Aractus

Blog of Daniel Baxter, now secure! :)

Free SSL from Let's Encrypt!

Prison break series 5 review (SPOILERS)

Well, with the last episode having aired in the US, it’s time for me to give my review. In my first review I suggested that the series started well, but I was sceptical of where it would go. Well I was not wrong. I was originally going to post this before the last episode aired as I thought it was blindingly obvious how it would wrap up (and it was), so I’ll go through what I rightly predicted as well. In fact I may as well start there.

Paul Scheuring stated before the season even began that Prison Break series 5 is based on The Odyssey by Homer. So for this reason the finale was predictable. For example, in The Odyssey the Greek hero Odysseus outsmarts Poseidon and successfully traps him. So for that reason I knew that Michael was going to trap Poseidon somehow, and that he didn’t have any intention of killing him. Poseidon in both the Odyssey and in Prison Break is overly confident that Odysseus/Michael can’t possibly outsmart him.

So I knew Michael was going to outsmart and trap Poseidon in the finale – what else did I know? Well I knew that neither he, Sarah, or Mike could die, and probably not Linc too. I also knew that it was Poseidon’s henchman Van Gogh that gets shot at the end of the penultimate episode. I didn’t know where Sarah was, I will admit, and I think that was a huge cop-out and let down to have her so easily escape. I had also worked out that Michael didn’t actually want T-Bag and Whip to kill Poseidon, I didn’t even think it was Poseidon he asked them to kill, and I also knew that Michael actually didn’t care about either of them – I knew that from Poseidon’s Game Theory speech he gave to Sarah: “You make them love you so much that when they’re up against it their loyalty will make them act against their own best interests”. Michael had already manipulated Whip into killing Ramal for him, and Sid into sacrificing himself for the good of the team. I also knew that Blue Hawaii would have a role, although in hindsight I should have known that he would have been involved in the trap. Oh, and I knew that most of the information encoded in his tatts was useless and intended to waste Poseidon’s time.

Overall the season finale was lacklustre. It was thoroughly predictable. Yes the trap itself was executed very well, but the sub-plots were hastily wrapped up in a dissatisfying way for the main part, and “errors”/contradictions made throughout the series were not addressed – I guess they really were errors. Also, the tatto on the back of his hands was never in the previous episodes (although I did wonder why his knuckles were always black) – and it was revealed in the promo for the episode – bad form! You want proof that the tat isn’t there? Here:

hands-1

hands-2

hands-3

hands-4

Now here’s what I do love about the finale – Michael spectacularly manipulated and betrayed Whip. Now that was beautiful in its own dark-twisted way to show the dark side of Michael. The mechanical hand that he gives T-Bag has a purpose – so that T-Bag will betray his own best interests and land back in gaol. Speaking of which, how the fuck was he released after only 7 years? Why change the fucking timeline to begin with? The original show Seasons 1-4 take place in 2005, not 2010. As a part of the betrayal, Michael lies to T-Bag and Whip and claims that Poseidon will go after him – when in fact there’s no evidence at all that Poseidon has given Whip a second thought, and Whip would be in no danger so long as he remained ignorant of Poseidon’s identity. Anyway, great to see that betrayal and they’re both none the wiser. On the other hand, the relationship between T-Bag and Whip never felt very satisfying.

I also didn’t buy the final scene where Michael has asked the CIA to have Poseidon placed in T-Bag’s cell. Michael wants Poseidon to suffer, not face instant death at the robo-hand of T-Bag… although I doubt that T-Bag actually killed him as is implied in the final scene (he wouldn’t kill someone in his own cell, he’s not that stupid). It was anticlimactic and unnecessary.

So overall, this series just pushed too many subplots that went nowhere. It should have focused itself entirely on Michael’s slow meticulous plan unfolding, and not wasted time on anticlimactic victories along the way. Instead they wanted to do way too many things – Michael has to “escape” the prison, Michael has to “escape” Yemen and ISIS, Michael has to be saved from being poisoned, Michael has to smuggle himself to the US, Michael has to outsmart and get revenge from Poseidon. Also, Linc has to free himself from the debt and get the girl. Jesus it was pathetic.

Mythicism: Why recognising atheist fundamentalism matters

Atheists often deny they have a specific world-view. I would contend that any strongly held world-view is prone to fundamentalist style beliefs. Whether it’s in history, science, religion, paranormal, health, or society. One prominent feature of fundamentalists is that they evaluate information under their own set of rules that are in conflict with best practise methods. I’m not trying to insult people by using the term fundamentalism, I just think it’s important we recognise dogmatic views for what they are. I’m also not an anti-religious atheist, I believe people should be free to practise their religions, but obviously not to impose their beliefs on others.

Defining fundamentalism

Fundamentalism is sometimes easy to identify, but difficult to define. Believing in creationism over evolution, and denying the holocaust are two prominent examples of fundamentalist beliefs. But I suspect that most of us have some fundamentalist beliefs, just not as obvious as those. Holocaust denial is very well supported (believe it or not) in the Islamic world – they have thousands of scholars who put forward this view. I was actually shocked to learn that, and I do think it raises legitimate questions over how much we can trust historians in general to determine facts about the past in an unbiased way. Although I would strongly caution my readers to believe a systemic problem amongst Islamic scholars in the Middle East would affect scholars in the Western world.

The key characteristic of any fundamentalist belief is that it is based on rules or knowledge that are not set or agreed upon by the experts in the relevant fields of study, and when confronted with this the belief is generally not affected. It’s a closed system that is not interested in information provided by the outside world. It’s often based on people’s instincts or on flawed logic. I can even give an example, I met a very nice and intelligent gentleman a while ago with a very fundamentalist belief that we are over-educating the population. I cited facts and evidence, and his response was “well my instincts disagree”. His belief is almost certainly tied to a strongly-held world view, and he’s not interested in what the evidence says.

The definition that I put forward therefore is one where there is a strongly held belief system tied to some kind of world-view that is resistant to change even when presented with overwhelming evidence that disproves the belief.

Denialism

Fundamentalist beliefs can be associated with denialist beliefs. A denialist belief is usually associated with an opposite fundamentalist belief – denying the theory of Evolution or science altogether in favour of creationism. Denying the validity of psychiatry as a science in favour of fundamentalist Scientologist beliefs. Denying the holocaust in favour of fringe outlier theories. Denying that HIV causes AIDS in favour of a fringe outlier theory. Denialism is most commonly associated with history and with science. With both fundamentalism and denialism, people will often not make use of the set of methods developed by the experts to test their theory, and instead use their own methods. Because of this, the historical data or the scientific data does not end up affecting fundamentalist and denialist beliefs.

Honourable example

I’ll start with an example well supported in the literature, which does not have any religious ties. I’m talking of course about the chiropractic theory of disease. This “theory” of disease puts forward the view that misalignments of the vertebra is the cause of all human ailments. It totally rejects germ theory and the associated modern biomedical theories of disease. This is called a fundamentalist belief in the peer review literature. Now it is true that many chiropractors have a “soft” view of the chiropractic theory of disease, where they believe that misaligned vertebra are one of many causes of disease along with bacteria, viruses, and other causes. That’s less denialist, but it’s still fundamentalist as every other modern practitioner rejects the chiropractic theory of disease. I should point out that believe it or not, there are even chiropractors that call themselves chiropractors but don’t believe the chiropractic theory of disease at all! I think that’s hugely unethical and is akin to psychics that know they aren’t psychic (which is all of them) but tell you they are anyway.

Now, does this mean that everyone that goes to a chiropractor is stupid? Well no, so long as they’re not using chiropractic medicine to replace best practise medicine, it’s not going to do any harm and you might get a placebo effect. Although I should say that I have an ethical problem with parents that gets this kind of treatment for a child.

Why is mythicism a fundamentalist belief?

