Cyber Security Summer School - Social Engineering

Third year in a row there has been one very big cyber security event in Tallinn – Cyber Security Summer School. This year’s topic was related to Social Engineering (http://www.studyitin.ee/c3s2017) . It took place between 10^th of July and 14^th of July – 5 full days of workshops and practical sessions, from 8 AM to 8 PM. 

Somehow I managed to get myself in and taking into account that there were participants from 25 countries, including USA, Australia, Morocco, all over Europe and maximum 50 people were accepted.  And presenters were had very different backgrounds and positions. There were people from NSA (Louisiana), Cambridge (previously worked in Royal Navy, Norwegian Armed Forces, NATO), Temple University in the States (Criminal Justice), Netherlands Forensic Institute,  CERT,  University of Applied Sciences Mittweida (Germany), and of course, Estonia.

Although I cannot go in deep details due confidentiality agreement which we had to sign, but will give as much as possible to you. We don't  want ,even can't damage or victimize anybody and this agreement was signed just to protect people. Everybody owns a chance for privacy.

We had sessions and practical work, people were randomly divided into teams and we had total 8 teams from A-H. Each team was assigned 2 mentors, once technical one more soft skills oriented. And then the game was on. Organizers made a deal with one company which we could start hacking and making reports of this for each day. Imagine, you have basically 50 people, who will target your organization and find out all social vulnerabilities and those people are all taking a part in cyber security event? 

Employees of this company had no clue what started to happen, this company for our exercise  was not picked randomly, summer school organizers had done a lot of pre-work to keep it all ethical and legal. Contracts were all signed between that company, summer school and ourselves.  The CERT  was  also informed and tons of discussions  were held with the ministry of justice. It is illegal to hack somebody, please do not engage  into those activities. This was purely educational and not a training to become a cyber terrorist, but training how to build our systems stronger, better, and to fight back unethical hackers, to discover them and make their life harder.

We got 5 different big missions.

1. OSINT - Open-source intelligence which was meant for passive data gathering, no personal contacts with anybody, finding out company structure, who is on vacations, who does what and when, also finding potential holes and confidential documents from the web. Every piece of information is useful in order to start planning your attack. This mission was very thrilling and interesting, there are so many tools available online for this also Kali Linux is useful. I cannot disclosure the tools which we learnt and how to use them, but web is full of it.

2. Second mission actually wasn’t directly related, but still relevant – we had to social engineer one person away from laptop with roleplay, it was public inside classroom and laptop owner played along, then we needed to get data off from that laptop, specific files, folders, crypto keys. Time window was 10 minutes, all what was needed was to prepare random pdf, image or some other type of file, which you look at it is legit, but it is jacked with malware and if it is ran then we have a shell on their computer. Voila, we can do whatever we want. And we had fully patched windows8 which we used for that exercise.

3. Creating a fake persona – well this one is simple, isn’t it? But what if you have like 4 days in order to set it up and aim is to get as many as friends as possible and have comments, likes, etc? You needs to start from the beginning. Where is this person born, parents, sisters, brothers, etc. Huge amount of work and you need to make it look as legit as possible.

4. We had a mission not to get caught by shoulder surfers, but you yourself wanted to shoulder surf others. Minus and plus points were given depending if you were photographed or you were the photographer. From here we had some extra missions as well, like if we had a screenshot of organizers Taxify then they asked from us to social engineer the hotel and the room number. Hotels cannot disclose that information without knowing the name and room together, but still we managed to get it within 30 minutes.

5. We needed to map down a profiles of all the mentors who were there. A huge work of research.

Also we had extra assignments as well. With mission 1 and 2 we learned some skills and then we were allowed to make fake domains which is related to that company which we targeted and then send them legit e-mails and Spear Phish 2 persons from that company. Each team had their own persons. With proper research you most likely get anybody.

I wish I could disclose more information but my hands are tied. There are 2 movie suggestions which are very relevant to all this:

• The Net (1995) – Old movie, but more true today than 22 years ago.

• The Circle (2017) – Most likely a future of our privacy.  

Beware, noting is 100% secure, everything can be hacked, even you. Make sure that you just have a plan how to get up and running once it happens. There is no when, it will happen. Locate the attack, isolate it, do not let it spread. It might be your phone, laptop, IOT device, your best friend or YOU.

