The world knows where you live – that is not good.

It might be a bit of a surprise to you, it certainly was to me.  The Apple iPhone stores the location of where a photo was taken.  It’s known as Location.  Or geo-location with other makes of phones/cameras.  Seems harmless enough, doesn’t it.

Except when some enterprising people decide to create a Firefox plug-in which lets you view the GPS co-ordinates, then link you though, to say Google Maps.

iPhone photo - we know where you liveOr not.  "42° 53? 7.60? S, 147° 19? 35.54? E" is a church in Tasmania.  I selected it at random, to mask the real address.

Bookmark and Share

So does the Corporate IT Policy get enforced?

Smile - You're on film It’s been my sad experience over the last 20+ years, that what’s in the IT Policy vs. what gets enforced, is a bit of guess work for most people.  Here is a short guide.

Always enforced.
Looking at illegal porn (kiddies, dogs & gerbils).  If we find out about it, we have to report it; you kiddie fiddling scumbag.
You won’t know that you’ve been reported until PC Plod seizes everything.
If there is a set of stairs nearby, pray that you don’t trip walking down them.
Repeatedly.

Sometimes enforced
Porn surfing.  If someone sees you doing it, hears you doing it, we find it on your hard drives, or we see visits to <insert porn sites here>, it’s going to be reported to management.

But yes, commonsense is used.

If it’s an inadvertent visit, such as mistyping the name of the llewtube.com site, you’ll be fine.  But if we see a whole bunch of porn sites in the web proxy log, then your sad arse is getting reported.

Other things which will get you reported:

  • trying to bypass the corporate firewall with a Hamachi client.
  • downloading warez, DVD’s or music.  Do your leeching from your home.
  • Using BitTorrent.

Never enforced
If you hold a “C” title, “Sometimes enforced” becomes “Never enforced”.  Sure, we’ll report it.  The HR people won’t do anything about it, as they don’t have the bottle to do anything about it.

Bookmark and Share

Facebook Privacy Quiz

ACLU-NU Ever take one of those Facebook quizzes to find out which superhero most resembles your dog, or have a friend who seems to spend most of their life doing so? Then you might be in for a surprise when you take this quiz and learn just how much of your personal information these quizzes can access.

Even if your Facebook profile is “private,” when you take a quiz, an unknown quiz developer could be accessing almost everything in your profile: your religion, sexual orientation, political affiliation, pictures, and groups. Facebook quizzes also have access to most of the info on your friends’ profiles. This means that if your friend takes a quiz, they could be giving away your personal information too.

But don’t take our word for it – take this quiz and see for yourself!

(And, yes, we know it’s a little weird to warn you about Facebook quizzes by asking you to take a Facebook quiz – but at least you know who we are and that we have a real privacy policy that we’re committed to upholding. Can you say the same for every unknown author of every quiz you or your friends take?)

It’s amazing what information a quiz/application can collect from your profile.

You can change what information is available by going in Privacy –> Applications.

FaceBook applications & quizs can see Profile picture/basic & personal info, current location, work/education history; and on it goes.

Bookmark and Share

OpenDNS, why it’s good.

Long story short …

OpenDNS is really good, and I can’t draw.

Long Story

dale-cant-draw You need talent to draw, I don’t have it, other blog posters seem to have some.  But is that going to stop me?

NO! (ummm, yes it did 🙂 ) Crap drawing on your right …

OpenDNS

I need to explain a few things first, about how your computer finds where a website is.

You use the website name (ie. blog.wisefaq.com).

Your computer needs an address.  So it takes the name (blog.wisefaq.com) and asks the DNS for the number.

As a DNS is essentially just a directory, just like a phone book.  Hence the name, Directory Name Server.

Here’s a picture of what happens when you ask for blog.wisefaq.com:

normal-dns-operation

Now you can get another phone book.  The same with your DNS.

