Monthly Archives: December 2010

It’s official: anyone can crack GSM encryption

Posted on by

Using four feature phones and a computer, a pair of researchers demonstrated that it is possible to sniff and decrypt a session across a GSM network in as little as a few minutes. The researchers used a custom firmware loaded onto the phones which act as network sniffers, with the decryption done on a computer, after the packets were sent via USB connection.

The implication of this is quite significant, as it means that GSM eavesdropping is now possible with commodity hardware that does not cost five figures in US Dollars. Anyone with access to the right software and the right phone hardware could decrypt any conversations or SMS across a GSM network.

This process has been made somewhat easier by the tendencies of mobile phone networks to send voice and SMS traffic to the old GSM network while reserving UMTS for data use only. On top of that, the researchers revealed that often the same key is used across multiple sessions, which means that once the encryption of a particular session has been cracked, the same key can be used in the next few sessions without having to decrypt a new one.

Read the original article at arstechnica for more details

Experience using Logitech Harmony 300

Posted on by

Scenario: I bought a Logitech Harmony 300 programmable universal remote as a christmas gift for $28.95 from Officeworks. Due to the recipients of the gift being non-technical people, I had to set up the gift myself to work with the various devices they have in their living room.

Experience: After getting the remote out of its box, I briefly read the manual. I honestly first thought that I could find a way to add the devices to the remote using the computer by visiting the Logitech website. After poking around for around 5-10 minutes, I failed to find any mention of where you should go to carry out the setup procedure. In the end, I noticed that the manual said that you have to visit a website with the address myharmony.com

After going to the site, I was greeted with an account setup screen. I filled in all the necessary details (email, password, etc, etc) and then I clicked next. After the account creation step was successful, I was told that the setup procedure would only work through Safari 3 or Firefox on OS X.

I felt that this part was a bit of a let down, since I had come to the site using Google Chrome browser and  was not warned of any impending doom until after I clicked next in the setup procedure. This meant that I had to launch Firefox (I prefer Firefox to Safari) and login again before being able to continue. It is a minor issue, but I feel that a company such as Logitech should try to make the experience as smooth as possible even for non-technical users. Telling a user that the browser being used is not compatible is not necessarily bad, but letting them know after the process had begun (in this case in the third step), is a little annoying and confusing. I would have preferred to be told in the very first step that the browser I was using was incompatible.

Despite the little hiccup, the process as a whole was quite smooth and orderly. You put the batteries in the remote and then you plug it into the computer’s USB port when prompted during the setup process. Once the software can see the remote, it then prompts you to add devices. I added the following devices to the remote:

  1. Sharp Aquos LC-37D85X Television
  2. Rowa RDV650 DVD player
  3. Samsung DVD-R155 DVD recorder.

After the setup process finished, the remote seemed to work just fine with all three devices.

Verdict: I would recommend this device to others, even though the Harmony 300 is limited to only 4 devices (reasonable for most homes). The setup is quite quick and straightforward and the software used in the setup is quite intuitive.

What’s in the box: 2 AA batteries, remote, manual, warranty card, USB cable.

Merry Christmas people.

Who’s gonna step up into Craigslist shoes?

Posted on by

The shutting down of Craigslists adult services on a global scale has been applauded by some as a victory against the exploitation of women and children. While on the surface it seems like a victory, it could be just a hollow victory.

The move by Craigslists to shut down its adult services section came about after a few years of being hounded by various Attorney Generals in different states in the US. Many accusations of “enabling prostitution” have been leveled against the site, despite its taking certain measures to properly identify advertisers to make sure that there was no crime being committed through the use of the site.

The shut down of the Craigslists adult services section will mean that the advertisers will go somewhere else. There is no shortage of internet entrepreneurs out there who will be willing to take some dollars to advertise adult services. It should also be noted that the shutting down of an adult services section of a website does not in anyway bear any relationship to the exploitation of women and children, because the exploitation of women and children is not caused by Craigslists.

The dilemma of password security

Posted on by

This is a topic that has been written about many times before, but so far there is no good replacement that I have seen, other than oauth. Password security has been proven to be the weakest link in many organisations’ security schema.

The recent case of security breach at Gawker Media is a case in point. It proves that passwords get reused for other websites in quite a few cases and that people often choose really obvious and weak passwords.

However, until there is a replacement, the best case scenario is to use a strong password, but strong passwords are hard to remember. If one has a different password for every site that requires registration, then each person would have quite a few complex passwords to remember. This is why people choose weak passwords and reuse passwords across sites.

