Author Archives: Site Administrator

Information Should Be Free (No News Behind Paywalls) & The Illawarra Mercury

My hometown of Wollongong has one local newspaper (or note.) Unfortunately, they (the Illawarra Mercury), as many “news” outlets are these days, driven by the dollar – profit and catchy headlines. No matter if you get the name of the star of your article totally wrong. No matter if you misspell the names of the dead.

I recall an article published in 2011 where I was, at the age of 20, referred to as “the man who could have decimated Wollongong’s economy.” That was the front page, open up and I get a whole page stating I am a convicted fraudster (important: I’m not.)

The magistrate in the Local Court made an error, it was quickly and successfully appealed at the District Court, and my curiosity ended up landing me a non-conviction bond to be of good behaviour (referred to as a section 19B, to go with the state-level section 10 dismissal.

Now, the Illawarra Mercury edits this article a year or so after publishing, so nearly a year after I was cleared of any fraud conviction. I think they may have corrected where they called me “Lloyd”, but it certainly wasn’t correcting their blatant incompetence (only other reason I can think of for this mistake is outright lies) – where they said I had been laid off from “Apple Computers”. Firstly: I never worked for Apple, I worked (my first job, at 19) for MAC1, an Apple Retailer and repair shop. Second, I resigned with two weeks notice, I wasn’t laid off – my social anxiety was strangling me. Third: nevermind, it’s a bit too pedantic. Long story short, I was innocent – the more honest of the two detectives that visited when I was 19 essentially sent me off with these words of wisdom: “curiosity killed the cat.”

Anyway, the Mercury ignored emails and calls over the years when I asked them to correct the article to say that I wasn’t convicted – it wasn’t until over ten years later, this years, that I emailed them the court order from the Judge stating that I was not convicted. Should’ve done it earlier.

Thing is, as soon as they saw that, they had solid proof staring them in the face that there were committing civil defamation, and I’m thinking I should’ve taken them to court for the money (shameless here), because that got their attention so quickly that they even requested Google’s caches to have it removed.

Given I also have posted the Judges’ order stating I am not a convicted fraudster, anybody claiming as such is committing, I believe, libel (although I also believe the offensive of “libel” itself has been repealed) – what I know for certain is anybody citing that article to assert I am a convicted fraudster is committing civil defamation, and they may hide behind their keyboards for a while, a few months maybe, but after I’ve asked nicely twice, seriously, you don’t want to have to pay court filing fees, a barristers fees, and our own costs (proving an asshole is an asshole beyond reasonable doubt takes time and attention to detail) – we always win in the end.

So where does free access to local news come into this? Right here: their paywall lets you see the headline, the photo, and the first sentence – then you have to pay for a subscription. Marketing department to the rescue: Make the headline so sensational and (often) misleading that people either have to pay to read the whole story (I find their “facts” to be around 25% accurate), or go and judge that person off a sensationalised sound bite.

I’ve emailed the Mercury twice, including last month, stating that their paywall is broken and a simple command (Mac, Windows, Linux) typed in will grab the entire article. It may not look that pretty (loses formatting), but that’s not what matters.” Besides, it’d be simple to add that to the code.

Legal clarification: we have not disclosed the method for doing this manually, or any code that would allow it. But one day, someone will use a similar method, go a lot deeper, and likely harvest the details of all their subscribers.

“If You’ve Got Nothing To Hide, You’ve Got Nothing To Fear” – (Lies)

“If you’ve got nothing to hide, you’ve got nothing to fear.” I HATE that saying.

A much better rebuttal:

“Give me six lines written by the hand of the most honest man, I’ll find enough to hang him.” Bruce Schneier.

Whatever you do, say, have done, may have been associated with – a motivated and skilled attackers will find a way to use even the most positive, wholesome information about you against you, whether it be by prosecution, blackmail, extortion, or throwing you to spin out on the rumour mill.

WOuld you had over you credit card details to a stranger? Would you allow them to rig your home with video cameras livestreaming to the world 24/7?

What about those personal messages where somebody told you something in confidence? That is a major reason I do not allow people to use my phone. I’m not just protecting me, I’m protecting a lot of people.

Example:

Some people do not understand that basic fact. I had two young Constables turn up one day for a chat; long story short, a woman with a serious habit of self-destruction had clearly shared her phone around, lost it, showed a photo to a “trusted” friend, or simply had her phone “hacked”, and because of that, because she couldn’t take care of her own property, she lashed out. When the photographs of the other party (you can probably guess who) surface, well, I will know it will be her, intentional or not. Recklessness can still cause an action or inaction to become a crime.

Any material that myself and Special Technology Services handle is encrypted with 256-bit AES encryption, at the bare minimum.

WARNING: Telstra Resetting Modems To Default Login

UPDATE AUGUST 3, 2022, 1930 HRS

Well, I’m told it’s a Telstra issue, not a cybersecurity issue. Which it is, technically, but Telstra should not being doing this. Their fix was to perform a reset on the modem and if it happens again, a new modem comes my way.

The issue: it’s not the damn modem causing the problem. It’s Telstra.


ADVICE: Telstra users: CHANGE YOUR MODEM LOGIN PASSWORD. Usually connect to your home network and go to 10.0.0.138 (in a browser) or 192.168.1.1, and go from there. Don’t let Telstra’s default stick around, don’t let them reset it to default for god knows what reason.


POSTED LATE AUGUST 2, 2022:

It’s late, I’m tired, but couldn’t get the modem to work – or it would, but I couldn’t log into it without using an ethernet cable.

Turns out they had reset a bunch of settings, and worst by far, the modem configuration password back to the default – accessible from anywhere on the internet.

Telstra F@ST 5355 NBN Modem affected at least – others are simple to crack. Even without logging in, they can be rebooted, shut down, and give out your phone number.

Posting because Telstra have to pick up their damn game.

Admin username: REDACTED FOR SECURITY REASONS

Admin password: REDACTED FOR SECURITY REASONS

Spam Calls And SMS – Block Them With The Truecaller App

It’;s a thing. It’s an app. iOS and Android. It’s great. Not only does it identify spammers, scammers, and robocalls, you can configure your phone to use it to ignore these calls. You can report new ones yourself and add to their database. It’s cheap too, monthly, but enough value that I get it cheaper by paying yearly.

It’s also able to find a few extra details – the operator of their phone network, sometimes general location (town for example), email address, sometimes an alias.

Highly recommended, even the free version.

Example below:

Continue reading

Simple Way To Help Defend Your Website Against Attacks And DDoS

Want to know a simple way to stop your website from being hit by thousands of automated attacks every week? A FREE way.

Ban traffic from China, Hong Kong (aka China) and Russia (mostly China though.)

Some software allows this, some WordPress plugins do, but CloudFlare is my favourite here.

Sometimess you want their traffic, or you need to route internet traffic through their servers, as is the nature of the internet sometimes. So, you don’t block them outright – you instruct CloudFlare to issue them with a challenge (a captcha of varying difficulty.) You then set your server to ban an IP address after a large amount of 404 errors (file not found) in a short space of time.

Here’s a VERY small sample of what I recently had:

hong kong ddos

How I fixed it? Screenshot follows…

Continue reading