And again - summer school had full permission to host this kind of event in order to raise awareness for the dangers and problems of social engineering. 

Be Safe,

Taivo

from team G-spot 

impossible to find

School - I026:- Book review - Be Fast or Be Gone: Racing the Clock with Critical Chain Project Management by Andreas Scherer.

It describes a man who goes to work in a new company and starts implementing Critical Chain project management methodology. Book is novel based, quite good reading.

Few words, I wouldn’t like to spoil the reading experience of the 234 pages.

It starts with a reason why one man changed his company where he had successfully used Critical Chain methodology and needed to implement it in a pharmaceutical company.

At the beginning there is a test project what will show what this method can do and throughout the process of implementing it to all company. It includes complex relationships with management, workers and includes a lot of interesting twists and turns. 

The book has got good examples how to communicate delays and how to make very clear, visible reports of the projects.

One interesting part on page 138 witch I would like to share, rest of the story you can get by reading this book.

“What you need is the relay race mentality we’ve encouraging in the <Project> team.  We were able to substantially beat the previous timelines, because we relentlessly worked on the tasks on the Critical Chain with high priority and focus. We constantly looked for ways to regain lost ground. This has to be the mindset on all of our projects. If it is, you’ll win. It’s that simple.”

Amazon shop link: https://www.amazon.com/Be-Fast-Gone-Management-ebook/dp/B004THZ9VK

School - I026: XIV - Pick one company's code of ethics and analyze it in the blog

The piece of writing related to I026. This session concentrated on the ethics and IT. It is actually quite fun to write on those different topics. Having some guideline, make some research, write your heart out. Hopefully will have more post coming in the future as well. Need to take on some challenge.

We had to pick one company and analyze the code of ethics about this company. Since I have covered Tesla in many of my past posts here, then let's go over their Code of Business Conduct and Ethics.

They have 14 sections and one for CEO and senior financial officers and of-course introduction. PDF contains total 4 pages, but also it is readable in their webpage, no need to download the file.

I made high level summary of all those chapters below. It is written in more detail in the document, but everything is very clear.

Introduction

It is very specific, if you break the code, your contract with the company will be terminated and if the code of ethics conflicts with the law, then always follow the law.

1. Compliance with Laws, Rules and Regulations

Laws of the countries are most important and if needed, always ask for help. It is straight forward and they come back and tell that laws is most important topic.

2. Conflicts of Interest

Easy and simple - do not work with competitors, do not use your position in the company to gain benefits, try to avoid loans and other guarantees between employees. If you cannot fulfill your obligations to the company, notify your superior.

3. Insider Trading

Do not use confidential information for trading.

4. Corporate Opportunities

Do not use company property for personal gains.

5. Competition and Fair Dealing

Outperform competition with fairness and honesty, not by sabotage.

6. Discrimination and Harassment

They will not tolerate any illegal discrimination or harassment of any kind.

7. Health and Safety

Be safe, keep others safe.

8. Record-Keeping

Mark down your actual work hours, keep records in detail. Keep in mind that every e-mail, note, memo is candidate for becoming public. Be honest.

9. Confidentiality

Keep confidential information confidential.

10. Protection and Proper Use of Company Assets

Company equipment should not be used for non-Company business, though incidental personal use may be permitted.

11. Payments to Government Personnel

Do not bribe.

12. Waivers of the Code of Business Conduct and Ethics

Any waivers  of the code can be done only by the Board of Directors.

13. Reporting any Illegal or Unethical Behavior

Talk with supervisors always when you see something which shouldn't be tolerated.

14. Compliance Procedures

Ask first, act later. Do not be scared of asking and do it without fear. Anonymity will be protected if needed.

CODE OF ETHICS FOR CEO AND SENIOR FINANCIAL OFFICERS

This chapter basically describes how and what are responsibilities of CEO and senior financial officers. All those chapters are understandable and it is basic ethics

Conclusion

I feel that Tesla's code of ethics can be easily adopted to any company and they are more than reasonable. Nothing unnecessary and it is basic ethics. Coming to think that is it ethical that I wrote this post using my company's laptop? In the end my company will benefit once I have finalized the school and even during when I am in school. Something to think about though. Since I have company's chat and e-mail client also open and will not reject any email or chat then I am not so conserned.

