age.
Despite that there have been no known internet-based catalysts ascribed to the recent terror attacks in the UK, Theresa May has been pushing hard for a global, coordinated clampdown on the Internet, primarily through weakened encryption and government accessible “back doors”. The efficacy of doing so is dubious since, as this counter-terrorism expert informs, radicalization of terrorists occurs in-person, not online. Weakening encryption would only penalize law abiding citizens, as criminals and terrorists would be certain to use full strength security tools.
A little over three months ago, a cyber-bully in Morocco sent a series of offensive emails to female and staff at the University of Moncton, New Brunswick which were characterized by authorities as “cyberterrorism”. The man allegedly intimidated the recipients, as well as taunting them that being in Morocco, he was, so he though, “untouchable”. Think again, as the RCMP have been working in co-operation with Moroccan police and crown prosecutors to charge the man. As they say, “The mounties always get their man”.
Does easyDNS know your passwords? No, Here’s how we analyze credential dumps.
After we posted about the results of our analysis of the Antipublic credential leak I’ve received several emails from concerned members that either we must have the ability to decrypt your easyDNS passwords, or else we must be storing them in the clear. Neither of which is the case.
It’s the credential dumps that contain the cleartext passwords. Your passwords here are most definitely encrypted. What we do is take the cleartext password from the credential dump, encrypt it, then compare the encrypted string against the one stored here. If they match, then that’s the password. Nothing esoteric about it, it’s the exact same process that happens every time you log in to your control panel.
I think I have all of Joshua Cooper Ramo’s books, which are essential reading for understanding (among other things) how power is both concentrating and decentralizing at the same time. This interview via SinguarityHub is a great introduction to his work, with a fascinating “case study” on how these principles came to play out during that abortive coup d’etat in Turkey last year, which was repelled largely via an iPhone and FaceTime.
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here: