Sponsored by..

Showing posts with label Politics. Show all posts
Showing posts with label Politics. Show all posts

Monday 4 December 2017

Some random thoughts on Damian Green and those porn allegations

If you live in the UK then you might have noticed the somewhat bizarre furore over Damian Green MP and his alleged viewing of pornography on house his Parliament computer. Now, I don't know for certain if he did or didn't, but to put it in context his private email address also allegedly turned up in the Ashley Madison leak and on top of that there are sexual harassment allegations too. But let's stick to the porn for now.

Anybody who has been involved in forensic investigations of computers may well understand these comments:

Mr Lewis, who retired from the Metropolitan Police in 2014, said although "you can't put fingers on a keyboard", a number of factors meant that he was sure it was Mr Green, the MP for Ashford, Kent, who was accessing the pornographic material.

His analysis of the way the computer had been used left the former detective constable in "no doubt whatsoever" that it was Mr Green, who was then an opposition immigration spokesman but is now the first secretary of state.

"The computer was in Mr Green's office, on his desk, logged in, his account, his name," said Mr Lewis, who at the time was working as a computer forensics examiner for SO15, the counter-terrorism command.

"In between browsing pornography, he was sending emails from his account, his personal account, reading documents... it was ridiculous to suggest anybody else could have done it."  
To put this into context - the computer was seized in 2008 when Green was arrested over the suspected leaking of confidential material. Any investigation such as that will look at web browsing history, recently accessed or saved documents, cookies, bookmarks and stored documents and images. So, it is utterly credibly that the investigation would have found this type of activity if it had occurred.

Indeed, there seems to be no denial that this material had been accessed on the computer, but that Mr Green had not done so. But Mr Lewis's statement also says that things such as private email were accessed concurrently. If you were carrying out an investigation on behalf of a business, then this would indeed be enough to "place fingers on a keyboard".

But here is the surprise - why would this material be accessible at all? Nobody has claimed that it was not accessed, just that Mr Green himself did not access it. But any reasonably-sized business would usually have some sort of filter to stop this happening.

The House of Commons by itself employs over 2000 people. Add to that the staff of the House of Lords, the Lords themselves, MPs and other staff who are not directly employed by either House then you are looking at thousands of employees. That's quite a large organisation, and if there is no effective web filtering for any of them, then that introduces a serious security risk.

Anybody who works in IT in a relatively large organisation such as this will know that at least some of them will try to access pornography. My experience is that people who do this on their work computers are exclusively male, and there are 453 male MPs in the House of Commons. This is certainly a large enough group for some of them to be accessing porn, at least some of the time/


So we can surmise a couple of things - it certainly seems to be possible to access porn from a Parliament computer, and given the number of people working there it seems likely that somebody would try. The number of male MPs certainly seems enough for one of those to try to access porn. Given that it is likely that some of them try, there's no particular reason why it shouldn't be Damian Green. And if one MP is fired from his job because of porn, then you can bet there are other MPs who have done the same thing.

But why not implement some sort of filtering? The problem is that MPs are not employees - Parliament is the primary legislative body in the UK and it is essentially sovereign (despite there being a Queen). Imagine that you worked in an organisation where there were hundreds of C-level executives, and then try to police them from an IT point of view. MPs are probably amongst the worst users in the world to support.

As I said, most organisation of any size filter porn from corporate computers. Strategically, the main reason to do that is not to track down and fire errant employees, but to prevent embarrassment to that organisation. It's all very well to fire a low-level employee for viewing smut, but when it comes to the top of the food chain such terminations can also be damaging to the reputation of the organisation itself. If Parliament isn't filtering this sort of material then it is always likely to end up with this sort of scenario from time-to-time.

Mr Lewis's comments indicate that the material was found on the computer itself, not a proxy log or other external system. It's quite possible that whoever was accessing the material on Mr Green's computer could have saved themselves a lot of grief if they'd used private browsing (although a deep forensic investigation can often find artifacts even when this has happened).

Also, Nadine Dorries MP did state that she shared her password with staff who worked for her. This is terrible practice, and certainly in my organisation if you share your password and somebody abuses it, then you are liable for anything that they did.

