My Last Post on This Domain

OK guys,

I think that it is time for me to publish the last post on this blog using WordPress as a domain. As you probably already know, GitHub is my favorite company and I have decided to switch my blog to a completely new domain.

I have published a couple of posts exclusively on the new domain and backed up every post from this domain to my new address (with one exception, but I’m working on it). I feel confident now to make the switch and I started to feel really comfortable using GitHub + Jekyll as a blogging platform, so I’ve decided to drop by and say good bye to my old domain.

From now on, you can follow me on r3bl.github.io. Be sure to use the http version of the site because https version is currently not properly implemented in the code. If you run into some issue while browsing the site or you miss a feature that I had implemented on this domain, feel free to report it here.

As always, you’re more than welcome to contact me anytime on aleksandar.todorovic@mail.ru. I hope that you’ll continue to read me on my new address.

Sincerely,
Aleksandar Todorović

Advertisements

Koje softverske firme vas kontrolišu?

NAPOMENA: Ovaj blog post sam napisao prije mnogo vremena (dovoljno daleko da bude stariji od ideje da uopšte napravim blog). Sve do sada nije objavljen nigdje, a sada sam dobio želju da ga podijelim sa javnošću i na taj način malo popunim svoj blog. Post je ostao neizmijenjen u cjelosti i kao takav kopiran iz LibreOffice-a, tako da su podaci malo stariji a stil pisanja takav kakav jeste.

U zadnja dva mjeseca smo stalno bombardovani činjenicama da postoji neko ko upravlja svime što radimo na internetu. Od toga da mogu da skupljaju metapodatke o našim pozivima i SMS porukama, preko toga da čitaju naše mejlove, Facebook razgovore, objave na Twitter-u i aktivnosti na Youtube-u. Podaci koje smo saznali u zadnja dva mjeseca nam daju do znanja da negdje postoji računar koji zna više o nama od naših prijatelja, porodice, pa čak i od nas samih. Mi ne znamo šta smo pretraživali po Google-u prije godinu dana u ovo vrijeme, ali postoji neki računar u svijetu koji to zna. Moguće je čak i da postoji više računara koji to znaju. Recimo, jedan u Google-ovoj korporaciji, drugi u NSA kojem je Google dostavio te informacije, treći na teritoriji naše države koji su na neki način pokupili te informacije od prethodna dva računara a četvrti negdje od strane nekoga ko je uspjeo da se dokopa informacija sa bilo kojeg od prethodna tri računara. Ovo je samo pretpostavka, ali ne čini se toliko nemoguća, zar ne?

Odavno je već rečeno da ako ništa ne plaćate za neki servis, vi sami ste produkat. To je već odavno činjenica u svijetu računara i interneta. Primjer: ne plaćate gmail korisnički račun, gledanje videa na YouTube-u i ne plaćate pretrage preko Google-ove tražilice, ali gledate reklame, što je jednostavan način da oni zarade na vama. Sada ću vam dokazati da postoji ne samo jedna, nego nekoliko firmi koje vas u potpunosti kontrolišu.

1. Google vas kontroliše. Svjestan sam kakvu izjavu sam dao i stojim iza nje. Uzmimo tipičnog korisnika, recimo da se zove Marko. Marko ima smartphone sa Android operativnim sistemom. Taj sistem je Google-ov produkt. Preko njega će pretraživati nešto po internetu. Koristiće za to Google-ovu tražilicu. Recimo da želi da objavi video, na kojem će to servisu uraditi? Na YouTube-u, još jednom Google-ovom servisu. Da bi objavio video, mora da napravi korisnički račun, a pošto YouTube ne dozvoljava niti jednu drugu mejl adresu, mora da napravi gmail adresu. Ne pričam o sitnim radnjama, pričam o radnjama koje radi milijarda ljudi svakoga dana. Google vas jednostavno kontroliše. Mnogi ne mogu da zamisle niti dan bez njegovih servisa, zar ne? A nisam niti spomenuo Google Chrome, Chrome OS, Google Calendar i ostalo. Čak i kada je njihov mali servis kao što je bio Google Reader nestao nastala je pometnja, šta bi se tek desilo sa većinom nas kada bi nestao čitav Google?

