I received this comment from Sonia-Belle, at my last post: My Google account (and my blogs along with it) have been completely erased. I don't know by whom. Either a hacker or Google/Blogspot. Probably the latter, because I am trying to find out why, but they don't answer my queries. They would probably answer if it was a hacker.
Is there an anti-pornography crusade by Google or Blogspot that I didn't know about?
Nudist blogger Sonia and I, have been arguing politically back and forth at our blogs since 2005. Arguments have flowed between our blogs, sometimes spreading all over the internet. Not many rightist blogs, have as diverse a readership as Sonia's blog. Our blogs are dialectically connected. Her's is the rightist blog, with left commentary and mine is the opposite.
After all those years of blogging, Blogspot owes Sonia an explanation.
I've invited Sonia to join this blog, to use to campaign for her blog's return.
RENEGADE EYE
47 comments:
If Blogger has cut Sonia's account then it
i) ought to say why, then
ii) reinstate he blog immediately.
Thanks Jams,
Thanks Ren,
It's really very nice to invite me to contribute to your blog, but there is one problem. To join, I need a Google account. It's been cancelled too.
Of course, I could create a new e-mail account, and then try to create a new Google account from it, but I would prefer to do it after finding out what really happened. Because if I am on some kind of black list, then sooner or later, that new account would be canceled too.
---------------------------------
to campaign for her blog's return
---------------------------------
Technically, I could return today, by restoring my old blog under a new address and continue blogging. Three problems:
1. I would lose all the links to my old blog's address and the readership (small but steady, that visited regularly)
2. The newest posts weren't saved. I very recently saved one of my film blogs, but my personal blog's last back-up was last year. February.
3. They could erase my blog again. If, as I suspect, my blog was erased over the Mohammed cartoons, if I post them again, it will be canceled again, sooner or later. But I am not sure. It might be something completely different. How would I know what not to post ?
And do I want to post at Blogger if they accept censorship ?
Sonia
Sonia,
I tried linking you a couple of years ago but blogspot wouldn't permit it. I didn't think much of it because I tried the same with Beamish and couldn't link his either.
A while back, whenever I would try to get to your blog, I got a message saying that it contained controversial material or some such nonsense.
If there is a petition to get you reinstated, let me know, I'll sign!
Parenthetically, Ren, how are you able to keep haloscan? I got forced off a while back.
A sad blow.
From personal experience Blogger are known to act without warning at times but they always email you with details when they do it.
Perhaps your account has been hacked Sonia, doesn't sound like Google.
Haloscan isn't worth a crap. Intense Debate, which I have, and which is not perfect, is head and shoulders above Haloscan, Echo, or any other comment system I've ever seen. I recommend it highly. J-S Kit in general is a big ol' piece of crap.
I think this will happen more and more I fear.It may not feel like it but we may look back on these days as a "Golden Age" in blogging.Governments tend not to like free debate.....maybe we will all get squeezed eventually.
My Full Support To you Sonia.
I am not seeing anything online about Blogger shutting down sites for Mohammed cartoons. Maybe if they depicted bestiality or pedophilia?
Apparently necrophilia is ok.
LOL
Blogger TOS does say they can cancel both the blog & the email.
Sonia,
Almost certainly your first instinct is correct: This is the action of Google.
The term and accusation of ‘hacking’ in cases such as this is thrown around casually by the technically ignorant.
Technology companies like Ebay, Google etc have no stock, essentially all they have is their servers; without them and their security the company is toast. As you might imagine, the security around these servers is phenomenal.
Their sheer complexity of layered perimeter / host hardware and software sets of IPS, DPI, HIPS etc inspection as well as the network security mechanisms such as SPI, ACL’s, TCP/IP filtering, etc is as good as it gets and excludes anything other then a highly organised, highly sophisticated and highly technical attack; even then, with the last serious one against Google (most likely from the Chinese government) only insignificant lines of code were taken, no escalation of privileges took place allowing for control over content.
http://googleblog.blogspot.com/2010/01/new-approach-to-china.html
If someone has that level of knowledge, resources and zero-day exploits stored up they are not going to use to just to take down your blog, I can pretty much guarantee you that.
