Category Archives: Technology.

Rattling noise coming from your LG Nexus 4? Don't worry, that's by design.

By Rodrigo Ghedin, on Flickr

After waiting what seemed like an eternity for my Google/LG Nexus 4, I was concerned (to say the least) when I realized that every time I set it down, I could hear a slight rattle coming from somewhere inside the phone.

If you gently tap or shake the Nexus 4, you’ll hear small, concerning rattle inside the phone. It’s very noticeable if you tap up near the camera on the back side of the phone. It sounds quite unnerving.

Sadly, sending the phone back won’t do you any good, your replacements will have the same problem. According to T-Mobile’s support pages, the “SIM Socket Lever has a small degree of freedom when placed back in the phone”, and therefore rattles when shaken or tapped in the right way. If you dig far enough into many phone forums, you’ll also find many users reporting the issue… many of them sending their phones back to LG, only to find the issue in their replacement.

It’s unfortunate, because every time I set my phone down, I hear that rattle, and it reminds me that while the Phone is state-of-the-art in terms of Software, it has a long way to go in terms of material.

LogMeIn.com Security/Data breach affecting many users – LogMeIn largely quiet

Today I found that, like many other LogMeIn.com (NASDAQ: LOGM) Users (at least 6 pages worth on their support forums), I was the victim of a data breach. Somehow, the e-mail address I use to manage my LogMeIn.com account had been accessed by an unauthorized party, and used to send me spam e-mail.

Like many technology professionals, I use a variety of email technologies that allow me to create individualized e-mail addresses for specific services. Only the said service has knowledge of this email address. The address is not provided to any other service, or entered on any other website. Under most circumstances, I’m not even able to send email from these aliased addresses, so there is very, very few ways a spammer can get an address without a data breach.

Adding credibility to my concerns are the 6 pages of concerned tech-savvy individuals on LogMeIn.com’s support forums, making exactly the same claims. The real concern here, is what exactly was compromised? Was it just e-mail addresses? Was it an entire table with username/password data? Was my password properly hashed?

There are no responses from LogMeIn.com (other than an annoying “Don’t share your password with anyone and don’t click on any links!” response) on the forum, and only one other researcher has heard from LogMeIn. The response being that while an investigation is ongoing, there is no evidence a breach occurred.

I dispatched an e-mail to Marton Anka, CTO of LogMeIn.com, regarding this issue, but thus far, have not received any response. The forum is also filled with comments about how the issue remains unaddressed, and inquires continue to go unanswered. At the bottom of this post is a copy of the e-mail I dispatched to Mr. Anka.

Have you been affected by this issue? Leave a comment below.

Marton,

I’m writing to you today to let you know about a potential data breach with LogMeIn.

As a security process, I register different websites/services using different e-mail addresses on a variety of domains that I use. My primary domain, {redacted}, is a domain that I use for services that I consider to be important, containing personal information, or services that I use often. LogMeIn received an e-mail address on my domain.

Today, I received an e-mail, forged from adp.com, with a virus attached to it today. This e-mail was addressed to {redacted}, which is my logmein username.

This e-mail address exists nowhere else in the world. It has never been typed in or entered into another website, other than logmein.com, and has never been typed into a computer that I did not directly control and personally maintain. I do not use it for any correspondence. The address cannot send e-mail (It’s technically not possible at the moment, due to the fact that the address doesn’t actually exist, but is just aliased to my domain), so it’s not as though the e-mail was obtained via some FWD that I sent on to my grandma and list of 15 friends.

In my mind there are a few possibilities, in no particular order:
A. LogMeIn was compromised, either internally, or externally
B. LogMeIn sells personally identifiable information to 3rd party sources, which then resold my information to a spammer
C. My LogMeIn clients were compromised, and the LogMeIn software clients do not adequately protect the credentials they have
D. My personal client/browser was compromised, and observed me entering credentials into your website

I’m not sure which of these is the case. Perhaps there’s an element I haven’t yet considered. As for item D, I only use my corporate computer which has a strong domain policy, anti-virus, and the like. I work in a government regulated environment, lessening the likelihood I have some rogue, credential-capturing virus. As a computer security hobbyist, I certainly hope the fault does not lie with my machines. In remaining objective, I admit it remains a possibility.