Don't forget as well, the habit of porn sites infecting visitors with malware though malicious advertisements, and the habit of more "specialist" sites having been created specifically to infect visitor's computers. MPs might not think themselves to be important enough to hack, but they will have private correspondence with constituents and other parties that should remain private.. and not be leaked out.

Whatever the truth of Damian Green's surfing habits, it looks like Parliament is badly in need of proper regulation of its computer systems. But you really do have the nightmare users from hell in that job. I suspect it is going to take something more that one embarrassed MP to force a change.

Image credits:

Friday 31 March 2017

Leaked documents reveal post-Brexit switch to pre-decimal currency

So with the UK leaving the EU thing kicking off into full swing a lot of interesting stories have been lost in the noise. As expected not only have hard Brexiteers managed to sneak in proposals that we ditch the metric system, it now also seems that they want to ditch decimal currency too.

Madness? Well, they seem to believe that things were better in the old days. Like the 18th Century perhaps. Anyway, these top secret double encoded plans (presuambly leaked by Pro-Bremoaner criminals) have come to light outlining the steps of this particularly mad scheme. It already has a name in government - Dexit.

Basically, immediately after the UK leaves the EU the currency will change back to pounds, shillings and pence...you remember how that works, yes? 12 pence to a shilling, 20 shillings to a pound making 240 pence per pound... on a date pencilled in as being the first day of April in 2019.

All transactions will have to change at that point. However, the pound will still remain the pound including the new pound coin. Notes will still remain the same, although all new ones will contain animal fat by law. As with decimalisation, some coins will remain the same too - the 50p coin will remain valid as 10 shillings, 20p will be 4 shillings and so on for the 10p and 5p coins. New coins will be minted with the new denominations on, but they will circulate alongside the old ones. Copper coins are more of a problem and they will all be withdrawn and replaced.

The halfpenny will not return (thank goodness) and nor will the farthing (1/960th of a pound!). One might argue that the penny could be eliminated altogether as it isn't worth much these days, but apparently there is determination that it will come back.

All eCommerce sites operating in the UK and software will have to be updated to the new currency. It's not as simple as just changing the currency sign, and the law will state that all new computer software will have to support the new currency natively without mucking about with formulas. Formulae. Whatever.

One sticking point is the name of the coins. Technically the current currency is called "new pence", replacing the pre-decimal "old pence". Suggestions for the new coinage include "new old pence", "indedenpence" (clever!) and "Mike Pence".

There will be some exceptions:
  • In anticipation of Scottish independence, the new currency there will be called the "Groat".
  • In Gibraltar the currency will revert to the Euro when it is handed over to Spain (even though 99% of the population don't want that because democracy is so 2016)
  • In Northern Ireland the currency will be determined by whichever side wins the brutal 20-year civil war that follows Brexit.
All of this is quite a low price to pay for taking back control though, isn't it?

(Yes, this was an April Fool's joke, but not too far what what some Brexiters have actually suggested)

Friday 9 May 2014

Dr. Annette Bosworth is a moron spammer

I'm not very interested in US politics, and I certainly don't live there. So why is this moron spammer trying to get me to vote for her?

From:     Anette Bosworth [anette.bosworth@bosworthcampaign.com]
Reply-To:     anette.bosworth@bosworthcampaign.com
Date:     9 May 2014 15:27
Subject:     Not Cool, Guys
Signed by:     bosworthcampaign.com

Honestly, who acts like this? 

This is my first run for political office.  I am a doctor, not a career politician, but I just couldn’t sit on the sidelines and watch what is happening to our great nation any longer.

I have always stood up for what I believe in.  The first time I stood up to a bully I was 7 years old.

Today, the biggest bully I see is the federal government.  I grew up on a working farm in Plankinton, South Dakota.  I am a doctor who works with the elderly and the poor.  The clinic I own is a small business.  In every area of work and life, there is just too much government interference.

Being a doctor, I understand how unfair and harmful Obamacare really is -- and I have vowed to repeal every single word of it.  I also pledge to cut taxes, defend the second amendment, and to protect the unborn.

