From the Oxford dictionary...

"Standard": 1. A level of quality, especially one that people think is acceptable. 2. A level of quality that is normal or acceptable for a particular person or in a particular situation.

So this is a follow up to my post on the iTunes ruckus going around.

Shortly after I posted that, there was a posting on Slashdot.jp about this with headlines saying "Apple claims "Our privacy protection and customer satisfaction level fulfills the highest standards in the industry""....

And with no surprise, the first comment to this posting was...
"Even if it is the highest standard in the industry... if it below the social standard then it doesn't matter!"

Indeed, Apple and many American companies (and unfortunately too many Americans as well) out there need to realize that there is a world outside the U.S. and that if they are going to do business on a global scale that they need to adapt to other countries standards, and not the other way around... (Although this is indeed a sticky issue and after trying to hear out both sides of the debate on censorship in China, I am still not sure what the right answer is... on one side I believe transparent governments, freedom of speech, and no censorship is the right thing and needs to be employed in every country.. but on the other side, if China allowed that then there would be a good chance of a civil war and rebellion.... which would result in deaths, etc... which would not be good either... )

So I won't say anything more on that issue because I can not say for certain what is right or not, etc... But in this case, I can say for certain (at least in my mind) that Apple needs to respect the standards in Japan or else it is going to end up pissing off a lot of people for no good reason...

For those that have lived in Japan for any period of time, you will know that the standards in service are worlds apart from other countries and that by far the service here is probably better anywhere else in the world. (Unless you are working in a 6 star hotel somewhere...)

A little too meticulous sometimes but for the most part high quality service is not a bad thing.

So what Apple meant to say is.. it "fulfills the highest standards....in America!"...

which unfortunately sometimes (as in this time) doesn't even meet the lowest standards here in Japan.

and I think that is the main problem here...

Is this for real?

This month I am losing my main job so I have decided to take the opportunity to take a long 3 month holiday (after 4 straight years of non-stop work in Japan) from my other jobs and fulfill my dreams... to go to Egypt and travel the Middle East!

So first thing next month I will be on a plane to Dubai for a week to visit a friend, then Cairo here I come! I am then going to go with two Australian guys and travel by land up to Jordan, (hopefully Syria and Lebanon), Turkey, and Greece and then fly back... We are going to film every thing along the way and hopefully make it into a documentary... should be good times.

So unfortunately you probably won't hear much from me from April to August..

One thing that struck me as a little bit odd though when I was looking up Syrian embassies (As Syria is the only country that I need a visa for and is especially hard to get for Americans..), is this...

From: http://www.embassiesabroad.com/embassies-of/Syria

Is the Syrian Embassy in Cairo really using hotmail???
I highly doubt it... as you can anonymously send in edits apparently and they will post them...
(I don't think anonymous editing for a site that lists information about embassies is the best thing.....) I wonder what kind of emails this guy is receiving....
Although I do give him points for creativity.. as I have yet to see an email address start out with "www."..... hurmmmm.....

Either way, I don't think this is good...


iTunes causing big problems in Japan

I found out about this on the evening news last night.

Apparently there are many Japanese getting billed by iTunes for purchases they did not make.
But what they are really anger over is how Apple is handling the situation... (or more precisely how they are *not* handling the situation.)

At first they tried Apple's rule #1 of what to do when someone claims a fault or problem in Apple's products... the Jedi Mind Trick.. they waved their hands and said "no, there is no problem... you must be mistaken..."

However, the force must be with the Japanese consumers because they didn't fall for that and they are angry and publicly calling out Apple to handle the situation better. They demand that Apple give numbers of fraudulent purchases reported, etc.. which Apple denies citing "privacy issues". They are also mad that Apple only provides email support for this issue and that they should provide phone support as well....

The Japanese get a little bit crazy (from a non-Japanese standpoint) when bad things like this happen and unless people are on their knees crying begging for forgiveness and doing everything they possible can so that it never happens again... no one will rest and will keep bringing up the issue as long as physically possible.
(I am still shocked to see on the news about incidents that happened several years ago and should be history now but people still bring up because too many people felt like the people in charge were not punished enough or post-incident handling was inadequate, etc...)

More about this issue in Japanese.

The Face of a Fraudster

Fraud is by far the easiest, most widespread, and (figuratively speaking) deadliest attack in Japan these days. With a very trusting culture it is not hard to imagine that people have realized that they can abuse that trust and pretty much trick about anyone into believing something that will make them hand over some money...

The types of fraud here have an extensive range of variety that is too big of a topic for me to consider right now...

I just wanted to show a picture that I found of one person who got arrested for fraud.
I have seen many on the news and many are young guys like this guy.. but that is not to say that only young males are involved with these activities...

(I think I just liked this picture and wanted to make an excuse to post it...)
(It says in the top right "DJ committed a "bank transfer scam". "I didn't have enough money to live on...") (bottom says "He called a 32 year old man in Wakayama prefecture and tricked him into transferring money by telling him that he had overdue payments on a adult site membership")


First Arrest of File Uploader to Overseas Site

(This is actually from an arrest from pirating on Share as I could not find any picture for this incident.. but I am sure if I did it would like just like this....)