I’m not sure how to proceed from here, but I consider the matter serious. I decided to address you directly, as I figured your support staff was unlikely to be educated on how to properly investigate and escalate this issue.

I have the e-mail in my inbox, but I did not forward to you as I didn’t want to risk your spam/virus filters intercepting the forward. I’m happy to make it and it’s headers available to you. I’m also happy to discuss the technical details of my email system, and domain configuration, as necessary, in order to validate my concerns.

If you’re not the right person to begin addressing this issue, please forward it to the right party for me. I appreciate your time.

With regards,

{redacted}

The inside of a RedBox machine

I had an opportunity to snap some photos of the inside of a RedBox the other day, and thought it’d be fun to share them here. Click through for higher resolution:

I'd love to tap on some of these buttons. What do you think "Secure Browser" is? I wonder how you get to the 'Field maintenance App'. Maybe it's only available when the door is open? Otherwise it's probably similar Konami code.

The doors are open!

You can see the modem in the bottom left there

A clear shot of the Wireless modem

Another shot of the wireless modem, showing the SprintWireless card.

A standard Windows workstation by Dell

A classic UPS. I guess they're not taking any chances?

This closed box actually looks like it's one of the wheels movies go into, that you see above. I'm not sure if they can just replace one "wheel shelf" with another or not.

Another shot of the "Wheel Shelf" as she's putting it into the bottom for storage?

The modem and other hardware in plain view.One more shot, just because.

 

As Rebecca Black would say: “FUN FUN FUN!”

Facebook Restricted List – It's broken. They can see everything… (sometimes)

How many people have used the ‘Restricted list’, thinking their newly ‘friended’ boss will not see all of those disparaging comments made about work, only to find out later that Facebook removed those restrictions without permission?

As sites like Reasonstohate.com continue to expose the dangers of posting publicly, Facebook seems to be in a never-ending attempt to reassure the public that they take privacy seriously. In their latest attempt, they’ve taken a page out of Google +’s book and implemented easier to use “lists”, which are similar to circles. Lists allow Facebook users some granular control over their posts, allowing work friends to see work posts, and neighbors to see neighbor posts, and prevent those worlds for colliding with each other. Unfortunately, there’s a major defect in the way one of these lists work.

Adding friends to lists

When you send a person a friend request on Facebook, you’re also given the opportunity to add that person to your lists, at the same time. That means you can invite a person to be your friend, and classify them as a friend, neighbor, or even add them to the restricted list.

What’s the Restricted list?

The Restricted list is a special list created by Facebook. Let’s hear it directly from them:

When you add someone to your Restricted list, they will only be able to see yourPublic content or posts of yours that you tag them in. So if you put your boss on your Restricted list, post a photo and choose Friends as the audience, your boss (and anyone else on Restricted) won’t see that photo. However, if you add a tag of your boss to the photo, we’ll let them know they’re in it. If someone else tries to tag your boss in one of your photos, you’ll get to approve this tag from your pending posts.

What’s the problem?

When you send someone a friend request, you can also add them to multiple lists at the same time. For instance, when I add a neighbor I don’t know real well, I might add them to “Neighbors” and also to “Restricted”. This allows me to be friends with them and see their posts, but they’ll only see a limited amount of my posts instead of some of the more personal posts I’ve made. Unfortunately, as soon as that person accepts my friend request, they’re automatically removed from the Restricted by Facebook. The other groups are left in place, but the Restricted group is removed. This unfortunately means that any new ‘Restricted’ friends have access to my whole Facebook history until I remember to go and re-add them to the Restricted list. Go ahead! Try it.

I’m unsure if this is intentional functionality (If it is, it’s horrifically stupid) or if it’s a software bug. Either way, it’s a major limitation on the Restricted functionality. Facebook touts it as a way to keep private things private, but they automatically remove that barrier under conditions not made clear in their documentation.

How many people have used the Restricted list, thinking their newly added boss will not see all of those disparaging comments made about work?