That's why you root, S-OFF, and flash a custom ROM. Modified SMS programs can completely disable all alerts, even Presidential Alerts, and you can tell your carrier to disable voicemail.
Sure, you can use GMail or the amorphous cloud for your purposes, but quite frankly, remember - if it's not in your possession, it's not as secure as it could be.
No, I don't have world-ending secrets in my possession, but yes, I do get paranoid about my data.
I possess and use an HTC EVO 3D smartphone in line with my daily duties for my employer and various clients. This phone contains your employer's software (CarrierIQ for Sprint), which was bundled with the device and zero disclosure that it was installed or of its capabilities.
My device contains HIPPA-protected data (specifically relating to EMR software and the data contained therein) as well as PCI-DSS related information for my company's various clients. As such, it is protected by all manner of privacy laws, the breach of which results in severe penalties under United States law.
After reading Trevor Eckhart's research and doing some of my own, I am curious as to specifically what data your organization is capturing on Sprint's behalf, as well as to what extent they have customized their build of your software, and what its capabilities with their modifications are.
If the software, either in its original form or modified, does indeed capture data from a phone, including the ability to take screenshots or access the contents of e-mail accounts or SMS messages, this could potentially be in violation of all manner of privacy acts, depending on what data is being harvested and whether your client has the option to turn such collection on or not.
Please note that, among other techniques, I will be disassembling the binaries that I possess on my device and will be comparing it against the original ROM image that HTC has issued for this device in order to differentiate what, if any, changes are pushed out through over-the-air updates in order to determine the capabilities of the software as best I can.
To the best of my knowledge, I have never accepted any license agreements or restrictions regarding the software on my device, and as such, I am not bound to refrain from analyzing the software as I see fit, nor from having the results peer-reviewed and published once completed.
If your department is unable to answer my questions, please relay this to someone else inside your organization as you see fit.
In Android and Windows Mobile 6.5/6.1/5, your NAI (network access identifier) changes based upon the type of traffic you're pushing. Tethered traffic and DUN changes your NAI to yournumber@dun.vzw3g.com. Traffic from the phone itself is simply yournumber@vzw3g.com.
Verizon has poisoned EVERY phone with Gingerbread - they have modified the OS so that activating any hotspot app, even if the phone is rooted, to trigger the NAI change and show the phrase "Tethering or Hotspot Active." The only SAFE way to tether on a Verizon phone is to run Froyo, then use free-wifi-tether's 3.x version. Alternatively, install CyanogenMod and then you can tether.
In my experience, Motion doesn't skimp on hardware, is reliable as hell, and the external batteries will LAST - my little brother's old LE1600 still gets six hours of battery life off the primary and secondary batteries with everything on and cranked up to full (and Win7 Professional).
No matter what manufacturer you go with, I strongly urge that you go to Windows 7 for this - the handwriting support is worlds better than in Vista, and that was a hell of a leap from XP Tablet.
Think about it. Make a false request for a file - and then do TONS of requests for it from hundreds and thousands of other people. It's a classic DDoS attack.
However, this will rule out a lot of corporate machines from being used as bots in this fashion; most decent sysadmins filter P2P traffic.
I'd love to know who they're selling it to, though. Choicepoint comes to mind... and that's a very scary thing, letting prospective employers know what I watch.
Because in the consumer-grade market, Trend's PC-Cillin is about the only decent product. McAfee and Norton are bogged down with crap left and right, and Trend is slim and trim. Try the consumer-grade stuff out, and you'll see that I'm right. Now, in the corporate sector, SAV and Trend Micro Officescan are gods. McAfee Enterprise is still crap. I'm honestly surprised that they're sill in business - guess those OEM deals must make them a lot of money.
I run one of the biggest anime/video game music FTP servers on the 'net (90GB+ and still growing daily, and it's tuxedojack.dyndns.org, by the way).
