George Starcher

So I was glancing over at CNN.com today and saw the article:Airline captain, lawyer, child on terror ‘watch list’ on several definitely not terrorist folks on the terror watch list just by their name.

So let me get this straight. Our government security officials are so clever they cannot come up with better control than a simple name is either on the list or it isn’t? How about taking these folks who are OBVIOUSLY not terrorists. Gather some basic but private facts about their identity. Hash the information together. Then when these folks travel the information they provide quickly when a flag is raised is rehashed and if it matches let them go on about their business. If enough basic but not easy to obtain answers are gathered then it should serve as a much speedier check to let the person go on without risking a terrorist simply farms public facts about someone with the same name.

Today I spent a bit playing with Yahoo’s new Fire Eagle location service. It has some pretty decent privacy controls and it is taking off fast as a junction point for location aware applications. If you sign up for Fire Eagle you can get an automatic invite to Bright Kite which has good sms and email mechanisms for updating your location. It also has decent privacy controls. Such as only close friends see your exact location and everyone else gets the city.

So I tied them together and then tied Brightkite to my twitter location. While I was doing this I was surprised to see how many of my twitter followers have their exact longitude and latitude coordinates updating from their iPhone. I would wager a lot of them did not give a real thought to the privacy concerns. Or that it tells a lot of people when you are definitely not home. Worse, imagine your kids with iPhones and twitter. Raises cyber bullying to a whole new level if the bully can go straight to where they really are.

I would recommend disabling location updates and wipe the current location. Or use something like Fire Eagle/Brightkite to mask your location to a city level where it has value to you.

A long time back I had tested the online backup service Mozy.  By long time back I mean my version was mozy-0_6_2_6-502.dmg.  Today I was trouble shooting an application I am beta testing for someone.  I needed console logs.  Low and behold the Mozy removal script from that version was so bad it had left something behind.  I have TONS of the following events showing in my Console.

8/6/08 9:15:53 PM com.apple.launchd[1] (com.mozy.backup[1457]) posix_spawnp(”/Applications/Mozy.app/Contents/Resources/MozyBackup”, …): No such file or directory 

8/6/08 9:15:53 PM com.apple.launchd[1] (com.mozy.backup[1457]) Exited with exit code: 1 

Well a bit of googling and I find that this combination works to finally get rid of that sucker.

sudo launchctl unload /Library/LaunchDaemons/com.mozy.backup.plist

Follow that up with going into the /Library/LaunchDaemons and tossing the file com.mozy.backup.plist into the trash.  Now I have nice clean console logs for troubleshooting a real problem.  Not something sucking up CPU cycles trying to relaunch every 10 seconds.

I read today about Jonathan Zdziarski finding a link down in the iPhone code for supporting revocation of individual applications.  It goes beyond taking an application off the store from distribution.  It shuts down applications already deployed onto iPhones.  You can read the posting over at Macrumors.com 

So why is this a surprise?  And I am not particularly concerned.  Keep in mind they digitally sign all applications etc.  Normally it is part of proper design to check for revocation of certificates in a PKI infrastructure.  So this extended it beyond just shutting down every application signed with a particular key to individual applications.  Honestly I would rather they have a mechanism for this than not.  Just as long as they use it only for true threats.  Unfortunately their track record in yanking applications off the store itself without explanation does not bolster the warm fuzzies.

Update Aug 7 2008 

I should also point out Microsoft eliminates blacklisted applications using its malware removal tool that comes down through windows updates.

A while back I was messing with tunneling iTunes sharing through SSH.  During that experimentation I noticed that there was a dynamic dns name showing up on my system of my dotMac username in this format: username.members.mac.com  I found it by looking at Bonjour, aka mDNS traffic.  That is kind of scary to think that anyone who knows your @me.com or @mac.com email address or iChat login could find the active IP address you are on just by resolving that name.

