I was a teenage hacker

Instead of discussing further events that involve leaving the apartment, I'll stick to the self-absorbed and recursive subject of writing about blogs. Most of the blogs I read are written by people that I know, and some of them are written by FOAFs (Friends of a Friend). One such FOAF blog, which I will omit details of [though it's hosted by Laurie, which should be a big giveaway to those in the know] recently posted a load of photographs. Some of these were considered "Too Hot for the Web", and so rather being posted as JPGs, they were placed in an encrypted zip. Readers were invited to email for the password.

The problem is, I just can't resist a challenge like this. Surely everyone knows that the encryption of zips isn't that hard to break? I thought I would use this as a test to find out exactly how hard. After a small amount of research, I discovered that not only are there are bunch of tools to crack open encrypted zip files using a variety of standard techniques (dictionary attack, brute force key space search), but there are also well-known weaknesses in the encrypted zip format. I started by downloading a nice shareware program that has a helpful GUI to help you open the zip. There's a bunch of different options on how to proceed, but the most appealing one was that uses the fact that zips encrypted using Winzip are especially easy to break, so I selected that one. After about four minutes of thinking, the process ground to a halt. The program had successfully opened the file, but being the shareware version, it only extracted the first file, rather than all the files in the zip.

But wait -- here's an opportunity to try another approach. A rather less pretty solution comes in the form of a set of command line utilities for breaking open zip files. These don't work as well, since they rely on a known plaintext approach. But, now that I've got the first file out of the zip, then I know a lot of plaintext, and so I can feed this in to the program and get out the files that way. In fact, you only need a few bytes of plaintext -- more than 12bytes does the trick -- so if you can make a reasonable guess at the header of the files you want (eg the JPEG header) then you'll have a good chance of applying this. Anyway, after some confusion over the command line parameters, it was churning away, and successfully extracted the rest of the files. Total time to break open the file, including time to locate, download and install the utilities: under 30 minutes.

For fans of comp.risks [it's a newsgroup, which young people might understand better if I explain that it's a bit like a web forum], what are the risks here? Well, the basic mistake was to put up the ciphertext. Even if the crypto system is strong, then you don't want to make Eve's job so easy that she can just surf the web to eavesdrop. Since the original blogger didn't want anyone apart from intended people to see the pictures, but invited Bob to "email for the password", wouldn't it have been more secure to invite Bob to "email for the files", thus ensuring that Eve never had a chance to try breaking the system? Silly Alice.

The next question is what to do with the pictures now that I have them? Well, I'm not particularly interested any more. If I was more malign then I could probably find some campus newspapers to send them to, but I'm sure they'll find their way there of their own accord, without any need for further intervention from me. I'll just file them for future reference. Of course, if you want a copy of the jpegs, then just email me...


In advance of the Google IPO (expect full announcement of the details of this tomorrow, April 29th), a quick whack for this blog:

googlewhack!. Thanks to the anonymous websearcher who supplied this to me via my referrer logs...

[Edit: apparnetly this onyl works because of a missspelling of "onomatopoeic". We'll, you cant be write all of the time...]

I was Vermonty's Double

Am freshly back from my brief tour of the troubled borderlands between the rebellious upstarts of New Hampshire, with their rallying war cry of "Live Free or Die", and their mortal enemies, the Vermontys, down from their green mountain strongholds. All is now calm after I have dispensed my wisdom to the locals on the topic of algorithms for processing massive data sets, for which they are of course greatly thankful.

Anyway, onto more practical matters. A long whinge post is due on toilet humour and the perils of expensive food and baggage handlers, but that can wait for a while. Meantime, I'm provisionally expecting to be visiting the UK from may 20 to june 2nd, with a brief exile to the isle of elba (and I do love elba!). So, I'm currently accepting bids for my time while I'm there, subject to availability and inclination to travel. That is all.



Is it incredibly puerile of me to be amused by the fact that the RSS feed for the lovely gaygeeks.org is accessible through a URL called "http://www.gaygeeks.org/backend.php"?

Woot, woot!

Huzzah! The big milkshakeometer has finally reached the magic target of 1000 hits for this web page coming from internet searches containing the keyword "milkshake". The current top 12 terms that people use to come here are as follows:

1. milkshake (1002)
2. kelis (763)
3. lyrics (516)
4. meaning (322)
5. radio (249)
6. mix (247)
7. bloggs (164)
8. explanation (153)
9. the (132)
10. interpretation (110)
11. fred (81)
12. diggerworld (62)

Fascinating, eh?

Tropical Hotdog Night

Tahiti is, apparently, a small tropical island off the coast of Wales.