Mythicism, the theory that Jesus didn’t exist as a historical person, is unquestionably a fundamentalist belief. It’s tied to the denialist view that historians are not competent in their assessments of history. Now this is a denialist view that I used to have as a Christian, and that view softened over time, and as atheist I now have the utmost respect for historians as professionals. They are no longer a threat to my world-view – but if your world-view is that Jesus did not exist as a historical person, then it is tied to a denialist view of associated academic professions. “Part of the problem may be an insufficient acquaintance with how historians work with the limited data available” (Larry Hurtado, 2012) … perhaps Larry, and that might be true of some mythicists, however for fundamentalists the historical data does not end up affecting their belief.

Let’s quickly remind ourselves of a few characteristics of fundamentalist and denialist beliefs. 1. They are internally logical when you’re in that bubble. 2. They are often socially constructed and linked to in-group beliefs. 3. Often linked to strongly held world-views including religious or political views. 4. They do not make use of set of methods that experts use to test their theories and determine truth. 5. There may be cognitive dissonance and epistemological leaps involved to reconcile facts about reality to fit within a person’s world-view. 6. Often based on instinct or logic. 7. There can be an overestimation or an underestimation of the quality and level of evidence that exists to support or disprove their belief. Put together this gives us a picture of why perfectly intelligent  people can believe seemingly irrational things.

Mythicism meets most of the criteria set in the previous paragraph. Most notably, mythicists refuse to use the set of tools that historians would ordinarily use to determine historicity of an ancient person or event – and this is true even of Richard Carrier which we will get to shortly. It also ignores the overwhelming academic consensus – just as there is scientific consensus that HIV is the cause of AIDS (despite the persistent outliers), there is academic consensus that Jesus was a historical person amongst scholars of the ancient world. And finally, they refuse to present credible evidence for their theory, and insist that the evidence used by historians isn’t valid.

Mythicists can be every bit as dogmatic as fundamentalist Christians, knowing with absolute certainty that they are “right”. They decide what they want to believe, and then ignore everything that disagrees with their belief, and chastise everyone who believes differently. That makes them fundamentalists.

Who are the mythicists scholars?

Mythicism is such an extreme example of a fundamentalist belief that it doesn’t enjoy the support of even a few hundred scholars: it enjoys the “support” (if you can call it that) of only about six, and that’s stretching it. Three of the mythicist scholars are Christians! Mythicists often mistakenly put forward the view that mythicist scholars are atheists as justification for their view, well I’ve got news for you guys: Thomas L Brodie and Thomas L Thompson are Roman Catholic theologians, scholars, and mythicists! What on earth are you guys going to say next – that I’m dishonest and made this up? No – read their bios, they both identify themselves as Christians, and Brodie is a priest. Tom Harpur who passed away this year was an ordained Anglican priest, journalist, theologian and scholar. He’s no longer living, so the third scholar I’m counting is of course Robert M Price.

Brodie is a well qualified and respected New Testament scholar. However, he has held his mythicist belief since before he studied to be a theologian and scholar. He puts forward the view that the gospels are patched together from existing Old Testament stories to create a new narrative, and his evidence are parallels that he identifies from the Old Testament. The methods that he used have been highly criticised by his peers including other mythicists as being wrong. Which isn’t surprising since those are the methods that convinced him before he studied to be a scholar, and goes right to the very hart of fundamentalism: that fundamentalists insist upon using their own questionable methods. He also flat-out denies all historical evidence for Jesus outside of the New Testament, and denies there was an oral tradition before the gospels. He believes Acts of the Apostles is a literary creation as well. His peers have pointed out that he lacks evidence to support his theory, and after 40 years you would think he could have come up with some decent evidence if it existed.

The late Tom Harpur put forward the view that the gospels were patched together from ancient pagan mythologies. I know, this is a direct contradiction of Brodie’s theory – contradicting each other’s theories is actually a common trait amongst mythicist scholars! Harpur was a fully qualified New Testament scholar, also well qualified in classics, and yes he held a teaching position. Harper claimed that the second or third century church forged all the scriptures, and then covered up all the evidence. The methods used in his investigation have been highly criticised by his peers. And like most other mythicists, other mythicists criticised his theory as well. Also, Egyptologists rejected his assertions that parts of the gospels were based on Egyptian etymology.

Thompson is a Old Testament scholar, and puts forward the view that Jesus is so enriched in mythology that he can’t be shown to have existed, at least not from the canonical gospels. Ehrman has criticised him for lacking expertise in New Testament studies. Thompson has not put forward a case regarding the remaining evidence outside of the gospels, which include the letters of Paul, Acts of the Apostles, the other New Testament writings, Annals by Tacitus, and Antiquities of the Jews by Josephus. Furthermore he denies that he believes Jesus not to have existed, his belief is what some people call “soft mythicism”.

The late Dorothy Milne Murdock was a questionably qualified classicist who put forward the view that Jesus and the gospels were based on Roman, Greek, Egyptian, and other mythologies. Her website is still up if you wish to check. Her methods have been highly criticised by her peers, including Robert Price and Richard Carrier (two fellow mythicists). Ehrman found numerous factual errors and assertions made in her book and said “Mythicists of this ilk should not be surprised that their views are not taken seriously by real scholars, mentioned by experts in the field, or even read by them.” (Ehrman, 2012). She was also a conspiracy theorist. I say she was questionably qualified because while she had a bachelors degree in classics, she did not work as a professional historian or hold a teaching position. I only use her as an example of the questionably qualified “scholars”, I’m not going into greater detail of others such as Earl Doherty, as I don’t think they should be counted when discussing the number of active mythicist scholars.

The late George Albert Wells who died in January of this year was a professor of German and not a bible scholar. Wells has certainly been the single most influential mythicist of our generation, having written several books putting forward his position that Jesus did not exist. He is also the only mythicist worth taking seriously, given that he accrued support from other mythicist scholars. Wells was not a New Testament scholar, and (as is becoming the overarching theme) his peers criticised the methods that he used to obtain his conclusions. But in the 1990’s he rightly became convinced of the Q document hypothesis, and from then until the day he died he believed Jesus to be a historical person shifting to a being a “soft mythicist”. He changed his view when new information was brought to light that disproved his theory, which is what any good investigator should do.

Robert M Price describes himself as a Christian atheist. He’s a New Testament scholar, a former Baptist minister, a professor of textual criticism, and a theologian – he’s very well qualified. He is agnostic on the historicity of Jesus, claiming that the evidence is insufficient. A claim as already pointed out, rejected by all non-mythicist scholars of antiquity. Furthermore he rejects the authenticity of the Pauline epistles and is agnostic on the historicity of Paul of Tarsus, which even other mythicists like Carrier think is absurd. In arriving at his position Price either refuses to use or ignores whole methods commonly used in ancient studies. Price’s view that the “evidence is insufficient” is the one most often put forward by atheists who think that Jesus was not a real historical figure, despite the fact that he lacks the support of other mythicist scholars, and despite the fact mythicists usually go way further than his agnosticism when attempting to prosecute their fundamentalist argument.

Hector Avalos is “agnostic” on the historicity of Jesus. He’s a New Testament scholar, former Pentecostal preacher, and currently a professor of religious studies. Going on that article he wrote, he doesn’t seem to believe in textual criticism which is a textbook fundamentalist trait!! Textual criticism is how we know which books Paul really wrote, and whether or not there have been edits, such as 2 Corinthians which is believed to be a composite of Pauline letters rather than a single letter. His views are actually very similar to Robert Price, and like Price he says he’s agnostic on the historicity of Jesus. Which is surprising since in his actually published academic books he doesn’t challenge the historicity of Jesus. Unlike Price, he’s never denied that Paul of Tarsus was a historical first-century Apostle who wrote several letters including Romans, Corinthians, and Galatians. Unlike Price he’s quite anti-religious.

