Recently in Security & Hacking Category

Recently I traded some gear I wasn't using for a TomTom Go 700 GPS with Remote Control, in practically new condition.  I have to tell you folks, this was the best trade I have done in years.  The Go 700 was TomTom's flagship GPS until their latest edition this year, the Go 910.  There are some nice upgrades on the 910 like a bigger screen, hard drive and additional Plus Services, but overall, for the price I paid, the Go 700 is one heck of a GPS unit and quite a nice add-on to my car.  You can read some great reviews on TomTom's GPS systems, as well as many others over on GPSreview.net.  If you are in the market for a GPS or just like keeping up on the latest navigation gadgetry, you should definitely check the site out.

TomTom has some great extra "Plus services" that come along with the purchase of their units.  Many of the services require pairing the GPS unit with your phone via Bluetooth.  Unfortunately the list of compatible phones is less than stellar.  If you have been following my blog for a while, you know that my current phone is a Treo 650.  It's been a solid phone, minus a few problems in the beginning, and I am generally overall satisfied with the unit.  It also happens to be one of the most popular phones around, and you would think that most companies would try to make their equipment compatible with it.  As many of you know, that isn't exactly the case.  TomTom is no exception.  The Treo 650 is not "officially" supported on their site.  That's actually not entirely true.  I was recently able to hack the Go 700 and got it to pair up successfully with my Treo 650.  The trick to this was enabling the Bluethooth mode on the Treo 650 and turning "Dial-up Networking" [ ON ].  The phone WILL successfully pair up with the Go 700 (you might have to try a few times) and if you have a service plan like Cingular's MediaNet (I have the unlimited), then you will be able to connect to TomTom's Plus services and download updates, get traffic and many more services.  You will NOT however be able to connect to the Go 700 and use it as an external speaker/mic for the Treo 650.  Basically you won't be able to use *any* normal bluetooth features, like pairing it with your headset, while in DUN mode.  That's not such a big deal to me, it might be to others.  I thought it might be interesting info for any of you Go 700 users out there that might have a Treo.  This hack might even work on the newer Go 910 and with the Treo 700 series phones.

If you don't have a portable GPS unit, you don't know what you are missing!  I wasn't really sold on the idea before.  I figured since I didn't drive out of my normal areas too often, it was a waste.  Well, how wrong I was.  If you have any kind of a lengthy commute, combining the GPS with the traffic services alone is worth the money.  The Points of Interest (POI's) is another great feature to have.  If you are somewhere and need to find say...the closest pharmacy, the Go 700 will take you to the closest pharmacy you specify.  The unit comes with an internal database of millions of POI's and you can add additional POI's by downloading them via the net, or through TomTom's website, as well as directly via the Plus services via that bluetooth connection on your phone.  Pretty darn slick.  And if you get tired of the voices that ship with the unit, you can add additional voices, available via a variety of websites out there.  My favorite co-pilot these days is "Yoda".  Yeah, you read right - YODA.  ;-)  "Right you must turn in - 400 yards!"  If you haven't had Yoda as your co-pilot, you haven't lived yet. ;-)

Technorati Tags: Cool Gear, GPS, Hacking, TomTom, Treo 650

I'm sure many of you work in places where you might have some, lets say... "overly aggressive" administrators, or egomaniacal over-controlling managers / executives within your organization or IT department.  This is always a bummer to me because it just sends the WRONG message to your employees.  I don't condone surfing the web and wasting your company's time on looking at porn or other unproductive sites, but there are many legit websites that happen to get filtered out by these overly aggressive content filtering systems.  They tend to filter out sites like bisonium.com and techmeme.com because it classifies them as "discussion forums."  Well, there's some brilliant thinking if I have ever seen some.  Lets block news sites, forums and blogs where people might be talking about something useful.

So for those of you stuck in Content Filtering Hell, I'm here to restore your God given rights to freedom of information.  There are plenty of ways to accomplish this, but generally speaking, it all boils down to using a remote proxy service to conceal your activities and bypass content filters and firewalls within your organization.

*** DISCLAIMER ***

This is not intended for you to use this in any way which will abuse or violate your company policies.  Take the following with  grain of salt and be SMART about how you do this.  As a general rule of thumb, it's against most company policies to circumvent protective measures they have put in place, or to tinker with system settings unless otherwise told.  However, if you have your own personal computer or are in a public place with your laptop and find yourself needing access beyond the filters, this is for you.

A good primer and simple way to set this up can be found here: http://www.buzzsurf.com/surfatwork.  If for some reason that isn't good enough, or you wanna really geek out hard, there are plenty of alternatives.  A few you can start with are by using widely available and free tools such as TOR, Vidalia and JAP.  These tools in conjunction with a little know-how, and some free open proxies throughout the world, should get you up and running in no time.  I wont bore you with all the details on setting this up, most of you will probably be able to figure that out using the websites I listed above, and the setup will vary according to your system.

I believe people should be treated as adults in the workplace.  Until proven otherwise, there shouldn't be restriction to the free flow of information.  There are always going to be cases where you need to censor content, but it can be done without disrupting the workplace and causing resentment among your employees.  Management needs to think wisely before implementing such Gestapo tactics.  Hopefully you don't work in such an environment, but as we all know...life isn't always perfect.  Rock on and HACK THE PLANET!  :-)

Technorati Tags: Big Brother, Censorship, Security, Tech Tips

Well how's this for Big Brother in the workplace?  This week 2 workers were implanted with RFID chips, which is now required if you need access to the datacenter at Cincinnati based surveillance company CityWatcher.com.  It should be a matter of time before the ACLU is all over this.  This should be an interesting story to watch.  For the full story, head over to SecurityFocus.com.

Technorati Tags: Big Brother, Security, RFID

[ via MacOSXhints.com ]

As you probably know, Apple has dropped support for Virex in .Mac, but there are still some people using it. Both Virex 7.2 and 7.5 give you the option to customize you eUpdate settings -- the goal of this is to prevent you from having to type in your .Mac password all the time in certain cases. For example, if you are updating Virex but don't have your .Mac account configured. That basically means that the following does not affect all users -- just the users who have set their username and password in the custom eUpdate settings.

Should you choose to customize you eUpdate settings, Virex does something pretty insecure. Instead of storing your username and password in the Keychain (a task that takes less than 100 lines of code to accomplish for store, retrieve, and update), they store it in a file. In the case of Virex 7.2, the file is stored in your user's ~/Library -> Preferences folder, in a file named VirexPrefs.vprF ... with the password and username in plain text!

In the case of Virex 7.5.1, the file is stored in /Library --> Preferences -> com.nai.virex75.prefs.plist with the username as plain text while the password is hashed. Note, though, that all users have access to this file, and while I am not sure how good the hash is, I do know that by simply copying the file to a second machine, you can have access to Virex updates from that second machine -- something that all users can do because all users have read access to the file. This kind of careless disregard for the protection of a .Mac user's credentials -- hashed or not -- is inexcusable.

If you're a Virex user, please check for the above-listed files and delete them if you find your .Mac info in them. And to prevent their creation in the future, don't customize your eUpdate settings!