I have a separate drive for my music, then on that drive are three folders - Distributable, for stuff that I can put on the FTP server (anime OSTs, video game OSTs, and stuff that I can legally distribute); Nondistributable, for stuff the RIAA would sue my ass off if I ever traded; and Incoming, for stuff that's torrenting and hasn't gotten a positive ratio yet.
Inside each folder, the songs are sorted by series/artist/title at the second layer, then album as the third, then disc as the fourth. All the while, I'm using folders, and actual file management, as this _is_ for a FTP server.
If you want to see a folder tree, take a look at this (warning, it's a 2.4MB text file, but it's an inventory of every song in the Distributable folder tree):
Use Proxomitron. It's ShonenWare (if you like it, buy a Shonen Knife CD), and it's damned effective. Sadly, the developer passed away a while back, but the software is still damn good.
540Mb/s. Wow. Admittedly, this would be excellent for desktop usage in the average organization, but I still can't see wireless being used for servers - gigabit is just too essential to give up, plus there's the issue of setting up the infrastructure to handle 540Mb/s via wireless - I mean, hell, it's hard enough to share 54Mb/s for one access point as is when you've got 10 users on it, but still...
What does that mean to companies that sell stuff like USB flash drives or CF cards? They'll obviously have to pay royalties, of course, and that means a mass migration to a new filesystem to avoid such payments.
Are you _JOKING_? Just 30 systems to a person? You're either insane or friggin' cuckoo.
Where I work, I have 500+ workstations, 1000+ users, and just little old me to set up, maintain, and monitor the networks and machines, and on top of that, I do tech support _and_ develop loadset images too.
Any competent Windows admin ought to be able to manage 200 machines on his own. AT LEAST.
Re:This has been an urban legend here in Texas...
on
Marfa Lights Explained
·
· Score: 4, Interesting
For those of you who don't want to Google, let me explain. (Those of you who know Houston and its legends, you can skip this.)
In Houston, there's a reservoir out on the west side. Back during the 1800s, this was a floodplain, and the settlers lived there. They had a cemetery in what is now Bear Creek Park, and over the years, the cemetery became lost to the trees and such. Nowadays, teenagers use it for god-knows-what, despite the park rangers and Harris County sheriff's office sending deputies over the whole park area.
Legend says that there are blue lights there at night. It's commonly explained away as light glinting off the tombstones, but I've been there, and I can't say that the tombstones are what's giving off the light, seeing as how it was well away from the tombstones when I saw it.
This has been an urban legend here in Texas...
on
Marfa Lights Explained
·
· Score: 4, Interesting
For a while now, and I'm rather glad it's been explained.
Now if they'd move on to the Blue Light Cemetery, I'd be more interested.
"No police department can receive more than half its revenue from speeding tickets" is the version currently on the books here, and dropping it to a quarter wouldn't be too bad either for everyon but tiny-ass little police departments.
That'll effectively kill nasty little speed traps like Slidell, Louisiana.
If the process is hidden, the Warden can't pick up on it, right?
So hypothetically, ANY rootkit could be used to hide processes - HackerDefender and the others out there would do the job nicely.
Of course, the other edge of the sword is that you don't know just what _else_ is hiding... unless you wrote and compiled the rootkit yourself using your home-brewed compiler.
Slashdot Mirror
That's why you root, S-OFF, and flash a custom ROM. Modified SMS programs can completely disable all alerts, even Presidential Alerts, and you can tell your carrier to disable voicemail.
I use PSTs and nightly backup.
Sure, you can use GMail or the amorphous cloud for your purposes, but quite frankly, remember - if it's not in your possession, it's not as secure as it could be.
No, I don't have world-ending secrets in my possession, but yes, I do get paranoid about my data.
Ms. Woods,
I possess and use an HTC EVO 3D smartphone in line with my daily duties for my employer and various clients. This phone contains your employer's software (CarrierIQ for Sprint), which was bundled with the device and zero disclosure that it was installed or of its capabilities.
My device contains HIPPA-protected data (specifically relating to EMR software and the data contained therein) as well as PCI-DSS related information for my company's various clients. As such, it is protected by all manner of privacy laws, the breach of which results in severe penalties under United States law.