Finally, there is Richard Carrier and Raphael Lataster. I know I said I wouldn’t discuss any further questionably qualified scholars, but given that Carrier is by far the loudest mythicist on the planet we can’t leave him out. Lataster is currently a PhD candidate and does hold a teaching position at the University of Sydney, making him somewhat qualified. Carrier is qualified in ancient history and classics, he’s an atheist, a Taoist, and has never held a teaching position. All Lataster’s books including the one he co-wrote with Carrier are self-published, and Carrier’s books are published with populist non-academic publishers a fact that has been widely pointed out by his critics. So I really don’t want to give the impression that they’re qualified on this – because they aren’t – but nevertheless Carrier is cited more than any other mythicist scholar by atheists who are on the mythicist bandwagon. I really don’t know why people take him seriously.

Anyway, I do want to be very specific here. Carrier uses something called the Bayes’ theorem to test the hypothesis that Jesus was historical, and then claims that it proves that the historicity of Jesus is improbable. No other historian of the ancient world uses the Bayes’ theorem, and every scholar who has bothered to comment on it has said the same thing: it’s not the right tool to test the historicity of ancient people! Let me repeat it, the Bayes’ theorem is not a valid historical method to test questions pertaining to historical people or events. Carrier also emphatically rejects the contemporary methods use by historians! Carrier has shown no interest in studying the mythicist theories put forward by others claiming that all other mythicist theories are wrong (source), and his theory has been strongly criticised by other mythicists who state that his “methods are terrible” (source). As pointed out in that link, not even considering the evidence and opinions put forward by others would be akin to a biologist coming up with his own theory of Evolution, all the while refusing to read or even acknowledge the work by Darwin and Mendel. Many of the “facts” he cites in support of his theory have been shown to be wrong, or based on a reading of ancient literature that is rejected by his peers in ancient history and classics.

So there you have it. All the major mythicists scholars. I would question whether we should count Avalos and Lataster in particular, so really there are just three or four qualified mythicist scholars depending on whether we count Carrier or not. As pointed out by Ehrman below, they are not seen as credible by the “real scholars”. It’s important to note that not all mythicist scholars are fundamentalists, although Carrier definitely is. And that Price, Brodie, and Thompson are all respected scholars. The mythicist argument commonly seen across the internet is purely a denialist and fundamentalist one: they won’t look at evidence, they aren’t interested in what the experts say, and they don’t care what are the right methods to use to solve these questions. Sure you can come up with a new method to assess evidence, and professionals do that, but what they don’t do is come up with a new method and simultaneously claim that all existing historical methods are wrong and that only their way of thinking can be trusted.

Are we done? I think we’re done.


Final word

Credits to Bart Ehrman, Larry Hurtado, and Michael Shermer, I used quite a lot of their original thoughts when researching this topic, as well as a lot of my own. This post took an unbelievable amount of time and research to write what is essentially on a topic not even worth discussing. I have undoubtedly made some errors in this post, so please fact check it for me and let me know if you notice anything that needs improvement.

And on that note I’ll quote Ehrman:

Transcript:

Q. “I can’t see evidence archaeology or history for historicity”.

A. “Yeah, well I do. That’s why I wrote the book. There is a lot of evidence. There is so much evidence that – I know in the crowds you all run with it’s commonly thought that Jesus did not exist. Let me tell you once you get outside of your conclave there is nobody who – this is not even an issue for scholars of antiquity. It is not an issue. There is no scholar in any College, or University, in the Western World who teaches classics, ancient history, new testament, early Christianity, any related field who doubts that Jesus existed.

“Now, that is not evidence. That is not evidence. Just because everybody thinks so doesn’t make it evidence. But if you want to know about the theory of evolution versus the theory of creationism and every scholar in every reputable institution in the world thinks & believes in evolution, it may not be evidence but if you have a different opinion you better have a pretty good piece of evidence yourself.

“The reason for thinking that Jesus existed is because he is abundantly attested in early sources. That’s why. And I give the details in my book. Early and independent sources indicate certainly that Jesus existed. One author that we know about knew Jesus’s brother, and knew Jesus’s closest disciple Peter. He’s an eyewitness to both Jesus’s closest disciple and his brother.

“So, I’m sorry, I respect your disbelief but if you want to go where the evidence goes I think that atheists have done themselves a disservice by jumping on the bandwagon of mythicism because frankly it makes you look foolish to the outside world. If that’s what you’re going to believe you just look foolish. You are much better off going with historical evidence and arguing historically rather than coming up with the theory that Jesus didn’t exist.” – Bart Ehrman.


“The mythicist position is not seen as intellectually credible in my field (I’m using euphemisms here; you should see what most of my friends *actually* say about it….) – no one that I know personally (I know a *lot* of scholars of New Testament, early Christianity, and so on) takes it at *all* seriously as a viable historical perspective (this includes not just Christians but also Jews, agnostics, atheists – you name it), and my colleagues sometimes tell me that I’m simply providing the mythicists with precisely the credibility they’re looking for even by engaging them. It’s a good point, and I take it seriously.

“In that connection I should say that I can understand how someone who hasn’t spent years being trained in the history of early Christianity might have difficulty distinguishing between serious scholarship that is accepted by experts as being plausible (even when judged wrong) and the writings of others that, well, is not. But experts obviously don’t have that problem, and the mythicists simply are not seen as credible. They don’t like that, and they don’t like it when it someone points it out, but there it is.

“The other reason for staying out of the fray is that some of the mythicists are simply unpleasant human beings – mean-spirited, arrogant, ungenerous, and vicious. I just don’t enjoy having a back and forth with someone who wants to rip out my jugular. So, well, I don’t. (They also seem — to a person – to have endless time and boundless energy to argue point after point after point after point after point. I, alas, do not.)”Bart Ehrman.

What you weren’t told about WannaCry

I pride myself on providing you, the humble visitor, with good information. Not always perfect because, well, I’m not a security expert. You can think of this post as an afterthought if you like to my previous post, what I am aiming to do here is complete the picture.

Is Microsoft to blame?

The US Government and their spy agency the NSA are the main guilty parties in this instance. The ShadowBrokers who hacked the NSA and then publicly released the weaponised exploit are also to blame. And yes, Microsoft absolutely shares some of the culpability. Here is the thing you haven’t been told anywhere on the internet… some systems don’t update even when configured to do so. You want evidence? Here are screenshots I took earlier this week on a friend’s PC:

update-1

update-2

When I manually checked for updates it just spent hours on this screen:

update-3

And no, that system is not patched. I was unable to fix the problem. WHAT THE FUCK MICROSOFT?! My solution for that system will be to re-install Windows. Nothing worked – and I did try. This page contains most of the fixes I tried. The owner of that PC had no idea the system wasn’t up to date. How many other Windows installations have this same problem?

And probably the most misreported fact on the internet “windows doesn’t support XP anymore”… WRONG! They do. They only provide support to those who pay for it though, and according to some the latest pricing for this privilege is about USD 1000 per year per desktop Windows XP installation. For the ordinary home user, you can still get Windows XP updates until 2019, and possibly longer. To achieve this you simply tweak a registry setting that tells Microsoft that it’s an Embedded system. XP was embedded into all kinds of hardware that is impossible to upgrade – speciality hospital equipment like MRI scanners, ATMs, etc. And they still receive security updates to this day.

People were surprised when Windows released a patch for this vulnerability for Windows XP. But they shouldn’t be – the patch would have been rolled out for XP Embedded at the same time as Windows 7/8/8.1. The only difference is that they waited until after the worm appeared before pushing the patch to non-embedded XP systems.

Why was there a kill switch?

The original version of WannaCry attempted to connect to iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com and then terminated if successful. Other variants then emerged with hex edited domains, or with that section hex-edited out entirely. But why was it there? It could just be a bit of unfinished code. It might be intended as an anti-detection measure, but it’s been pointed out that it doesn’t just do a DNS lookup it expects to create a TCP connection to the domain too. If there’s no TCP connection then WannaCry will execute the payload anyway. It could just be the hacker’s way of “having fun” with their malware – let people think it’s stopped and then push out the variants. Who knows?