The only real extremely remote possibility of an attack on your blog being the reason other then Google closing it down rests with web based password cracking tools, and this is not hacking: These tools rely upon either a predefined dictionary attack or a brute force attack and in either case the application, depending on your processor, sends thousands to tens of thousands of permutations across the wire each second and the SPI, IPS and server configurations would reset any connection attempting more then 2 attempts per second.
Previous complaints of this occurring were found to have origins outside Google’s domain; one case I know of involved the blogger logging in from their works network and the credentials being captured / sniffed there, most likely by a dodgy admin, but most other cases arise from people that have or can easily guess the password; people tend to use their Google email address as their point of contact on blogs and this is one half of their credentials; if the password is easily guessed then that is the other half.
But in all reality, this article linked to below pretty much explains what Google have been doing for quite some time and is most likely what has happened to your blog: It is an automated process and can result in removal without warning as per TOS and is heavily linked to porn and perceived spam.
The article contains a link to their appeal system, but you can only use this after you have asked for a review.
http://blogging.nitecruzr.net/2008/02/blogs-are-being-removed-for-just-cause.html
I think that is your best bet and most likely the real occurrence here, and I help this helps you.
Another place worth checking is the known issues report linked to below; it is a long shot but sometimes helps.
http://knownissues.blogspot.com/
The only other thing I can recommend is that if you backed up your blog, you could start again with a similar name space?
CB: I never used Haloscan or any other service than Google/Blogspot.
Quim: Thank you for visiting.
Good point about Blogger guidelines.
Jams: Agree.
Daniel H-G: Read Sentinel's comments. He says hacking is next to impossible.
Pagan: To me they are all the same. I don't have trouble with Blogger.
Tony: Agree.
Sentinel: I think I agree. You seem to have thought more about this subject than others.
Sonia: Most likely all the companies that provide blogging, have similar "terms of service."
I agree with your suspicion, particularly after reading their guidelines.
Read Sentinel's comments.
Forgive me Ren but I never read Sentinel if I can help it.
All I meant by hacking and it is a perfectly acceptable use of the term in this case, is that someone had access to her password and email details.
I wasn't suggesting some huge conspiracy.
And as someone who has had blog posts deleted, Google inform you, so if it was them they would've told her, unless of course Sonia gave no secondary email, then notification would be impossible.
So I'll stick with hacked for now until further evidence comes through.
Sentinel,
Thanks. I think you're exactly right.
----------------------------------
The article contains a link to their appeal system, but you can only use this after you have asked for a review.
-----------------------------------
My case involves the "Blog Removed For TOS Violation" scenario.
Where do I ask for a review in that case ? Do you have a direct link ? None of the links I found mentioned any review...
Sonia
Sonia:
Aside from the possibility of a credential comprise as described above, there is no realistic prospect that your blog has been ‘hacked’ (and password cracking is not hacking anyway.)
Out of interest, have you logged on to your blog at work, an internet café or some other public network? Or is it possible that your password could have been guessed and your email address known?
It’s a remote possibility if so, but Google is where the smart money lies here.
Because your blog has been completely removed you do not have the usual option of accessing your dashboard and requesting a review.
This section gives details of the process:
http://www.google.com/support/forum/p/blogger/thread?tid=1941db2864bd7ca9&hl=en
The only recourse for a review is to use this page to contact them:
http://www.google.com/support/blogger/bin/answer.py?hl=en&answer=87065
And then use the appeal facility directly after:
https://spreadsheets.google.com/viewform?key=pZHHZdeYKeHjcTRpnBYV0Qw&email=true
And then post a (polite!) summary of your plight with your blog URL here, for further Google admin review:
http://www.google.com/support/forum/p/blogger/label?lid=0271191b4249689a&hl=en
Apparently your situation is very common and few people actually receive any notification when this is done via the automated process, but most people receive some feedback when going through the above procedure.
Let us know how you get on.
Renegade Eye:
Glad to help.
IT security is my profession and I know the security employed at Google.
Hacking (which is misnomer, as its malicious counterpart is cracking and uses exploits) is not a viable option in these cases for the reasons listed above; even the latest attempt using (allegedly) a whole governments resources and several zero-day exploits failed to make any inroads.
