2010-03-16
Unlocking and upgrading the Huawei E5830 MIFI
About a month ago my laptop slid off of a chair, my Huawei E160G bore the brunt and died instantly. It was a year old and had given good service but I had previously had problems with sharing the internet with devices such as my Sony PS3, Microsoft XBOX 360, Apple IPOD or Sony PSP. My old solution was to plug a wireless router into my laptop and share the internet connection with the router. It was a bit fiddly but it did the trick. Now I had a new solution and it came in the form of the all-in-one Huawei E5830 MIFI; a wireless router and GSM based broadband modem.
I live in Dublin, Ireland ... as such I battle everyday with obscene profiteering from Irish retailers over UK counterparts. With that in mind it wasn't a difficult decision over purchasing the device from 3 Ireland in Dublin at €109 (approximately £98) or from 3 UK in Belfast, UK at £49.99. Twice the price. I had previously written to 3 Ireland about their pricing strategy and was told the following by 3 Ireland's customer service department:
"It is unfortunate to know that you are not happy with the difference in the cost of the modems offered in UK and Ireland. 3 Ireland and 3 UK are run as completely separate companies as they are based in two different countries. We purchase our modems separately for each market. As the Irish market is a smaller market, we buy a smaller amount of modems and therefore the cost we pay per modems would be higher as compared to the UK."
... I have discussed this with a number of colleagues and the first response from all of them was "Bullsh*t".
So I took a trip up North and spent £49.99. As with mobile phones, network operators lock their devices to protect against people profiteering from competitor pricing strategies. 3 UK and 3 Ireland are no different. In order to use my device my first challenge was unlocking the device to all networks.
There appears to be several methods, one method employs purchasing an unlock code and unlocking using an application called CardLock_Unlock.exe created by Huawei. More information can be found on this method here. The other method is the one I used:
1) Download the DC Unlocker Client from DC Unlocker, the actual link to the download I used is here. (The version I used is 1.00.0436)
2) Once I installed the application I elected to run it in administrator mode. This helps prevent security/hardware issues. Right-click on the shortcut and select "Run As Administrator".
3) When the application has executed you will need to purchase 15 credits for the unlock. This costs 15 euro. I paid by PayPal. You also need to register in order to purchase the credits, just click on the big blue "Buy Credits" button.
4) With your modem turned off place it into maintenance mode. Press and hold “Mobile Dial Key”, and then press “Power Switch” button for 5 seconds until the red signal LED and yellow battery LED are shown.
5) Plug your device into your computer using the USB cable provided. Wait for any drivers to be installed before proceeding.
6) When the device is plugged in and installed select "Huawei datacards" from the "Select manufacturer" drop down.
7) Under "Select model" choose "_Auto Detect (recommended)_".
8) Now press the search button. This should detect your modem.
9) Click on the "Unlocking" drop-down and hit "Unlock".
If that sounds all very easy, believe me when I say it was not. I used three laptops, only one of which was able to detect the modem using the DC-unlocking software. In addition it took several attempts to unlock, rest assured that despite the failed attempts the credits were only used upon the successful unlock. No wasted credits.
So after successfully unlocking the device I was then able to plug my 3 Ireland SIM card into the device and receive 3 Ireland network coverage ... no more red network icon! Hurrah!
Of course now we have a new problem; the APN (Access Point Name) is set to the original network provider, in my case 3 UK. Using the interface software provided you are able to set up a new network profile and make that the default. This will ensure that when you dial the connection using the device button OR the software you are dialing the correct network.
So now you are thinking; "Are we done now?" ... not exactly. The Huawei E583x series devices come with a built in admin interface served over HTTP. Unfortunately 3 have decided in their infinite (read: non-existent) wisdom, that customers don't need this so they disabled it. The web admin interface provides a number of useful features including device information including traffic, battery, network, etc. The only way of getting this back is to flash the device with a newer firmware.
I found two firmwares that re-enabled the admin interface:
Version 676
Version 716
As with the unlock you need to ensure you are in maintenance mode and that the Huawei interface application is closed. It might also help to ensure that the device is charged fully as it will take 15 minutes to flash fully before the device is rebooted.
I now own an unlocked, full-loaded MIFI. You can too. In your face 3 Ireland with your profiteering pricing strategies. In your face 3 UK for not understanding your customer's needs.