How much has been paid out in ransom?

Not very much. So far over 200,000 people have been infected, and only 292 (or less?) have paid the ransom. That’s 0.1%. The three wallets are: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw, 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94, and 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn. About $109,000 or USD 81,000 has been paid in total so far. At 292 people though that averages at significantly less than USD 300 per ransom – going by the actual dollar figure only 270 people or less have paid up at the time of writing.

Is it a State actor?

Possibly. You will have heard that North Korea has been identified as a possible culprit. The problem though is that any competent hacker can make their code look like it came from North Korea, China, Russia, the USA, whomever they want.

So what’s their motivation?

You might think that the crypto-ransomware developers are simply highly motivated to be paid hefty ransoms. Well, most professionals don’t believe that to be a huge motivation. Just look at the program for a start: it encrypts types of documents that are important and valuable to their owners. They could steal sensitive documents actually if they had wanted to, but they didn’t. So you heard about the NHS in the UK having patient information encrypted – that’s a huge problem for them – but can you imagine how much worse it would have been if the malware developers had stolen millions of confidential medical files, and then ran a real extortion racket like was run against Ashley Madison?

Then, they provide you with all the information you’ll need to get your files back, assuming you pay up. They give detailed instructions on how to use Bitcoin, they helpfully put the decryption program everywhere on your system so you can always find it, and they give you a wall-paper in case your antivirus removes the decryption program. And the program is translated into 28 languages as well to ensure that you can read it:

wana-decrypt0r-2

Their set-up is not particularly well designed to receive payments, which is why they’ve received so little. Plus they have to manually verify payments on their end because they didn’t put in an automated system (ie unique bitcoin identifiers) to make it easy for them to verify. And it’s not exactly going to be easy for them to get their bitcoins. But here’s the thing, malware has been around for a very long time before the concept of ransomware. So they are unlikely to care much about actually getting paid, in fact they tell you explicitly if you’re so poor you can’t afford the ransom there will be a chance to get your in six months.

Whatever their motivations are, it’s not money. At least not primarily. It’s been pointed out that leaked NSA cyberweapons have been used to turn computers into large botnets to mine bitcoins, and that was far more lucrative strategy for cybercriminals than this method. But what we can say is that they have put a lot of effort into their program – they want to get their name out, I don’t think they care whether people pay the ransom or not, they will probably give out the master key after a few months.

Did people click malicious links in emails?

This is the most misreported aspect of WannaCry. It is able to spread itself directly though the internet to any vulnerable computer that it finds. We don’t know how the NHS in the UK got infected, but it is possible that the worm spread across the internet by connecting to just one vulnerable PC or internet server across port 445, and then once it got on the network it can infect all the vulnerable PCs it finds on the ethernet. And that’s actually a larger problem for organisations than it is for home users, because it will be trying to connect through your IP address which is assigned to your router, but organisations often assign public IPs to computers. And they have to for servers. So yeah, we don’t know, but we do know that the this crypto-malware spreads directly across the internet without people needing to click any links if their system is vulnerable. That’s how bad this exploit is! Again though, if you’re behind a home router you’re probably safe.

Is it really the worst ransomware attack yet?

Yes. I chose my words carefully, it’s not necessarily the worst cyber attack, but it is the worst ransomware attack. What has made it so bad is that people on vulnerable networks do not have to click any links, as the malware spreads laterally as a worm. If you have this on your computer it will eventually try connecting directly to every single public IP in the internet – starting at 0.0.0.0 and ending at 255.255.255.255. Obviously that’s a simplified explanation, it randomises its IP selection, but yes every computer with the worm – all 200-300,000 of them – will eventually try to connect to every single IP on the internet. And it wouldn’t take that long either, as there’s only 4 billion IPs to try.

So it’s not an understatement at all to put the blame squarely on the US Government/NSA. And this is just the beginning – the ShadowBrokers (the hackers that hacked the NSA and released their cyber weapons) said they have yet more cyber weapons to release.

World’s worst ransomware attack yet

The recent WannaCry ransomware attack has been described as being the worst attack yet. The cybercriminals who created it have quickly become the world’s most wanted cyber criminals… but let’s talk about who’s responsible here, because the cyber criminals were armed whether intentionally or not by the NSA.

fbi-most-wanted-hannibal

By the way, I have been working on a little project that is nearing completion, here’s a little preview of it that I made very quickly using Microsoft GIF Animator:

ubobanpreview

I highly recommend installing uBlock Origin, that will provide you with some protection again an infection through malvertising.

The NSA developed an arsenal of cyber weapons. One of these weaponisd exploits is called EternalBlue. The NSA’s entire arsenal of cyber weapons was both leaked and sold to third parties, including to hacking groups. Recently, a different arsenal of cyberweapons developed separately by the CIA was leaked to Wikileaks (known as Vault 7) who proceeded with responsible disclosure. Responsible disclosure means giving broad information to the public, while giving specific information to affected software and hardware vendors so that vulnerabilities can be patched, and then later full disclosure. In the case of the NSA’s arsenal of cyber weapons, it fell into the hands of a hacking group called The Shadow Brokers, and they do not believe in responsible disclosure so they promptly dumped the cyber weapons directly into the hands of the masses. The Shadow Brokers claim they hacked the NSA and stole the weapons, but however they came to obtain them is irrelevant.

The reason this is the worst ever malware attack is that it has crippled critical infrastructure. This is what every security expert has been worried about. It leverages EternalBlue (and EsteemAudit for older OS’s) to spread across computing networks. How ordinary users becomes infected though has not yet come to light, but I suspect Malvertising may be one culprit.

wana-decrypt0r

Ransomware works by encrypting your data using RSA encryption. What you need to know about RSA is that it’s the same principle behind SSL/TLS internet security. It is an asymmetric encryption – there are two keys, let’s call them Key A and Key B. If data is encrypted with Key A, then it can only be decrypted with Key B. If it’s encrypted with Key B, it can only be decrypted with Key A. Ransomware generally generates a unique key pair for each and every infection, and it can be remotely generated on a server far away. What that means is that an infected user has no way of obtaining their decryption key – it can’t be brute-forced, it can’t be extracted from the program, the only way to get it is from the cybercriminals who have it.

If you’re infected- should you pay up? Well, if your data is worth more to you than $400 – yes you should. Some reports have suggested you have no guarantee or receiving a decryption key… well that’s true, but generally speaking operators of ransomware do provide the decryption keys when payments are made. The situation where that might not be true is if you manage to get infected with an older malware by a group that’s no longer active, then I would agree you would be chancing it if you pay up.

So who should foot the bill for this? I believe the US government should be held to account, and made to pay out the ransoms. They’re the assholes that developed this cyberweapon. This is exactly the reason why the security industry hates the so-called intelligence industry. The correct thing to do when you find a security vulnerability is to do exactly what Wikileaks did with Vault 7: engage in responsible disclosure so that the vulnerabilities can be patched. Think about it this way, the NSA is a foreign intelligence agency that we would classify the same way as any other cyber criminal organisation. If they develop a weapon, then you can bet that someone else – whether in China, in Russia, in India, or elsewhere has also developed it. And even if they haven’t, as we’ve seen time and time again these inevitably get leaked/stolen.

And WannaCry has crippled critical infrastructure – that’s one of the worst possible outcomes of a cyber attack. Hospitals, schools, and telecommunications were taken out with this purely as a side-effect of its original intention. Had the cyber criminals wanted to though they could have specifically launched a far more vicious attack specifically aimed to take out critical infrastructure, and if that was done there could have been thousands of deaths as a consequence: rioting could have happened in cities across the world if power grids were taken off-line for example.

