Firefox Tweaks

These collective tips can be considered an oldie but goodie, I have been using them for a while, and although I still feel like Chrome is much faster even against these tweaks, it still lets me use Firefox at a respectable speed, and keep all of the addons I use with it.
I still use the combination of IE, FF, and Chrome, but I spend most of my time on FireFox, as do most people according to recent analysis: w3schools Browser Usage

Onto the tweaks. To implement the following, simply open a FireFox browser window, and type the following as the URL:  about:config

A windows will appear warning you of a warranty void, click "I'll be careful, I promsie!" to proceed.

In the "Filter" textbox, enter the following: network.http.pipelining

FireFox by default is set to make only 1 request to a webpage at a time. When you enable pipelining, it allows the browser to make several requests at once.

For the following names, enter the following values (by double-clicking the name)

network.http.pipelining = true

network.http.pipelining.maxrequests = 10

Stop Online Piracy Act

GoDaddy lost over 21,000 domains last week in a matter of 2 days. There are people who think it directly relates to the fact that GoDaddy supports the Stop Online Piracy Act (SOPA).

SOPA was a bill introduced on October 26th of this year, and it gives U.S. law enforcement more freedom when investigating online trafficking, intellectual property theft, and other cybercrimes.

The fact that 21,000 people left GoDaddy in protest of them supporting this Act, shows us that there are alot of people who still believe that online piracy is a right granted to us in the First Amendment. Some people feel as though downloading music is a right we have, and copying the music is also a right.

Do alot of people download music for free illegally? Yes. Do alot get caught? Yes. Do alot get away with it? Yes. There are too many people to catch at this point. I feel as though the moment has passed, and a critical mass has been reached to the point where it is useless to try to stop it, apparently the House of Representatives does not.

This number doesn't show us all the people who disagree with SOPA and who are members of GoDaddy, it shows us most of the radical ones who fall into this overlapping demographic. For instance, I personally agree that people should be able to download anything for free, and I also own a GoDaddy domain, yet I am not so passionate or extreme that I would cancel my account and change my domain because of my own belief. I also know several people in the same boat as me who would not make such a drastic move, but it is interesting to see the ones who have done it, and to see the numbers like the ones we have seen in the news articles.

I am not surprised that people have been so polarized by this issue, but I am surprised at how long it has been going on, and I wonder how much longer this battle will continue. Laws have been established declaring downloading to be illegal, yet there are probably more people downloading illegally than buying legally. Does this mean there will be a "War on Downloads" as there has been a "War on Drugs"? How will it end? What will be the final solution? "Legalize it!" right? It's funny the way history repeats itself. Nobody learns, nothing changes except the environment and subject matter. The problems and solutions remain the same. Can we try to learn once, if even the hard way, and apply the solution to any subsequent issues that are even remotely related to it? Just to try? Or should we just rinse and repeat every single time?

Anyway, the purpose of today's blog was to point out the SOPA and it's purpose, and why it was put into place: to Stop online piracy.

To me, it sounds like the cyber-equivalent of the Freedom of Information Act, which gave the feds more freedom to investigate suspected terrorists. In this case, law enforcement is given more help investigating cyber-criminals. It scares me that so many people would disagree with helping law enforcement to the point that they would red-flag themselves and leave GoDaddy.

If I were part of the team responsible for hunting down cyber-criminals and just handed this new freedom, the first people I would investigate to warm-up and practice using the SOPA, would be the list of people who left GoDaddy.

Sources: CNet - 21,000 Domains Transfer out of GoDaddy

Zynga, Groupon, LinkedIn Go Public

Zynga went public on Friday the 16th. Opened at $10, closed at $9.50
Groupon opened in November at $20 and closed at $26. (Up 30%)
LinkedIn opened at $45 and skyrocketed to $122 (Up 37%)

In my opinion, Zynga was lacking because it is too dependent on other things. FOr instance, Zynga is dependent on things like Facebook, or the entire mobile scene. They also priced their stock too high. Take cell phones out of the equation, where does Zynga fit in? Facebook. Take Facebook off the table, where does Zynga fit in? This is why LinkedIn and Groupon were able to hold their own during the opening day, and should remain solid as long as they dont become dependent on other things also.

Before I get too far off-track, I would like to mention that Zynga has done alot for the social gaming scene, however they will need to be innovative and keep people's interest if they want to be serious and remain in business. They won't be able to ride Facebook's coattails much longer if Facebook itself goes public and starts demanding more from Zynga. They've done a great job thus far, let's not get lazy.

Sources: CNet - Zynga Stock
CNet - LinkedIn Stock (November 2011)
CNet - Groupon (November 2011)

DDoS Attacks

If you haven't heard by now, there are a few groups out there making their rounds hacking some high-profile organizations including Sony and the CIA. Anonymous and LulzSec have done the most damage, even though the media hype is making it more than it really is. The threat and actual attacks themselves have not increased over time, just the public coverage and communication of it has.

Regardless of the statistics, almost all attacks upon large companies will include some form of Denial of Service attack.

Essentially, in a DDoS attack, the target computer is flooded with incoming packet requests. The actual process to achieve this, however, is much more complicated than that. It could take a very long time to properly set up for an attack of respectable size.

The hacker must first infiltrate and infect many computers, using them as zombies, and then controlling them to also carry out the attack. This exponentially increases the amount of packets being sent to the target, it's like recruiting an army of 100 to help you, instead of just upgrading one single person. Even if 99 of the 100 slave computers are old and slow, it's still more effective than trying to do it yourself, or even with 4 or 5 decent, upgraded servers running the latest technology. It's also harder to completely trace out all sources of the attack back to the same master.


In the recent case of 24-year old Kevin Poe (Connecticut), he had chosen the target of the band KISS. He chose them because Gene Simmons had spoken out against online piracy and encouraged other bands to take action against people illegally downloading their music.
Anyway, Kevin (of Anonymous) was caught because he did not completely conceal his tracks during his 5-day attack.

Even after using the most sophisticated and current efforts to hide their identity, he was still caught. The FBI was still able to weed through all other IPs and arrive at his own. It's long and tedious work, and takes the best forensics technology, but it is always possible.



Sources: Information Week - Anonymous Hacker Busted for DDoS Attack

Microsoft TechNet - DDoS Attacks

Ethical Hacking

Ethical Hacker? Sort of like an executioner. Is he considered a murderer? Is it okay because he has the permission of the state to do it?

Ethical Hacking rides a fine line on the internet. This is my problem with the whole "ethical hacking" description: At any point, a regular hacker could turn face and just say he's doing it to probe for exploits and security holes, and it would be very hard to know if he were telling the truth or not. An ethical hacker is only ethical up to the point where he makes the decision to do something malicious or not.

Companies hire security experts to audit and probe their systems, and they aren't called "Ethical Hackers". They're called Information Security Consultants.
The people who learn how to hack so they can test and probe their own systems aren't ethical hackers either, they're reverse-engineers. They study and disassemble systems for the sole purpose of understanding how it works, so they can implement things which will make the process more efficient or secure.


So is there any place for this term "Ethical Hacker"? There seems to be, in fact there's an official certification out there for anyone who wants to be recognized as one: EC-Council - Certified Ethical Hacker

I feel like maybe there wasn't enough interest in the previously mentioned job titles, so to appeal to the masses, they decided to throw in the word "Hacker" to attract more interest in the same field of study. I still feel like companies would shy away from the applicant with a Hacking certification, versus the one with an IT Security / Network Infrastructure certification, even though they may hold the same education and foundation regarding exploits within any given environment.

Anyway I chose this book over the Certified Ethical Hacking book because it seems to be more broad, and offer more updated concepts and scenarios that can be applied to any operating system. There is still alot to learn, even though most of the concepts and methods in this book have been used for decades:

I have been out of the loop for a long time. I got out of the scene because of some fears of being caught or targeted myself, but ever since this whole "Ethical Hacking" concept has appeared, I have felt the need to revisit security issues. It makes me feel like anyone can throw the word "Ethical" in front of something that could be considered illegal or controversial, and it would make it alright.
 This makes me feel like hackers who may have been hiding in the shadows are now able to be a little less careful, and even outright public about what they're doing.

My goal here is to explain to you that just because the book says it's Ethical, doesn't mean it is. These tips, tricks, and "procedures" are the same ones people have been using for years. There is no difference between the methods presented in this book, and the methods people have been using to bring down banks, steal credit cards, steal passwords, and the same methods which brought on identity theft and other hot topics in the IT world.

As I said earlier, even if you use these methods ethically, there are already terms, and job titles which exist, which define these methods (IT Security Analyst, IT Security Consultant, Hacker, Cracker, etc.) Ethical Hacking does not have a place in the online world, it is just something to hide behind in case you get caught.

I will post another update after I go through the book, and let you know if it addresses any specific ways that an Ethical Hacker might be different than an IT Security Consultant.

In the meantime, you don't have to know how to hack to secure your own system. Get a good, popular firewall (software & physical hardware). Get a good virus scanner. Use MalwareBytes. Change your passwords frequently (Obviously people have many passwords, in this case you may need a password manager.)

Don't forget, none of these security measures will matter if your system is compromised, if someone gains access to your password manager or is able to install a keylogger even in a window of 3 minutes, your whole system and all passwords are compromised.

You also need to ensure that all of these programs are updated regularly, with the newest virus definitions. If you are running a Windows operating system, use Security Essentials and update it as frequently as possible.

Tech Firm Bans E-Mail Use

Interesting proposal: Moving an entire company from e-mail to instant-messaging and wikis. Is it possible? Is it even worth it?

Right now, they estimate that only about 20 messages out of 200 are useful. That sounds like bad email management to begin with. At the company I work for, We don't have any spam. Part of my job is to be responsible for the email queue, and every day I go through it, and I do not see any irrelevant emails or "spam".


I do not see this becoming a popular trend for corporations to follow, as this article is trying to make it out to be. I think this is a one-time deal, and won't amount to much more than could be accomplished with a better spam filter and employees who respect the email use policy.

They brag about the fact that they have reduced their internal email volume by 20% in 6 months. Well, with a company-wide BAN in place, I would have hoped for better numbers and a shorter timeline than that.

I think this company should have rethought its strategy, and stuck with E-Mail.

Source: CNN - Office E-Mail Banned

Real-World Social Networking

This is interesting, but has to be some type of back-pedaling (socially).

Consider this device:

You load your Facebook profile onto it, interests, favorites, etc, and if it detects someone else within a specific proximity, it forwards an alert to your cell phone.

This may be the next big hit, if enough people start using it. However the inherent problem is that people who are more inclined to be using social networking sites to find friends, probably won't be very attracted to the fact that they would have to introduce themselves or "meet" someone in real life with this unit. I think they prefer not being bothered socially. Although it would be great for more outgoing people. I will personally be following this product as it launches. I am also curious about its proximity range.

Sources: CNet: MagnetU