This is a short post to streamline opening accounts on sina.com, which is a free Chinese webmail account provider. Why would you want an account on Sina? Well, I use it for counter-spam/phishing/counter-phishing operations, or simply as a recurring disposable email account when services like 10 minute mail or Mailinator are blocked, or should I need something less public. Obviously, no sensitive information should be used with any email account used on this service.
Opening an Account
Browse to Sina.com to access the main login page, where you can also register. On the login page, you are greeted with a typical login page. To register account, click on the second button, i.e. ‘注册’, as shown in figure 1.
The registration page should appear. Little information is needed to register an account and no mobile phone number verification is required. Actually, all you need is a password and a username! If you ever need more details, you can generate a complete persona using the FakeIdentityGenerator. For this account, I generated a persona called ‘Mulan Fu’ by selecting Chinese names. Let’s see if Disney sues for using the name ‘Mulan’. Just fill the form with your email prefix, a password, the captcha and click on the blue button.
You may be brought directly to your new inbox. Otherwise, just login and make sure the ‘SSL’ option is selected. Enter your email address and password an click on the blue button (figure 3).
You can finally reach your inbox, which is organized like any other webmail services (figure 4). The ‘New Email’ button is the one on the top left corner, which reads ‘写信’. To access your inbox, simply click on the first item in the folder list on the left (‘收件夹’). Finally, to consult sent email, use the forth item from the top in the folder list (‘已发送’).
Composing a New Email
To write a new email, click the button detailed in the previous paragraph (see figure 4). If you compose a new email for the first time, you will be prompt to create a new signature (figure 5). Enter any information you want and save the information. You should be familiar with the composing interface (figure 6). You can use attachment up to 50M.
Click on the first button above the email, the one with the paper plane (‘发送’), to send the email.
Obviously, there are many other features that can be used. Many of them, if not most, are similar to any other webmail services on the Internet. One of the advantage of using this particular service is that, unlike Google or Outlook, it asks for very little information and doesn’t require mobile phone verification. Also, unlike some temporary email services, it’s ‘private’, at least, less public and permanent. Finally, since Sina.com is still a legit service, but not well known in the Western world, it can be used for most online services without too much suspicion. This make it ideal for social engineering operations. There are other similar services around the world, with various level of intrusiveness when it comes to registration.
San Antonio will be hosting the new data center of the National Security Agency reports the San Antonio Current. An old Sony factory on the West Military Drive, near San Antonio’s Loop 410 freeway, will be transformed to accommodate enormous size of data, which will mainly be electronic communications such as phone conversations and emails according to author James Bamford:
“No longer able to store all the intercepted phone calls and e-mail in its secret city, the agency has now built a new data warehouse in San Antonio, Texas.”
This city have been chosen for it’s cheap electricity, provided on an independent power grid since Texas as its own, unconnected to the other states’ grid, making it more reliable.
Another factor that played was the location of a similar size Microsoft datacenter a few miles away. This center will be the third largest data center of San Antonio.
As for the Sony plant, it’s made out of two connected buildings, offering offices and research areas and totals around 470 000 square feet. It is expected that 1500 employees will work there initially and may employ up to 4000 personnel.
Two days ago, the Inquirer post an article on a new law passed in the Chinese city of Nanchang, in the Jiangxi province, to replace pirated copies of Windows in Internet cafes by legitimate software. The alternative proposed to the cafes is the Red Flag Linux distribution, which prompted fears of snooping by U.S Radio Free Asia. The radio quoted the director of the China Internet Project, Xiao Qiang as saying that “cafes were being required to install Red Flag Linux even if they were using authorised copies of Windows“. According to an official of the Nanchang Cultural Discipline Team, the transition from Windows to Red Flag already started in the 600 Internet Cafes of the city and not across all of China unlike many titles claim.
At first, the OS was exclusively in Chinese and restricted itself to the Chinese market. In 2003, then the company developed an English version for international markets. This project received further help after Hewlett Packard concluded a plan to provide Red Flag with help in various field to market its operating system around the world. As many companies took interest in the Chinese economic boom, Red Flag signed partnerships with various western companies like IBM, Intel, HP, Oracle who wanted to open a new market into China. That way, Real networks among others, distributed its media software with Red Flag.
According to IDC, a market-research company, the revenue of Red Flag Software Co. totalled US$8.1 million in 2003. There were 24 000 server operating system shipments accounting for $5.9 million in revenue. In 2006, Red Flag Software was the top Linux distributing company in China with over 80% of the Linux desktop market. After a while, new versions of Red Flag were made for mobile devices and embedded devices. It can also be found on various server sold across China by Dell.