You may have heard that a security researcher that calls himself MalwareTech “accidentally” stopped WannaCry from spreading further. Well, that’s a half-truth. He did a write up on his blog about it actually. In a nutshell, the malware checks for the existence of a “random” domain that doesn’t exit. If an IP address is returned then it assumes it’s being run in a sandbox and shuts down its operations – this is a tactic it uses to try and evade malware detection by anti-malware software executing the program in a sandbox. It effectively is a kill-switch, but not intentionally so. But to say that it was accidental is not true, as stated clearly on the blog it’s standard practise to register domains found within malware as it gives researchers a way to track malware as much as anything else.

Alien: Covenant review (spoiler free)

Alien (1979) is a seminal film. It is one of the rare horror films of its time to be made by a film director who was later welcome to produce films outside of the horror genre. This can not be understated – working in the horror genre at that time was literally the kiss of death for your career as an actor, or as a director. The prejudice against the horror genre permeated so deeply that many great movie ideas were simply never made. And many great directors like the late Wes Craven were never welcome to make movies outside of the horror genre. The late David Hess talked about the prejudice against him for playing villains in horror films. So making Alien was a huge risk for Ridley Scott’s career and for Sigorney Weaver and the rest of the cast.

Now you might think that’s where the story ends – no. We move to Aliens, and I can’t say why, but Aliens is a pure action film with no horror elements to it. Some people use the word “thriller”, but I think thriller can be split into two genres – there are action thrillers, which is what Aliens is, and there are drama thrillers which is what Silence of the Lambs, and Alien 3 are for example. So with Aliens we had a director that basically didn’t take chances. He didn’t want to advance the story, he just wanted to make a generic action based story in the Alien universe. Aliens works very well as an action film, and is actually quite a fine sequel.

Alien 3 brought the series back to its drama-thriller roots. It’s a good film, but it failed to live up to quality of the original. And many people were expecting another action film to follow Aliens, and didn’t want the film back in the horror genre. But it did have a strong cast, and a coherent story.  Alien Resurrection is a generic action film with few redeeming qualities. Disappointingly, Resurrection tries to re-make specific scenes from the first two Alien films with varying degrees of success. Winona Ryder as Resurrection’s android Annalee Call was bland, unconvincing, and uninteresting.

Finally we came to Prometheus. Prometheus restructured the narrative of the Alien universe. It brought the revelation that life on Earth was created by Engineers. Many critics scoffed at this, which I think is a mistake because these films are science fiction and need to have room to define their own rules. Many also didn’t like its unanswered questions, but I think those were fine. Prometheus brought the series full circle back to its roots. It’s true roots that is – including the exploration of unknown outer space. The film is not perfect and could have been improved by showing a bit more constraint and spreading the narrative elements so it unfolds more organically. Guy Pearce was completely miscast as Peter Weyland, and the make-up was unconvincing. However Michael Fassbender is absolutely amazing as the film’s android David, and Noomi Rapace was a very strong lead.

Alien: Covenant was fucking great! I am struggling to find some negative points to make about this film. The only negative I can say is it’s a bit formulaic, but I won’t hold that against it as it’s easier to see that in retrospect. Michael Fassbender is amazing, this time playing two androids – the original David, and Walter. Some incorrect reports have said they’re the same model, that’s not true – Walter is a newer model but looks the same. The very real problem in AI development of how do we realistically implement safeguards into AI so that we remain in control has not been solved to this day. This is the same premise behind Terminator, and the Matrix, and of course the original Alien where Ash was willing to obey orders above the safety, welfare, or interests of the crew. Remember though, even though Walter and David are very different, they are not as advanced as Ash – and Ash was happy to follow his orders and let the entire crew die to the Xenomorph.

This movie stayed on track from the first act to the final scene. It didn’t deviate or present unnecessary hyperbole to advance the plot and get its point across. It does still rely on people making stupid decisions though. David’s evolution from the curious android in Prometheus who distrusts humans to his new home where he has used the Engineers to continue his agenda progresses his character flawlessly. Walter rightly does not trust David, but perhaps perplexity he fails to alert his crew to his suspicions – he is after all only synthetic. The interesting reverence David has for Elizabeth is also worth an honourable mention, he holds nothing but love and admiration for her and it’s very clear why this is so, yet it’s a selfish love that he holds and he does not reciprocate it. I only wish that these nuances could have been teased out a bit further. Great films leaves you wanting a bit more in places, and these cognitive limitations that androids in the Alien universe are fascinating, and attest to the film’s ability to draw us into its world so deeply we want to find out more!

The film was not afraid to continue developing the new ideas presented in Prometheus. It would have been a great shame to see these ideas abandoned in favour of only pursuing the original Xenomorph and face-hugger. Even though there were some issues with Prometheus, expanding the Alien universe to include the Engineers and goo was genius. A very well made film and a fine addition to the Alien filmography.

5 Stars

Trump and Turnbull

Watch this:


Video: White House

I love this video. This video sums up everything that’s wrong with Turnbull. Here he is sitting across from one of the most ridiculous first-world State leaders in our generation, and he’s listening to him spew his bullshit. To bring my international readers up-to-speed, Turnbull is well educated, highly intelligent, and knows a lot about history. All the things Trump knows nothing about.

The expression on his face says everything. It says “I can’t believe I have to sit here and listen to this man’s bullshit… I’ll just smile and nod”. You can see he just wants to shake his head, roll his eyes and walk out. Grow some fucking balls Turnbull. The only reason that people aren’t going to lampoon you for being as blissfully uninformed as Trump is because we know you’re smarter than that – why not fucking tell Trump to his face when he spews out bullshit?

Trump: “We’ve been allies for 99 years”

Turnbull: “Yep”

Trump: “Can you imagine that? 99 years”

What the fuck Turnbull? Perhaps he was stunned by Trump’s blatant stupidity? We’ve been formal allies, counting the ANZUS Treaty as the start, for 65 years. And it’s an archaic outdated alliance anyway. More Australians have a negative view of the US than have a positive view. Because the US is a fucking inhumane disgrace of a country that practices the death penalty, criminalises prostitution, and has worse gun violence than any other first world country.

Trump: “Right now we have a failing healthcare … you have better healthcare than we do”

Well – maybe. I think it’s funny that people seem to claim to know whether one country’s healthcare system is “better” than another, and it’s really difficult to objectively measure. The World Health Organization last ranked countries in 2000 – that’s 17 years ago. What is true however, is that the US healthcare  system is grossly overpriced – the US spends greater than 18% of GDP on healthcare services, whereas the rest of the industrialised world spends 9-12%. I don’t see how you can possibly implement a universal healthcare system in the US in a single term of government and not expect to see a huge recession. Reducing healthcare spending from 18% to 12% would result in a lot of job losses, and also many doctors, surgeons, and nurses would have to face pay cuts and/or stagnant wages. That’s a reality because governments and insurers pay less for health services than private citizens do – and you can check that fact if you want. It’s similar in Australia with GPs that bulk-bill vs those that charge a consultation fee, except that in the US there are just many more health services. For example if you need heart surgery and you are covered by an insurance policy in the US, then the insurer will pay out a set amount to the hospital for the service. A private citizen however might be charged much more because he’ll be dealing with a surgeon that charges whatever he wants and doesn’t perform surgeries for insurance companies.

The issue in the US isn’t the quality per se of the healthcare, it’s the accessibility for essential health services, affordability, and the fact that people have to rely on insurance policies. The failure of the US health system is that it doesn’t cover everyone, and (prior to Obamacare) insurance companies didn’t have to cover “high risk patients” (those that had pre-existing health conditions), or could charge people with pre-existing health conditions more than people without. Obama of course lied when he claimed premiums wouldn’t go up – you can’t cover all the high-risk patents and expect premiums to stay the same!! Now, don’t get me wrong, the US absolutely should bring in universal healthcare. But it won’t be a purely straightforward process.

Anyway, Turnbull grow some fucking balls and tell the man that his healthcare plan is fucking atrocious.