School - I026: XIII - Security, pick one security big security risks in IT and write an review of it - Internet of Things: Internet connected smart devices

This weeks session was focused on security in IT. We needed to take one biggest risks in IT and describe it based on the Mitnic's formula. This contains 3 different parts: technology, training,  policy.

Internet of Things (IOT)

IOT is part of our everyday's life and it will only grow, soon we have sensors and smart devices everywhere, they are not smartphones or tablets, but they can be simple light switch, teddy bear who receives and sends voice messages, cars who come around the corner to pick you up, mirror which tells your temperature, the list is unlimited and it is only increasing. What about Mitnic's formula, how it applies?

Technology

There have been developed special routers for IOT devices, which move them to segmented network to ensure that hacker cannot reach to the computer device network through IOT network easily. Each home should be equipped with firewall inside the router already to keep out the most of the attacks, which just scans ports and tries to get inside trough insecure port. All IOT device access needs to be monitored and alerts of suspicious activity needs to be noticed. Always, when you use IOT device, think it as the weakest point of your computer network (humans doesn't count). Usually those devices are small chips, standard bluetooth/wireless connection points, no additional security layer. Make sure that at least bluetooth / wireless passwords can be changed and no remote access is allowed. Basically it comes to you, and your training and policy.

Training

There are not much trainings of IOT devices, you can acquainted with biggest failures online. There are many good stories out there and summaries as well, like this one in Forbes about IOT bots or how your coffee machine can ruin your life or the Tech Radar article how the hack rate is growing. Just listen to security podcasts, read articles, and always think that this is most insecure part of your network.

Policy

As I have stated two times already. IOT device is the most insecure device in your network (now stated 3 times), then you can prevent a lot by:

• Move IOT devices to segmented network. It would be even good if you have dedicated networks for separate functions of IOT devices based on what they can do.
• Update your firewall, make sure that you log suspicious activity in firewall.
• Make sure that you can change IOT connection passwords and change them often.
• Read about the product before you buy it, use words in google: "how to hack device id/name"
• Always be on alert if it comes to IOT

School - I026: XII - Different way of IT - Write an description of the modern accessibility tool which you have encountered.

This weeks session specialized on accessibility software and hardware tools. We have to write an description of the modern accessibility tool which you have encountered.

I was thinking about different people groups and different accessibility settings and there are so many special tools and hardware made for it. Nothing for single fit which could be used in many operating systems, phones, tablets, laptops/PC's and so on.

  

There will be one silver bullet, really soon, which will resolve all those issues and tools into one, most likely it will eliminate most of the input modules as well. This is called roughly "brain implant".

I've just heard the most ambitious plans by Elon Musk, again he pops up in my blog. He calls it Neuralink. They want to enable this to brain damaged persons in the first step, but it can be enabled to everybody. The area is very wide, job offerings include material engineering, biomedical engineering, electrochemicist and so on. The product will be in the border of ethics and how it can be ensured that nobody doesn't hack your brain-chip?

I think that the most important job here is to ensure full and transparent security for this product, preferably open sourced so the people can in community to see the code and fix bugs whatever are there. The initiative although is perfect. Let's hook us up with the chips and control stuff with our mind.

We can be real live x-men's.

After brain-chip, next step will be enabling exoskeletons. They are divided into 2, active and passive. It depends on the person which one needs to be used also those exoskeletons can be built for different purposes, depending on the needs of the person.

There you have it, basically 2 technologies, which must be used back to back can resolve most of disabilities problems for persons. Brain chip also may help with brain computing power.

•  Eyesight, if we now have brain-chip, exoskeletons, plug in artificial eye and vision.
•  Hearing, microfon, no magic here.
•  Voice, speakers are present.
•  Missing limbs, get artificial one.

Starting from brain-chip we are basically fighting disabilities and actually "normal" people will remove their human disabilities like cannot fly or cannot see  through walls with brain-chip and counted technologies.

School - I026: XI - Bring one positive and one negative example of usability in web.

Bring one positive and one negative example of usability in web.

This lesson focused on people and computer communication, ergonomics and usability.

Jakob Nielsen mapped down definition of usability and it is defined by 5 components:
Learnability
Efficiency
Memorability
Errors
Satisfaction

I am anayzing the same component with two different newspaper webpages regarding to the Satisfaction component.