Hoffman:
Show this lady and the host some respect and don’t start slipping back into your provocations, attacks and negativity here again. I have ignored you and your previous bizarre tactics and foul abuse on this blog not so long back and so have others you abused, and I am more then happy to continue to ignore you altogether. In fact that is exactly what I want, nothing to do with you at all.
I am trying to help this lady with practical information and professional knowledge; if you are really trying to help then don’t just misuse the word ‘hacking’ in such a vague sweep, tell her how it has been done, how she can prove it and how to get her blog back. And moreover tell Google, as they would pay you handsomely for the knowledge that their own expert security teams don’t have and can’t detect.
You could also explain how your completely contradictory statement works in reality:
“Blogger are known to act without warning at times but they always email you with details when they do it.”
But better still just ignore me as I ignore you, show some respect to the host and the others here and keep this blog as clean and civil as it has been for months for now.
Hoffmann has two 'n's at the end for a start but you know that and wow, I leave a couple of short comments and already you go off on one, accusing me of all kinds of things which speak volumes about you but thankfully not me.
You're angling for a fight here, by being a pedant with regards to my description of what Blogger did to me (they pulled the post, and then told me about it the day after) and by trying to make out that hacking is not an appropriate term for trying to gain access to account via the username and password, when it is.
Good grief, get over me.
Hoffmann:
Whatever.
Unfortunate and surreal past experience with you tells me that your provocative barb above is just the start and I want it nipped in the bud here. If you have nothing good to say about me, then say nothing at all. There is no need for you and me to cross paths again. It is the last thing I want. Get over you? I want nothing to do with you whatsoever.
I am a highly qualified professional in the area of IT networking and system engineering and for the past decade I have specialised in IT Security; major companies and GO’s reward me very well to consult for them. I am at the top of my field. I know exactly what I am talking about and I know exactly what I am doing. You don’t. It’s not about you, that’s just how it is.
The article you searched around for as support does not even remotely describe what you think it does, it relates to insecure (plaintext) cookie data transmissions TO gmail servers that can be intercepted en route and turned into a MIM attack known as session hijacking; Google themselves are not being ‘hacked’ much less blogger. This vulnerability occurs during transit in the wild (that is the internet) or through some other public network, like the work scenario I described above, which is why SSL – cipher text - (or really TLS) is strongly recommended. In any case, in IT security terms that is ancient news now.
Anyway, I am not on this thread to educate you, I am here to help Sonia.
We have both had our say now, and I have made it clear I want nothing to do with you personally so there should be no further issues here and this blog should be able be continue in the clean and civil way it has for months now.
I couldn't hear you for you blowing your own trumpet.
Sentinel,
Thank you for the links.
Incidentally, this incident also has repercussions beyond my own blogs. All my previous comments on all blogs (including this one), have disappeared completely.
You can look at Ren's old posts like this one
------------------------http://advant.blogspot.com/2010/03/for-fifth-international.html
-----------------------------
Commenters seem to be arguing with a ghost...
Sonia
Sonia:
You’re welcome; if you need any more help just let me know; these occurrences, I know, can be very frustrating and even feel sinister.
The disappearance of all your comments too is most unusual as even when someone voluntarily pulls the plug on their blog, their comments remain. I think this most defiantly proves that it is Google behind it as they are the only ones who would be able to expunge your blog and your comments so comprehensively.
FJ disappeared recently and I did wonder if he suffered the same fate, but his profile is now active again but showing that it is “not available” which is a user choice, certainly his other blog under that profile is still active and his comments, at least here, are still present.
http://seastorieswithfjandeb.blogspot.com/
I think the only recourse you have now is to go through that process and try and get some feedback, it might well be a genuine mistake, in which case they should restore your blog forthwith.
That forum I linked to is quite a good place to find answers after you have taken the first steps in the procedure as it is monitored by Google admins, and one might well sympathise with your position if you state your case politely.
http://www.google.com/support/forum/p/blogger/label?lid=0271191b4249689a&hl=en
Let us know how you get on with this; I am intrigued now.
Daniel and Sentinel, please fellows, we have something here that concerns us all regardless of outlook on other matters. The disappearance of Sonia's blog is a direct attack on all of us. Lets keep the focus on that.
Well that’s what I have been doing Larry, with some practical help, a little professional insight and an ongoing offer of assistance.
