2377 posts • joined 17 Apr 2007
Words are cheap.
“The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”
I would say that events suggest the security system wasn't that sophisticated at all!
The fact it took Sony several days work out exactly what was accessed says a lot for the capabilities of their intrusion detection system and auditing, assuming they have either of course. Unless the few days delay was due to them hoping the story would just go away on its own.
It's actually worse than that. Most routers in the UK seem to turn up with a preconfigured wireless password, which is a step on from the always supplied open situation of the past.
Unfortunately some manufacturers set the password to one which can be deduced from the MAC address!
There's an app on Android called penetrate (cue 12 year old snigger) which knows these routers and preset password algorithms. It's quite worrying to walk about with it running and see the known ones pop up one by one. From my short test, it's above 1 in 20.
Interesting maths... Ignoring that only a fraction of the video frames are complete images, and most are actually transitional frames stored as differences to a complete reference frame, 60 seconds at 30 frames per second is 1800 images. So they could have hyped it far more.
I guess you don't have the Daily Mail in the USA to push this kind of mathematical correction!
Bad news. Your connection could be breached within minutes.
Hiding the ID doesn't make your network invisible, it just means the ID has to be provided by the connecting party as another form of confirmation. The trouble is if you are using your wireless network, that "secret" ID is whizzing about in the airwaves all the time in the packets... And your packet are only encrypted with WEP.
WEP can be broken very quickly. Once the key has been extracted the next packet that comes past with the ID in it will be broken, and there is the ID, and a MAC address which you allow.
It will stop someone accidentally using your network, but to anyone who *really* wants to use it anything not secured by WPA2 is as good as open.
I wonder how things would go in the UK with BT's home supplied routers which act as FON hotspots for anyone with an account. I don't know, as I don't have either the AP or an account, but I hope for the broadband customers sake that BT can and do log access made via these hotspots.
Yes, you are quite correct sir... I should stop posting at 4am!
For passwords to be stolen, Sony must be storing them, which in security terms is a total fail.
Sony, you *never* store a password, you store a hash of the password, preferably from a known and trusted algorithm which you initially seed with a secret phrase to prevent those pesky rainbow lists from allowing a reverse.
Don't worry, they said the tracking fix will be bundled in with the scheduled alarm fix.
This calls for my bestest impression
...Never, in the field of modern communications, have so many news stories been posted about so little of interest to so few!
Given Nokia's recent behaviour I think you could leave it a few months and pick up an N900 for under £100, assuming you can't already!
But there is a gaping void between quantity and quality in the world of cameras. You can easily see the difference between a smart phone photograph and one taken with a "real" camera. Sharpness, white balance, dynamic range are just a few things that will betray a phone. It gets even worse when the light starts to drop. It's a pity Nokia's play with a xenon flash equipped phone didn't catch on, that was quite impressive.
Facebook is full of "taken with my iphone" pictures, and I have to wonder why they feel the need to put that tag on, even Stevie Wonder can spot the iphone shots! At least now they have a pseudo-flash the number of daylight silhouette shots might reduce a bit!
For my part, despite owning a Nikon D300, I do still use my phone camera sometimes. It's convenient and I think that is probably why there are so many phone camera shots appearing. You can take a picture, press an icon and beam it straight up onto flickr/facebook etc before you even get home.You nearly always have it with you if something happens worth shooting (however badly). It's also far safer to have a phone in your pocket when doing various activities such as snowboarding and motorcycling than a Nikon DSLR being smashed into your ribs if it all goes a bit wrong!
Hand held games consoles on the other hand have very little to offer which a mobile phone cannot. The phone actually has the advantage of connectivity, and the games are somewhat cheaper! The saving grace for the console is probably battery life, and the fact that you can use it until the battery is flat without leaving yourself with no phone, mp3 player and camera.
@Dave 126 - I don't know what generation you are, but I haven't worn a watch for over 10 years since the last one clapped out and died.
Yup, you're reading the register. Did you really expect everything in the comments to be serious? Come on, REALLY!
I could tell you my IP... but then I reboot the router and I get a different one :-)
To be honest I think the attack possibilities of knowing an IP far exceed those of knowing the approximate location of a wifi MAC. For a start, anyone more that a few miles away isn't going to bother driving round to your house to attempt to exploit the wifi.
Knowing the IP that someone is using allows you to "have a go" from anywhere on the planet. Knowing who the person is gives you a good leg up on the social engineering side of hacking. I'm lucky that my name is only slightly more unique than John Smith, so even assuming I had a public facebook page, you'd still be pulling up 500+ matches in London alone. That does still leave you with the chance my router is set for remote admin, and the password is steverocks...