Why I’m Not Islamophobic

Imam Shaikh Mohammad TawhidiThis is a post I’ve been meaning to do for a while, it’s a direct follow-on to my 2010 post Hi, I’m an Islamophobic. On today’s Outsiders programme with Ross Cameron and Rowan Dean was one of the loveliest people I have ever seen on television. His name is Imam Shaikh Mohammad Tawhidi (pictured), and I want to credit him with motivating me to make this post now. Now let’s get one thing out of the way first, I am genuinely fearful of Muslims more than I am of any other religious organisations, so in that sense I am Islamophobic.

Right – on to business… how did we get here?

In my former post I said you can not prove Christianity, and you cannot disprove it. Or rather I mentioned the Antediluvian Period, which is something most Christians would prefer to ignore. It creates a huge problem – without it there are no Patriarchs, and without the Patriarchs there’s no Covenants with God, and without those there’s no condemnation, and no requirement for a Saviour.

“for all have sinned and fall short of the glory of God, and all are justified freely by his grace through the redemption that came by Christ Jesus.” -Romans 3:23-24.

When God reveals himself to Moses he says “I am the God of your father, the God of Abraham, the God of Isaac and the God of Jacob” (Exodus 3:6). Abraham exists after the Antediluvian Period, but the Abrahamic Covenant displaces (dispenses with) the Noahic Covenant, and the Noahic Covenant happens at the dawn of the Antediluvian Period. So it is important that it holds some meaning to Christians – many now take the easy route of saying these were just stories – but if they’re only stories then the Sacred Covenants are just stories too. Though I was loathed to admit it, as a Christian I was forced to believe there was an Antediluvian Period. I didn’t care when though, for all I cared it could have been 200,000 years ago. And even that didn’t solve the problem of Adam and Eve – although I never really knew that was a problem since I’d never really been taught properly what the Adamic Covenant is.

You may be wondering where I’m going with all this? Well, I recognise now that you can prove or disprove the claims of Christianity. You can’t absolutely rule out the Antediluvian Period happening at some point in the past due to divine intervention… but the historicity of Moses has been well and truly disproved for example. Now this is a huge problem for Christians it’s the Elephant in the room. Judaism is the first known religion in the world to have been based on a collection of writings. Other religions existed outside of written texts, and religious texts were written about the religion, rather than serving as its blueprint. So any Christian that tells you that they don’t have to believe parts of the Bible they disagree with is selling you a revisionist lie. They might believe it, but the fact of the matter is that it’s not consistent with the formation of Judaism, the beliefs of Jesus and his Disciples, or of first century Jews.

As an atheist I see a lot of intolerance shown towards those of religious faith. This is the same kind of intolerance I used to have regarding others who were not Protestant Christians. I don’t hold those views any more because that would be hypocritical. I was really moved today when I saw Imam Tawhidi on Outsiders. He is a true humanist.


Video © Imam Shaikh Mohammad Tawhidi, 2017. License unknown.

It’s sad that Imam Tawhidi represents the minority of Muslims leaders in Australia. Until today I never knew that true moderates really existed within Islam, although that’s largely due to me not finding out about Shiites. About 85 percent of Muslims are Sunnis, and I would consider the vast majority of them to be “extrmeists” as we use the word. It gives me no pleasure to say this, but I do not believe that Sunni Islam can ever be full reformed. There are too many core beliefs that are incompatible with modern society. I also don’t think that people convert between religious ideologies very readily – it’s not something that most people do in their lifetimes. Which is why atheism has taken a long time to grow – it takes a generation, usually, for change.

Imam Tawhidi also exposed a dirty secret that I actually didn’t know. He said in no uncertain terms that he doesn’t know any Sunni Islamic Scholars (he may have been referring to all Islamic Scholars it wasn’t entirely clear, the context was Sunni) who believe the Holocaust happened. Now that’s truly frightening. There is still a lot of hatred towards Jews. And this brings me to the dark side of religion. Religious beliefs form a fundamental part of people’s world views, and those world views are a very strong cognitive bias for denying information that has been discovered or learned academically in secular society. The priest at my former Church pretty much disagrees with any Biblical Scholar that is not a Trinitarian Christian, for example. In fact I may as well re-post my video on social stigmas, it’s only 3 minutes so check it out:


Baxter, D. 2016. Creative Commons Attribution 3.0 Licence (Aus). Originally published at: https://youtu.be/HMdl-VDRg9I

Religious tolerance is a necessary part of a free society. But don’t for a second think that all religions are capable of reform. Scientology was built on the premise that Psychiatry was a pseudoscience. They also deny the Holocaust. Now just to be clear – Holocaust denial is “the belief that the Holocaust did not occur as it is described by mainstream historiography” (source), and the type of denial perpetrated by Scientologists is that they believe psychiatrists were to blame.

But this brings me full circle. What we consider to be extreme beliefs were once mainstream beliefs. Eugenics was once the majority view in psychiatry, and psychiatrists did pay an active role in the Nazi extermination programs, including before and after the Final Solution. Hate and distrust of Jews was once mainstream. It was less than 100 years ago that we discovered there are galaxies in the universe other than our own. And I see one very important similarity between Imam Tawhidi and Jesus of Nazareth: both men wanted to reform their religion, and both have faced persecution from religious authorities in their religions. And both were/are exceptional human beings.

Google is building an adblocker into Chrome…

Google is playing with fire. In fact so is Opera. So is ABP, Adblock, and PageFair. To understand where we are, we need to go back to the beginning. This will be a long entry, so grab yourself a coffee, install uBlock Origin if you don’t have it, and enjoy your time here.

Ad blocking has long been a side-effect of the MVPS hosts file, which I have used consistently for more than a decade. Back then internet bandwidth was limited as well, and another side-effect of using it was of course that it blocked unwanted internet traffic. It’s also good for preventing malware – in fact that’s the main reason to use it in my opinion.

History

In 2004 the original Adblock extension was developed for Firefox. Already there were complaints from advertisers and webmasters, for example here “blocking ads on Ars is a bannable offense”. You could also get programs that would block ads. In mid-2007, Maxthon 2 became the first browser in the world with a built-in adblocker. The Adblock Plus extension was created in 2006 to pick up where Adblock left-off, and in late 2009, the new Adblock extension was created. For quite some time Adblock and ABP were both very popular. And again, advertisers were not happy – some claimed the extensions are illegal and their use amounts to stealing. Others put up notices in the place of ads – or worse lock the content or use modal overlays. Hank Green and Boogie2988 have both posted rants against the extension, as have many others. Then in 2011 something truly terrible happened: Adblock Plus created a whitelist to allow so-called “acceptable ads”. In 2014, uBlock joined the extension market, and has since become the blocker that is featured in both the Firefox and Edge Extension pages. In 2016, Opera added a built-in adblocker, and now it appears that Google is looking to do the same.

So as you can see, we have a lot to go over.

Blocking is stealing?

This is probably the most ridiculous argument that I have ever heard. Let me put it like this: my PC or other device is MINE, not yours. I own it, and I do whatever I want with it. It doesn’t belong to an advertiser, it doesn’t belong to Microsoft, it doesn’t belong to Google. It belongs to me. Who’s is it? MINE! If you can grasp that simple concept, then you can understand that just like my TV, I can choose to do whatever I want with it – I don’t have to look at any ads if I don’t want to. Now of course, there’s something else that’s mine, and that’s my internet connection. To suggest that an advertiser – or for that matter anyone – has some inherent right to it is just insanely wrong. That’s like a bully who wants to control things that you own, and make you do things with your possessions them that benefit him.

Why you need to block ads

Blocking ads is not merely a convenience issue – it’s a security necessity. And you don’t need to take my word for it, the experts say so:

“The only effective protection against malware advertising is to block the advertising networks that accept adverts from the criminal gangs.” – Comodo computer scientist, Dr. Phillip Hallam-Baker (source). By the way there’s even a specific term for this threat – malvertising.

