Posts by happygeek

But seriously, please explain what your intentions are here as anything illegal is against the rules as I am sure you will appreciate...

Dropping it on concrete from a decent height should do the trick.

Hi Kareem, welcome to DaniWeb.

I remember back in the day, each category (Software Dev, Web Dev, etc) was a different color scheme

Hehe. I actually used to rather like the color coded DaniWeb, and was pretty mortified when it was scrapped. But then I'm a bit of a 'Sheldon' sometimes when it comes to change - for about 48 hours - then love it. Which is what happened then, and again with then more recent system changes. You just have to give it a chance to absorb into your psyche, and then learn to love it. Unless you are diafol of course ;) I should add that I used to have a pair of purple Doc Martens boots, with hand-painted yellow and white daisies on them. Not that I'm suggesting that as the next DaniWeb color scheme I hasten to add.

When I hear the word 'powerstation' I immediately conjure up images of either a mega-screen laptop or some seriously beefy server hardware. Mophie, however, likes to think smaller. Much smaller, apart from when it comes to naming products that is. The Mophie Juice Pack Powerstation Duo is one heck of a mouthful for such a small device, measuring a fairly diminutive 2.5" x 4.25" x 0.75" and weighing in at less than 200g. The 'Duo' is big brother to the even smaller 'Mini' (costing $59.95) which is a tiddly 1.75" x 3.5" x 0.5" and weighs just 82g. Don't let the size thing fool you though, both these Mophie Powerstation devices pack a big punch in terms of power.

A fully-charged 'Mini' carries enough battery juice to charge your iPhone one and a half times over, which is impressive enough in and of itself. However, if you really wanted a bit of extra uptime for your iPhone all the time then perhaps one of the many battery cases would be a better bet. Overall they tend to add less weight to your pocket, and the all-in-one nature of such a case is a better fit with the computing mobility concept of a smartphone. Mophie itself has a range of such battery cases for the iPhone, which come highly recommended.

So why then, you might be wondering, am I bothering to review the even bigger, even heavier, even less 'mobile' Powerstation Duo? Because it fills a …

In a nutshell "bypass the Java security sandbox and execute malicious code on a target machine" or if you prefer the NIST more technical version (in full here):

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

An in-the-wild exploit targeting a vulnerability with Java 7 has led to security experts the world over warning users to disable the Java plug-in for their browser clients at the very least, and preferably uninstall Java altogether. The CVE-2012-4681 vulnerability, comprising two flaws, along with a couple of other 'related vulnerabilities' has now been patched by Oracle which strongly recommends users apply the updates as soon as possible. Security Explorations, the Polish security company that first notified Oracle about the vulnerabilities many weeks ago, is less convinced.

It would appear that the company has found another vulnerability in the newly patched version of Java 7. Adam Gowdiak, the Security Explorations CEO, has claimed that the new vulnerability enables a 'complete JVM sandbox bypass' within the latest Java SE 7 update 7 environment. Security experts seem to think that the reason why Oracle managed to turn around such a quick patch, within a few days of the insecurity story breaking across the Internet, is that it blocked the route to the vulnerability in order to prevent exploitation rather than actually remove the vulnerability itself. What Security Explorations seem to have discovered is a way to route around that roadblock and arrive at the same vulnerability, although it should be pointed out that there are no suggestions of any new exploits being in the wild at this time.

Some security commentators are recommending that users roll back to Java 6 which, with it's reduced feature set compared …

C'mon people - VOTE VOTE VOTE

Seriously, not enough people are voting. If you haven't voted yet, why not? If you are thinking about voting, do it now. If you aren't thinking about voting, rethink and do it now.

The members who have entered have taken the time and made the effort to create code snippets for the entire community to use, the least the rest of us can do (those who have not entered code into the competition ourselves) is s devote a little time and effort in return AND VOTE!

Welcome

Voting was extended until the end of this month.

Welcome

WWS applies.

WWS = What Walt Said :)

Let's not forget that Steve Jobs, in that Triumph of the Nerds video from 1996, referenced the Picasso quote "Good artists copy, great artists steal. And we have always been shameless about stealing great ideas" - after all, when Apple 'borrowed from and expanded' the GUI which Xerox had developed that was OK wasn't it? Which is what really stinks about the current patent infringement actions, the damn hypocrisy of it all...

