See One, Do One, Teach One

This probably will not last long, but it is fun for now. Much like our hacking the wii servers with firefox post, user agents are providing fun once again.

Starbucks and AT&T wifi recently opened up free access to the iPhone. By changing the user agent the browser, anybody can make their browser look like the iPhone to the servers. A couple of easy switches away and it is access for everybody.

Here is how to do it in Safari. Switching user agents in firefox is almost as easy. This documents the iPhone user agent information.

1. Open Safari while connected to a AT&T wifi
2. Enter the Preferences, select the Advanced tab, and then select Show the Develop menu in the menu bar
3. From the Develop menu select User Agent
4. Select the iPhone User-Agent
5. The page will reload and ask for a geniune iPhone number. Everybody has a friend with an iPhone, right?
6. Welcome to free internet from Starbucks

I did a quick demonstration of this at my local Starbucks. Forgive the stammering but I didn’t want to take a bunch of cuts sitting outside the coffee house. Screenflow is adding some pauses and slurring too… Nice, but buggish program.

High resolution pod cast available here. YouTube video available below.

Did you hear of browzar this week?  The less than 300K download was suddenly the answer to completely safe browsing! 

Ummm, no.  It’s a wrapper for Internet Explorer that tries to delete your privacy information as you surf.  Scott Hanselman discovered very quickly that it does not even do that very well. 

It also redirects all a user’s searches to overture.  Wow, that’s like spyware 101.

A few people bought it hook, line and sinker:

• China Martens, InfoWorld
• Martin McKeay, ComputerWorld
• Jordan Running, Download Squad
• Michael Pick, RobinGood
• Sam Sethi, TechCrunch UK
• Rafe Needleman, cnet
• Digg promoted it to the front page; however, users were quick to start commenting on its true nature.
• Slashdot posted about it as well.  Users there started discussing its status quickly as well.

So what started this wave of browzar pain?  A press release!  Yes, many of these high-profile bloggers saw the press release and posted about it as soon as possible. 

So who is more to blame: Ajaz Ahmed for releasing this junk or the bloggers who repeated his propoganda?

I’ve spent the day at our local Infragard Membership Alliance annual conference. Some good presentations, lots of hairs standing up on the backs of necks. A particularly good presentation on malware included a striking demonstration of exploiting a vulnerability on a fully patched windows server and installing a rootkit which made itself invisible even though it took over port 80 for its evil purposes. It made everyone running IIS want to leave and go back to the office to shut down their server and, well, keep it down. The whole experience made a lot of people think. The take home message is that there isn’t much you can do and you are pretty much out of luck.

Sun plans to phase out Trusted Solaris and instead offer security extensions software that will sit on top of Solaris to provide all of the features of Trusted Solaris. I remember thinking how cool it would be to use Trusted Solaris on a box… I’d feel like I was in the CIA shooting suspicious sidelong glances out of my cube as I keep all of my super secret data… secret. Then reality set in as I realized that it implemented the really tedious, mind numbing aspects of security, the seemingly exciting (but oh so not) aspects of Red Book classifications C2 and B1, blah blah. Very important stuff, but not very much fun. Sun hasn’t released a Trusted Solaris since some version of Solaris 8. Can’t blame them.. I bet getting the OS through its certification process is even less fun than using it. Here are details.

Is your php secure?

The theft of computerized personnel records from Fort Carson Army base in Colorado last month has to make other victims of computer heists feel a little better and the rest of us more nervous. Sweet talking a receptionist out of her password in exchange for a Starbuck’s gift certificate is one thing, walking out of an armed military base with four hard drives is a little different.