The very first arrest has been made on a 46 year old guy in Hokkaido for uploading copyrighted music to a file hosting provider and making the links public.
This is noteworthy because until now the only arrests for illegally pirating has been for uploading to Japanese P2P networks or servers in Japan, but this time the server was located outside the country. (Mediafire)

There are some fuzzy things regarding this case as it he was arrested for 1) Uploading the files and 2) Publishing the links to a public forum.

So people are now asking questions like... what would happen if he just uploaded the files? or if someone else posted the links?.. or if he just posted them on a private mailing list and not to the public?



JR Japan East Gets Gumbled.....Again!

More Gumblar attacks...

Apparently JR (Japan Rail) (Japan's largest railway company)'s site got p0ny'ed (or whatever the latest hacker jargon you guys are using these days) by the infamous Gumblar!

Perhaps this lame viruses incredible success is a direct reflection on Japan's lame security. (I have yet to see a company that has stopped using FTP/Telnet, etc..)

What is more lame about this story is that 1. The same site got hit by the exact same virus last December and 2. It took an outsider to point out much after the fact that they got compromised....


ADs for protection against Gumblar...

This is a follow up to my previous post on how Gumblar has taken Japan by storm..

As I was reading Slashdot.jp on my lovely google reader I came across this advertisement..

This is the first time I have ever seen an Ad. for protection against a certain one virus. (Not counting Winny... which probably many people here regard as a virus...)

It is an Ad from Japan's most famous AV company Trend Micro saying "The ferocious raging GUMBLAR! Are your countermeasures to protect your company effective?" "Corporations need to watch out for vulnerabilities! You can evade these risks that even take down large companies by a simple way (of installing Trend Micro's AV I am guessing)"


Copyright Craziness

Japan has some REALLY funky copyright laws that maybe one day I will get in more detail about...

Many things that would make your head explode trying to contemplate how they got that way and why they are still that way...(Like no Fair Use...) (I don't want my reader's heads to explode so that is why I am not going further into it...)

But one thing I learned new last weekend was about copyrights for music.

Apparently, you have to pay a certain organization (the copyright "police" or "yakuza/mafia" depending on your view of them) even if you are performing your own work!

A friend of mine is a composer and I guess it works out for him because any time a group in Japan wants to play his song in a performance the copyright yakuza show up (invited or not) and demand money!! They take a piece of the pie and then hand over whats leftover to my friend.. who says he makes a good chunk of money at the end of the year because of this.
However, when he wants to play his own music he has to pay a fee to these guys as well... some of that money will come back to him but some won't....

Kind of messed up in my opinion.... So for most people it is probably cheaper just to not copyright your stuff unless you are sure people are going to copy or want to perform it.....


World's First USB 3.0 Thumbdrives on Sale!

As all the cool new gadgets come from Japan, so has the world's first USB 3.0 Thumbdrives! You just have to go to Japan's electronic/geek heaven Akihabara to get it! (Or you could buy it online if you read Japanese and live here..) They come in 3 models, 32GB, 64GB and 128GB. The 64GB one goes for about $420 and the 128GB for around $740USD. These interesting devices come from the "SuperTalent" company and are SSD with RAID0 claiming to be 8 times faster than anything previously with 320MB/s read and 180MB/s write! It is supported for Windows 7, Vista and XP. And of course your machine will have to support USB 3.0 as well...which it probably doesn't....


Gumbling Gumbling GUMBLAR!!!

So for the past month or two now all I have heard in the Japanese infosec world is GUMBLAR!

(I even overhear people who know nothing about computer security talking about it! It is being talked about as the most devastating and dangerous virus at the moment....)

For those of you who do not know, Gumblar is a piece of malware that infects Windows victims through known Flash and PDF vulnerabilities and once the malware is downloaded and run, it checks for FTP clients such as Filezilla in which is steals the FTP account credentials and then adds malicious JS to all the pages in that person's website they are admining which then attacks more machines through flash/pdf. It also sniffs FTP accounts off the wire and uses in-browser MiTMing of IE to modify google search results. (which is one of the novel things it does that got it famous). I had to research about gumblar as part of my job and didn't find much info. when searching in English except for articles that date back to May 2009 when it peaked. I guess there must have been a lag before getting popular in Japan (as with many things).. so when gumblar lost popularity overseas it came to Japan where it found a new popularity. (as with many bands, not-so-cool guys(like me), etc..)

So people here have been talking about this like people talked about Code Red in the States right after it hit all the IIS servers back in the day. I suppose there is somewhat good reason, as high profile sites such as Yahoo! Japan, Toyota Motors, Mitsubishi, Banks, etc... have started spitting out malicious JS infecting their users after their admins got infected... (If i recall correctly, the small part of Yahoo Japan that got infected (the Horoscope section i think) kept infected for several months before anyone finally realized it) (>_<) !!!
(and why are are these admins using FTP??? and why are they using the systems they use to admin for browsing? with out of date Windows and Flash and Adobe Reader?????)

