Pick Category

Meet BlackBerry Playbook

 Digital Life, Gear, Tim's Opinion  No Responses »
Sep 292010
 

Meet BlackBerry Playbook, a tablet PC from RIM | ZDNet.

First thoughts:

  • Too little:  I don’t neeed something that is merely 7″.  If it isn’t the same size screen as an iPad, I’m really not interested in using it for… well anything.  I have a powerful phone with a large enough screen to do interesting things with, but if I want to watch video or read a book or browse the web, the screen needs to have enough real estate to be readable and show a lot of content without a lot of zooming.  I actually wish the iPad was another 0.5″ – 1.0″ bigger diagonally, but definitely no smaller.
  • Too bloated:  I was tempted to say too powerful, but that really ties into my next point so lets go with bloated.  Yes, this will be a secure enterprise ready device.  It will also be a complete bear to deal with as a mere consumer.  I strongly suspect this will only be adopted by those whose enterprise IT shops won’t allow them to use an iPad or Android device for enterprise work.  The only people I know with BlackBerry’s admit they only have them because their company won’t support anything else… yet.
  • Battery life?:   i.e. too powerful.  One of the articles I read on the press event noted that not once was battery life mentioned.  I strongly suspect that is with good reason.  All those connectors, drivers, underlying crypto and high res screen come at a huge power cost.  Add in the smaller form-factor reducing the battery size available and I see a huge market for add-on mobile power-packs or replacement batteries if they are removable.  That is of course if there’s any adoption of these.

My verdict:  No honkin’ way do I want one of these things.  Not interested at all for any reason.

 Posted by Tim at 11:09 am

Googles Android leapfrogging over iPhone, BlackBerry, Windows – SiliconValley.com

 Digital Life, Gear, Tim's Opinion  No Responses »
Sep 132010
 

Googles Android leapfrogging over iPhone, BlackBerry, Windows – SiliconValley.com.

I’ve had a Palm, BlackBerry, Treo, BlackBerry, iPhone, Android phone over the past decade and the BlackBerry, iPhone and Android in the past year and definitely understand why Android is so popular so fast.  While I really enjoy my new iPad, I really, really wish it was running Android.  I can’t wait for a similar sized Android tablet with more than the stupid, “one button”, single app at a time, nonsense from Apple.

People like Apple devices, but do they really like Apple software?  Will Apple lose their leadership position again by committing to keeping the software and the hardware unified while Android pulls the Microsoft coup by building software that runs everywhere else?  Early indications say, “Yes”.

If I was a stock player, I’d short Apple and Nokia and buy HTC and Google and maybe Samsung.

 Posted by Tim at 10:52 am

Android isnt surging just because Apple is letting it

 Digital Life, Gear, Tim's Opinion  No Responses »
Sep 072010
 

Android isnt surging just because Apple is letting it | ZDNet.

I agree with this article and definitely take issue (as does this author) with the fact that iPhone’s user experience is superior to Android’s.  I completely, 100% disagree.  I had an iPhone given me to use for work and really didn’t take to it very well.  It was an early version, but I found the lack of simple things like multi-tasking, no cut-n-paste, no Flash support really disconcerting.  Consequently, when left to my own devices (pun intended), I went and got an Android Incredible.  Awesome!  This behaves exactly as I expect my mobile device to work.

Last week, I took delivery on a new iPad and again ran into many of the same frustrations I had with the iPhone only now magnified as I was spoiled after several months with my Android.  I was also surprised to find that while there are a great many apps on the Apple Store, it appears from my searching that a higher % of them cost money while there is a huge amount of free content on Android’s store.  Now I do love my iPad because of the form factor, but woe unto Apple when a similar form-factor Android device comes available.

Long story short, Android is earning its way, but Apple has given it a hand up by it’s AT&T exclusivity contract.

P.S. Oh, and AT&T morons… ya want high margin sales, then perhaps stocking iPad accessories would be a good place to start.  I had to drive by probably a dozen AT&T stores to get to the Apple store to find accessories for my new iPad after stopping at the first 2 AT&T stores and being told “go to the Apple store”.

 Posted by Tim at 10:58 am

VMware to buy Los Gatos software maker TriCipher, Irvine-based Integrien

 Digital Life, Security, Tim's Opinion  No Responses »
Sep 012010
 

VMware to buy Los Gatos software maker TriCipher, Irvine-based Integrien – SiliconValley.com.

Scratching my head a bit on this one. On the surface and as usual the ‘synergy-speak’ sounds good, but not sure if the TriCipher bit is about their tech or their service. Perhaps I’m just jaded with all the virtual-this, cloud-that and SaaS-everywhere else, just guess we’ll have to see if they cobble anything meaningful together or not

 Posted by Tim at 9:50 pm

Product Watch: New Microsoft Identity Technology Aims To Protect Online Privacy – DarkReading

 Digital Life, Identity, Security  No Responses »
Jul 132010
 

Product Watch: New Microsoft Identity Technology Aims To Protect Online Privacy – DarkReading.

All the way back from March.  Can’t believe I missed this for so long.

 Posted by Tim at 4:54 pm

Google Chrome Extension Powers Android-Based Payments — InformationWeek

 Digital Life, Gear, Security  No Responses »
Jul 112010
 

Google Chrome Extension Powers Android-Based Payments — InformationWeek.

Interesting.  I’m going to try and see an implementation of this and see how it works with my new Android-based phone.

 Posted by Tim at 12:22 am

Another man in the middle attack verified

 Digital Life, Security  No Responses »
Mar 022010
 

Blizzard has admitted that there is an active and successful attack against their Blizzard Authenticators.