Useful resources:
How to update three huawei E5830 Mi-Fi firmware
Huawei E5 (E5830 / E5832 / iMo) firmware update available
Unlocking the Huawei E5830 with DC Unlocker Client
2009-09-30
Morro / Microsoft Security Essentials vs OneCare / Sybari / ForeFront
Unfortunately there is no "quick" answer to this "quick" question; "Morro" supposedly uses the same underlying engine as Forefront and OneCare. I have my doubts on how closely the engine operates compared to OneCare based on the fact that the Morro team based in Israel spent nine months recoding the engine under Ray Ozzie's watchful eye until release yesterday.
The Guardian has a good exclusive here.
Virus Bulletin (www.virusbtn.com) carries out the VB100 independent testing, the detection rates for OneCare were improving with each iteration of testing but you have to ask yourself the question of which operating system and architecture you are testing under. Some engines perform better under XP than they would under an NT based kernel. By the same logic, some engines can outstrip their peers under multiple cored processing or x64 architecture. I should know, I used to work for Microsoft and it was my job to constantly reassess engine performance against a number of different engines against a host of different architectures and operating systems.
Probably the best thing to do is set up an account with Virus Bulletin and compare the test results, but don't expect a clear black and white answer. OneCare served customers well ... you got good detection rates for known malware AND for potential malware under XP and Vista. If Morro is as good as OneCare then you get all that for free, that would be VERY good ... but there is a "but", and a big one ... Morro does something that OneCare didn't do and I expect this to affect the next iteration of VB100 testing greatly. Morro scans unknown potential malware in the cloud, when the Morro engine finds something it thinks might be malware it contacts servers at Redmond for hore powerful heuristic scanning. Good security sense but it may severely impact scan times for non-US based customers.
I have high hopes for Morro, Microsoft put customer security first and foremost with Bill Gates' vision of Trustworthy Computing and then seemed to backtrack in 2006 by charging for OneCare. Morro breathes life back into Gates' vision by ensuring that customer security comes before profits but will EU anti-competition legislation agree?
2009-06-29
Windows 7 and Anti Virus
Grisoft's AVG was always a popular candidate for installing on your third-cousin-twice-removed's laptop but there are plenty of alternatives out there for the home user. When looking for an AV engine of choice, ensure you choose it for the right reasons. I always consult the VB100 and AV-Test.org test results to make a more informed decision. With that said, I also conduct my own strenuous testing on the core components and interoperability with other core components, everyone has their own needs.
My latest AV engine of choice for home user installations of the Windows 7 Beta is either:
Windows Security Essentials Beta (32 bit / 64 bit downloads from Softpedia)
or
Avira's free desktop engine
... of course, there are others.
Whilst Microsoft have pulled their Beta downloads from the Microsoft website, the installs are still available through Softpedia as outlined in the links above. Avira unfortunately throws a few advertising pop-ups from time to time. The Microsoft offering does not. Interestingly, Microsoft's Windows Security Essentials (codenamed "Morro") is the replacement for OneCare which previously was a paid-for subscription based product.
I can't help but think that Microsoft's decision to launch a free AV product is one of their best ideas ever and is a definitive realisation of Bill Gate's Trustworthy Computing initiative. From a business perspective it will also help strengthen their business-end product Forefront which likely uses the same signatures as the free client. As end-users feedback false positives and contaminated files found through heuristic analysis from the home user market, the new signatures developed will strengthen the business product also. This is an incredibly astute business decision and also a very responsible outcome from a long-term security perspective.
2008-03-05
Batch script removal of Macromedia Flash - the SECURE and EXPLICIT clean removal.
I loved scripting and I loved getting rid of all that useless bundled trash that usually causes servers to run as slow as handheld games consoles. I also made it my personal mission to reduce every server's attack vector to something more manageable ... server administrators will know what I'm talking about here.
So it is with great delight that I take on the odd scripting challenge these days. My system administrator was trying to get rid of Macromedia Flash from all of the servers and I didn't blame her. Flash has been known to be a bit of a security vulnerability from time to time and a patch management headache especially as there is no legitimate reason for having it on a server. It's kind of like carrying a spare tyre on a scooter.
I was quite shocked to find that there were loads of complaints about this but no actual real batch script to deal with the problem. Most people were having access denied issues and other permission related errors. Here is my batch script listing:
c:\windows\system32\macromed\flash\uninstfl.exe -silent
@ping 127.0.0.1 -n 2 -w 1000 > nul
@ping 127.0.0.1 -n %1% -w 1000> nul
CACLS C:\WINDOWS\system32\Macromed\Flash\flash*.ocx /T /E /G EVERYONE:F
rd /q /s c:\windows\system32\macromed
mkdir c:\deleteflash
echo Dim WSHShell > c:\deleteflash\regdelete.vbs
echo Set WSHShell=Wscript.CreateObject("Wscript.Shell") >> c:\deleteflash\regdelete.vbs
echo WSHShell.RegDelete "HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer\SafeVersions\" >> c:\deleteflash\regdelete.vbs
echo WSHShell.RegDelete "HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer\" >> c:\deleteflash\regdelete.vbs
echo WSHShell.RegDelete "HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\" >> c:\deleteflash\regdelete.vbs
c:\deleteflash\regdelete.vbs
@ping 127.0.0.1 -n 2 -w 1000 > nul
@ping 127.0.0.1 -n %1% -w 1000> nul
rmdir c:\deleteflash\ /s /q
The reason for all the issues in clean removal is that the file(s) flash*.ocx has DENY permissions set for the EVERYONE group, hence the access denied error. Now why Macromedia would want to deny access to everyone is anyone's guess.
I scripted CACLS to give EVERYONE full control permissions before promptly sending it to oblivion. I say file(s) because there are about five or so versions on the the Windows servers I was looking at:
- Flash6.ocx
- Flash7.ocx
- Flash7a.ocx
- Flash7b.ocx
- Flash7c.ocx
- ... etc
So much for baseline management huh? No server was the same as the next.
Anyways, it negates the use of the Macromedia Flash cleaner listed on their website which is an executable file with no viewable source! Sneaky huh? Seems like a big file for what should just be the same as my script! Who knows what else they have in there.
In addition to the above, the script creates the regdelete.vbs script and deletes itself too. So there is only need for one remote batch script. Enjoy.
2007-11-26
Marketing AV in Tallinn, Estonia
I was lucky enough to be visiting Tallinn that weekend and went along to see what all the fuss was about, imagine my surprise to see scantilly clad ladies marketing Kaspersky's Anti-Virus software in a way that I have never seen Anti-Virus software marketed before. The three ladies were approximately twenty years of age and all dressed up as little red riding hood but with a more considerable amount of cleavage, incredibly short skirts and fishnet stockings. They were quick to hand out a copy of Kaspersky's "Personal Security" edition of their Anti-Virus product from a woven hand basket. What an incredibly small box, what was inside? A USB memory stick with Kaspersky on it perhaps? It couldn't be a CD, even the mini CDs would not fit in that. Instead I found one packaged condom, not software but "soft-wear"!
I stared at it for a while in disbelief, it was a clever marketing ploy but I wondered whether this kind of marketing would alienate business users. But the more time I spent in Tallinn the more I realised that this was a perfect marketing ploy. Tallinn is the seventh most technologically advanced city in the world and the New York Times recently proclaimed it the "Silicon Valley on the Baltic Sea". Free wi-fi is available all over the city and indeed over a great proportion of the urbanised country. Wherever you go you will see young professionals and students alike with a coffee in one hand and a laptop sitting on park benches or in one of the many new cafes and bars that have sprung up in the wake of communism. Unlike most of the old Eastern Bloc countries, Estonia is managing to retain the young demographic where most other countries are losing the young portion of the population to the West. The answer is simple, Estonia is investing in it's future, it wants people to stay. Kaspersky was marketing to the young dynamic population that is responsible for the likes of Skype and Kazaa ... and it's working. (Thanks to Michal for taking the time to take the photos above)
2007-10-16
Flickr Security Part 1 - Your Personal Profile
I'm a photographic hobbyist which makes Flickr a really cool place for me to safely exhibit photographs anonymously or otherwise. However, with any registered service you will exhibit an online presence, here is my privacy best practices:
Personal
- Buddy icon - Choosing an icon that does not directly resemble you is probably a good idea, you don't have to be a registered user to see this so in actual fact your icon is visible to the world. If you do choose a self-portrait then be sure it is suitably obscure and does not exhibit any distinguishing marks, scars or have a picture of your house/car/workplace, etc. All of those elements can lead to a full disclosure of your personal details. Likewise, avoid posting pictures of others. More about this later.
- Your screen name - There is so much that you can do wrong here, it depends on your vigilence. If you decide to call yourself dublingirly1982 or dubchick25 I can safely assume you are Female, you live in Dublin or you were born there perhaps. I could also safely assume you were either 25, born in 1982 or both. All of this information could be used to profile you or even to break passwords. I once saw a screen name that identified a single residential address. Another point of caution is to avoid using screen names that you use elsewhere, cross referencing allows other people to use two or more online profiles with the same screen name to "fill in the blanks" or to use profile information from one service to break passwords or identity checks on another service.
- Your profile
- First and Last Name - It isn't mandatory so why put it there?
- Your Timezone - Over a 100 million people live in my timezone so I don't see this as particularly revealing.
- Gender - 50% of the world is Male, once again I see no harm in telling the world I'm Male.
- Singleness - If you want a date, go to a dating website, don't advertise your singleness here. If you have a need to tell the world you are married to avoid those seeking more from their online endeavours then by all means say so ... otherwise I would recommend not the "Rather not say" option.
- Describe Yourself ... - Be sensible, try not to put anything in here that could be used by itself or in conjunction with other information to reveal your identity.
- Online bits
- Your website address - Personal websites can be used for information gathering and social engineering. I would only list a website if you are a professional photographer looking to drum up business for your own personal online portfolio or otherwise.
- Website name - Only required if you list a website address (see above).
- AIM (AOL IM), MSN Messenger, Yahoo! IM, ICQ - Listing IM addresses not only reveals which services you use and thus allows cross referencing of information, but can also be used to determine your online status.
- Offline bits
- Your Occupation - No need to be too specific here, I don't think I need to explain why listing yourself as a prison security guard, model, bank clerk, etc. can lead to targetted social engineering attacks and worse.
- Your Hometown, City you live in now, Country, 3 letter airport code - More than a million people live in my town so I dont perceive this to be a real threat. This is not personally identifiable information so is harmless. If someone came up to you on the streets of New York and said "You live in New York" I doubt you would find the level of knowledge particularly disturbing. The same is true here.
- Things you like...
- Interests, Favorite Books & Authors, Favorite Movies, Stars & Directors, Favorite Music & Artists - All of this information can be used to crack passwords, ever been asked to specify a secret question like "Name your favourite movie" or "What is your faourite band?". I thought so. Information like this is invaluable for people who are trying to crack passwords or circumnavigate security systems like online banking or web based email accounts. Due diligence is key here, if you have ever listed Forrest Gump as your favourite movie ... don't put it down here.
- Your profile privacy
- Email address - Flickr has an anonymous mail function, this should be set to "Nobody" unless of course you wish to share files with your contacts in which case set it to "Contacts".
- Instant messaging names - if you chose to specify an IM name this should be set to "Friends and family". If you did not set this option then it shouldn't matter what the level is set to.
- Real name - If you chose to specify you real name this should be set to "Any Flickr member" which is the highest level. In my personal opinion this should have the option "Nobody" but that option does not exist.
- Current city - Any option would be suitabel and should pose no security threat, however, if like me you are paranoid then you may wish to set this to "Any Flickr member" which is the most secure option available.
- Hide my profile from searches? - I don't really see this as a perceivable threat, hiding your profile from searches does not really add any real benefit if you have followed the rest of my advice.
- Hide my EXIF data? - If you own seriously expensive camera gear you may want to consider enabling this option. The EXIF data contains the make and model of your camera and can also give an idea of what lenses you have.
2007-08-14
A guide to Facebook's security settings aka Facebook Security for the Unitiated!
The developers at Facebook have implemented some of the best privacy settings I have seen in a social networking tool. These can be found in the "privacy" menu on the top right of a profile page. Here is my version of proposed default settings:
Profile
- Profile: "Only my friends" (allows only your added friends to view your profile details.) HIGHEST LEVEL AVAILABLE
- Status Updates: "Only my friends" (allows only your added friends to view your status updates.) HIGHEST LEVEL AVAILABLE
- Videos Tagged of You: "Only my friends" (allows only your added friends to view videos of you, can also be set to "only me".)
- Photos Tagged of You: "Only my friends" (allows only your added friends to view photos of you, can also be set to "only me".)
- Online Status: "Only my friends" (allows only your added friends to view your online status, can also be set to "only me" or "no one".)
- Friends: "Only my friends" (allows only your added friends to view your friends list) HIGHEST LEVEL AVAILABLE
- Wall: "Only my friends" (allows only your added friends to view or add to your wall, can also be set to "only me" or "no one")
Contact Information
- IM Screen Name: "Only my friends" (allows only your added friends to view your IM screen name.) HIGHEST LEVEL AVAILABLE
- Mobile Phone: "Only my friends" (allows only your added friends to view your mobile phone details.) HIGHEST LEVEL AVAILABLE
- Land Phone: "Only my friends" (allows only your added friends to view your landline telephone details.) HIGHEST LEVEL AVAILABLE
- Current Address: "Only my friends" (allows only your added friends to view your contact address details.) HIGHEST LEVEL AVAILABLE
- Website: "Only my friends" (allows only your added friends to view your website details.) HIGHEST LEVEL AVAILABLE
Contact emails
- Personal email addresses: "Only my friends" (allows only your added friends to view your personal email addresses, can also be set to "no one") Facebook also obscures this by displaying it as a graphical image rather than plain text so that automated email address harvesters cannot grab it for spam purposes.
- Work or organisational email addresses: "No one" (Does not allow anyone to see your work or organisational email address. Ultimately, work and organisational email addresses are for that purpose only. By allowing others to see that email address they can use it for purposes outside of your control, such as sending pornographic material, viral code, phishing emails, etc. Organisations have been known to take legal action against individuals who publish work email addresses because they allow attackers an insight into email address structure, etc. Additionally, it is in your best interest to use a personal email address that is not affiliated to somewhere you might not even be at a year from now!) HIGHEST LEVEL AVAILABLE
Applications in your Profile
These should be on a case-by-case basis, I have set all my applications to be either "no one" or "only my friends". Why on earth would you want to set your posted items to be viewed by everyone in your country level network for example? Simple answer, there isn't one.
Search
- Who can find me in a search: "Everyone" (Allows all Facebook users to view your public profile, more about your public profile in a minute. This is a good case of security where needed, if you were to lock this setting down to no-one then there would be no point using Facebook! In order for a social network website to work you need to be able to network! However, we can control what the Facebook population can view in a search, more details below.)
- Allow anyone to see my public search listing: YES (This allows public search engines to view your profile)
- Allow my public seach listing to be indexed by external search engines: NO (This means that search data cannot be cached by search engines, if you change your name for example, you won't be found from a previously indexed search.)
- See your picture: NO (Why? Isn't a name good enough, let them send you a message first so you can see if you want them to view your picture. People can use photographs for social engineering purposes.) HIGHEST LEVEL AVAILABLE
- Send you a message: YES (No harm in messages)
- Poke you: YES (No harm in "poking" :-D )
- Add you as a friend: YES (People can add you as a friend, of course, this is a reciprocal two step process. Someone can only be your friend if both people add each other as friends and thus confirm the relationship.
- View your friend list: NO (Why should an otherwise complete stranger be able to see who you are friends with. Take this example, someone who you do not wish to be affiliated with wants to confirm which one of five profiles is you from a search, by viewing your friends list they may be able to confirm which one is you and use your friend list as information to target a social engineering attack.) HIGHEST LEVEL AVAILABLE
News Feed and Mini-Feed
Changing your profile can trigger news alerts regarding those changes to your friends. Whilst your friends are ... well ... your friends, they might not always be your best friends. Certain events you may not wish to advertise to colleagues, co-workers or friends in general. This is my list:
- Remove Profile Info: NO
- Write a Wall Post: NO
- Comment on a Note: NO
- Comment on a Photo: YES
- Comment on a Video: YES
- Comment on a Posted Item: YES
- Post on a Discussion Board: YES
- Add a Friend: NO
- Remove my Relationship Status: NO
- Leave a Group: NO
- Leave a Network: NO
- Show times in my Mini-Feed: NO (Because these times can show when you are online.)
Poke, Message and Friend Request Settings
When you poke, message or add someone as a friend you allow them to see your profile, whilst this is useful you may wish to limit some of the information you allow others to view. These are my settings:
- Basic Info: NO
- Contact Info: NO
- Personal Info: YES
- Education Info: NO
- Work Info: NO
- Wall: NO
- Photos Tagged of Me: YES
- Videos Tagged of Me: NO
- Online Status: NO
- Status Updates: NO
- Friends: NO
- Posted Items: NO
- Notes: NO
- Groups: NO
Essentially, if someone wants to know who I am they should only need the most basic of personal information and a photo or two. From there people can then add you as a friend to have access to more information. Any supplemental information such as work, telephone, networks, etc. is purely open to abuse from a social engineer.
Applications
A little note about Applications, they are written by third parties. Do you really want the writer of an add-in application to see your religious or political views? Or what sex you're interested in? Probably not. Be sure to uncheck all available options in the "What Other Users Can See via the Facebook Platform" settings option.
Block People
Does exactly what it says, this stops the specified users from acessing your profile or even seeing it in a Facebook search. Userful huh? It even blocks unwanted communications from the user within the Facebook tool.
Limited Profile List
This little option allows you to limit your profile to a level specified by you for certain added friends. Useful if you wish to have two different levels of profile; one profile for friends and one for work colleagues for example.