Therefore it seems that Red Flag Linux, after a slow period in the dot-com crash, is alive and well nowadays in China. The operating system changed quite a bit from its beginnings in 1999 up to now but we can expect the use of this distribution to grow in the upcoming years, as prices for proprietary OS such as Windows can be quite prohibitive for most of the Chinese population. The Red Flag Linux distro can be downloaded for free from Red Flag Software Co. (see the end of this article for the links) while Vista Home Basic was sold at renminbi (US$65.80) in 2007
According to this early reviewer who tested the OS back in 2002, the first Red Flag 2.4 Linux OS was based on the Red Hat distro. It came basically with the same options such as X11, the KDE interface as default and used the Reiser file system. Interestingly, no root password were needed and seemed to be the default account. It came with the standard user applications such as XMMS.
Since then, Red Flag Linux has switch from Red Hat to Asianux 2.0 as its base distribution. A root password needs to be specified at the installation and is now available on Live CD. Also, don’t expect a completely English system, while the most important parts of it should be English, some may still be in Mandarin. XMMS has long been replaced with KDE’s multimedia tools such as KsCD, JuK, Dragon Player, and KMix. Other software you can find on the “Olympic” beta version distribution, released last September:
According to the reviewer, and by looking at the English website, is does look like the English version is not maintained as much as the Chinese version. Therefore I believe the Chinese version might contain more features and less bugs. It might even contain office software such as Red Office.
This operating system is certainly one to watch, not really for its technical aspects or usefulness, but mainly because it might spread across China as businesses and governmental agencies adopt Red Flag Linux. If an attack should be ported against Chinese communication infrastructure, this distribution would certainly be one of the targets to analyze in order to find holes and exploits. Unfortunately, finding information about this Linux is tricky, mainly due to the language barrier. Using software translation is amusing but useless. It is hard to determine if the OS contains any modification for spying or snooping, as one would need to go through the source of a large part of the OS (I wish I had time to do that). But then, it’s less hard than to examine closed source software. Snooping can come from everywhere also, they might be better off with Red Flag Linux than Sony software afterall…
If anyone has information, please share it, as information should always be shared. In the meantime, a desktop version of Red Flag Linux is available here. And if you can understand Mandarin, maybe you could visit this page.
Yesterday the ISIQ (Institut de la Sécurité de l’Information du Québec) launched its new campaign to educate citizens computer security and protection of personal information over the Internet. The ISIQ launched a new portal, MonIdentité (in French) containing lots of information for users on how to protect their identity and to identify risks such as phishing, spyware, Trojans and weak passwords. The campaign has been launch by Pierre Arcand, deputy of the Mont-Royal district in Montreal.
“We want the citizens to become their own artisans of their security on the Internet, by adopting a secure behavior.” said M. Pierre Arcand.
This is exactly the kind of initiative we need. Humans are always the weakest link in any security network, therefore educating the population about security is essential. My only fear is that this campaign will largely be ignored by the media and the population, since elections are looming in the province and economic news are still the main topic.
Today the U.S Army discovered something called Twitter, and realized that, as MySpace, Facebook, Google Earth and many other sites, it could be used by terrorists to plan attacks on landmarks or other targets. Although the Army report admits it has no proofs that Twitter is currently used by individuals for terrorism. The report details many interesting scenarios described in the report:
Scenario 1: Terrorist operative “A” uses Twitter with… a cell phone camera/video function to send back messages, and to receive messages, from the rest of his [group]… Other members of his [group] receive near real time updates (similar to the movement updates that were sent by activists at the RNC) on how, where, and the number of troops that are moving in order to conduct an ambush.
Scenario 2: Terrorist operative “A” has a mobile phone for Tweet messaging and for taking images. Operative “A” also has a separate mobile phone that is actually an explosive device and/or a suicide vest for remote detonation. Terrorist operative “B” has the detonator and a mobile to view “A’s” Tweets and images. This may allow “B” to select the precise moment of remote detonation based on near real time movement and imagery that is being sent by “A.”
Scenario 3: Cyber Terrorist operative “A” finds U.S. [soldier] Smith’s Twitter account. Operative “A” joins Smith’s Tweets and begins to elicit information from Smith. This information is then used for… identity theft, hacking, and/or physical [attacks]. This scenario… has already been discussed for other social networking sites, such as My Space and/or Face Book.
Although this is true, for anyone having a clue about technology, this shouldn’t be any news. Any social networking site offers the opportunity to criminals and terrorists extensive information about someone. This can only by solved by educating people about privacy, and why it’s important. This is especially true for security and military personnel.