Man in the middle attacks circumventing authenticators

This makes perfect sense as:

  1. OTP tokens such as the Authenticator are obviously susceptible to a live man-in-the-middle (MITM) attack as has been demonstrated as something well beyond “theoritical” a decade ago.  The issue isn’t with the token vendor or type, it is with the entire scheme of a short-lived, shared secret in an increasingly real-time, share-it-and-lose-it networked world.
  2. Blizzard is likely the largest OTP deployment on the planet.  They haven’t released any numbers, but if even 10% of users use it, that’s roughly 1.2 million users.  i.e. Big ROI.
  3. There’s money in “them thar accounts”.

What can you do?

  • All the normal things, run anti-virus, anti-spyware, etc.
  • Log into WoW from as few PCs as possible and only those you absolutely control.
  • Try to log into any web page that requires authenticator authentication as little as possible, as a man-in-the-middle attack in a browser doesn’t require a local keylogger file as is being used in this current attack

What can Blizzard do?

  • The obvious:
    • I believe their thick client already scans for a large number of known attack libraries, files, etc. at the time of launch.  This will be added to the list.
    • I also suspect they are looking for suspicious behavior to the extent that they can with the client.  This type of behavior should be added to the list for that.  Also, they may want to consider increasing the terms and conditions of what we allow them to do in the client with regard to looking for vulnerabilities and suspicious behavior.
  • Less Obvious:  Blizzard should seriously consider having a separate authentication mechanism for getting into the game client than for logging into the various portions of Battle.Net / WorldofWarcraft.com / etc.  Why?
    • The more times you use the Authenticator, the more opportunities you have to be compromised.
    • Blizzard has more controls and capabilities to protect the login through their seriously “thick” client to provide additional protections to the authenticator login.
    • Blizzard has much less control over the login environment and ability to monitor what is happening in a web-based authentication with an authenticator.  This current attack is heavy-weight in regards to payload necessary to pull it off.  A successful MITM attack in a web login requires much less work and no payload (client software installed) to execute.
    • What does the attacker want access to, my WoW account details or the stuff on my various characters, in my banks or my guild’s banks?  Go look at what is on file in your “My Account” section. Ask yourself:
      • What is there that an attacker couldn’t get more readily and simply somewhere else given Blizzard is following good practices with regard to what details are shown, masked, etc.?
      • What can the attacker do to you there?  Change your password?  Why bother when I can steal both your static password and dynamic password in a simple web-based MITM attack?  As you now realize, an attacker only need to compromise you one time.  They don’t need to have a reusable password.
      • How about turn off your authenticator?  Hopefully you would stop and think seriously about providing the serial number of your Authenticator if asked outside of your specifically intending to turn it off.
  • My suggestion to Blizzard is to consequently move authenticator management and use completely into the WoW client and only ever ask for the Authenticator code from within the client for game session login.  Enable the ability and strongly suggest to users that they use a separate password for Battle.Net web page logins (sans Authenticator) and another separate password to use in the game client with your Authenticator).
  • Lastly, and I know from first-hand experience in discussing this with Blizzard devs that this probably won’t fly, but seriously consider offering additional forms of authentication that aren’t susceptible to MITM attacks.  I know the alternatives aren’t as globally friendly for all our WoW brethren that login from shared network cafe PCs, but that’s not the whole market and those of us not constrained in that fashion would like something better if you offered it.  More work for you, yes.  Better security for us and retention of us as customers, yes.
 Posted by Tim at 12:44 pm

FBI Investigating Web Spycam

 Digital Life, Security  No Responses »
Feb 242010
 

FBI Investigating Web SpycamAs a federal investigation begins, a security researcher has uncovered evidence related to the case and provided a way to identify the surveillance software

via FBI Investigating Web Spycam — InformationWeek.

This is a case and investigation to keep an eye on.

 Posted by Tim at 2:20 pm

Social Engineering Scammers Offer Live Support

 Digital Life, Security  No Responses »
Feb 172010
 

Social Engineering Scammers Offer Live Support — InformationWeek.

Can’t be too careful out there.

 Posted by Tim at 6:13 pm

Security chip that does encryption in PCs hacked

 Digital Life, Security  No Responses »
Feb 172010
 

Tarnovsky figured out a way to break chips that carry a “Trusted Platform Module,” or TPM, designation by essentially spying on them like a phone conversation. Such chips are billed as the industrys most secure and are estimated to be in as many as 100 million personal computers and servers, according to market research firm IDC.

via The Associated Press: Security chip that does encryption in PCs hacked.

Now for the really cool “how’d he do it?” part:

Tarnovsky needed six months to figure out his attack, which requires skill in modifying the tiny parts of the chip without destroying it.

Using off-the-shelf chemicals, Tarnovsky soaked chips in acid to dissolve their hard outer shells. Then he applied rust remover to help take off layers of mesh wiring, to expose the chips’ cores. From there, he had to find the right communication channels to tap into using a very small needle.

The needle allowed him to set up a wiretap and eavesdrop on all the programming instructions as they are sent back and forth between the chip and the computer’s memory. Those instructions hold the secrets to the computer’s encryption, and he didn’t find them encrypted because he was physically inside the chip.

Even once he had done all that, he said he still had to crack the “huge problem” of figuring out how to avoid traps programmed into the chip’s software as an extra layer of defense.

“This chip is mean, man — it’s like a ticking time bomb if you don’t do something right,” Tarnovsky said.

 Posted by Tim at 5:35 pm
 Older Entries  Newer Entries
© 2012 Who is Hahleq? Suffusion theme by Sayontan Sinha