I stayed aloof even after previous events. I let it go. But I made my point in reference to the other business because I recognise the slippery slope and I responded, not initiated. I ignored the second provocation and that seems to be it now, so perhaps its probably best not to recover that ground again and let sleeping dogs lie.
There need be no more to it now.
I was before Sonia's issue came up, going to post about Boobquake. There was protest against Iranian mullahs, blaming earthquakes on women dressing promiscuously. Monday was to be a day worldwide for women to dress sexy.
I think the political diversity of people who follow Sonia's blog, is a statement on its own.
The Mohammed cartoons I believe were posted a few years ago. They would violate Blogspot terms, but I think the problem is elsewhere. I wonder if the nude profile picture is the issue?
Larry G: I agree.
Sentinel: I think the next step, is finding a way for Sonia to make her case to Google.
I looked at that Forum, and it looks good.
Daniel H-G: Your link is interesting. All of Sonia's comments are gone.
Sentinel/Hoffman: Ignore each other in total.
The blog just disappeared. No warning that some terms of service were violated?
If there is some anti-pornography campaign at Google then their idea of pornography is ridiculously restrictive.
Renegade Eye:
I agree; but unfortunately that procedure laid out above is the only recognised form of review / appeal for Google.
The forum can be used after that to try and get someone at Google to personally take ownership, but of course if the proscribed procedure hasn’t been followed then that will be the first thing they instruct.
Ducky’s here:
There is an ongoing process in regards to flagging and / or simply removing blogs associated with pornography and especially perceived spam; it is largely an automated process and does not seem to involved informing the ‘victim.’ I guess the reasoning behind it is that only genuine people would bother to object in any case.
This has more details:
http://blogging.nitecruzr.net/2008/02/blogs-are-being-removed-for-just-cause.html
I'll write more tonight.
Is breaking into Sonia's Google account equal to breaking into Google's business documents?
I doubt if Google protects Sonia's account equal to their business records.
No response from Google is suspicious.
Renegade Eye:
All of their servers for all of the various functions sit in networks that are heavily protected and utilise complex layers of the security technologies I mentioned above.
Its not just Sonia’s account we are talking about as if it is in isolation, it is the whole network and its security that needs to breached first to get these server farms that hold all of these accounts.
There is no realistic chance that anyone has hacked into her account through this security and trust me, if they had, Google would be the first on the case. The various security devices log everything and most especially IPS.
As I said, Ebay, Google etc have no stock, all they have is their servers and their security, and without it they are gone.
Business related data and proprietary / intellectual work would obviously be subjected to additional security measures such as PVLAN etc and be subject to OOB management, but again they sit behind networks like any other segment.
The only realistic prospect that this is not Google’s doing rests on whether Sonia’s credentials have been comprised, having logged in to blogger at work, at an internet café etc and the credentials have been sniffed / captured.
But even this is unlikely in such public networks and almost impossible in the wild as blogger now utilises SSL (TLS) – cipher text - encryption for logins and interactive data transmission: If you look at your address bar at the blogger login page or at the ‘post a comment’ page you will see https:// with the ‘s’ denoting secure over the standard http://
One way around this is to use keyloggers on a public network machine, and that would get around the SSL security because the credential is taken at input; work computers would almost certainly be protected from software keyloggers as part of its anti-viral and content security measures but internet cafes are not renowned for such flourishes.
It is also possible that Sonia’s home PC has been infected and may contain spyware such as keyloggers, an AV and spyware scan should pick this up.
There is no protection against hardware key loggers, but this would only be a concern outside your home.
So besides these issues, the only other realistic option is that someone has been able to get hold of her credentials because they knew it, physically (it was written down) or by guessing it – and statically all these would be someone she knows.
But even if this happened and the perpetrator deleted the blog, how would they be able to delete all of her comments, everywhere else and over 5 years along with it too? Only Google really have the ability to do that.
If you read some of the reports in a couple of the links I posted above, a lot of people have found themselves in this situation and are frantic to find out what has happened because they have received no information from Google. On later replies in the threads almost all of them find out after due process that some TOS violation had been alleged.
The only other long shot is that this is a technical issue, a bug, affecting some accounts and that is why I linked to the known issues site above:
http://knownissues.blogspot.com/
But all in all, Google have no legal worries about just removing the blog without notification or warning as it is part of the TOS, and the automated crawlers that trawl for violations make mistakes all of the time.