The BAD Example

Postimees Web - http://www.postimees.ee/

First if I open the webpage I get notifications about cookies. I guess it is standard nowadays. This is one time click on "I Understood" button. I instantly get 11 cookies in my browser, all are either to domain www.postimees.ee or .postimees.ee. First seven are not directly linked to host only, none of them are secure or they will not die when session is over. All cookies expire in a long time in the future, only one is set to expire today. Others are at least one year, until ten years. This makes me very sceptical and causios what they try to track from my browser activity and my movements. They should at least introduce session based cookies.

Webpage is sending constant ping requests to Amazon WebServices and chatbeat analyics service with different parameters which are somehow hashed. Ping is encrypted to 1x1 image. 43B. It is sent every 1.2 minutes. Seems like Chartbeat is using Amazon Elastic Search to store the metrics and then generates audience graphs over those parameters.

They also want to access https://secure.pmo.ee/api/me/ but it always keeps error if you are not logged in - 401(unauthorized).

If we move forward to the webpage itself it is full of ads. On the main page there are now 3 different ads:
 * On the background
 * On the footer
 * On the left side

Footer in the bottom is really annoying and constantly upgrading scroller div style.

I was assuming that when I login then those adds and trackers will be removed, but they still remain. I am expecting that when I pay some money to them then I will get ad free environment, but I only get some paid articles where I am not very sure about quality of the article.

Conclusion, only way how to use Postimees.ee satisfactory is to use adBlock and uBlock.

The Good (not perfect) Example

The Sun Web - https://www.thesun.co.uk/
Same story here, standard cookie policy check. 15 cookies in this webpage, where 5 are session only cookies, 4 are related to host only and rest are available for other sites as well. 3 cookies expire by session and rest of them are mostly with maximum age for 2 years.
Tracking parameters are being sent to www.parsely.com, in every 1 minute and 2 sekunds again 43KB as Postimees.ee. It is similar to Chartbeat, most likely same kind of functionality but different providers.

One resource is not found https://tpc.googlesyndication.com/simgad/6337765394029551775.

On the website layout, it is bit better, it only has one add on the top of the page, which is being tracked back to my location most likely by IP. This website has focused more on images than getting news name to catch the attention, but I already like it better than Postimees.ee due amount of "spam" it is displaying to me.

After I created an account and logged in, my user experience didn't change. Looked for a place to pay, but couldn't find one, so I guess that they are actually living from the ad's and it is not so abusing as Postimees.ee has, I even could live with that.



Do you know any online newspaper which is focused on news? I would be willing to subscribe if I get an ad free environment.

School - I026: X - Take one project and analyze it's software and business model

This topic is actually very abstract one and it had me thinking which company's/projects business and development model would I take.

I've always interested in Elon Musk  as well as Richard Branson but this time, instead of Virgin I decided to take Tesla.

They are focused in different areas of electricity, like electric cards, lithium-ion battery storage's, residential solar panels. Leonardo DiCaprio talked with Elon Musk in Tesla's Gigafactory and there was a phrase that you need 100 Gigafactories to power the entire world with sustainable energy. So Actually I was interested in their business and software development model.

If I go to their homepage and look for job ads, then we see 22 teams and if we google for some keywords in their careers sub-page like:

• Agile - 10 results
• Scrum - 2 results 
• Lean - 23 results 
• Waterfall - 0 results
• Critical path - 5 results
• Kanban - 2 results

Chaos, Spiral, V-model, Prince2 and I didn't go through all the list assuming that already those didn't give any match here and I got matches to some of them above.

They have today (21.04.2017) 2480 job adds and if we divide it to department wise we get following result:

Department	Count
Communications	4
Design	14
Energy Products	51
Engineering	322
Facilities	28
Finance	92
Gigafactory	73
HR	68
IT	76
Legal	13
Manufacturing	200
Marketing	45
Production	14
Quality	17
Retail Development	13
Sales	719
Service	638
Supply Chain	82
Workplace	11
Grand Total	2480

Now If we compare the Google results with the jobs which they have available, map them to department and remove the false positive results:

