Paul Moreno, an Ecuadoran blogger, discovered a flaw in the country's national online identity database, which he demonstrated by hijacking the identity of President Rafael Correa. He was briefly arrested, but was released after a vociferous Twitter campaign that prompted action from the president, who personally ordered Moreno's release. Moreno triumphantly announced his victory on Twitter.
Citing a Wired story on password security, Moreno set out on Nov. 26 to demonstrate a security flaw in DatoSeguro with an attention-getting proof of concept scheme: accessing President Correa’s account. He began by doxing the president, and once equipped with Correa’s date of birth and a national identification number — obtained via online searches — he had two of the three pieces of information he needed. The third was a set of two numbers from an identity card, which he simply guessed. With that, he had access to Correa’s account.
“Out of curiosity, I noticed one time that the fingertip digits in the IDS are all very similar,” he wrote on his blog. “There’s a V or an E or an A followed by various numbers: V23444 – E5444 and so on…combinations that are very simplistic, apparently. The system asked me for the third and fourth numbers of the fingertip digits. With the first combination, I got the numbers right and my account was created. After verifying the email the system sends, I had access to all Rafael Vicente Correa Delgado’s so-called secure data. It took me about half an hour, maybe less.”
Blogger Jailed After Password-Hacking Ecuador’s President [Wired/Mat Honan]
When I was a kid, my whole circle of D&D-playing, science-fiction reading pals was really into Roger Zelazny's ten-volume Chronicles of Amber, but somehow I never read it; for years, I'd intended to correct this oversight, but I never seemed to find the time -- after all, there's more amazing new stuff than I can […]
I'm in the midst of couple of weeks' worth of lectures, public events and teaching, and you can catch me in Toronto (for Word on the Street, Seeding Utopias and Resisting Dystopias and 6 Degrees); Newry, ME (Maine Library Association) and Portland, ME (in conversation with James Patrick Kelly).
In 2017, Banksy painted a giant mural on a wall in Dover, England depicting a worker chiseling a star off the EU flag, by way of a comment on the Brexit vote; now, parties unknown have painted over that mural, whitewashing it. Banksy is philosophical about this development: "Oh. I had planned that on the […]
Studies have shown cannabidiol (more popularly known as CBD) to be effective in two main areas: Pain relief and stress relief. Both of those make the non-psychoactive, cannabis-derived compound a natural for topical creams. There’s no shortage of CBD products out there, but here’s eight of our favorites, all specifically designed for dermatological use – […]
If you’re part of the maker community, you know Make:. Though Make: magazine is off the shelves as of this year, the eBooks and resources put out by Maker Media are still a fantastic resource for the new generation of tinkerers, hackers, and robotics geeks. If you’re in that tribe, listen up: they’ve released a […]
Life isn’t getting any less hectic, and pressure cookers are a quick, healthy solution for a growing number of kitchens. But if you thought your Instant Pot was versatile, there’s a major upgrade on the market: The Yedi 9-in-1 Total Package Instant Programmable Pressure Cooker. If you’ve somehow never used a pressure cooker before, try […]