Network Lighthouse

It’s been a while since I’ve done any writing on InfoSec topics, but it’s my new years resolution to take it up again, so expect more articles on info sec stuff from now on.

DataBreaches.net have updated their list of the top 10 Data breaches of all time.   What I find most disturbing about the list, isn’t the volumes (although that’s still concerning), is that 4 of the top 10 were due to poor information management and/or lack of encryption.   The causes for the other breaches (such as insiders leaking information) are harder to solve, and as such a little more (not a lot though) understandable.

• National Archives (70 Million)
• Department of Veterans Affairs ( 26 Million)
• HMRC (25 Million)
• T-Mobile (17 Million)

With the exception of Veterans Affairs, all of these have occured in the last 2 years, when the use of disk/tape encryption technology came into the mainstream.  There really is no excuse for these type of breaches anymore, if companies made it standard practice to encrypt sensitive data where ever it lives, then that would mean that over the past 2 years there would have been 128 Million less records breached. That’s almost as many were revealed in the Heartland hack!

Of course the top 10 doesn’t include breaches that go unnoticed and unreported, and if you start thinking about that you start to wonder how bad the problem really is.

-Daniel

I’ve just discovered Ubiquity from the Mozilla Labs, and it’s showing a lot of promise for changing the way the we us the web.

From the site===

Ubiquity is an extension Ubiquity is an extension that allows you to enter commands that have knowledge of page content and return new information.
===via Labs/Ubiquity – MozillaWiki.

In essence it is a firefox extension that enables users to interact with webpages in different ways.   For example, I tried my hand at writing a Ubiquity Command “Press This”, the same as the wordpress button from the admin tools page, to that I could quickly grab interesting articles for later posting.

The code is pretty straight forward

CmdUtils.CreateCommand({

names: ["press this", "blog this"],
icon: “http://www.wordpress.com/favicon.ico”,
description: _(“Launch a wordpress page so you can write an article about the current website”),
help: “.”,
author: {name: “Daniel Thomas”, email: “danielt@networklighthouse.com”},
license: “GPL”,
homepage: “http://www.networklighthouse.com/”,
arguments: [{role: 'object', nountype: noun_arb_text},
{role: "url", nountype: noun_type_url, label: "url to reference"} ],
preview: function preview(pblock, args) {
pblock.innerHTML = “Loads a new tab for wordpress”;
},
execute: function execute(args) {
var doc = CmdUtils.getDocumentInsecure();
f=’http://www.networklighthouse.com/wp-admin/press-this.php’;
e=encodeURIComponent;
u=f+’?u=’+e(args.url.text)+’&t=’+e(doc.title)+’&s=’+e(args.object.text)+’&v=4′;
Application.activeWindow.open(Utils.url(u));

}
});

Thats it, and most of that can be stripped out.  Now that I’ve registered my code into Ubiquity all I need to do to bring up wordpress is select some text and either right click and select “press this” from the context menu or type “press this” into the ubiquity website.

Now if you want to use this code yourself, there’s a few things you need to do:

• Install Ubiquity (check out the link above)
• After restarting firefox browse to “about:ubiquity”
• click on “Hack Ubiquity”
• Paste the above code into the window, making sure you replace www.networklighthouse.com with your Blog’s URL
• Click Save to File and save it somewhere safe
• Thats it your done, try it out by selecting this article, pressing ctrl+space and typing “press this”

-Daniel

Well it took a bit of doing, but Social Mail 0.0.7 is out now.   As promised this version includes the email/time graph so you know when your contacts are most likely to respond to you.  Here’s how it looks with wAvatar selected as the default image.

That’s the last major feature for the v0.0 series.  Once v0.1 is out I’ve got some ideas on how to further integrate the social networks into the interface, but before I start on them I’m hoping to have some suggestions on what people would like to see in future releases.

The next version v0.0.8 will address focus on making the upgrade process simpler, fix any bugs that are reported and add any small feature requests that come in.

Get socialMail-0.07

-Daniel

It’s been a busy few days coding, always trying to move SocialMail forward, while at the same time trying to get Rapleaf 4 Thunderbird through the AMO approvals process.

In the last few days I’ve had a chance to add to features that were requested by users, and as they were both on the roadmap I’m jumping right over 0.0.5 to 0.0.6.

Here’s what’s new:

• Gravatar support, including fallback modes of Identicon, wAvatar & MonsterID
• Improved handling if a profile image is unavailable
• Option to not retreive a profile image
• Not setting a Rapleaf API key or turning off the Social Networking display now prevents calling the rapleaf service entirely.

Get it here: socialMail-0.06 , if you need help installing please look at the installation instructions.

Important Note: If you are upgrading from 0.0.4, there is no need to delete the database file as there have been no schema changes.

As always your feedback/comments are most welcome.

The road to becoming an approved Thunderbird plugin is a long and arduous one to be sure, but we are almost there.   The sole reason for this release is to move further along that path.

After submitting for approval, the reviewer came back that the code needs to be encapsulated in a javascript object to avoid conflicts in the global namespacce.   This makes sense, and is something that I was vaguely aware of although at a primitive level, however not something I had any idea about how to do.   The reviewer was thoughtful enough to include a link to an article that explained it all.

So I spent the day rewritting parts of the code and the fixing all the problems I caused in the process and now a new version is out in the wild.

You can get it here.

If you want to help with getting approval I could realy use some more comments, either here or on AMO (the above link).  Let me (and the reviewers) know what you think of the plugin and how it makes your email experience better.

-Daniel