So if I haven't already ranted at you in some way shape or form, you may not know of the Australian government's short-sighted plan to add us to the ranks of oppressive regimes such as Iran and China. In fact that is unfair as Iran's proxy is considered to be looser than the one Senator Conroy wants to implement.
The long and short of it is that Conroy wants to restrict what pages are available to Australian internet users. Sure it is for the kids (won't someone think of the children)… But as I have said to people I would rather my children see the entirety of the disgusting underbelly of the internet than have one single thought provoking site blocked. Not to mention the degradation to performance in a country that is already considered one of the worst in the world for connectivity. In Sweden groups appealed to the government saying 100mbps is welfare. Here most people are still on 1/200th that speed, and with Conroys plan that 1/200th would lose anywhere from 2-80% of its speed, welcome back to dial-up days.
There are a plethora of sites that are likely to be blocked because they aren't "kid" friendly. June next year you will probably see the below when going to user content generated sites such as Youtube and Facebook:

Here is a news flash senator; kids get hold of porn even if you restrict it, even in the pre-internet days. So what your doing will only have negative effects. Parents with no IT knowledge will have a false sense of security and not monitor their kids browsing habits, these same kids will find ways round your precious filter, and these methods that will become popular may even make it harder for parents and educators to monitor their usage.
The filter will slow down internet access and again the people with little IT knowledge will have no idea how to get around it for legitimate sites that are blocked. Then there is the cost which you are expecting ISP's to mostly cover off their own bat, which will increase internet costs in a country that already pays too much for too little.
Way to go Senator you deserve your award:

I feel lost; I don't know what to do. I feel as though someone has decided freedom of information is a bad idea, so let's mandate it. Then what do you do. Once the book burning starts it is hard to stop.
I have emailed the Senator and his opponents, and the letters are in the mail.
I urge everyone to look at the following sites and take action: http://nocleanfeed.com your silence is all they need to pass this and then you are no better than them.
Peace out all, except Conroy and his supporters who can just unplug their computers, televisions, and burn their books for the same effect they are trying to mandate.


PS: I am starting up a dedicated security Blog as I want to separate the two, this of course crosses both blogs so expect to see it on both. My new Security blog is linked on the left or here: http://security.morganstorey.com

Labels: Australia, Conroy, Kids, Politics, Security

So Geoffrey gave me a heart attack today (not literally) Fiona came in to have lunch with me and we went to the park. It was a lot of fun and really shows how he will talk if he wants something, "up again" kept coming when he wanted me to pick him up to the flying fox.
But the scary bit was when we were having fun, I was pushing him on the swing, when he decided to flip forward just after I had pushed back, he flipped over fortunately caught by the chain as he was in the little kids swing. I lunged forward and caught him... phewww.
Other than that is was a lovely lunch, Marion brought beautiful ham sandwiches and soft-drink, and Geoffrey and I ran around the play equipment like madmen.

Labels: family, Geoffrey, Kids

So today we went to the Zoo and Geoffrey let something interesting go. He knows how old he is about to be. When asked when he felt like it he replied with are hearty THREEEE. Ahh it is good to see. It has been about six months since his operation and he is picking up new things everyday.
Anne is walking and has added to her repitore of Mama and Dada and Baba other interesting little noises and words. She got a new little outfit that was terribly cute, a pair of stockings with a bustle at the back, to go perfectly with her little yellow dress with pedicoat. We had lots of fun at the zoo before the down-pour began.
Speaking of downpours I heard it snowed again in NSW, just south of Wollongong last week. That makes two 100+year events in the last few weeks, the weather certainly is variable at the moment. I heard a good saying the other day "Climate is what you expect, weather is what you get", it certainly is what we have been getting lately: Short bursts of rain, followed by nice hot days, when will it end.
Peace out all