That's just the thing though, some of the people that I am seeing who are getting caught are exactly the people I wouldn't think would be so gullible: a tech magazine editor/publisher, a respected IT journalist, an IT consultant etc etc. They all know about scams, and are aware of the do not click mantra. What is happening, I think, is that they haven't transitioned their scam detection awareness from web to social networks, whereas the bad guys clearly have made the move.

Slipknot is thrash metal
Rancid is skate punk
Morrissey/Smiths falls into indie

And if you judge Radiohead by Creep, possibly the worse song the band ever recorded, then there is no hope for you - even Tom Yorke hates it and refuses to sing it anymore :) Go listen to the OK Computer album at once, and discover what Radiohead is really all about.

As for my musical taste, it embraces everything from Classical to Punk, Reggae to Opera, Folk to Metal. I am, I admit, somewhat eclectic musically...

Happiness is not earned by accomplishments, it is gifted by others...

Welcome aboard the good ship DaniWeb...

I am getting rather fed up of seeing posts in the feeds of my Facebook Friends, including many who really should know better, advertising a supposed £175 value Tesco supermarket voucher giveaway. I say 'should know better' as the culprits have included technology journalists, computer magazine editors and IT consultants; all of whom must surely know that if it looks too good to be true then it's a scam.

And scam it quite patently is. Following on from a similar Tesco voucher scam at the end of last year, this new one adopts the same approach: in order to claim your 'free' voucher, the victim has to first share the 'offer' to their friends on Facebook whilst at the same time posting a comment that says 'Thanks Tesco' in a matey fashion (thus distributing the scam to the widest audience using the trust model - "if my mate is sharing this, and thanking Tesco as well, it must be kosher") and then click on a link to take you to a page where your voucher claim can be completed.

Of course, by this point one would hope that installed and up to date anti-malware protection software would remind the victim that they appear to have left their common sense at the door, and warn them not to be so silly as to load the page in question. Failing that, the victim will be greeted with a page that for all intents and purposes looks like …

I cannot vouch for the 'free' version of the software Jim, not having tried it myself.

A jury in the US has, after just three days deliberating, ruled that Samsung must pay Apple more than $1 billion in damages. The lawsuit had focussed on alleged patent infringements by Samsung in terms of both software and design relating to Apple's iPhone and iPad devices. Although not all of the claims made by Apple were upheld by the jury, it did agree that several Samsung devices had violated the intellectual property rights of Apple. At the same time, claims by Samsung that Apple had breached several of its patents were dismissed by the jury.

Samsung is expected to file post-verdict motions to overturn the decision as soon as possible, vowing to take the matter to the Court of Appeals if necessary in an attempt to prevent Apple from seeking a ban on the import of several Samsung smartphone and tablet devices into the US market. Given that the two companies currently have more than half of the worldwide sales of smartphones and tablets wrapped up between them, the money at stake is huge. Perhaps unsurprisingly, as a result of the verdict Apple shares spiked, with the market value of the company seeing a two percent increase.

Equally unsurprising, and many industry observers who have become increasingly frustrated with the outcome of patent disputes in the technology space during recent years would agree, Samsung saw the verdict as less of a win for Apple and more a defeat for the consumer. A Samsung spokesperson …

Depends if I am in the mood to be cheered up, in which case it would be Slipknot or Rancid, or if I am 'happy' being depressed and in no mood to feel happier in which case it would be Radiohead or Morrissey/Smiths.

The orange gas plasma screens were my favourite, I had a Compaq 'portable' (well, luggable more realistically) 80286 with one. I also recall with some fondness my Amstrad PCW 8512 running C/PM on a black screen with green text. Happy days.

Welcome

Welcome

Welcome

"If government is the answer, then it was a stupid question"
- some t-shirt :)

Over the weekend I wrote a news story for DaniWeb which revealed how the iPhone was vulnerable to SMS text message spoofing. This went under the title "Why Apple was right about iMessage 'fix' for iPhone SMS spoofing" because, simply put, SMS text messaging is exposed to this kind of User Data Header manipulation (and not just on the iPhone) whereas Apple's own iMessage isn't. However, as you may have guessed from the title of this follow-up news story that you are reading right now, I may have been a little premature in backing Apple as it seems iMessage is not without it's own privacy issues.

Apple has a point when addressing the specific issue of UDH manipulation, or text message spoofing if you prefer, when it comes to SMS. There are, though, a couple of however's that need attaching by way of qualification here:

However number one is the fact that Apple could, if it so desired, implement SMS on the iPhone in such a way that the UDH manipulation itself would be very apparent to the recipient of the text message. Indeed, plenty of other mobile phones seem quite capable of doing so.