It’s also recommended by security guru Steve Gibson:

Take a moment to digest this information if this is news to you. And ask yourself: why is it you haven’t heard this?

The reason you haven’t seen this is that it represents a conflict of interest for many websites to tell you this information. They would rather tolerate serving their visitors malware than dare suggest you remove the advertising from their website. In fact, many of these websites are the same ones that pop-up those god-awful modal overlays telling you they “need advertising revenue”.

I am not suggesting that adblocking is a complete solution. You should also completely uninstall adobe flash, keep your system and browsers up-to-date, use the MVPS hosts file, and a good anti-virus program.

The other reason you need to block ads is to protect your privacy. Privacy is an inalienable human right, advertisers create, buy, and sell your unique information that they gather. And they do it without your consent. In some countries, ISPs spy on their customer’s internet usage, and sell that metadata to advertisers. In other countries that is illegal, yet that is what advertisers do. I do not believe there is the legitimate case for user-targeted advertising – it’s a blatant form of spyware. And it can put vulnerable people at risk – for example should an advertiser really know that you are looking crisis accommodation, and if they do learn that and then run ads for these services all over your PC when your abusive partner is using it what might be the consequences?

The problem with Adblock/ABP and built-in adblockers

So you might be wondering, if I’m so in favour of adblockers – particularly uBlock Origin – why do I have a problem with the built-in blockers? Well let’s start with Adblock and ABP – both of those extensions adopt the “acceptable ads” motif. Now, even on the official Adblock website in a recent blog post the CEO acknowledges its use in preventing malware… yet what do you see nowhere in the acceptable ads policies? That’s right, not one mention of malware. They’re more interested in allowing advertising than protecting their clients from the very real harm of today’s crypto-ransomware. PageFair and Fair Adblocker offer no protection against malware at all. Google supports the Coalition for Better Ads, and they don’t mention malware either.

The issue with all of these existing blockers (except uBlock Origin that is), is that it puts an important security measure in the hands of those who have a conflict of interest. All of these people believe in “acceptable ads” more than they believe in protecting you from harm. To put it in another way, the goals of Adblock, ABP, and Pagefair do not include protecting you from malvertising – their primary goal is retention: they want to capture people that are fed up with internet ads and retain a level of advertising on their device that the user will tolerate. That goal is completely incompatible with the security goal.

Opera’s adblocker is a problem for a different reason: it doesn’t give the user the choice of filter lists or ability to create their own, and it’s not clear what filters it does use. And the other reason I see it as problematic is that uBlock Origin is already available for Opera and provides a better option – why not include it by default for users instead of a closed-source adblocker? Finally, the blocker is not an extension, it’s built right in to Opera and what that tells me is that it can only be updated with Opera – and of course there’s no indication I know of about how often it gets updated – with uBlock Origin the community is in control of all the lists which are regularly peer-reviewed and updated, and the user is in complete control of his or her own rules as well.

I think I really should restate this… the goal of adblocking is to provide you with an effective security measure against malvertising. It’s the only effective preventative measure! It doesn’t mater if you love ads and want to view them all day – it’s more important that you are protected online from malware. So that’s it, and I think that’s where we’re at. That’s why I have an ethical problem with these other blockers – Adblock and ABP used to be great by the way before the introduction of “acceptable ads”.

The problem with Google

Google is obviously the wrong company to be in control of this important security measure that people need. And not only that, but it would be clearly an anticompetitive market move that I suspect would be illegal in many places such as Australia. Do you remember how Microsoft was forced to give people in the EU the browser choice ballot on installation of their Windows OS? Well, can you imagine that the world’s largest internet advertiser would be allowed to write an extension or feature for their software that directly harms their competitors and integrate it into their browser? That has litigation written all over it. I hope they do it actually, and face the consequences. So much for their ‘don’t be evil’ motif.

By the way don’t think this is new to them, they have an absolute monopoly at the moment with their Chrome web browser that sees it as well as most others (this includes Firefox, Maxthon, Safari, and Opera) set the default search engine to google.com. That is extremely anticompetitive – especially given the fact that they pay money to competing web-browsers to make google.com the default search engine. With that said, the recent versions of Firefox have actually improved this by changing the default search engine whenever you use the search bar – but it’s a small improvement as most people only use the omnibar.

Google’s goal is not to improve your protection against malvertising – their goal is to protect their advertising business and to ensure that you will see adsense and youtube ads. All they care about is improving the user experience just enough so that users will tolerate advertising. They think that user experience is more important than their security! Imagine this if you will: Google gives up advertising to become the world’s largest condom manufacturer. Next, they outline plans to become be the authority on quality control for all other condom manufacturers. I think most people can understand that’s a conflict of interest, but then we learn something even worse: their idea of quality control is not to test that the product provides the protection users expect, instead all they care about is the user experience, and if there are major flaws in the products they will deal with the problem after users are exposed to the threat.

You may not believe me, but Google’s own numbers show they had to remove 900,000 ads from their network that were serving Malware! Nine hundred thousand. How many people were infected with crypto-ransomware? Did Google compensate the victims that had to pay large sums to recover their data? Of course not, yet they profited from serving those poor souls the ads in the first place.

Why do I hate ads so much?

I don’t hate ads. As I’ve stated I think quite repeatedly, blocking ads is a necessary security measure. To be protected I have to be prepared to block all the third-party ads – the horribly obtrusive ones that I hate as well as the ones I don’t. As I’ve already mentioned, ad blockers are one of the only effective preventative measures against malvertising – exactly in the way that condoms are the only effective protection against many STIs, other than abstinence of course. So unless you want to disconnect yourself from the internet you absolutely need the best adblocker you can find to help protect you from the ever increasing threat of crypto-ransomware delivered through malvertising.

Now with this said, I do have an ethical issue with third-party internet advertising. As I’ve already mentioned, privacy is an inalienable human right. That’s why you need to consent to questioners. Internet advertisers steal this information from you via analytics without even asking. I think that is morally wrong. Ads that are not targeted using profiles built with analytics like TV and radio I don’t mind, but any ad network that profiles individuals on the internet is below contempt in my opinion. It doesn’t matter if they have an “opt out feature”, if they automatically opt people in it an absolute disgrace of humanity.

But don’t websites need advertising revenue?

This I think is where many advertisers, as well as content creators, and webmasters have got it very wrong. Do they need advertising revenue? Maybe – but that’s not my problem. Nor is it yours. And nor should you be bullied into thinking that it is. Your right to security and privacy trumps a website’s “right” to deliver you advertising. And anyway, the idea that ads should be forced on you completely breaks everything the world-wide web is meant to represent.

I am not arguing that websites shouldn’t be allowed to have ads. Of course they can, but any time they run cross-site scripts that deliver ads, and any time they are not in full control of the ads that appear they are a security risk to you. It’s a misconception by the way that hackers need to hack an advertiser to begin infecting people – one of the ways they’ve actually been doing it is simply by uploading an ad that integrates malware into it that they’ve paid for. To give you an example of how I might get a malicious file to you – let’s say I embed a virus file into a picture file. I offer this picture file for downloads – you don’t know that it contains a malicious executable in it because it looks like an ordinary picture. Once you put the picture on your computer though, you have unwittingly saved a file that looks and behaves like a picture, but is actually an archive that contains the malicious executable. Then, all I need to do is embed code to recover the file, extract it and execute it. And I might hide that code in a completely separate program that appears to be completely safe – but unknown to you it searches your computer for the file so it can extract and run the malicious file.

That might sound convoluted to you – but that’s actually exactly how modern computer infections work. They can hide the malicious file within a picture, a sound file, or a video file, or even something like a font file if they want to get really creative. Those types of files are of course considered to be lower security risk than executable files, so they can get saved into your temporary internet files. What malware does is combine this type of method with a browser exploit that allows them to break the security of your browser and execute the code directly… and there are criminal organisations that are constantly seeking out these exploits. In fact, it’s almost certain that the CIA’s arsenal of cyber-weapons has been used for this purpose as well – both by the CIA and other cyber criminal organisations.