I revisited the issue today because I was thinking of the problem with syncing data between iPhone/iPod applications and their desktop mac cousins.  Like syncing 1Password from my desktop to my iPod touch.  They could theoretically leverage my MobileME user dynamic dns name to sync back to my desktop as long as I opened a custom port on my router.  

Interestingly I can no longer resolve username.members.mac.com or username.members.me.com.   So I am not sure if they just haven’t fixed that since the MobileME migration.  Or did they realize the clear scriptable way someone could target mac users.  Toss a dictionary at the front of members.mac.com/members.me.com and fire off an exploit just for Mac users.  *shudder*

Well one of my fellow Friends in Tech members, Steve Holden coaxed me into setting up Friend Feed.  It lets you consolidate all your major social networking services into one feed for your friends to follow.  Mainly I did it just to reserve my name on it for Identity purposes.  That in turn led me to update my claimID page and a few other things like my 2idi (iName) link redirections.  If you want to see my friendfeed page just click the “My Social” link in the top right.  Notice the link is not the actual friendfeed page but my iName XRI formatted url redirector.  That way if I decide I want to move from Friendfeed to something else I can just update my iName redirection link and everywhere someone linked to the XRI formatted link they always go to the current service I am using.

It got me to thinking that it would be interesting to see a merged service of ClaimID and Friendfeed.  Also it really makes me wish applications like skype, IM clients and email clients like Apple mail.app would recognize iNames.  Just think if you wanted to skype a friend and not knowing their real skype name you could just type like =starcher and have it go query their iName provider for the correct name.  I bring this up because as I slowly transition the old @starinfosec.com name out of existence to @me.com it would help me hide the old starinfosec name in use on things like skype when telling folks how to find me.  I mean how hard would it be for skype to parse =starcher go to my iName provider and look for a defined skype service to tell it my real skype name as I defined it.

Oh well here’s hoping it just starts catching on.  I think if enough developers simply added it that it would turn into a slow burning ground fire.  Even if most users didn’t know the support was there till the first time a friend tells them to just type my name as =myiName.

Here is an easy way to find all snmp devices on your network and check if they are running any of a list of common strings you want to test for.  And do it without risking a write access check.  I did the following with my Mac PowerBook just using the C compiler CC.

(more…)

Wow.  Today I was doing some housecleaning.  Making sure my mac is imaged and backed up.  Deleting old mail, movies from my itunes library, old applications etc etc.  Typical end of month stuff.  This took me into my blog settings because I want to phase out my old @starinfosec.com email address.  I had an automatic weekly backup of the database going there.  I noticed the Wordpress plug in WPtouch that I use had an update waiting.

Talk about COOL!  I updated to the latest version.  In Wordpress 2.6 it is as simple as clicking automatic upgrade.  But if you don’t have the plug in you can find it at http://www.bravenewcode.com/wptouch/

They have added some features that let you make it easy to pull down a menu on the iPhone/iPod screen to view flickr photos, links, a tag cloud of posts etc.  Just awesome!  Check out my site on your iPhone or iPod touch to see what I am talking about.  Click the menu item on the top right and poke around.

Just testing posting via the iPod touch wordpress application. I need to sniff traffic and see if it is honoring my https ssl encryption. If not then not a good idea to post at public hotspots. You could give away your credentials.

Good thing AT&T is such a short name.  Seems some of their network support staff for managed networks are not too bright.  If the name were longer these guys might forget where they work.

A friend emailed me this week about a network problem.

It seems the AT&T support department that handles support for his employer gave them a /23 IP range.  They used PUBLIC IP space for an internal lan network.  THEN it gets better.  They broke the space two /24s.  Ok nothing wrong there.  They setup /24s to Vlan1 and Vlan2.  BUT then these guys create one DHCP pool with the /23 subnet.  And now the AT&T support group can’t explain to the customer company why things don’t work right.  Sheesh.  All it would take is two minutes to redo the DHCP as two /24 pools corresponding to the subnetted vlans.  Still who uses PUBLIC IP ranges on an internal network?  I guess you get what you pay for when you outsource your IT department to AT&T.