2. Microsoft vas kontroliše. Microsoft nije ništa bolji od Google-a. Recimo da uzmete neki laptop koji vam se sviđa, platite nekoliko stotina ili čak i hiljada eura za njega. Uz njega dođe Windows 8. Da li ga možete koristiti odma? Ne. Morate se prijaviti. Da bi se prijavili, morate napraviti Outlook korisnički račun. Praktički nećete moći pristupiti vašem laptopu od hiljadu eura bez pravljenja Outlook adrese. Jedini način da to uradite jeste da označite da imate poteškoće sa internetom prilikom podešavanja koje se pojavljuju pri samom dizanju sistema i tu ćete dobiti sasvim malu opciju da napravite lokalni korisnički račun za Windows. Većina korisnika vjerovatno ni ne zna za tu opciju, a u Windows 9, ako ne već i u Windows 8.1 operativnom sistemu čak će i ta mala i trenutno sakrivena opcija vjerovatno da nestane. Windows i dalje zauzima ogroman dio tržišta kada su desktop računari i laptopi u pitanju, nekih 80% recimo (ovo je samo pretpostavka), svi će postepeno preći na Windows 8. Možda kada izađe Windows 9, možda tek kada izađe Windows 10, ali hoće, isto kao što su svi prešli na Windows XP. E sada, po mom iskustvu sa Windows 8, ljepši je, brži je, troši manje baterije na laptopu i ima neke fantastične aplikacije – besplatne. Naravno, besplatne su samo na prvi pogled, jer većina aplikacija (čak i one koje dolaze sa samim sistemom) prikazuje reklame. Dakle, nije im dosta stotinu-dvije dolara koje su uzeli od vas kad ste kupili sam računar/laptop i još vas natjerali da napravite njegovu mejl adresu čak i ako je niste željeli, već vas i sam sistem bombarduje reklamama. Postoje i neke besplatne Xbox igre za njega, ali naravno, i one su pune reklama osim ako ne uplatite malu količinu novca na njihov račun. Poslije toga, da bi uživali u tim igrama ili omogućili neke dodatne nivoe, opet morate platiti. Ne zaboravimo i biznis koji se odvija preko Microsoft-ovog Office paketa koji opet košta nekoliko stotina dolara. Dakle, Microsoft vas kontroliše.

3. Facebook vas kontroliše. Facebook je mnogo drugačiji od dvije prethodne firme. Facebook nema više servisa, ima samo jedan. Ali, na tom jednom servisu vršite komunikaciju sa svim vašim prijateljima, pa čak i ljudima koje ne znate. Stavljate lične fotografije, stavljate fotografije prijatelja, ponekad i neki video zaluta, događaji, aplikacije, fan stranice, grupe… Da se ne lažemo, Facebook nije uopšte loš servis, samo ga većina ljudi ne koristi kako treba. Kao posljedica toga, Facebook ima sve o nama, od imena i prezimena, preko broja telefona, slika i videa, pa sve do dokaza o skoro svim postupcima koje smo uradili u zadnjih par godina. Neke od njih nisu legalne, a zbog nekih ne bi nikada izašli iz kuće od srama kad bi izašli u javnost. Ali kada malo bolje razmislimo, sve ovo već jeste u javnosti, sve se ovo već krije negdje na nekim serverima u SAD-u hiljadama kilometara udaljenim. Većina nas te servere nikada nije vidjela čak niti na slici, a opet smo dovoljno glupi da im povjerimo sve moguće informacije o nama. Dakle strancima smo dali sve informacije koje nikada ne bismo voljeli da dođu ni do naših najbližih, a kamoli do nekog stranca?

Slična priča se ponavlja i sa Apple-om, mada nisam dovoljno upoznat sa njihovim proizvodima da bih mogao da napišem malu priču o tome kao što sam uradio sa ove tri firme. Istina jeste da mi više jednostavno nemamo kontrolu nad svojim podacima. Istina jeste da ne trebamo stavljati naše podatke u cloud servise koje vode nepoznate kompanije na nepoznatim serverima. Istina jeste da trebamo uzmati naše podatke nazad sa takvih stranih servisa koje nude strane kompanije u stranim državama na serverima koje ni na slici nismo vidjeli niti jednom u svom životu niti znamo nekoga ko je vidjeo te servere. Trebamo da razvijemo decentralizovane sisteme. Trebamo da vratimo naše podatke nama, i tada, i samo tada ćemo biti sigurni da nam ih niko neće ukrasti, niti vlada, niti neke korporacije. Trebamo voditi sami svoje servere i razmjenjivati podatke sa osobama sa kojima vjerujemo – i samo sa njima.

WhyMicrosoft.com – The Worst Marketing Site Ever?

Browsing through a Google+ group dedicated to Linux users in Serbia and Balkan region, I saw a post that linked a web page called Why Microsoft.

To be honest, I’m not a Microsoft hater even though I use Kubuntu Linux distribution as my primary operating system. I’ve decided to check out that site just to see why Microsoft thinks their products are so much better than competitors products.

I took a few screenshots and I want to present to you Microsoft’s marketing strategy.

As you can see in the pictures, Microsoft’s strategy consists on deceiving users by comparing their software’s compatibility with their software, some lies and some double standards.

Confession: Microsoft Is Not So Bad

There’s something I need to confess. Even though I’m a hardcore Linux and free software advocate, I have to say that Microsoft, as a company, is not so bad. So, why am I saying this?