It's however number two, though, which is where the focus of this follow-up rests: Apple managed to quite nicely skip over something of a controversy that has been brewing around the use of iMessage on the iPhone for many months now in the shape of private conversations being …

Has to be Hackers, for a rather strange reason: I could have been in it, but wasn't for the geekiest of reasons.

I used to belong to a casting/extras agency when I was a very punky looking wheelchair user, and ended up in various movies as a result (my favourite being the Stallone Judge Dredd flop). So, I get this call asking if I could be at a certain location in London to shoot a part in this movie called Hackers. I turned it down because, get this, I was going to a game developer conference that day and didn't want to miss it.

So, the hacker guy in the wheelchair in the cafe towards the start of the movie... that could have been me. But wasn't.

So why the jewwel and the onngoy accounts? Wasn't one enough?

Anyway, welcome again Mitchell...

Hi Jojo, welcome to DaniWeb...

Welcome Mitchell

Anonymous hacktivists took aim at the websites of the UK Justice Department, the Department of Work and Pensions, the Home Office and even the Prime Minister's own Number 10 site. All of them were successfully targeted overnight and went down for a period of time.

The attacks were part of the Anonymous response to the UK government's handling of the Julian Assange extradition situation. WikiLeaks founder Assange has been granted political asylum in the Ecuadorian embassy in London, and police have gathered to arrest him should he leave the building. The UK government has threatened to enter the embassy, under a relatively obscure piece of legislation that allows them to withdraw diplomatic status from a building, and take Assange by force.

This is not the first time that homeoffice.gov.uk, justice.gov.uk and number10.gov.uk have been hit by an Anonymous DDoS attack. All three sites were taken down earlier in the year during #OpTrialAtHome in protest at what Anonymous referred to at the time as the UK's 'Draconian surveillance proposals' and, interestingly, also the extradition cases of Gary McKinnon and Richard O'Dwyer.

All of the government websites are back up and running this morning, but to be hit twice in the space of six months by such a DDoS attack is embarrassing to say the least for the powers that be.

New members can only send replies to PMs, rather than create new ones, until they have made 10 contributions to the forums. This was implemented to stop the flurry of scammers/spammers who were using our PM system. As you now have the requisite 10 posts you should be able to send PMs. Sorry for the inconvenience, but we had to do something to prevent the scammers from being able to abuse DaniWeb in this way.

I actually like the 'in your face' aspect of the related article positioning. It ensures that I see it and take notice, and often click to take a look. Not being advertising per se (well, kind of, I guess) it sits OK with me. Certainly it has created some new interest in older threads, some of which have been quite interesting as it is new blood doing the discussing so bringing a new angle to things.

Earlier this week, an iPhone jailbreaking guru called pod2g revealed how even the very latest beta versions of iOS 6 cannot prevent the iPhone from being vulnerable to SMS text message spoofing. This technique is often employed by spammers and scammers alike when targeting the smartphone user in order to get them to click on a link or otherwise responds to what appears to be a message from a trusted source.

Technically it's about as simple as it gets: all the would-be spoofer needs to do is change the User Data Header indicator within the Protocol Description Unit format that text messages get converted to. By changing the reply to field of the message, the recipient will end up (obviously) replying to that number but has no way of knowing it as the number from the original SMS text isn't displayed on the iPhone. Writing about the exploit, pod2g argues that the ideal solution would be for the recipient to "see the original phone number and the reply-to one" but that doesn't happen on the iPhone.

This, as is always the case when Apple or iPhone is mentioned in such a story, kicked off a huge number of follow-on stories about how insecure the iPhone is. The inevitable comment threads then appeared either suggesting that people switch to Android handsets instead or that the original story was a big pile of pants, depending upon the fanboy status of the poster of course.

The truth of …

Cracked software distribution pre-dates the Internet, of course. The cracking groups, also known as Demo groups at the time IIRC, on the Amiga (and to a lesser extent PC and Atari) platform existed to break copy protection on software and then redistribute either by post or BBS.

My understanding of portable softare is that it's simply anything coded so that it can run from removable media such as a USB thumb drive, for example. In the context of my experience, it also leaves no trace of usage behind on the host machine that portable media is connected to - portable browser, email client etc. And, yes, it is legal.

