Facebook Data ‘Leak’ – it’s not news, people

Security consultant Ron Bowles trawled Facebook’s public directory and published ‘data’ on 100,000,000 users. Some people are up-in-arms about the leak, crying that ‘something must be done’, but not what. Few people seem to have looked at the data and given a coherent response. In fact, there’s nothing exciting.

The data is 2.8GB and I’ve spent the last twelve hours downloading it. Good news, everybody – it’s rubbish! Your bank details, email addresses and the name of your first born child are not there. Neither is your date of birth, your location, or a photo. A telephone directory contains more information on you.

The data is simply a list of names and a large file containing URLs to entries in the directory with seemingly no relation to the names.

There’s some other data which are derived works of the original file – these are described as follows:

Filename                        Description
-------------------------------------------------------------------------
facebook.rb                     The script used to generate these files (v1)
facebook.nse                    The script that will be used for the second pass (v2)
facebook-urls                   The full URLs to every profile
facebook-names-original         All names, including duplicates
facebook-names-unique           All names, no duplicates
facebook-names-withcount        All names, no duplicates but with a count
facebook-firstnames-withcount   All first names (with count)
facebook-lastnames-withcount    All last names (with count)
facebook-f.last-withcount       All first initial last name (with count)
facebook-first.l-withcount      All first name last initial (with count)

So in summary, it’s a load of hot air.

What data appears for me? Looking through all the files – my name appears in facebook-names-unique once. And that’s it. According to Facebook’s directory, there are at least 192 people called Peter Hicks.

Getting fitter

A month and a half ago, a friend of mine went to an absolute beginners fencing class. Having done next to no regular exercise other than walking to and from the tube, four hours of activity did me in and my thighs and legs ached for the next two days. Despite the physical symptoms, I was ready for more and signed myself up for a six week course which ended yesterday. I’ve had several lessons of private tuition too – it’s great fun, hard work, but I don’t notice the physical activity so much as the technique and tactics.

In conjunction, and to get rid of the “IT Thighs” that I’ve developed after over a decade of running technology, I’ve taken up cycling. This is a great activity which is a lot faster than the bus, and exercises muscles I never before believed I had – which include my awareness of the back-streets of London.

My goal for both of these is to shape up, tone up and attain thighs of steel. If I can lose two stone, I’ll be over the moon :)

Importing SSL certificates on Cisco IOS

A requirement came up to use Cisco’s AnyConnect VPN on a router. For this, an SSL certificate and corresponding private key is required – I used CAcert.org.

I will deliberately skip the detail of how to generate an RSA private key, create a CSR and get this signed by a CA. Straight to the chase – here is how to import the key and certificate on to an IOS router.

Use openssl rsa -in foo.key -pubout to display the corresponding public key for your private key foo.key. This will begin with BEGIN PUBLIC KEY.

Next, ensure your private key has a password – use openssl rsa -in foo.key. If it doesn’t, encrypt it with 3DES using openssl rsa -in foo.key -3des and specify a password.

On the IOS device in question, use crypto key import rsa foo pem terminal to import the PEM encoded public key:


cr(config)#crypto key import rsa foo pem terminal strongpassword
% Enter PEM-formatted public General Purpose key or certificate.
% End with a blank line or "quit" on a line by itself.
-----BEGIN PUBLIC KEY-----
...

Ensure there is a complete blank line after pasting the public key, and the router will then prompt:

% Enter PEM-formatted encrypted private General Purpose key.
% End with "quit" on a line by itself.

Paste in the 3DES-encrypted key – it will begin BEGIN RSA PRIVATE KEY, and type ‘quit’ on a blank line at the end.

That’s it. It’s not straightforward, and I know I’ll forget if I don’t write it down!