So on that note I'm going to go change my password :o)
Oooh, what are the odds on that!
Well you do spell "neighbours" correctly, so there's a distinct possibility!
It's a bank holiday, first round is on you!
@Ian Michael Gumby
I'm in the UK.
I agree that accessing a wifi point, and actually using it as is the case with your countryman and the coffee shop would be illegal here too (I think!). Although depending on the situation (i.e. accidentally accessing the neighbours open wifi) you could probably get away with it... Not so much if you have driven round and parked to "borrow" some bandwidth though, shows intent.
Kinda odd really, as in England, the physical trespass laws are such that if you leave the front door open, and somebody walks in, they aren't actually committing a criminal offense.
Anyway, the difference here is that the content of the message isn't been recorded, the MAC is in the header, and the connection being offered isn't actually being used or exploited.
After all, every wifi client device in existence that spits up a list of available access points, both encrypted and open when you say "scan for wireless access point" is reading and displaying exactly the same data which google is listening out for.
Maybe the fact it is recorded/logged might make a difference in the eyes of the law.
BTW, many years ago the cops tried to make speed camera detectors illegal over here by saying it was listening to police broadcasts. One of the manufacturers successfully defended their position by saying it wasn't allowing the owner to listen to a police broadcast, it was merely indicating the presence of one. IIRC the cops then changed tack and went at it from a "obstructing the course of justice"... sneaky so and sos.
At least this data really is useful for using wifi points for A-GPS, and yes, the Android phone does ask for your agreement if you enable the wifi location options... Only problem is IIRC, this was enabled by default when I got mine, so I didn't ever see the box to agree to!
Oh well, at least it can be turned off easily.
So compared to the iphone tracking the data does actually have a proper use, and you can turn it off with a check box... So not quite as evil as apple, but still sneaky.
Now if you don't mind I've got to go change the MAC on my AP.
@By their own admission
What country are you in? Is war driving illegal?
Breaking the WEP/WPA and accessing the network would be illegal under hacking laws. Accessing an open AP is a bit greyer depending on your country, but just detecting the existence of a wireless point is simply listening what it is publicly broadcasting.
Re: Yes I know that...
Nothing wrong with that... The order is fine.
It's a repeating cycle, you just started off 180 degrees in.
There is a bit of a difference in being able to ask a phone to remotely tell you of its location when it has been lost/stolen (as is done with MobileMe on the iphone and countless applications on Android including "Where's My droid" and "Lookout") and having a device "pre-emptively" recording your every move and recording it for month after month without any permission requested or granted!
Would you say "OK" to an a new application that said it would record all your movements and store them in an unencrypted file when you backup? I certainly wouldn't.
Whilst there are reasons to need to know the current location, there are no reasons I can see that would require this to be stored in a historical log. I'm sure the security services could find lots of reasons this is a good idea, but then they aren't interested in your privacy.
It does sound like a bit of debugging code which has been left in, but whatever the reason, it's not a nice discovery.
All you've got to do is find another C7 owner?
,,,"Yeah, it's not perfect"...
Blasphemy! Burn him!
Enough of this megapixel willy waving! 5mp is enough!
On a sensor the size of hanging chad, squeezing 12mp onto it is insanity! The more photo-sites you cram into that little space, the more photons you need to "see" the image. Sure technology is improving, and sensitivity is increasing, but not that fast! My *real* DSLR with it's comparatively huge sensor is *only* 12 megapixels, and even with an f/1.4 lens it can get challenging in low light, but at least I have the option of deploying a real big flash.
Phone cameras are fine in sunlight, but as soon as night falls, or people move inside, the little LED flashes just can't provide enough illumination to maintain a fast enough shutter speed, or keep the amplification applied to the sensor (which increases the noise) to a reasonable level.
Can we look forward to some nice clear and stable "posted from my iphone" images on facebook please? Because at the moment most of the ones taken at night look as blurred and drunk as most of the people in the picture!
Re: 3.5", 4" yaddy yaddah
The flip size of the coin is that us with sausage fingers don't get on with small screens. My fingers obscure an area 4 letters wide on most touch keyboards!
I used to get on well with the very unfashionable resistive screens because I could tap with my finger nails, unfortunately now I have a capacitive touch screen, my typing speed has certainly slowed down. It doesn't help that tip of my fingers appear to be too tough and leathery for them to be detected on most phones and I have to tilt them a bit. HTC Desire HD seems to be the only one I've tried that recognises my fingers straight on. Unfortunately the HD isn't mine, it belong to my girlfriend who loves having the big screen, it's probably something to do with Angry Birds!