As wreckless eric (or rather, his mother) once said, "There's only one girl in the world for you, and she probably lives in Tahiti. So head over to Colwyn Bay and take the ferry".


My milkshake brings all the boys to the blog

The big old milkshake hit counter is edging closer to the 1000 mark, so let's see if I can tip it over the top with a reference to the rather good remix, due to shiny pixel, who is almost certainly part of the extend Warwick blogging circle.


Institutional Incompetency

Called the airline to find out why they haven't contacted me about my lost bags. Turns out that they have lost the report regarding my lost bags. I wonder how many iterations this can go through?


Mi casa es suitcasa...

It was all going so well.

I thought that the vendetta of aircraft companies against me had ended. But this was not to be. As the plane touched down in Idlewild, I noticed that there was a faint orange odour to my carrion luggage. My bottle of fanta had not been closed properly, spilling its contents over my books and papers. "Good thing that the expensive stuff was in my checked luggage", I thought.

As the carousel creaked its way around, and my checked luggage still did not appear, I became more concerned. After an hour, I was quite irate. My carefully packed (and unpacked in security, and then repacked) backpack was nowhere to be seen. Instead, all I have is a fuzzy copy of a piece of paper detailing the missing item, and a feeling of irritation and helplessness. When I called just now to see if there had been any sightings of a muddy blue backpack anywhere between here and Argentina, I was helpfully told that the "lost and found department" had gone home already, and they wouldn't be back till Monday. Gits.


What's the time, Virginia Woolf?

Just to let you know, am in S. America and in a time zone that doesn't exist: left EST on Friday, entered EST+2 / BST - 3. But now EST has gone into DST leaving my body clock seriously confused, probably in CST. From this, and from experiences of the last few weeks jumping back and forth between CST and EST, let me offer this advice: don't try to live in two time zones at once. It might seem like a good idea, but it ends up far more trouble and confusion than it is worth.


More Lemmings

MOUNTAIN VIEW, CA -- Google launches new "CliffJump" service.

Google, Inc, announced a new service for its users today, called "CliffJump". This seamlessly integrates with the current search tool, and intelligently analyzes users' search queries. When it detects that the user is asking foolish, stupid, or self-obsessed questions, instead of returning relevant results, it instructs the user to go jump off a cliff, and provides a handy map directing the user to their nearest large rock formation.

"Some people are not satisfied with the search results they are currently getting," explained Chief Lava Lamps Officer, Larry Brin. "When we looked at the reasons why, we found that the these people were submitting queries like 'britknee speers narked' or 'what is the meaning of the milkshake song brings all the boys to the yard'. Rather than change the search engine to give meaninful responses to these idiotic queries, we have decided to apply the principles of natural selection to improve the queries and thin out the user base a little".

At the moment, the CliffJump feature is still in Beta testing, but Larry Brin reports that already over ten thousand Google users have jumped off a cliff because Google told them to.

--Dissociated Press

What a lovely aRSSe!

I should also point out that you can now subscribe to this website in glorious aRSSe. I have no idea how this works, all I did was go into the options on blogger, and switch aRSSe on (it was previously set to off). Don't hurt yourselves in the excitement.


I'm in imminent danger of getting into some kind of infinite loop here, but here goes. The last post mentioned the effect of an NTK'ing. This in turn got picked up on Oblomovka (the website of popular internets celebrity DO'B) in the ObLinks section. The first thing to point out that I'm not going to trust DO'B to work out my taxes if he thinks that 1582 is roughly 2000. So, because I have statistics on this webpage, I can now exclusively report the effect of an Oblamvkaing:

There are about 30 hits that come directly from Oblamovka. And about another 40 odd come from a website that lists the links off Oblomovka. But overall I got about 100 extra hits around the time of the Oblamovkaing, which suggests that there were about 30 hits unaccounted for -- possibly through links sent by email or other nefarious untrackable sources.

Now all we need is for this post to get picked up in NTK (possibly in their end section), and we can start the whole process all over again. Who would have thought it?

I'm sick of being the focus of all activity on the internet, so I'm going to Argentina for a week. I am promised that they have internets installed in all the rooms in the hotel, so maybe I will be to make some more coherent posts on this ongoing conspiracy.

More follows up to the previous postings: my "friend to the stars of the UK internet massive" correspondent writes from only.org to point out that the Quinlank scarf illustrated below could equally belong to Jesus College, Oxford as Queens' College Cambridge (althought there seem to be no pictures of this on the internet so I have only his word to go on). And, since my increasingly unupdated Radiohaha correspondent points out, not only does Eldon have no Oxbridge connections, but in fact has gone on the record as being mildly cheeky about them, we can only conclude that it's someone else's scarf. Oh well. I'm still looking for a digitized copy of Eskimo Day though.