Washington, D.C. insiders don’t want to see people like you and me change their way of doing business.

Change is possible, but it takes effort from all of us.

I am fighting for that change against an establishment insider with millions of dollars, much of it PAC money from special interest groups.

My opponent has so much PAC money, he can afford to be wasteful – and he is.  Just this week, he produced a slick advertisement for TV that didn’t even feature voters from the state of South Dakota.  And when he was caught, he didn’t even apologize -- he just threw the advertisement away.

That’s not how I do things.

I am a fiscal conservative.  I promise that if you donate now, your hard earned donation will be used in a responsible way to fight big government and wasteful spending.  I need your help to get there. Will you join me?

Absentee ballots in South Dakota are mailed out this month and that’s when voting begins – will you chip in $5 or more today?

The donation you make today will help us get our message to voters.

Thanks,
Dr. Annette Bosworth
image2.png

To unsubscribe please click here
   

Dr. Annette Bosworth
2601 S. Minnesota Ave, Suite 105-129, Sioux Falls, SD, 57105

Paid for by Dr. Annette Bosworth for U.S. Senate

Contributions to Bosworth for US Senate are not tax deductible

It seems that she's a Doctor of some sort, but she opposes affordable healthcare. As a European we are constantly amazed and horrified at the way US healthcare professionals just let people die when the money runs out of their insurance policy.. if they have an insurance policy. Until Obama forced changes to the US healthcare system through it was 100 years behind that in Europe. Now it is only 80 years or so behind. Progress I guess.

Also, Annette Bosworth (or whatever idiot is spamming on her behalf) is attempting to solicit funds through fundly.com which violates their terms of service. Luckily she hasn't been able to recruit many other morons to her cause and has only raised $1,150 out of a target of $750,000.

Well, since this is an abuse of the Fundly terms of service, then getting it shut down and losing the funds could be a bit of a laugh.

The spam originates from two18.2bits.co (63.143.38.243) and spamvertises a site at marketer.2bits.co (63.143.38.226). Both these IPs are allocated to Limestone Networks in the US, but are suballocated to a customer called Joseph (Joey) Burzynski of ResistedNormalcy LLC and/or MarketKar.ma in Dallas. The email is digitally signed for the domain bosworthcampaign.com which has hidden WHOIS details.

Of course, this could be a subtle Joe Job intended to frame Annette Bosworth and make her look like a moron. But according to Joey Burzynski's own Facebook page at www.facebook.com/resistednormalcy/likes he "likes" Annette Bosworth. And tattoos. A lot.

There are plenty of other indicators online that Dr Bosworth has employed the promotional "talents" of Mr Burzynski.

I'm not the only one that thinks that this is spammy either, because Gmail says..


Presumably Annette Bosworth thinks that her point of view is so important that she can spam it out to people at random, regardless of where they live. I personally think she is a moron spammer and hope that the electors of South Dakota treat her accordingly.

UPDATE 12 May 2014: According to US law..
Contributions and donations may not be solicited, accepted, or received from, or made directly or indirectly by, foreign nationals who do not have permanent residence in the United States (i.e., those without green cards). This prohibition encompasses all US elections; including federal, state and local elections. 11 CFR 110.20(b).
So it would be prohibited for Dr Bosworth's campaign to accept a donation from me as I live in the UK and have never even visited to the US.

So it's probably a bad move that they accepted my ten bucks.

 There's a lively discussion about this over at the Madville Times.

UPDATE 13 May 2014: it has been said that Americans don't get irony. When I made my illegal $10 contribution to Annette Bosworth's campaign, I added the comment "Ten Bucks Well Spent!" because I knew that that accepting the money from a foreign donor would have some entertaining repercussions.

What I didn't expect was that not only would be donation be accepted, but that Dr Bosworth would also quote me on her Facebook page..


I like the comment "GOOD AMERICAN;;" (even with the spurious semicolons. Perhaps Americans don't understand semicolons either. I'm not sure I do) because of course I am British. And if Dr Bosworth's supporters knew my political leanings then they would assume I was the Spawn of Satan.