A DNS service like OpenDNS.  OpenDNS is a directory filtering service.  So, if I wanted to block pornography or gambling sites, all I need to do is tell my computer to use OpenDNS.

OpenDNS allows you to selectively block the following type of content:

  • Adult Themes
  • Alcohol
  • Drugs
  • Gambling
  • Hate/Discrimination
  • P2P/File sharing
  • Phishing Protection
  • Pornography
  • Visual search engines
  • Webmail

(this isn’t all the categories that OpenDNS can block, full list here.)

Here’s a picture of what OpenDNS would do if I went to “badsite.com”

opendns-operation

OpenDNS has detailed instructions on how to setup your computer to use OpenDNS.

I use it, and recommend it.  So does Leo Laporte.

Bookmark and Share

A parent’s guide – Part 2

Asus EEE Box PC In part one, I described the creation of a Proxy Server/Content Blocking solution.

It worked.  Just.  But it was slow.

Back in part one, I said I’d review SquidGuard, but never got around to it.

Why? Mainly time pressures with work.  But as the man said, distance lends perspective.  I don’t think SquidGuard is for me, as it doesn’t inspect page content, whereas Dansguardian does.

This weeks exercise was updating the NSLU2 to an ASUS EEE Box PC.

And it works really well with Squid & Dansguardian.  If you don’t mind not having a GUI frontend, as there’s not video driver available under Debian Lenny.

If anything, too well.  It identified a Wotif search as being Japanese Porn.  This is the downside of inspecting page content.  Sometimes it’s wrong.

dansguardian-japanese

And the Squid Proxy saved me 20% of my bandwidth in the first week:

cache_hits

In weeks 2 & 3, it dropped down to 5%.

I’m happy with what I’ve got now BUT I’m not sure for a 2 computer household, that it was worth it.

Other options I’d consider would be:

K9 Web Protection
is BlueCoat’s content web filtering solution for the home user.  It has good functionality now and promises more in future releases.  From their website:

"Blue Coat® K9 Web Protection is a content filtering solution for your home computer. Its job is to provide you with a family-safe Internet experience, where YOU control the Internet content that enters your home. K9 Web Protection implements the same enterprise-class Web filtering technology used by Blue Coat’s Fortune 500 customers around the world, wrapped in simple, friendly, and reliable software for your Windows 2000, Windows XP or Windows Vista computer."

They also state the following:

"The function that K9 provides is not antivirus, anti-spam, or firewall functionality. K9 is a Web filter; it determines where the computer user can go inside your Web browser. (In our upcoming release, we’ll also be offering Instant Message/Chat controls, and Peer-to-Peer controls.)"

OpenDNS
provides a FREE web filtering service.  You can do this by pointing your network router at OpenDNS, and OpenDNS does the rest.

Bookmark and Share

Spam Matters – How to report spam.

If you believe MessageLabs, 73% of the 0 billion messages it scanned, in February, were unsolicited bulk emails.  SPAM in other words!

In Australia:

Under the Spam Act 2003 it is illegal to send, or cause to be sent, unsolicited commercial electronic messages. The Act covers email, instant messaging, SMS and MMS (text and image-based mobile phone messaging) of a commercial nature. It does not cover faxes, internet pop-ups or voice telemarketing.

Never fear, Australian Communications and Media Authority (ACMA) to the rescue with SpamMATTERS

The SpamMATTERS software:

  • is free for internet users to download and install into the Microsoft Outlook and Outlook Express email programs. Once installed, you can delete spam and report it to ACMA at the same time – with just one click of the mouse
  • captures spam emails that may have bypassed spam filters and anti-spam programs, including messages that are often the most problematic, such as phishing spam
  • enables ACMA to identify and gather the forensic information it needs to identify spammers and take action against them.  

Download it here

This post brought you to the letters S M E E.

A parent’s guide to web filtering with a Linux box.

Well, I’m not a parent, but I have step-grandchildren.