As for cracked software, are you serious? That is software which has had the copy protection broken so as to run without a commercial license being required. And, yes, it is illegal.

garbage -> Manson

Hehe, methinks you are right there :)

I'm an 'Editorial Fellow' at Dennis Publishing in the UK, with roles as Contributing Editor for PC Pro, IT Pro and Cloud Pro magazines. I write for Infosecurity magazine as well at the moment, and of course also contribute editorial in the shape of news stories and product reviews for DaniWeb. For my efforts I have been the UK Information Security Journalist of the Year three times, and last year was given the 'Enigma Award' for a lifetime contribution to infosec journalism.

Lacker is a good word, but I've always referred to these people (right from when I started a couple of decades ago) as 'Script Kiddies' - kids/noobs who use ready-made scripts to hack rather than actually do the hard work themselves.

To clarify, WolfShield, I am saying that a black hat will find vulnerabilities and then write exploits for them which are released onto the DarkWeb before the vendor is informed or has a chance to patch the hole. This is, increasingly, done for profit. Which means that cybercriminal is as good a term for the black hat hacker as anything.

In the UK you can either get a set top box from your cable or satellite provider as part of the subscription, or there are various 'Freeview HD' subscription free channels for which you can just simply buy a suitable set top box and then pay nothing further. I'm not sure what the situation is in India where the original poster is from...

I often refer to 'crackers' as 'the bad guys' or 'cybercriminals' when writing news stories about them. After all, that's what they are. Black hats are also, to be fair, often in the same category as they use those skills to find vulnerabilities and create exploits that are then implemented by the bad guys.

According to the Australian Federal Police, it would appear that at least half a million credit cards 'down under' have been compromised and funds in excess of AUS $25 million (US $26 million) stolen. Although precise details are still coming in, it would seem likely that nothing more complicated than a bit of simple scanning for point of sale terminals which looked vulnerable was used to locate potential victims in the small retailer market rather than run the greater risk of detection by targeting banks or bigger business. Lessons learned from the Subway caper in the US last year no doubt. Then, credit card processing systems at Subway chains were compromised, and eventually four Romanians were arrested and charged with obtaining millions of Dollars through fraudulent means that involved around 80,000 cards.

With so many small businesses struggling to keep afloat in hard times, it is little wonder that old and frankly quite dated ecommerce carts are still being used instead of being upgraded to less vulnerable alternatives. Couple this with the fact that smaller retail units in the kind of remote, rural areas where victims of this attack in Australia were located, are less likely to either have the necessary knowledge of IT security or the budgets to buy it in that the banks and larger concerns do, and it should come as absolutely no surprise that these targets are being uncovered so easily by the bad guys. When you thrown into the insecurity mix the use …

Welcome!

Am I missing something here? Seems obvious to me, as it surely would anyone with the most rudimentary of math knowledge.

It wouldn't make much sense for an athlete to join a programming community, right?

Oh, I don't know. Isn't programming all about being able to jump the hurdles in front of you, complete those marathon sessions and end up with a gold medal performer?

Stop missing us, and start embracing us again :)

Welcome Mr Impaler :)

Seriously? You've been a member for SEVEN years and in that time posted just the one thread which, to be fair, could be seen as advertising. As it was the Geeks' Lounge I left it here, but was curious when you bumped the thread as to whether you might be the author, hence my question. It seems an odd reason to resign after being here so long.

I have been a happy user of TomTom satnav products since they first hit the market some ten years ago now. For the most part, that has meant dedicated hardware for in-car use. However, when I last reviewed the TomTom app for the iPhone here at DaniWeb back in 2010 it got a perfect 10/10 rating, the upgraded software truly being that good. In that original review I briefly mentioned that TomTom has a car-kit available for the iPhone which would charge the battery on the move and provide a GPS boost for those poor-signal areas. It also acted as a useful holder for the smartphone, but wasn't cheap and didn't include hands-free calling functionality. Now all that has changed with the release of not only a hands-free car kit for the iPhone, but also a navigation pack that rolls in a download voucher for the satnav app as well. I have been out on the road this last week, putting it to the test.

First things first then, and that's pricing. Please bear in mind that this entire review is for the UK version of the hardware, and I am using the UK version of the iPhone app as well, so your mileage may vary (if you will excuse the pun) depending upon the country you live in. OK, the TomTom Hands-free Car Kit for the iPhone comes in two varieties: plain vanilla hardware only at £79.99 and the 'Navigation Pack' which …

As a professional writer (Editorial Fellow Dennis Publishing, Contributing Editor PC Pro for last 15 years or so, author of 23 published books) it's the one I use for working on my iPad when I am away from a 'proper' keyboard. Certainly the best iPad keyboard I have used to date and I have tried a lot...