After reading Trevor Eckhart's research and doing some of my own, I am curious as to specifically what data your organization is capturing on Sprint's behalf, as well as to what extent they have customized their build of your software, and what its capabilities with their modifications are.
If the software, either in its original form or modified, does indeed capture data from a phone, including the ability to take screenshots or access the contents of e-mail accounts or SMS messages, this could potentially be in violation of all manner of privacy acts, depending on what data is being harvested and whether your client has the option to turn such collection on or not.
Please note that, among other techniques, I will be disassembling the binaries that I possess on my device and will be comparing it against the original ROM image that HTC has issued for this device in order to differentiate what, if any, changes are pushed out through over-the-air updates in order to determine the capabilities of the software as best I can.
To the best of my knowledge, I have never accepted any license agreements or restrictions regarding the software on my device, and as such, I am not bound to refrain from analyzing the software as I see fit, nor from having the results peer-reviewed and published once completed.
If your department is unable to answer my questions, please relay this to someone else inside your organization as you see fit.
I remain,
INSERT_NAME_HERE
It depends on the device you're using.
In Android and Windows Mobile 6.5/6.1/5, your NAI (network access identifier) changes based upon the type of traffic you're pushing. Tethered traffic and DUN changes your NAI to yournumber@dun.vzw3g.com. Traffic from the phone itself is simply yournumber@vzw3g.com.
Verizon has poisoned EVERY phone with Gingerbread - they have modified the OS so that activating any hotspot app, even if the phone is rooted, to trigger the NAI change and show the phrase "Tethering or Hotspot Active." The only SAFE way to tether on a Verizon phone is to run Froyo, then use free-wifi-tether's 3.x version. Alternatively, install CyanogenMod and then you can tether.
For iOS? Hell, you're screwed any way you turn.
They're slate PCs and they're damn good.
In my experience, Motion doesn't skimp on hardware, is reliable as hell, and the external batteries will LAST - my little brother's old LE1600 still gets six hours of battery life off the primary and secondary batteries with everything on and cranked up to full (and Win7 Professional).
No matter what manufacturer you go with, I strongly urge that you go to Windows 7 for this - the handwriting support is worlds better than in Vista, and that was a hell of a leap from XP Tablet.
They are kinda expensive, though.
Think about it. Make a false request for a file - and then do TONS of requests for it from hundreds and thousands of other people. It's a classic DDoS attack.
However, this will rule out a lot of corporate machines from being used as bots in this fashion; most decent sysadmins filter P2P traffic.
Well, maybe some "insurgents" will make a wrong turn at Alberquerque and hit Dubai instead.
On a side note, as a Houstonian, I'm happy to see them go. Can't stand having scum like them here.
Now if they'd only done this seven years ago and taken Enron with them...
I'd love to know who they're selling it to, though. Choicepoint comes to mind... and that's a very scary thing, letting prospective employers know what I watch.
There's a hardware GUID. Whoopdy-do; if there's a remote method to turn it on via software, there's a method to turn it off via software.
Because in the consumer-grade market, Trend's PC-Cillin is about the only decent product. McAfee and Norton are bogged down with crap left and right, and Trend is slim and trim. Try the consumer-grade stuff out, and you'll see that I'm right. Now, in the corporate sector, SAV and Trend Micro Officescan are gods. McAfee Enterprise is still crap. I'm honestly surprised that they're sill in business - guess those OEM deals must make them a lot of money.
I run one of the biggest anime/video game music FTP servers on the 'net (90GB+ and still growing daily, and it's tuxedojack.dyndns.org, by the way).
I have a separate drive for my music, then on that drive are three folders - Distributable, for stuff that I can put on the FTP server (anime OSTs, video game OSTs, and stuff that I can legally distribute); Nondistributable, for stuff the RIAA would sue my ass off if I ever traded; and Incoming, for stuff that's torrenting and hasn't gotten a positive ratio yet.