Websites that ask you to disable your adblocker?

What the fuck. I do not even visit my own site with uBlock Origin disabled. What would you think if these websites told you to download and run a binary file on reddit and, oh, disable your antivirus software before doing so? Asking you to disable your adblocker is no different. As mentioned, adblocking is the only currently known general-purpose measure known to protect against malvertising. Yes, I feel bad for those websites that depend on advertising – but it’s not worth risking having my files encrypted for a ransom. As others before me have pointed out, making a living knowingly selling access to every well known ransomware distributor on Earth is pretty goddamned despicable.

Like I said, I don’t even disable uBlock Origin on my site – so why the fuck would I disable it for someone else?

Broadchurch Finale: Just as I thought!

SPOILERS!!!

At last my theory is vindicated. Granted I didn’t every specific detail right, but I got most of it right. I had worked out the rapist had not previously been involved with the other rapes, but that there were two attackers – who I believed would turn out to be Michael and Tom. I had also worked out that the accomplice filmed the event – and that it was the films that linked the rape to the previous rapes (as Michael and Tom would be too young to have perpetrated them), although I’m not sure the way depicted in the episode is even possible … can you really run a flash-light mode on your phone and record video at the same time? Not only that, but I knew the sock would either belong to Clive (Michael’s father) or they had matched Michael’s DNA paternally to the sample found at the scene. Michael’s accomplice was Leo, not Tom, but I was essentially right about everything else.

The evidence that either Michael or Tom was involved was overwhelming: to start with, one of them was the Broadchurch Highschool Porn Baron, and I was convinced the rapes were amongst that porn footage. We never really find out definitively if it was, but that was one clear clue. Then, after serving their penalty at the church, the boys watched porn again with Tom insisting and Michael resisting – this is a foreshadowing of the relationship he had with Leo, and of course it made sense because he was in remorse. The attacker knocked Trish unconscious and tied her hands behind her back – that suggests an attacker that isn’t as physically strong as her. Most of the other men – Ian, Jim, Aaron, Ed – were much strong physically and would have had no trouble controlling her. And finally, the boys sub plot of sharing porn would have been would up last week if it was not connected to the larger plot.

Some have noted the police work throughout the series was not very professional, or for that matter realistic. I tend to agree, and I think we had a clear example of this in the final episode. Michael was 16 when he raped Trish, and Leo filmed it on his phone. That’s child pornography, and Leo would find himself under charges for both possessing it, and for producing it – in addition to all his other charges. And they would be very serious indeed. While it was a good series that point should have been addressed. Also, how exactly did Leo film the other rapes if he acted alone?

Also, the scenario is not particularly believable – Michael is quite a shy boy, he gets drunk which lowers libido anyway, and then Leo knocks out Trish and tells him to go have a root while he watches. I just don’t believe Michael would be able to get it up in that scenario – especially if he didn’t find Trish particularly attractive (she is three times his age!), or if he didn’t relish the thought of control by violent force which is what rape is about. Put simply, in the scenario described it is so unlikely that Michael would have been able to get it up – even if he tried, the more realistic turn of events would be failing that that Leo goes and finishes the job. But, again that’s problematic too – Leo normally rapes women alone, it seems quite unlikely that he would change that paradigm.

Another issue I have is that Michael is such a generic antagonist, that he had barely no character development at all the entire season. I don’t think we even meet him until episode 3, and in the finale his mum Lindsay is nowhere to be seen for the entire hour! Again of course, this lack of attention is a big clue to who the culprit is, but seriously why don’t we see Lindsay at least once in the finale? She’s not even at the church service at the end, despite the fact that she’s the most devoutly religious character in the series – even more-so than the vicar.

broadchurch-michael-leo
The guilty parties – Michael (left) and Leo. Michael has guilt written all over his face.

Leo is just as generic – in fact even mores o than Michael. He has no motive whatsoever, and he already ha a girlfriend he effectively controls. He’s far more likely to be a physically abusive partner than a rapist, or to at least start there and then progress to rapes. And come to think of it, not only do we not get to see Lindsay, we don’t get to see Danielle (Leo’s girlfriend) either! In fat we barely see her at all the entire season – I guess that’s how Chibnall thought he was keeping Leo under the radar. Chibnall – some fucking character development of your antagonists would be helpful you know!

As an afterthought, you might be wondering if this was my theory all along why didn’t I say anything before the episode aired? I thought about doing so yesterday, but I decided against it because I knew I would want to post this post if I was mostly correct, which I was. And since you didn’t know what my theory was, the title of this post isn’t going to inadvertently spoil it for viewers yet to watch it – I would have had to have used a more neutral title. It doesn’t bother me if you don’t believe me, after all it’s just a stupid TV show. I’m just pleased with how close to the reveal I got.

World’s worst cyber criminal group identified

The cyber espionage group known as Longhorn has been formally identified by Symantec as the CIA.

Now, take a breath and get ready to learn the ugly truth behind this revelation. We live in the digital age, and underpinning that is the illusion of electronic security. Now I say illusion, but I wish to stress that this illusion is so strong that it gives people the confidence to conduct online transactions, and for banks to allow their customers to access their accounts over the internet. How secure is your data and your bank account? Not very. It’s about as secure as an ordinary bank vault. With the right tools, equipment, and expertise it can be broken into.

Electronic security is never truly provably secure. Take a moment to think what that means. Let’s say you have a large safe in your office – should you trust it with a high security mechanical lock (Manifoil MK4, S&G 2740B) or an electronic lock (the TL11G is the SCEC approved electronic equivalent)? Well, allow me to blow your mind for a moment: the mechanical locks are provably secure. They are not perfect, and they can be broken into (for example if someone guesses the right combination). The TL11G is not provably secure, its source code is closed, and the ROMs can of course be flashed if someone wanted to intentionally supply a known-vulnerable product, and it would be impossible for a user to tell the difference. I’m actually surprised it’s SCEC approved given the clear vulnerabilities that could exist or could be introduced. Granted though I’m not a locksmith or for that matter security professional.

On 7 Mar 2017, Wikileaks began publishing information relating to Vault 7. Vault 7 is an arsenal of CIA developed cyber-weapons. They are believed to have been sold for sometime on the darkweb. The reason why security companies and professionals hate intelligence organisations is because these intel orgs deliberately find vulnerabilities in software, but do not publish the information. What this means is that a vulnerability can exist for several years before it is independently discovered outside of an intelligence agency. And it doesn’t matter who you think are the “good guys”, if one intelligence agency found the vulnerability and developed a cyber weapon, you can bet that others did as well – the Chinese, the Russians, etc. In fact it would be unthinkable that the CIA could develop such weapons without the Chinese developing them at the same rate or faster given their expenditure on finding them. But as already mentioned, even without the same vulnerabilities being found, the CIA’s entire arsenal of cyber weapons has been leaked for some time and sold on the darkweb to the highest bidders.

On 10 Apr 2017, Symantec positively identified the north-American cyber criminal group known as ‘Longhorn’ as in fact being the CIA. Longhorn has been active since at least 2011, and has been described as the worst cyber criminal group of our age. They have infected 40 known targets in 16 countries. To quote:

The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks. The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tactics to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn’s activities and the Vault 7 documents are the work of the same group.

That’s a pretty goddamned strong statement. Now there is another way to read that statement, the other way to read it would suggest that whoever Longhorn is they have had access to most or all of the Vault 7 cyber weapons soon after they were developed by the CIA. Meaning that if Longhorn is not a part of the CIA, they are a group the CIA has been intentionally arming with the weapons, or they had the ability to steal them from the CIA. None of those options are any better than the CIA is Longhorn.