On the subject of the iphones, this is somewhere Apple's single model plan does fall over. Sure it does make for a simple upgrade path (assuming you follow the "way"), but it does means that if your hands aren't the apple definition of "standard", you've either going to find the device too big, or too small.
Maybe they should errr on the side of smaller, I can't imagine any guys needing to hold a phone on a call for an hour!
Unencrypted, badly set permissions, predictable location...
Not good... At least they managed to send an email out...
Thank you for downloading and using the Skype for Android software. Unfortunately, it has come to our attention that if you were to install a malicious third-party application onto your Android device, it could access the locally stored Skype for Android files. These files include cached profile information and your instant message chat history.
We take our users’ privacy very seriously and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application. This update will be available shortly and as always we urge you to install updates to benefit from our continuous fixes and improvements.
Until the update is released, to protect your personal information, we advise that you as always take care when selecting which applications to download and install onto your device from the Android Marketplace.
For more information see our Security Blog at blogs.skype.com/security or our security section at skype.com/security.
Re: Is it just me...
I wouldn't call unlocking an iphone easy.
Why haven't they made it 100% impossible? Well I think they might have tried, but remember we are talking about a company who can't make a scheduled alarm ring at the correct when daylight saving changes, and has tried to fix that several times without 100% success!
I can't ever imagine Apple releasing their control over the phone, and until people can install whatever application they like, be it animated boobies or whatever, there will always be a market for jail breaking techniques.
@A/C 12:16 GMT
Yes, the USB electronics only implement the very basics, the CPU is used to do all the hard work.
Firewire on the other hand is far kinder on the CPU and handles far more itself in the interface.
If you have a little Atom powered netbook or nettop, try copying a file on a USB stick back to the same drive, and watch the task manager CPU usage.
Viruses did exist before the internet, they just spread more slowly on infected floppy boot sectors and couldn't create spam email. They did however destroy local data and do "fun" things like make all the letters fall down the screen.
If you want to run a machine without AV then you'd better hope the machine has no network connection or *any* removable storage support.
If you want to try a honeypot, simply connect a windows 95 machine to the internet via a USB router. I'll be amazed if it has lasted the day before is turns belly up under the weight of infections.
IIRC one of the techie sites did this a few years ago and had to unplug it after 45 minutes!
@It's an appliance, yes...
Indeed. A car is also a consumer device, and if you operate ones of those like a complete muppet they will take away your right to use one.
The legal mine field...
Yup, you got it. Sending a command to something which is already on the machine and telling it to "stop" is one thing, actually installing or uninstalling something starts to fall fowl of various computer misuse laws.
Then again, the machine is already infected, so how the end user would know that he should blame the feds for his now dead PC is a good question... If he wasn't clued up enough to install antivirus in the first place, nor to notice his router or network icon blinking away excessively then I vote the feds keep quiet and just issue the format command...
Or maybe just set up a persistent route for everything back to 127.0.0.1, then hopefully Jim-Bob would call someone in to fix his errant machine.
Logging the IPs and working with ISPs to inform the end user...
Impressive if it works... I tried that once. I was getting several thousand emails from one IP every day. I contacted the ISP and it stopped. I was impressed. A month later it started again. Same IP, so the user had obviously learnt very little. I contacted the ISP again, nothing happened, the spam continued.
The IP is still blocked on my email server. Glad it was fixed and not dynamic!
I think MS should be made to force an update onto PCs which works like the browser choice app, but gives a choice of antivirus.
It's amazing to think how close the music industry have got (or are getting) to getting laws introduced which can have you disconnected from the internet, yet infected PCs which cause problems for far more people are just left to spew their infections penis and enlargement emails unchecked.
I'm sure if they introduced a 3 strikes and you're off the net until you complete a PC driving licence course would be far more widely supported.
Oh damn, I hope I haven't just given HMgovt a way to spin the music industries plans onto us under the guise of internet health.
From a technical point of view it's a great hack.
From a political/legal point of view, ummm, I'm not going to even go there!
So I shall raise a pint to their technical abilities, and audacity.
Yes, but the breaking relies on exploring a flaw in an older bootloader. To do a Desire Z or HD today you'd first have to downgrade the firmware to one with the bug, then exploit it and get S-OFF.
If the new phones don't have the flaw, there isn't an older version of firmware for them with the flaw to roll back to, it's going to make things a little tricky!
Re: Way to win a debate!