I’ve never paid a single euro for any Microsoft product. I was running cracked software like 95% of people in my country. Now this is not a secret at all. My father runs a small company (around 10 of employees) and I was doing some research about how licensing works in my country. I was amazed. As it turns out, the companies are required to have licensed software, but, if the inspection comes, they will look at a specific list of software and they’ll ask you if you have a license for those programs. What I’m trying to say is that a company only needs to have legal operating system, legal office suite and that’s about it. Add some Adobe products if you use them inside of your company and you’re good to go! Now, the situation gets even worse when we focus on personal users. No-one will ever ask you for a license. It’s like this word doesn’t even exist in my country.

Anyway, back to the story. So, I was running cracked Windows software until a year and a half. Then I found out about the world of Linux and I’ve never looked back. But, being a student and using nothing but open source technology is really hard in a country like mine (and practically anywhere else in the world!). So, my first year began and they required more and more of proprietary software for us to have. Most of them are developed by Microsoft. But, we also got a DreamSpark account, so most of the software they required from us were free of charge. That’s how I got my Microsoft Visio, Microsoft Visual Studio and stuff like that, all for nothing. After that, number of unlicensed programs I had from Microsoft was down to two.

As I’ve said earlier in the story, my father is running a small company. After catastrophical floods that hit south-east part of Europe in this year, my father had to start his job all over. So what he did is he bought a new laptop for himself and he needed to buy Microsoft’s Office license. All they had in as store we looked up was a single license for Office 365 Home Plus. He decided to take it. What I’ve found out after that is that this license can be used by five email addresses legally. He used the first one for his laptop, and I used the second for mine. Also got some extra space in OneDrive and some free premium Skype minutes. And now, I’m down to one, and it’s the main one: Microsoft’s Windows 8.1. Not sure how I will get the license for it, but I’m sure I somehow will. The license costs somewhere around 100 euros, which is about the same as the amount of money I spend on food, cigarettes and going out in a month.

Today, while I was downloading Microsoft Visio from my DreamSpark account, I found out something else. I found out that I have a free license for Windows Store in my DreamSpark account. Oh, and also, I got an access to Microsoft Virtual Academy with a lot of courses and I got some books for free as well.

So, to summarize things up, I got a lot of software from Microsoft and I didn’t actually pay anything to use it. I got only a couple of software products without a license for now but I’m working on replacing them with something legal. And I’m still trying to find my Linux alternative to elementary OS. While waiting for Freya, I’m spending most of my time in Windows looking for some alternative I will use until Freya is released. No luck for now.

I trust Microsoft a lot more than I trust Google.

Sensitive Data Grabber Project

So, what I want to present to you today is a project I’m currently working on. What I’m doing is I’m creating a program that will collect all of the sensitive data from the victim’s computer and saves them on a thumb drive. The program is currently being written as a form application using Microsoft’s Visual Basic and .NET framework 4.5. After I finish the beta version, I’m planning on re-writing the program so it will be a console application and it will work with some older .NET framework (I’m not yet sure which .NET framework will I support for now).

Now, what I want to do is to tell you what this program actually does for now and what I’m planning on implementing.

First of all, the program will collect some basic data about victim’s computer. That data includes information like OS version, number of processors, RAM available, username in use, domain name, machine name and similar.

After that, the program will check if you have installed applications that are currently supported. Here is the list:

  1. Evernote
  2. Google Chrome
  3. Microsoft OneNote
  4. Mozilla Firefox
  5. Mozilla Thunderbird
  6. Pidgin
  7. Steam
  8. World of Tanks

The next stop: copying some data! Here’s the list of applications and a current list of sensitive data it will copy:

  1. Evernote – file containing victim’s current username, email associated with that username and a copy of victim’s current database (implementing it right now).
  2. Google Chrome – files containing bookmarks, cookies, history, login data and web data.
  3. Microsoft OneNote – the copy of all of the victim’s notebooks.
  4. Mozilla Firefox – files containing cookies, addons, form history and downloads history.
  5. Mozilla Thunderbird – files containing addons, address book and cookies (planning on supporting of copying all of the emails if a victim uses POP3 instead of IMAP).
  6. Pidgin – file containing all of the victim’s usernames and passwords in clear text and a directory where victim’s logs are saved.
  7. Steam – configuration file containing a list of all users ever connected on that PC and some decryption keys (not sure what those are for, but I will find it out).
  8. World of Tanks – file containing all of your preferences and a folder containing your latest battle results.

So, the program will automatically locate your removable drive and store all of those files in it.

The point of doing that program is to prove that a lot of pretty sensitive data is easily accessible to someone who has a physical access to your Windows machine. Combine those two and the victim gets pwned big time. The program is currently in pre-alpha stage and I don’t recommend anyone using it for now, but if anyone wants to look at the code for now, you can do that here. Once it’s finished, it will be open source (licensed under GPL) and everyone will be able to add programs to the compatibility list.