Labels: family, Kids, weather, zoo

There has been some speculation and even backlash on the internet about the recent DNS vulnerability, I posted about it here. Interestingly some people are saying that the vulnerability should have been disclosed when discovered.
This is plain silly. To put it in simple terms with a car analogy (I love car analogies); if a saftey tester discovers that every single Toyota Corolla on the market (the number one selling car, 35million world wide) bursts into flames (props to fight club, note: Corollas don't afaik) if you crash at exactly 35 kilometers per hour. If he just posts this on his blog a few things will happen; everyone will know in about two seconds. The next day 35million Corolla owners will demand a refund, either destroying or severly damaging Toyota and its employees, and hooligans will wander around car parks with sledghammers hoping to hit one with the lucky 35kph speed.Basically what I am saying in a rather confused and overly long analogy is if this had been disclosed pre-vendor patch-release their would have been lost confidence in the whole internet, there would be lost jobs and money from the lost
confidence alone. Then the real fun would begin, prior to the patch being released someone would write a script to take advantage of the vulnerability, this script would then be morphed into several gui tools, and every script kiddie and his bot army would take down sites worldwide for fun and profit.
I am not saying it would have been an internet dooms-day, it could have, but the internet is pretty robust. But it would have been very damaging had the vendor patch not been released, there would have been loss of income and loss of jobs.
I agree with the way it was done, but maybe it could have been done a little sooner if you do a google search DNS cache poisoning is not new in the slightest, have a look at the wiki article. Birthday attacks are a common similar variant, I have even been involved with a cache poisoning issue a couple of times, first back in 2003. Both times I couldn't capture the culprit, there was just too many packets to wade through, but the problems were solved.
I do agree with what I have now read, maybe we need to move across to some kind of signed DNS, either SSL Dns or some kind of signed cert, like gpg and its signed keys.
We could setup the root servers all with a cert or signed key that all DNS servers are set to trust, just roll it into an update or new DNS installs then slowly cut over, then if you want to say use your ISP's servers as forwarders you could simply implictly trust the key or they could buy a signed cert (I can hear Verisign/Thawte licking there lips from here).
Supposedly due to some disclosure there maybe a script kiddie tool out soon to exploit this vulnerability, and with most NAT devices (see routers) turning patched servers into vulnerable ones and some of these routers not being patched/patchable it is only a matter of time. So everyone PATCH your servers please.
In other news, today was a snow day...yay. That won't be exciting for most northern hemisphere residents, but us here in the southern hemisphere, rarely see snow. We would have got about an inch or two, so Geoffrey and Anne saw snow for the first times in their lives; see my Flickr here, and see the video I uploaded to my Youtube here.
Peace out all, even those naysayers that say snow ain't cool.

Labels: DNS, Kids, Security, Snow

Here be dragons

If you haven't seen this yet have a look. Yes the brilliant webcomic xkcd sometime ago did a Map of the internet, I used to have this posted on my wall at work so the newer employees could come have a look when they were visiting to ask a question, it really shows how immense it all is.
But then while looking at one of my bookmarks on network security using darknets for a post on an internet forum I found this: a map of malisciousness. Awesome. It really is interesting to see the concentrations of either compromised machines or general evil-doers in the world. The thing that gets me and got me when I first looked at it was why is the 10.0.0.0 range have so many hits, its a private range, then I looked closer. Why are a few of the "bogan" address ranges getting hits. The only thing I can think is IP spoofing, and if so who would spoof a 10 address. Why not spoof 1.3.3.7 (fun) or something else, everyone knows 10 is internal... anyway post your thoughts.
Oh yeah we haven't quite won the DNS thing yet either. The multi-vendor patch was just that a patch, there are still inherent flaws in the system. Like the new one disclosed with DNS that passes through NAT (see most DNS servers as NAT means some decent IP sharing) it is annoying but it is a fight we have to keep on. See here for the article. It is basically NAT routers being lazy and not letting the port be the random one that the DNS server wants it to be. This randomness doesn't make DNS invulnerable to the poisoning attack I mentioned earlier, it just makes it much, much harder. So to have some routers (people like netgear don't release patches after it is 5+ years old) destory the hard work must be really annoying.
Yep I am dedicating this blog now to more security related topics like the one above. I am still going to keep an update on the kids and all things family. Like little Anne who all of sudden decided she didn't want to be immobile and is not only started crawling in the last few weeks but also pulling herself up to stand and also taking little steps (as long as her hand is held, or holding on to something). She has even said Mama, and what sounded like more after she stole a biscuit from me.
Geoffrey is really coming along too, he is saying Daddy and Mommy more and more, and when annoyed Morgan and Fiona come out too.
Peace out all, except those to Lazy to fix their NAT code.

Labels: Kids, Security

Beautiful, beautiful, beautiful girrrlll

Welcome to the world my Beautiful daughter. Born this day at 2:55pm. Weighing 3.805kg, measuring in at 51cm (1cm taller than her brother).
Here is the new little Miss Storey:

Oh yeah she has her own domain, registered today (as is the tradition), the only one in the family with a non .com
www.annestorey.net
Peace out all, especially my Beautiful girls, Fiona and Anne.

Labels: Anne, daughter, Kids