Interestingly, this means that they not only accepted the donation but someone took the time to review it.. surely then they should have spotted that I was not in the US.

Ten bucks well spent indeed!

And for those asking.. here is the receipt:

UPDATE 5 June 2014: Annette Bosworth has been arrested on charges of perjury.

Monday 22 July 2013

David Cameron's porn block - how will it work?

This government likes its half-baked ideas, and David Cameron's attempt to bring in mandatory porn blocking in the UK seems to be one of those daft ideas. Yes, ISPs should offer blocking if people want it.. and perhaps they should be made to offer it by law. But there are a number of concerns which are well addressed by this New Statesman article.

Leaving aside the moral debate and the questions over who decides what, there is the tricky question of how ISPs would actually block access to porn.

DNS filtering

The simplest and quickest way to block it is to use DNS filtering. ISPs can simply set their DNS servers to not resolve adult sites. You can do this sort of thing with OpenDNS already. The advantages is that this is fairly easy to implement and it doesn't cause any latency in web traffic. The disadvantage from the point of view of censoring is that it is trivially easy to bypass, simpy change your DNS provider to one that doesn't block sites or access the porn sites through their IP address only where they  have dedicated servers (most big sites do).

Of course, if people bypass the DNS filtering by using non-ISP DNS filters, ISPs could then firewall all outbound DNS requests. But that would interfere with people's freedom to use Google or OpenDNS or other DNS providers if they want.

Deep Packet Inspection

A more sophisticated approach is to inspect every packet and determine where it is going. This should block sites even if the customer has chosen different DNS settings, and it can pick up and negate a lot of common attempts to bypass filters. But this sort of thing is slow and expensive, ISPs would need to pass on the costs to consumers and the added latency of filtering would make web surfing slower. Many businesses use a form of this to protect their corporate network already, but they are prepared to put up with the downsides for the additional protection.

You could still use a proxy, VPN or Tor to get around it. And HTTPS screws some elements of DPI because it is encrypted, there are ways around that but they are extremely messy and had many drawbacks.

And of course there's the privacy issue. If ISPs are slurping all your data to this level then who has access to it? Supporters of DPI may we have a hidden agenda.

IP address blocking

Instead of blocking domains, IP addresses hosting pornography can be blocked. That's a pretty quick and easy solution too, but it means that anything on shared hosting with "adult" content could lead to every other site on that IP being blocked too.. There would be a lot of legitimate sites blocked as a result.


Anti-circumvention

ISPs could use a combination of the above to stop traffic. But it is relatively easy to use a proxy or VPN connection, but the next logical step would be to go to war with providers of these services too. It is very difficult to stop people finding ways around blocks. And remember, we're not talking about illegal material here.. we're talking about perfectly legal material which is blocked by default.

So, in my opinion this approach will have the drawbacks of being a combination of ineffective, expensive and slow. More needs to be done to protect children from accidentally accessing material that they shouldn't have access to (and please could we include malware with that?), but this half-baked approach has the potential to be an expensive fiasco.

Saturday 12 May 2012

Nadine Dorries: Where's My Shotgun?

You're not in Florida, Nadine. My MP (who I've never actually seen in the flesh at anything I've been to) Tweets about Reginald D Hunter (after being on Have I Got News For You):
"I have now left the HIGNFY after party. As I looked over my shoulder, Reginald D Hunter was talking to my daughter.#wheresmyshotgunman"

Usually when Tory MPs are involved in online death threats, it's the other way around..

Tuesday 20 March 2012

Mid Bedfordshire Constituency and Nadine Dorries - time to go

I don't often get to write about politics on this blog, and I know that most of my readers won't really care.. so scroll on :)

There are proposals to abolish the UK parliamentary constituency of mid-Bedfordshire (where I live). The current MP is Nadine Dorries who is fighting a desperate rearguard action to try to get the proposals overturned. However, not everybody supports Ms Dorries and her campaign, and it seems to me that the proposals (outlined here) are a very good thing and should be supported.