Her only option is to go through the procedure laid out and linked to above and find out direct from Google what has happened.
This will not be fast, they say to wait at least 72 hours after submitting a review request, but after going through the mandatory steps she can then start posting on the various Google admin monitored forums trying to get someone to take ownership.
Sonia,
Sorry to hear about your blog being deleted/censored or whatever. The thought of this happening to any blogger sends a chill up my spine.
I quickly checked back and still found a comment you left on my site back in Jan, 2007 should it be any help in your efforts to get to the bottom of this predicament.
Sounds like the Sentinel has the technical expertise to be of the most help.
Ducky: There are several pornographic blogs on Blogspot. They require being over 18 years old to login.
Roman: I think we all have memories of great discussions/fights at Sonia's blog.
I was never once personally attacked by her, in all the debates.
Sentinel: Hopefully there is something in this thread, that will help resolve the issue.
Thanks for the tell off Larry...
PS:
My mate Dave turned me on tothis.
Hopefully Sonia will reappear in a blog in some form.
Bad news about Sonia - an occasional pleasure...
Renegade - Did you know there was an earthquake on Boobquake Day? In Taiwan and 6.9 on the Richter Scale.
QED!
Ren.
---------------------
Hopefully Sonia will reappear in a blog in some form.
----------------------
Not unless I find out what actually happened. (Still no response, not even automated one).
If it was a mistake, I will return to Blogger. If I actually violated Blogger's censorship rules, I will try to find another host without any censorship rules.
Until now, I was under the impression that Blogger was the most permissive blog host. If there is a more permissive blog host elsewhere, I will go there. If there isn't, I am done with blogging.
Sonia
Sonia:
Still no news then. Those forums do indicate that they are not the fastest outfit to respond.
I can only recommend that you keep posting questions on that forum if you have followed the mandatory steps until someone answers you.
Good luck!
Blogger and in turn Google are notoriously bad at getting in touch with people regarding their queries.
Excellent piece on that here.
Sonia: There is no blogging service with zero censorship. Blogspot has dozens of X-rated blogs.
Both Sentinel and Daniel agree that Google is bad for answering complaints. I think both Sentinel and Daniel, make a good case either for hacking or a Google action.
The article says it'll take about 3 months for Google to reply.
Contributing to this blog is always open.
White Rabbit: I told some of the organizers of Boobquake about your comment. Luckily AssShake wasn't called.
Daniel H-G: You'd think customer service would be part of Google.
Sentinel: I agree.
I am back!!!
My account has been restored and my blogs as well.
Thanks to everyone for their support.
I got this message from Google:
Hello,
Thank you for your report.
We apologize for any inconvenience you may have experienced. The issue you
described should now be resolved.
If you are still having trouble accessing your account and you still have
access to the email address you used to create your account, please reset
your password by visiting https://www.google.com/accounts/ForgotPasswd. If
you aren't receiving the password-assistance email, please check your
inbox for an email from accounts-noreply@google.com.
If you don't have access to the primary email address on the account or
have forgotten the answer to your security question, please fill out the
form at http://www.google.com/support/accounts/bin/request.py?ara=1
Sincerely,
The Google Team
Hey Sonia:
That’s great news; well done and I am glad your persistence paid off.
So it was Google behind it as I strongly suspected; like I said, the chances that Google had been hacked to get to your account were naught and the credential replay vulnerabilities are not hacking, and, whilst not impossible, fairly unlikely these days too.
But their message is none too descriptive as to why they removed your blog; I strongly suspect it was the ‘compliance crawlers.’
Just out of interest, did your old comments come back after your blog was restored too?
Anyhow, once again, glad to hear your issue is resolved to satisfaction.
Good! Glad you are back, Sonia. Hope it doesn't happen again.
Sentinel,
Yes, the comments are back as well.
Thanks for satisfying my curiosity Sonia. That part was pretty much the confirmation for me that this had to be the work of Google.
Good luck.
Welcome back, at least you weren't a victim ofone of the 32 million password hacks that occurred in 2009 alone...