Inside each folder, the songs are sorted by series/artist/title at the second layer, then album as the third, then disc as the fourth. All the while, I'm using folders, and actual file management, as this _is_ for a FTP server.
If you want to see a folder tree, take a look at this (warning, it's a 2.4MB text file, but it's an inventory of every song in the Distributable folder tree):
http://www.tuxedojack.com/publiclist.txt
Simple and clean, and it's worked for me since 1997.
Use Proxomitron. It's ShonenWare (if you like it, buy a Shonen Knife CD), and it's damned effective. Sadly, the developer passed away a while back, but the software is still damn good.
We'll no doubt see "All your missile base are belong to us" written on the system's password file.
540Mb/s. Wow. Admittedly, this would be excellent for desktop usage in the average organization, but I still can't see wireless being used for servers - gigabit is just too essential to give up, plus there's the issue of setting up the infrastructure to handle 540Mb/s via wireless - I mean, hell, it's hard enough to share 54Mb/s for one access point as is when you've got 10 users on it, but still...
His research in regards to this matter is invaluable, and it's arguable that he's the leading authority on who's bankrolling crapware.
What does that mean to companies that sell stuff like USB flash drives or CF cards? They'll obviously have to pay royalties, of course, and that means a mass migration to a new filesystem to avoid such payments.
But what new FS will that be? FAT32? EXT2/3?
I've been working on a side-mounted flamethrower device using pressurized butane, a flexi-pipe pump system, a perfume atomizer, and a spark valve.
When activated, it'll launch out a fireball a la Dan Hibiki's Gadouken.
Now if that ain't dangerous, tell me what is.
Are you _JOKING_? Just 30 systems to a person? You're either insane or friggin' cuckoo.
Where I work, I have 500+ workstations, 1000+ users, and just little old me to set up, maintain, and monitor the networks and machines, and on top of that, I do tech support _and_ develop loadset images too.
Any competent Windows admin ought to be able to manage 200 machines on his own. AT LEAST.
For those of you who don't want to Google, let me explain. (Those of you who know Houston and its legends, you can skip this.)
In Houston, there's a reservoir out on the west side. Back during the 1800s, this was a floodplain, and the settlers lived there. They had a cemetery in what is now Bear Creek Park, and over the years, the cemetery became lost to the trees and such. Nowadays, teenagers use it for god-knows-what, despite the park rangers and Harris County sheriff's office sending deputies over the whole park area.
Legend says that there are blue lights there at night. It's commonly explained away as light glinting off the tombstones, but I've been there, and I can't say that the tombstones are what's giving off the light, seeing as how it was well away from the tombstones when I saw it.
For a while now, and I'm rather glad it's been explained.
r y/bluelight.htm
Now if they'd move on to the Blue Light Cemetery, I'd be more interested.
http://www.cemeteries-of-tx.com/Etx/Harris/cemete
Hell, why not just issue a speeding ticket out of the dashboard?
"John Spartan, you are fined one credit for violation of the verbal language statute..."
Seriously, though, this is just a bit too invasive.
How about enacting a law like what Texas has?
"No police department can receive more than half its revenue from speeding tickets" is the version currently on the books here, and dropping it to a quarter wouldn't be too bad either for everyon but tiny-ass little police departments.
That'll effectively kill nasty little speed traps like Slidell, Louisiana.
If the process is hidden, the Warden can't pick up on it, right?
So hypothetically, ANY rootkit could be used to hide processes - HackerDefender and the others out there would do the job nicely.
Of course, the other edge of the sword is that you don't know just what _else_ is hiding... unless you wrote and compiled the rootkit yourself using your home-brewed compiler.
You obviously don't remember XENIX, which MS developed, then sold to SCO. I happen to have a box of floppies containing that in front of me now.
It's like Satan took a dump, then a sewer mucker found it, packaged it up in a nice shiny box, and sold it to the unsuspecting masses.
None.
You haul your ass to a bakery, shell out twenty bucks, and get a box or two full of cupcakes, then you go Cid Highwind on everyone.
"Siddown and eat your goddanm cupcakes!"