Position	Methology based on Google	Department
Staff Program Manager, Service Operations	agile	couldn't match Google result to available job
Senior Mechanical Design Engineer- Interior Systems	agile	couldn't match Google result to available job
.Net Developer	agile	IT
Mechanical Design Engineer - Closures Systems	agile	Engineering
Sr. Engineer- Lighting Systems	agile	Engineering
Software Application Engineer	agile	Engineering
Senior Mechanical Design Engineer - Seating Systems	agile	Engineering
Engineer- Interior Systems	agile	Engineering
Sr. Performance & Scalability Test Engineer	agile	IT
Staff Program Manager, Service Operations	scrum	couldn't match Google result to available job
.Net Developer	scrum	IT
Process Engineer, Gigafactory	lean	Gigafactory
Process Technician - Seat Manufacturing	lean	Manufacturing
Material Project Manager - Manufacturing Introduction Group	lean	Manufacturing
Material Project Manager - Manufacturing Introduction Group	lean	Manufacturing
Material Handler	lean	Service
Engineer- Interior Systems	lean	Engineering
Tool and Die Maker - Assembly/Tryout	lean	Manufacturing
Mechanical Design Engineer - Closures Systems	lean	Engineering
EHS Manager - Factory Departments	lean	Manufacturing
Production Planner	lean	Production
Engineering Applications Product Manager	critical path	IT
Installation Project Manager - Supercharger	critical path	couldn't match Google result to available job
Senior Mechanical Design Engineer - Battery Enclosure	critical path	Engineering
Tesla Supercharger Land Use and Permitting Specialist	critical path	Engineering
Material Project Manager - Manufacturing Introduction Group	kanban	couldn't match Google result to available job
Production Planner	kanban	Production

In summary it comes to that Tesla actually uses a agile at least in Engineering, Gigafatory, IT, Manufacturing, Production and Service departments.

Department	Number
couldn't match Google result to available job
agile	2
critical path	1
kanban	1
scrum	1
couldn't match Google result to available job Total	5
Engineering
agile	5
critical path	2
lean	2
Engineering Total	9
Gigafactory
lean	1
Gigafactory Total	1
IT
agile	2
critical path	1
scrum	1
IT Total	4
Manufacturing
lean	5
Manufacturing Total	5
Production
kanban	1
lean	1
Production Total	2
Service
lean	1
Service Total	1

Although those results are based on Google search it seems that they are using very agile methodology. 

It also is shown that they are using agile approach as their cars pretty much get monthly upgrades of new features, they don't wait when they have product fully ready, but they rather give and improve customers experience every month. Porsche is also making electric car to compete with Tesla, but Porsche first car will come around 2020 and by that time they are way too late to compete in the electric car market with agile development models. 

Tesla didn't make cheap car, they sat down, thought what they can do and how to do fast, they did super car which is able to get updates in your home WiFi and get additional features. You put stuff in, put activation can be over time, not everything must work in the first place. Recently they activated serf driving capabilities. Sensors where there, they just weren't activated.

This is excellent example of agile business model which has high level road-map planned and roll-out takes in place feature by feature. I would call it even high level is planned with traditional method, which is split to iterations and iterations are handled by agile model. Combination of many methodologies which actually makes this very rapid, fast and professional company which delivers.

School - I026: IX - Write a review to Eric S. Raymond "Hacker - HOWTO"

In this session we were asked to write an review to Eric S. Raymond "Hacker - HOWTO" .

"In computing, a hacker is any skilled computer expert that uses their technical knowledge to overcome a problem." by Wikipedia.

Quite often it is confused who is a hacker and who is cracker. This publication makes very clear the difference between those two roles and focuses quite often on the supremacy of the hacker. It reminded me a bit Nietzsche Übermensch which basically describes life after God, new values, transcendence and so on. I believe that who ever has read it has their own ideas and values of it.

Fortunate when I got forward into this publication then it pulled a bit back about hackers supremacy in the world and started to talk about how they are precious and you cannot waste them to solve the same puzzle twice. Who ever wants to solve the same thing twice?

Read the paragraph point of style. It has got 7 points what to do in order to get yourself to perfection so you could call yourself an hacker. Work, play, do science, art, read, make things, train in martial arts, meditate, have an ear for music, play an instrument, appreciate puns, be skilled in all areas of computer related skills, know 5 programming languages, program in them,  be fluent at least in one of them, write open source software, debug somebody else's, publish useful information, make FAQ lists, administrate mailing lists, moderate newsgroups, propagate the culture, learn and use open-source Unix, learn to use World Wide Web, write HTML, English is not native - learn it. SOLVE PROBLEMS.