Sonia:
A bit more advice for you: I would most certainly keep your google account parameters the same (pretty much just the same email address mapped to the blog) because the ‘compliance crawlers’ work on a server / client basis and as Google have already restored your blog it should be safe to assume that your account has been configured as an exception.
But I really wouldn’t worry about password “hacking” Sonia, as I explained in detail above, even if the credentials were sniffed over the wire on a public network (which is very difficult in a switched network anyway and would usually only be possible with a rogue admin using a SPAN port) or over the internet the data is encrypted with TLS and useless; the MIM replay attacks are thwarted by salt sequencing; Google’s security infrastructure is second to none and has multilayered complex inspections, and as long as you have up-to-date AV and Malware software running on every PC you use the chances of a keylogger working are extremely slim, and of course you must use a complex password hard which is hard to guess.
Once again, the article searched for above does not even remotely relate to what the poster thinks it does.
It relates to 32+ million passwords obtained in one single attack incident and was not even remotely related to any “password hack” but in fact due to a SQL injection attack against a company (RockYou) that clearly didn’t have any real security professionals working for them as SQL injection attacks are easily mitigated against at the code level, at the L7 inspection level and through the inline IPS inspection traffic flow and even to some degree by simply by placing the table servers at the backend.
Essentially unbound SQL databases can be ‘injected’ with command coding that should never be allowed in data entry fields and can result in arbitrary actions, but skilled crackers can direct the actions they want with the dumping of the content of the tables being the ultimate prize.
That is what that article relates to: These crackers found front end SQL servers with complete tables and unbound coding on data entry fields and they comprised the whole system and dumped the tables which happened to be passwords stored, even more unbelievably, in plain text!
There is a around a chance in a billion of this happening to Google and no chance at all of it happening to you so there is absolutely nothing to worry about on this score.
But if you ever have any more security concerns feel free to ask me, it is always best to seek advice from a qualified professional who knows what they are talking about.
Oh and one more thing Sonia: at least your email wasn't hacked like Sarah Palin's.
Sonia:
I wouldn’t worry about another searched for article that once again doesn’t even remotely mean what the poster thinks it does and it doesn’t even remotely relate to any “hacking” at all.
What happened to Palin was quite simple: She had personal details configured as her email security questions and she had those personal details publicly accessible on the internet (her status and fame made them easier to find then most.)
22 year old David Kernell accessed the Yahoo mail site, entered Palin’s email address and requested a password reset. When the security questions came up, he answered them with the information he had obtained online and in he went. Simple. Still works today.
It has nothing to do with hacking though.
So my offer still stands, if you ever have any more security concerns feel free to ask me, it is always best to seek advice from a qualified professional who knows what they are talking about; ignorance is a very dangerous thing when it comes to something as complex as IT security.
Sonia...yes Sonia, they even have email hacking in Borneo! Who would've thunk it?
Sonia:
As I say I really wouldn’t worry at all about “password hacking” stories that are nothing of the sort and now “email hacking” stories that again are nothing of the sort.
Having quite easily explained that neither of those examples are hacking and neither can affect you in any case this latest bizarre google search result is more of the same.
If the poster had even the slightest idea of what any of this means or what he was talking about rather then frantically googling and posting anything with the erroneous term “hacking” in it to prove that, unsurprisingly, he doesn’t know the first thing about the field of IT security at all because he is not even slightly trained or qualified in the area, he would know this story relates straight back to the password reset sloppy design fault above – which is not hacking in the remotest – and that the old school HELO attacks are pretty much gone now with ESMTP and L7 FW inspection.
Why the poster keeps trying to prove he is right when he has been proven wrong time after time is beyond me, and it is quite frankly bizarre and petty in the extreme, especially as we all know now that, in complete contrast to the posters earlier 'advice', Google were in fact behind it.
But what is even more bizarre and petty is the poster seems determined to scare you with stories about things he doesn’t understand and don’t apply to you.
So my advice remains the same: You have nothing at all to worry about from these odd offerings and if you need any real professional advice then feel free to ask me; meanwhile ignore any frantically google searched stories that are not even remotely about hacking, do not affect you in any way but no doubt will keep coming with petty ignorance.
Is argument by proxy the same as Munchausens by Proxy?
Answers on a post card...
confronting the same issues of government secrecy and official deception today
office space Glasgow
Post a Comment