Boggles my mind...

Anyways, I just wanted to inform the masses of what's hip these days in Japan.

I'm very curious to know if this virus made such an impact in other parts of the world???

Discovered Despite Hiding in the Dark

Perfect Dark, is the sort of successor to Share which is the successor to the infamous Winny program.

I believe I have posted before about all of the arrests from Winny and Share. Now, the new kid on the block, Perfect Dark is also not a safe haven for Japanese online pirates as well, as the first arrest has been made on a 37 year old part time worker for distributing anime.

I guess he needs to read more slashdot.jp so that he would have known that the encryption for this program as well was cracked last May and that he shouldn't be using it.

If I were a developer of these illicit P2P programs, I wouldn't try to develop my own protocols for anonymity (as we all know developing secure protocols is an extremely difficult task), I would exploit something like tor to use as the backbone for providing anonymity so that the smart folks at Net Agent, the company famous for reverse engineering and breaking all of these encryption schemes, would have to then break tor.... which might be a little harder.. (and even if they succeed, I wouldn't have to worry about it anyway because I would have Roger Dingledine to fix it for me anyways =) )

(Sure download times would be terrible due to tor's lag, and overloading the network would make it slower.. but it would also be adding many fast gigabit fiber optic connections on the up side as well which might balance things out somewhat... At least users could have a little more peace of mind not having to worry about being arrested, and losing everything they have because they don't want to or can't afford the insane prices on anime here)

Source (Japanese)


Politicians can now use the Internet!

Ok, so I was pretty flabbergasted (i like that word), when I found out last year or so during the elections that politicians here are banned by law from using the Internet during elections!

"In Japan!! One of the world's most modern economies! I am living in 80's?" I thought...

So yes, until just now, politicians here have been limited to passing out flyers and being very annoying by driving around town with bull horns.

Finally legislation has been passed that removes this ban and politicians can now blog and tweet to their liking and inform the public in a fast and efficient manner about their thoughts, policies, etc...

That is great news!

Just one condition, they have to explicitly say that what they are posting/mailing/etc... for election purposes and the writer has to explicitly write his/her name, etc...

Nice! I see nothing wrong with that. In fact it is the probably the right direction as I wouldn't want them to go the other direction like the U.S. has gone... where the government (and does often!) create propaganda in favor of the government and is not legally required to say that it was produced by the government!! (and somehow they frequently "forget" to mention this little fact...)

Humm... governments able to create propaganda in favor for themselves and can legally and frequently do hide the fact that they created it..... humm.. yea, I see nothing wrong with that. (said with sarcasm)

Fortunately, something like that would not fly in Japan...


(Update 2/12.. Ok, I probably went overboard when saying they "frequently" produce propaganda... but I certainly remember a press reporter asking Bush why they don't change this law to make the government have to tell the public when it is government produced and he just kind of chuckled and put that grin on his face and said "well, I don't think we need to really do that now...." and passed on that comment.... As there hasn't been any change in administration after Obama I doubt that this law has been changed... let me know if you know more about this...)

Japan wants to be SUPER!!

...in computing, that is.

(Housing for the world's new future super computer. Just empty rooms now)

Slightly old news here but for the past couple months there has been lots of arguing in the Diet about whether to approve a 1.3 billion dollar(USD) project for creating the new world's fastest super computer.

Since 1993, Japan has almost always been home to the fastest super computers in the world until 2004, when the US started taking over. (According to Wikipedia here)
Since then, Japan has slipped and now the world's top 10 super computers are held by 8 in the U.S., 1 in Germany(#4) and 1 in China(#5).

Some Japanese apparently don't want to loose face over this and the high ranking bureaucrats have decided that it is best to spend millions of tax dollars (despite the trillion dollar national deficit) to regain the title of home of world's fastest computer!.... for the sole purpose of....... well, to be fast!

There were many people against this foolish decision reminding them that there is nothing new that could be accomplished that can't be done now by creating a faster computer.... but apparently that logic was too complex for enough people to understand and too many people just heard in their heads "We need to be #1!!" (They almost were able to convince them but the project has seemed to be approved just with a reduction on the budget for now)

And so that is how the story goes.

(If I wasn't too lazy I would photoshop a label saying "insert supercomputer here")

Although I think it is a waste for foolish pride purposes, I am kind of happy as they are building it literally 20 minutes from where I live, in Port Island, Kobe!!

(Port Island, a man made island off of Kobe)

So hopefully in the next couple years when it is finished I can go look through the glass walls at it and think "Wow...it's probably not doing anything particularly useful but it's probably doing it really really fast!!"

Happy New Years!

Ok... so I have been pretty lazy with the updates.. I'm thinking lack of motivation.

I have been keeping far too busy that I would like to be but have been doing cool new things in security here as well as outside of work and still learning alot everyday... I have many different things I would like to write about if I get the time....
So if you are interested, then post a comment or email me at kobe.ninja (a t) gmail and yell at me to start writing more!

So although it is already February (time flies by fast!), I wish everyone a happy year of the Tiger!