Paul's Journal
My Podcast Link
12/25/2011 16:03 #55797
HP BloatwareCategory: computers
I got my parents an HP computer for christmas. It is unbelievable how much bloatware comes with Windows 7. I spent about 45 minutes uninstalling just to make it stop asking me to buy crap. Its funny because some of the stuff doesn't even exist anymore like HP webOS tablets. I love how the welcome page thanks me for purchasing a HP webOS tablet when this is a desktop windows 7 computer.
12/24/2011 22:45 #55793
The price of wheat grass at the lexington coopCategory: food
And I though them charging $4.95 for a softball size cauliflower was outrageous...
Wheat grass prices at the coop blow my mind. $9.99 for 4oz and $19.95 for a pound. 4oz is a small ziplock bag full. The tortoises could eat it all in about 90 seconds.
I actually don't understand how wheat grass, which grows so easily, can cost more per pound than steak. What the hell is going on?
Wheat grass prices at the coop blow my mind. $9.99 for 4oz and $19.95 for a pound. 4oz is a small ziplock bag full. The tortoises could eat it all in about 90 seconds.
I actually don't understand how wheat grass, which grows so easily, can cost more per pound than steak. What the hell is going on?
12/24/2011 22:38 #55792
Bug Based CandyCategory: food
I was at the candy shop on elmwood looking for some gifts when saw these bug based candies. I remember my cousin from AZ getting me one of these as a kid. I never ate. Does anyone really like these or are they purely for gag gifting.
metalpeter - 12/26/11 13:49
I have no idea wonder who catches the bugs and if they just really get the candy all in them so they taste like the candy? Also if the scorpion one is real one would think it could be dangerous as they have venom?
I have no idea wonder who catches the bugs and if they just really get the candy all in them so they taste like the candy? Also if the scorpion one is real one would think it could be dangerous as they have venom?
12/21/2011 20:03 #55784
Android Lync Chat Client - Data Security DangerCategory: mobile
I was playing around with the microsoft lync client for android today when I discovered just how insecure the data from your chats are on your phone. I can't understand how it could be allowed in a very controlled corporate environment like you would find in banking, healthcare, etc.
Microsoft admits freely that the conversation history is stored on the device.
What they don't say is that basically, the client stores all of the chats you have a in sqlite database that is pretty much plain text accessible.
Using the android development toolkit and grep (basic free tools) I was able to locate the lync data store on the phone at /data/data/com.microsoft.office.lync/
You can easily pull it off you adb connected device with this. It will grab the data and put in a directory on your local computer called lync.
Say you send someone a message with secure data e.g. "the secret pin for my bank account is 1234"
Then someone steals your phone, adb shell into the phone copy the data over the computer or an sd card for safe keeping.
then they can extract whatever they want.
"the secret pin for my bank account is 1234"
So what that it might have a little binary content on either side.
Not only that but lets say you are the investigative, computer type - the app lets you send off any conversation as an email. So any app that accepts email intent (gmail, mail, text messaging, etc) accepts the content and passes it from that app to the world at large. If you have any special controls over your corporate exchange, like outgoing filters to look for sensitive data, they get bypassed going out through something pretty insecure like plain text email or text messaging.
I can see how they wanted to side with convenience. At the same time I can't understand how this can appeal to the customers they tend to appeal to most (government and big business). Why would they not encrypt this data on the phone at least.
Microsoft admits freely that the conversation history is stored on the device.
What they don't say is that basically, the client stores all of the chats you have a in sqlite database that is pretty much plain text accessible.
Using the android development toolkit and grep (basic free tools) I was able to locate the lync data store on the phone at /data/data/com.microsoft.office.lync/
You can easily pull it off you adb connected device with this. It will grab the data and put in a directory on your local computer called lync.
adb pull /data/data/com.microsoft.office.lync lync
Say you send someone a message with secure data e.g. "the secret pin for my bank account is 1234"
Then someone steals your phone, adb shell into the phone copy the data over the computer or an sd card for safe keeping.
then they can extract whatever they want.
grep -r -a secret com.microsoft.office.lync/databases/DataStore.sqlite and two minutes later they find
"the secret pin for my bank account is 1234"
So what that it might have a little binary content on either side.
Not only that but lets say you are the investigative, computer type - the app lets you send off any conversation as an email. So any app that accepts email intent (gmail, mail, text messaging, etc) accepts the content and passes it from that app to the world at large. If you have any special controls over your corporate exchange, like outgoing filters to look for sensitive data, they get bypassed going out through something pretty insecure like plain text email or text messaging.
I can see how they wanted to side with convenience. At the same time I can't understand how this can appeal to the customers they tend to appeal to most (government and big business). Why would they not encrypt this data on the phone at least.
paul - 06/05/13 20:30
Actually reinvestigating this, what is worse is the spell correct suggestion in the android keyboard. I could get it to pretty much retype my conversations as suggestions by just continuously selecting the choice it wanted me to go with, without typing anything. The other day I get the email address and contact info of a top level exec plus my security review of another situation all by just pressing the spelling suggestion over and over.
Actually reinvestigating this, what is worse is the spell correct suggestion in the android keyboard. I could get it to pretty much retype my conversations as suggestions by just continuously selecting the choice it wanted me to go with, without typing anything. The other day I get the email address and contact info of a top level exec plus my security review of another situation all by just pressing the spelling suggestion over and over.
tinypliny - 12/22/11 10:46
I see a future in world spy-network domination right here.
I see a future in world spy-network domination right here.
heidi - 12/22/11 00:07
All chats? gchat? or Lync chat in particular?
All chats? gchat? or Lync chat in particular?
Ya, best buy had some great sales for christmas. Its all working now.
You Bought them a PC? Wow.... One thing I never get is why they give you software that is free for like 6 months... That is one thing (yes prices are high) that I do Give QVC credit for they have had a few computers/laptops where it comes with either 4 years of virus protection or even lifetime of the computer... Plus loaded with software...