I guess rule number one is to not use your banking password for anything else. So, in a sense, one can have multiple tiers of security depending on the importance of the sites. This, however, is quite tricky to define since people place different levels of importance to different sites.

Let us hope that there is a new scheme around the corner to allow for better security all around.

Kodak online photo display patent, is it obvious?

Posted on by

In the age of software patent and patent for just about everything else to do with technology, Kodak has launched a patent lawsuit against Shutterfly. Shutterfly have fought back with counter claims, but this means that, if validated, the patent could have very wide ramifications for Flickr and other photo sharing sites such as Google’s Picasa.

What it means is that essentially anyone who publishes photos online could be infringing Kodak’s patents. This situation is just untenable for a lot of the smaller site operators, but for the bigger companies such as Yahoo!, which owns Flickr.com and Google, which owns Picasa, they are more likely to challenge such a lawsuit and seek to invalidate the patent, which is one of a claimed 400 related patents that Kodak has in its portfolio.

Let us hope that all parties can see some sense in the end.

When facilities are operated as a business…

Posted on by

Heathrow airport, as it has emerged, refused offers of outside help from the airline operators to clear snow from the stands. It also emerged that it has fewer snow ploughs than Gatwick airport, which is half the size of Heathrow. Gatwick possesses 12 snow ploughs while Heathrow only has 10.

It seems ‘efficiency’ means running things down and making a profit without investing in infrastructure. This is the way of the future as privatised airports are now the norm.

Low spam count

Posted on by

I have noticed that in the time I have had WordPress 3.0 installed, the volume of comment spam has dwindled quite significantly. It seems that the use of captcha and a few other plugins has somehow reduced the amount of spam hits that the site gets. Although according to analytics I still have visitors from Argentina (?)

The life of a hard drive

Posted on by

In 1997, I purchased a computer system with a Pentium II 300 processor. At that time, I remember that this computer ate all my savings and I was a poor university student. Inside the box, was 64MB of RAM and a 4.3GB HDD made by Seagate. Thinking about it now, I thought that a 4.3GB hard drive was quite large. Also, with the computer, I bought an Iomega ZIP drive which connected through the printer port.

When I had moved up to a better machine later, I turned the PII 300 machine into a server. I installed Mandrake 8.0 on it and it became my internet gateway/mail server/web server in one box. It served me faithfully for quite a few years without complaint from the machine or me.

Eventually, the motherboard died and I decided to throw the whole lot out, except for the Hard Drive. I was then given a PII 450 from a friend who had just purchased a new machine (it’s funny how people will give you computers once you own one, but not if you have no computers). I installed Mandrake 9.0, Qmail and Shorewall on this machine and it ran on the old Seagate HDD.

The same server configuration ran for many years up until last month when I decided to get a new greener box, which resulted in an Atom box running a flavor of Debian. So the same Seagate 4.3 HDD has been with me since 1997 and still working perfectly well.

Assange case file leaks to the press

Posted on by

In what is widely believed to be a deliberate move to undermine Mr Assange’s defence case, the details of police allegations by the Swedish authorities have been leaked to the Guardian, an English newspaper. While some newspaper articles have implied that he deserves to be treated this way because he has leaked secret documents online, what is at stake here is the whole issue of journalistic freedom. Isn’t the job of newspapers to publish leaks?

If a journalist can be held as a criminal on some loose allegations made by people of dubious reputations, then the whole of newspaper business, or what we know as the press, should only be able to publish what has been vetted by the government as legal. As the case with Australia, the government has just been briefed by the Australian Federal Police that mr Assange and Wikileaks has not actually broken any laws.

The very newspapers that have been cooperating with Wikileaks in publishing the leaked documents are now getting cold feet and pretend that they have played no role in the distribution of what might actually be the truth for a change.

Avoiding conflict between jQuery and Spry frameworks

Posted on by

I spent all day working on a site design and I came across a particularly annoying situation which made me take a break and a deep breath. In the design, I am using  jQuery to perform some JavaScript tasks like rounding off corners of divs, etc and Spry to format menus and to create accordions, etc.

I know that it might be a good idea to do all the tasks using  jQuery, but due to the tight deadline I did not want to have to learn anything new. I remember doing this successfully in another design that I did almost a year ago, so off I went to my project archives.

As it turned out, I found that the best way to do it is the one discussed in this article. Basically, you can override the $ function and replace it with “jQuery” or you can reassign jQuery to a variable as in var $t = jQuery.noConflict(); and then call the variable in the function, such as “$j(document).ready(function(){…”.

Hope you will have better luck than me.