It made me also think about once great movie which contains a lot of philosophical phrases. We are stretching to 8 billion  on this planet. There is one scene in movie classics which reminded me of this all story, or at least the first part of the dialog matches it. I maybe harsh, but I believe that I am not so far away with this link:

Being in that sense of a hacker, is there any difference than being a monk in a monastery?

School - I026: VII - Write a Small Description of the IT Professional In The Year 2017

This weeks topic was talking about IT professionals and who them may be . How to act like a professional and get the respect from the community.

Necessary Prerequisites

IT proffecional is a person who loves what she does. She has thought herself the area and preferably also finished some degree in IT. She must be willing to keep learning and get up to date about brand new technologies and aquire new skills all the time.

She must be a peoples person and get to understanding what is expected from her. People outside of IT most likely don't know what they are talking about. For example - server is a website.

Necessary Features

• Excellent in communications
• Willing to learn
• Being up to speed with latest technologies
• Also have to know items from the past
• See items from the positive side
• Not to write anything premature into emails or code commit comments
• You should get along with different types of people. For example, if you hate that people are chewing food with open mouth, you choose to ignore the fact that he is doing it and try to cope. Unless you need to work with that person in later faces as well, then you need to make a remark so he wouldn't feel bad.
• Understanding must be taken, that there are no stupid persons, only people in general are stupid

Necessary Skills

There is actually no specific necessary skills what professional person should have. It is combination of many skills, but mostly the politeness and willing to learn new things are the key factors. For example, try to start your e-mails:

Dear Sir/Madam,

<some body>

Yours Sincerely,

<your name> 

<title> 

<phone number>

Also subject, try to describe the topic in few words in subject. I, myself, personally am taking e-mails with subject Hey, how are you, later than topics with "Help needed - cannot reach destination IP of this server".

Conclusion

This assignment was one of the most complex ones, you really can say if person is professional or not after you have communicated with him. Totally subjective topic and you cannot really take objective approach here.

School - I026: VI - Give assessment of solutions in Chapter 2 of "The Case for Copywrite Reform" by Christian Engelström MEP & Rick Falkvinge

The Case Copywrite Reform was published by Swedish Pirate Party members. Our session at school covered a topic called in rough translation: Computers and paragraphs: law/legal in computer world.

We had to read a chapter 2 from that book, which I mentioned above and write an assessment of the proposed solutions which were written in that chapter.

There where total of 6 points:

• Moral Rights Unchanged
• Free Non-Commercial Sharing
• 20 Years Of Commercial Monopoly
• Registration After 5 Years
• Free Sampling
• A Ban on DRM (Digital Rights Management)

Moral Rights Unchanged

This is one of the strongest points in their case and they are totally correct. No matter what, author of any publication, idea or any sort of creative work. Give credit where credit is due. Today even this point is quite often compromised, ideas stolen and sold as their own. All what actually matters is who will be the first one shouting and talking about the idea itself. Of course with a strong court case it can be overruled. The closest example, which I can recall, was in a TV series called "Californication". Show where a stepdaughter stole a work written by a lead male actor, in which case it was David Duchovny, and she sold it to publicist.


Free Non-Commercial Sharing

It is illegal for coping a CD or a song, movie, e-book after you have bought it and then to share it with a friend. I am actually surprised that the media you have bough isn't  yet encrypted in a way that only you can see it, with some chip in the brain or artificial eyes. At least yet I haven't seen a case where you will get fined if you copy the music from one of your media devices and make a "mixtape" to your car, which composes songs from different artists. Artist may claim that whole album is one single piece and if you take one song from there you are destroying their art and stealing from them.

It is even illegal to download a song which you have on a media you have sitting in the shelf of your living room. 

If there would only be a way to see how much of the authors creation has been shared and used, then why not let the government to pay them. If I like it or not, but the world is moving forwards to socialism and this would be strong case in this kind of world.

20 Years Of Commercial Monopoly

Even 20 years of time is too long to have a benefit for society from protecting the copyrighted work, but still better than lifetime+70 years. At least it would give hope to somebody. 

Registration After 5 Years

Perfect point, this should be standard in modern world. You have to claim that you still are backing up your work after 5 years, not just some random idea which you shout out and leave it hanging so nobody else could use that. Most of the people even don't care after that.