My point was purely that the iphone1 cannot be described as being five years ahead of its time in 2007. Although it's very possible Nokia won't have anything to beat it in 2012!
So you are going to have to forgive me for arguing over the time scale, because that was my point!
SMS is far more widely used for phone to phone communication outside of America than email, the reason mobile email got a hold in the USA is because the US networks couldn't sort out their interconnects to deliver messages between networks. So not being able to send a group text message was quite a source of amusement to us non-Americans when the iphone1 appeared.
I'll freely admit that the iphone did give the other manufacturer a good kick up the arse, the user interface is nice. Unfortunately Nokia were still sitting in the meeting when the kick arrived and it just made them fall off the chair, banging their head on the edge of the table on the way down.
So thank you Apple for causing the Android smartphone sitting on my desk to come into existence.
Feel better now?
I make no apology for being a chin stroking techie, but the iphone1 was lacking more than just a "bleedin'" SD card slot.
It was little more than an ipod touch with a phone slapped on, and it was a phone design they based on the US market only, which is why they didn't notice the rest of the world was already moving onto 3G, cameras and used SMS extensively.
Please at least pretend to read the original post my reply was addressed to. Why did I dig out a "5" year phone for comparison? Because the OP said (or repeated a quote) that the iPhone1 (please note, iPhone ONE) was five years ahead of its time. So a logical comparison would be against a competitor at the time.
Maybe you would prefer I compare the iphone1 against something from five years after its release which will be something next year...?
So anyone claiming the iphone1 was five years ahead of anything at the time is at best a troll, at worst mentally deluded.
The N95's biggest issue was that carriers were allowed to customise and often prevent firmware updates. Best thing I ever did to mine was to change it to a generic Euro model. They nailed a lot of the bug within a few months, something which they never managed with the N97
N97, oh god yes, what a pile of poo. Had one of them. Nokia made a royal mess of trying to put touch onto Symbian. Only phone I have replaced outside of a contract just to get away from it. The old N95 remains my "just works" backup phone. The N97 is in a draw.
Very true, dominating the digital "walkman" market, and then grafting a phone onto it was a smart sideways move. It avoided trying to go head to head with the big phone manufacturers right from the word go. Build up your customer base in the mp3 player market, then offer them an ipod with a built in phone.
In summary, I wasn't saying the N95 was better or worse than the iphone1. I was just comparing two phones of the same era to counter the claim that the iphone1 was 5 years ahead of its time. If the iphone1 was truly 5 years ahead there should be a gaping chasm between them. There isn't.
Technically the N95 was ahead with a better camera, real 3G video calling, true multitasking, copy/paste, 3G support, full support for the GPRS messaging specification, battery life etc etc.
The iphone wins on the user interface which it brought from it's father the ipod touch, but as a phone it was lacking some pretty basic features, and lets not forget, it was supposed to be a phone!
Sorry? Are you saying the iphone1 was 5 years ahead of its time?
Oh go on then, I'll feed ya!
This would be the iphone1 that didn't do 3G, multitasking (of any style), couldn't do MMS messages, couldn't do group SMS and had a tiny camera with no flash?!
It could barely be called a phone given it's poor support for the standards. It would have been better to call it an iPod chat.
All it had was a pretty UI and a touch screen... It was a retarded beauty queen... All very pretty to look at, but don't expect it to be able to do much more.
In 2007 I had a Nokia N95, sure, no touch screen, but real multitasking, hot-swappable MicroSD storage, built in RDS radio, 3G, video calling with front and rear cameras (5meg with flash on the back) and it supported all the mobile messaging standard correctly etc etc etc.
Next you'll be saying the "Terrorists" now in Afghanistan used to be "Freedom fighters against the Soviet aggressor" supplied and trained by the USA.
Sorry, what was that?
Re: Gas or powder?
Indeed... For the tank to be damaged it would either have to had the explosion occur inside it, or it would have had to be subjected to prolonged heat. Neither happened here, but a leak of gas into the building sounds good to me.
What ignited it is a good question, but congratulations on getting the mixture spot on! Approx 15:1 of C3H8 in a shed that size... Gonna be impressive!
Re: The thing is ...
Should Red Dwarf make another season...
There are two reasons why they should not do that...
1) They lost their way after season 6
2) They lost their way after season 6
I thought it was such an important point it deserved mentioning twice.
Oh, and no more canned laughter, it's not big, and it's not clever!
Startup time - thwarp!
Fighting for startup times are really pointless. So much of what we do is done via a webbrowser that I doubt most of us start the browser more than a couple of times a day. The rest of the time it's either populated with tabs and in use, or minimised/hidden behind other windows ready to be used at any point. No browser will start fast enough to challenge pulling an existing browser into the foreground.