Is it possible to stop children from accessing inappropriate content on the web?
NO!  But you can make it difficult for them.  One leading blacklist has over 1.5 million bad web addresses in it’s database.

One solution would be to setup a web proxy.  A web proxy is something which caches your webpages.  The beauty of that is that they can block inappropriate material.

Step by step, this is what I did.

  1. Find a computer to run it on.  A Linksys NSLU2 network storage box.  I selected one of these because it’s:
    a. small
    b. uses little power
    c. wanted to see if I could remember Linux.
  2. Flashed a Debian Linux bootloader onto it.  This took a bit of effort as the instructions were not completely correct (eg. wrong in parts).  The wrong part being that static IP addresses don’t work, you should use DHCP assigned IP address.
  3. Installed Debian.
    Note: the installer fails at the disk formatting portion.  This workaround I used can be found here here.
  4. Installed and configured Squid Proxy.
  5. Configured iptables.
  6. Installed Dansguardian.
  7. Done.

It worked BUT I learnt the following:

  1. The Linksys NSLU2 does not have enough memory to run a Web Filtering solution.
  2. Much which is published on Linux sites is dated.
  3. Different Linuxes can have different commands to do the same thing (ie. update-rc.d vs. chkconfig)
  4. iptables probably not needed for what I was doing.
  5. I suspect SquidGuard might be a better choice of content filtering software.

References:

NSLU2-Linux development group and user community

A parent’s guide to Linux Web filtering (the first thing I read)
note:  slanted towards RedHat Linux.
Parts now incorrect: httpd_accel* parameters now replaced, with http_port ip_proxy:

DansGuardian: A Content Filtering System

DansGuardian – documentation

Iptables Tutorial 1.1.19

Sebastiaan Giebel’s Guide to Debian Linux on the NSLU2 installation and configuration.

Debian HOWTOs Debian on NSLU2 Installing Debian

Debian HOWTOs Debian on NSLU2 Tips for reducing memory usage

Disk formatting problem: DebianInstallerDisconnectsSSH

Part 2 of this can be found here

Surfing the seedy side – Part 2

ie7 delete Back in February 2006 I wrote about Internet Explorer and the index.dat file.

Internet Explorer 7 (IE7) has a “Delete Browsing History” option which leads to the screen on the right.

“Delete all” (bottom right) does seem to delete the Index.dat file.

Now you can run the “Delete all” command from a command line, by doing this:
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255

Why would you want to do that?

You could have it as part of a shutdown batch file, such as below, in order to delete sensitive temporary files:

shutnow.bat
DEL "C:\DOCUME~1\\Recent" /S /Q
RD "C:\DOCUME~1\\LOCALS~1\HistorY\." /S /Q
RD "C:\DOCUME~1\\LOCALS~1\TEMPOR~1\Content.IE5\." /S /Q
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255

shutdown -s -t 150 -f

Further information:
Surfing the seedy side
Clear IE7 Browse History from the command line

Surfing the seedy side…

So you’re surfed the seedy side of the ‘net and you want to remove the evidence.

This means you would have done at least the following with Internet Explorer:

  • Delete Temporary Internet Files
  • Clear History
  • Delete your cookies.

Having done all that, you’re feeling safe from the prying eyes of your parents / significant other / IT guy.

WRONGGGGG!!!!!! Go to the back of the queue, and hang your head in shame.

You need to be aware that Internet Explorer records where you have been in an index.dat file.

dubious blog sites

What can you do about it?
Not much really.
1. Buy a commercial product, which can remove these index.dat files, or
2. If you have some DOS batch skills you can run a batch file on logoff which deletes the index.dat files.

Yes “files” is right, there can be more than one.

Option 2 is what I use.

Update: I posted an update to this post here.

On SharpReader:
Another way to look at SharpReader is that it’s like some newspapers where they have a “what’s inside” section. On that page, they’ll have a paragraph from each story. The Spencer Street Soviet does this in their print edition.

Bookmark and Share