The deadline for submissions is 30th March, the email address to send them to is reviews -at- bcommengland.x.gsi.gov.uk - obviously you can send what you like, but this is what I have sent:

Dear Chairman,

I am writing to support the dissolution of the Mid Bedfordshire parliamentary constituency for the following reasons:

1) The current constituency does not represent a cohesive entity. It is merely a rural "filler" between the urban areas to the north and south.

2) The proposed boundaries reflect closely "Travel to Work Areas" and takes into account that the north of the county is more closely affiliated with Bedford, and the south of the county with Luton and Dunstable.

Although there are obviously some compromises in the way the proposed boundaries have been drawn up, it is my belief that the proposals have been made with some care and understanding of the demographics of the area. In my view the proposed arrangements will be much better for the residents of the current Mid Bedfordshire parliamentary constituency, and that the constituency should be abolished and new boundaries should be established based on those proposed.

Tuesday 6 April 2010

"Represent Party" / representparty.org spam

Sent to a postmaster role account.. classy.

From: Represent [mailto:ben.lynch@representparty.org]
Sent: 05 April 2010 16:22
To: UK Postmaster
Subject: How would you improve the UK - we need your ideas.

Hi,

How would you improve the UK - we need your ideas.

We have just launched a new website ‘Represent’ – and we are looking for ideas on how to make the UK a better place - any ideas will do as long as they are positive.

All ideas submitted will be published on the website where they can be rated to find the most popular ideas for improving the country.

Go to http://www.representparty.org <http://www.representparty.org/>, register (this does not mean you are joining any organisation it helps you to add ideas and rate other ideas) and add your ideas. Remember the website is new so there may not be many ides at the moment but bear with us as we process the ideas uploaded and we’ll get more ideas published as soon as possible.

Thank you for your time.

Regards

Ben Lynch
Represent

PS – If you believe that this email was intrusive please accept my apologies. If you do not want to receive any further emails from us please click on the link below.
http://www.representparty.org/unregister.aspx?action=unsubscribe&value=[redacted]
Originating IP is 109.228.0.79 which also hosts representparty.org and representparty.com. It will probably come as no surprise to see that this IP address belongs to Fasthosts in the UK who are very tolerant of bulk emailers like this.

Anyway, how's this for a positive idea.. stop f**king spamming me.

Tuesday 19 May 2009

Phorm Whitewash

The British government's stance on Phorm has always been pretty supine. Despite serious allegation of criminal misconduct by Phorm and BT, the Government has again decided to whitewash the issue after politely ignoring the latest anti-phorm petition.

Thank you for the e-petition on internet advertising technologies and customer privacy.

As your petition states, some Internet Service Providers (ISPs) have been looking at the use of Phorm’s Webwise and Open Internet Exchange (OIX) products. However, the only use of the technology so far has been the trials conducted by BT.

Advertisers and ISPs need to ensure that they comply with all relevant data protection and privacy laws. It is also important that consumers’ privacy is protected and that they are given sufficient information and opportunity to make a clear and informed decision whether to participate in services such as Phorm.

The Government is committed to ensuring that people’s privacy is fully protected. Legislation is in place for this purpose and is enforced by the Information Commissioner’s Office (ICO). ICO looked at this technology, to ensure that any use of Phorm or similar technology is compatible with the relevant privacy legislation. ICO has published its view on Phorm on its website:

[link]

ICO is an independent body, and it would not be appropriate for the Government to second guess its decisions. However, ICO has been clear that it will be monitoring closely all progress on this issue, and in particular any future use of Phorm’s technology. They will ensure that any such future use is done in a lawful, appropriate and transparent manner, and that consumers’ rights are fully protected.
In other words - private companies unlawfully spying on citizens is no concern of the government.

Conspiracy theorist like to point out that Phorm's web monitoring technology is exactly the sort of thing that the government wants to do. Fortunately, it looks like Phorm is perhaps on their last legs after launch of this bizarre foaming-at-the-mouth blog that they started recently.

The government's complete disdain for British citizens is astonishing, and will probably be reflected in a humiliating result in next month's European and local elections. But then if voting really changed anything, this government probably would make it illegal.