I'm sure it's just for a bit of willy waving in an advert they have already got ready to publish.
My FF stays open for days on end. My machine gets put to sleep/hibernated at night, and resumed in the morning. The only time I restart the browser, apart from M$ patch reboots, is when it's leaked so much it's eaten too much RAM and slowed my machine up.
Even if I did start the browser multiple times a day, the alleged few seconds extra is more than outweighed by the faster page loading you get from having the ads removed.
Maybe Mozilla should target code which causes the browser to eat resources and other things which continually impact the browser usage during the course of a day, and not just a few seconds at start up?
Re: Thank you, from all...
I'll drink to that.
Re: Fake flash
Thanks for the link... Makes me think again at HTC's immediate response to a bug report I filed... I know the bug I filed is a well known one with Android, I just wanted to increase the volume of complaints so it gets fixed, but HTC's first reaction was "Have you got another MicroSD card you can try?"
"No" I reply
"Oh, can I take your address and we'll send you a replacement"...
I'm still waiting for it to arrive, but it does make me think twice about my initial "Wow, what service" reaction... Maybe "Hmmm, been cutting corners eh?" would be more apt.
Oh well, the MicroSD I have is actually fine, I've checked it, it is 8gig. Can't wait to poke about the replacement though.
Re: We might be able to beat that
Ditto. My BBC Micro was bought as a model A with 32k (because the B was in short supply at launch), still works, although I did replace the original linear PSU about 20 years ago when a nice switch mode crossed my path.
Somewhere I have some disks for the viglen 40/80 switchable 5.25 floppy drive.
Amongst the collection of ancient technology I also have two Einsteins, but unfortunately no floppies for them... Stupid 3" non-standards! Grrr! They were a rescue out of curiosity, so I have no idea if they even work!
Now you say that, you've reminded me of the vectrex... Always wanted one of those, I loved asteroids!... BRB, ebay... :-D
Re: Even worse?
Are you sure about that?
If you exclude Apple from the "nearly every phone manufacturer" list I think you'll find most have swappable batteries.
Memory card swapping has always been a yes/no feature with Nokia. The original N95 had a removable MicroSD. The N95 8 gig didn't. The N97 did.
Most recent Androids have removable cards too, although a lot of them have it tucked under the battery meaning that although the OS has the option to unmount the storage, you have to turn the phone off to physically remove it, which is a tad annoying.
If a smart phone had a true 3 days worth of *real* running because they had squeezed a huge, but weird shape battery round all the internals, then I might be able to put up with it not being removable, but for less than that I'd prefer to be able to swap it for a bigger or fresh battery when required.
Actually, in the UK at least, vehicle manufacturers did manage to throw some spanners into the works of motorcycle parallel imports, they pulled the trademark laws and prevented companies selling the bikes from using their logos!
They also refused to honour warranties on EU bikes which have been brought into the UK. I think they based this argument on the vehicle being modified with LHD headlamps and MPH speedos.
How they manage to get away with this when the whole EU club is supposed to be based on the idea of free movement of people and goods is beyond me.
Thanks for the tip of Autowipe, I'll have a look.
I have a selection of apps which do various security things. Lookout does indeed do location (wipe available on the paid for version). There is also where's my droid which works via a trigger text message and replies via text message with a link to google maps.
Last, but not least, if you have an HTC phone, the HTC sense website offers remote location, a loud remote ring and wiping.
Re: pro photographers and penis envy...
Depending on the event, if you turn up with that thing you'll still get laughed at.
As the review says, it's too big and heavy for field work. The H4D is a studio machine, tripod mounted with banks of studio strobes.
Cramming that many pixels into a small sensor means the photosites are going to be minuscule, this in turn means it's sensitivity to light is only going to be a couple of clicks above Stevie Wonder.
It's horses for courses and exactly the reason Nikon make a 24mega pixel D3X for the penis envy figures and a D3S with a more normal 12mega pixel which can see in the dark.
I think for that money I'd have a D3X, a D3S and a nice bunch of lenses.
Oh blimee, me too... It used to be easy on the later commodores, just cut a new read only notch and flip it over. The BBC micro was not so easy, the beeb actually used the optical rotation index hole, so you had to make another one of those two... Which involved extracting the floppy bit, chopping the hole and then feeding the floppy bit back in.
Always seemed to get away with it though!
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- UNIX greybeards threaten Debian fork over systemd plan
- MARS NEEDS WOMEN, claims NASA lady: They eat less