Free Sampling

I believe that this one is a stretch. I want to take Mona Lisa and color her hair to blonde and call it Blond Mona Lisa. Nobody prevents to do that, as long as you refer to initial author and if needed give him some of the revenue you earn from this stunt. This is done in music industry today and it is done quite often. You cover somebody, they get a piece of pie as well.

A Ban on DRM (Digital Rights Management)

True, technology shouldn't prevent people to do stuff, peoples moral and ethical compass should be the one. Education is the key here.

Conclusion

Swedish Pirate Party is on the right track, I hope that some of their points will be pushed through. At least, we, in Europe are quite fortunate. We don't have many blocks to accessibility of the digital media, but imagine if you live in China. Even your phone cannot open applications which are not designed in China.

School - I026: V - Choose One of the 10 Commandments by Virginia Shea and Write an Example of Your Own Experience

This week's session is about specificities of social networking.

We were asked to pick one of the 10 commandments created by Virginia Shea and write an example of our own based on it. Those are as follows:

1. Remember the Human
2. Adhere to the same standards of behavior online that you follow in real life
3. Know where you are in cyberspace
4. Respect other people's time and bandwidth
5. Make yourself look good online
6. Share expert knowledge
7. Help keep flame wars under control
8. Respect other people's privacy
9. Don't abuse your power
10. Be forgiving of other people's mistakes

Those were written down 10 years ago and most of the people don't follow any of them and if they do then in a very limited manner. It is very difficult to choose from those just one, because most of them apply at the same time in the same place, therefor I am bit widening the topic and focus one of core powers in the society - the press, especially the online press.

#1 Remember the Human

I see that most of the modern media is either without context or the context is shifted in a very focused way. The very good example here is the media war which is going around Ukraine and Russia. Perfect example how the context can be shifted to your own side and actual truth is hidden in some other location. At some point of time I've stop believing the stories which were written and started just following feeds from LiveLeak, but drawing the line between reality and fiction got blurrier every day and it still is blurry. I want to believe, but what can I? 

Even Today one example of context. Texas lawmaker ridicules anti-abortion measures by filing anti-masturbation bill. Referred one can be found here and original one here. Just leave out a part where the women was sarcastically saying that in order to stress the problem about abortion and you have all another story.

#4 Respect other people's time and bandwidth

Taking the last example which I gave on the chapter above, it directly indicates that to find out the truth I needed to start looking the source of the news myself. I read one information from one source, second one from another source. Wasted my time, my bandwidth. I am lucky that I have AdBlock installed.

This is recurring pattern all through online media. See this, can you believe that he just did it. Click to learn more, and then, 2 lines of meaningless  story. I just got click-baited. Basically everybody are aiming for your clicks. More clicks, more adds can be displayed, more money can be cashed in. All falls on the amount of adds which somebody can present to you. Basically the title of the article is mostly not correspondent of the story and you have fallen to easiest con what is available in the web.

#6 Share expert knowledge

How, today, it is possible to trust any information which is available, I am not only talking about online information, also offline information. There is so much noise, so much false information present, who tells that the information is validated. Do you have to look it up yourself from different sources and then determine which source to use. Again we can take the first example here. Was the referred article expert knowledge? I would say no.

Data manipulation to get what you want is actually quite common. You just need to have enough followers and any knowledge can become expert knowledge. There are forums out here where people blindly believe that world is flat. 

Or this illustration:

#8 Respect other people's privacy

It all starts from some article, which gives you limited information, which I mentioned with #1. It goes on to point #4 where the article is covered with adds and every request has got special tracking ID attached to it. You are now marked, cookies are set, referrals in URLs are set. Where ever you go, that information can be reused to understand what you have watched, where you have been. There is no privacy if you take it out of box. You need to add additional measurements to gain back your privacy. Online media has got you stripped.

#9 Don't abuse your power

Taking all this into account, I believe that all who ever work with media and has followers will abuse the power. 

# Conclusion

There are some commandments of netiquette, but they don't stick today. I want to believe that people are having some moral compass, but I just cannot. To protect yourself, you need to be skeptical about everything you read, you see. Don't let your trust blind-sight you. Take preventive measures when you read something from the media. 

The truth is out there: