September 30, 2009, 1:30 PM
Lately I have been brainstorming some interesting projects that I could blog about. Mostly these have to do with using a computer to control, automate, or just record of some sort of task. Pretty near all of them have some practical application to me, so I’ve decided to start listing them on this blog. I haven’t quite added all my ideas yet, but if your interested in seeing what I’m brainstorming check out this page.
Note that donations for the projects, whether they be hardware or simply funds, are highly appreciated.
September 30, 2009, 12:35 PM
This month marks a major success for this blog. Previously it didn’t receive a significant number of referred hits per month. The only real hits it received were from Google and Yahoo, but this month that has completely changed.
The number of direct links to this blog has increased around five times more than the previous month, unique hits have well over doubled, and search engine traffic grew exponentially.
Not to mention the volume of spam I receive to the webmaster email account for this site has increased to an annoying level!
It feels great to know that people actually read my blog and use the information on it. So thanks everyone for visiting my site, hopefully the traffic will keep increasing!
September 14, 2009, 11:52 AM
According to this analysis, Bing users are 50% more likely to click on advertisements. That’s cool and all, but how significant are these numbers?
Currently my search engine traffic is split as follows this month (note: numbers are rounded to the nearest multiple of five)
- Google – 80%
- Yahoo – 5%
- Bing – 5%
- AOL <5%
- Ask Jeeves <5%
- All others use the remaining percentage
So as you can see, Google refers far more traffic than Bing. Now, according to this article Bing users click on ads 1.5% of the time they visit a page, while Google users click 0.97% of the time.
Thus, Bing users may click more, but you get fewer of them than Google users. If you work it out, you’ll find that Google actually provides many more clicks than Bing. Pretty simple math, but the search engine percentages could be different if you write about something that Bing likes to direct more traffic to (eg, shopping websites).
September 13, 2009, 6:38 PM
After just posting about a command line solution to using Tor I thought it’d be a good idea to quickly mention a few security concerns about the network.
Tor is designed to make your traffic somewhat anonymous, and does not make you more secure by using it. If you use tor with encrypted protocols and avoid fake SSL certificates then you should be fine. However, if you use a plain text protocol such as HTTP, you are pretty much inviting a hostile exit node to examine your traffic.
Here’s an example of what I mean
chuck@chuck-laptop:~$ sudo ngrep -q 'GET /search' -d wlan0
interface: wlan0 (10.0.0.0/255.255.255.0)
match: GET /search
T (internal IP):55225 -> 74.125.53.99:80 [AP]
GET /search?hl=en&source=hp&q=See+what+I+mean%3F+This+is+the+text+I+inputed
+in+google&aq=f&aqi=&oq=&fp=ee36edbd3c16a1c5 ....
If you look in there you can see the text I inputed in Google’s search box. This attack can be carried out with ease by even an amateur, and can be much more sophisticated. Here’s another example, this time sniffing for the string ‘password’ anywhere in transmitted text
chuck@chuck-laptop:~$ sudo ngrep -q '.*password.*' -d wlan0
interface: wlan0 (10.0.0.0/255.255.255.0)
match: .*password.*
T (internal IP):56025 -> 74.125.53.103:80 [AP]
GET /url?sa=T&source=web&ct=res&cd=1&url=http%3A%2F%2Fen.wikipedia.org%2Fwi
ki%2FPassword&ei=BI2tSpzzDIb2sQPQqNyYBQ ...
Yes, I know I did not actually get real results for a password, but I wasn’t really trying. I did determine that a user on my local network was searching for the password article on Wikipedia though.
And I am sure if I ran this little command line setup on an actual running Tor exit node that I would quickly gather a scary number of username and password combinations, for everything from email to social networking websites. I could even search for just plain email addresses if I felt like it, and throw them all in a database for spamming later.
My point is that if you do not encrypt your traffic while using Tor you are just inviting all sorts of abuse. Sure, it’s hard to track a smart Tor user down, but if you have their email creditentials it honestly wouldnt be that hard.
