Wednesday, February 28, 2007

Get Less With The “Get More” Mobile Network

I find this infuriating because I am PAYING for that connectivity! Doesn't T-Mobile realize that stupid stunts like these are going to drive their customers right over to the iPhone? Caption & Image Credit: Gearlog

Get Less With The “Get More” Mobile Network

Ever wonder why consumer societies in other countries like Japan, Korea, The Netherlands, and etc. are able to use their cellphone for more than … well, email?

It comes down to the restrictive policies of the mobile networks themselves, Symblogogy does not begrudge business operations trying to make more money from the system services they offer but the truth is, it has long been held, that a business effort really has nothing unless it gives just a little away.

In a day and age where physical world connection and hyperlink applications are being developed and deployed at a dizzying pace, where 3D symbologies are being created that would deliver content (up to 20 seconds of video with sound without using the mobile network) directly to phones (with the appropriate software), where the mobile phone can be and is a consumer information device, a wallet for vending machine transactions, a venue access device, a music platform, a portable video entertainment delivery theater, and more – Why isn’t the American consumer society able to be at the leading edge of these functions and applications?

One answer – the mobile network service providing community.

Excerpts and selected comments from Gearlog -

T-Mobile Disses Opera, Says "Get Less!"
Gearlog - Tuesday January 30, 2007

Testing some T-Mobile phones recently, I once again ran into T-Mobile's annoying policy of banning third-party applications from accessing the Internet on their phones. Like so many infringements on our liberties, this started stealthily with a few devices but now covers their entire product line.

This means T-Mobile feature phone users are prohibited from surfing the Web with Opera Mini, checking maps on Google Local for Mobile, listening to podcasts with Mobilcast, and using any other form of software not pre-approved by T-Mobile.

T-Mobile cites meaningless "security" concerns as reasons for attempting to severely cripple the mobile software development industry, but their hypocrisy is painfully clear when you remember that these apps work fine on T-Mobile's network, using T-Mobile SIM cards, if you buy your phone directly from a manufacturer like

This idiotic policy doesn't even work in T-Mobile's interests. Third party software encourages people to use data services, which encourages them to sign up for data plans, which makes T-Mobile money. A more liberal policy on mobile apps also might help the nation's #4 carrier win customers away from control freaks like Verizon, with their strictly limited set of applications.

T-Mobile's motto is "get more." So it's painfully ironic that nowadays, they let you "get less" -- locking out much of what their phones can do in a pointless, incomprehensible attempt at control. My solution: instead of buying phones through T-Mobile, go direct to manufacturers or through independent retailers that offer non-T-Mobile-branded GSM phones, then drop your T-Mobile SIM card in. (It'll work fine.) That way you'll get your T-Mobile service, and much, much "more."
Reference Here>>

Selected Comments:

Posted by: ron mexico - January 30, 2007 6:48 PM

Um, okay. Perhaps you should do a little bit of research before tossing around the blame so freely. T-Mobile doesn't lock their devices down like this, subscribers just have to pay for the proper level of data access.
Posted by: Sascha Segan - January 30, 2007 10:41 PM

Ron, I have gotten this confirmed by T-Mobile corporate. I have a tester SIM that has access to everything, and the applications are locked out in the new handsets I have been testing this week. You may have an older handset, before this insidious policy spread. I used to tout T-Mobile for their liberal policies on third party program installation, and I'm very disappointed in the change.

Tony, I maybe didn't make clear enough that this is a feature phone problem. No carrier, not even Verizon, dares forbid application installation on smartphones such as Blackberries, Windows Mobile phones, or Treos.
Posted by: Ron - January 31, 2007 12:21 PM

Sounds to me like Sahsa has issues with anger management.

Perhaps she's upset because T-Mobile wouldn't give her all the freebie's she thinks she is entitled to as a magazine hack?

All I can say is "get over yourself and move on to real reporting.Better yet,get a real job that requires some semblence of actual physical exertion".

Posted by: phoenix - January 31, 2007 3:26 PM

Ron: Sascha's a he.

Also, HE is spot on here. What level of "access" are you referring to that allows T-Mobile to violate their terms of service and corporate policies? Perhaps you're referring to buying a smartphone as a "level of access?"

In that case, you might want to "exert the effort" to clarify your point. Sascha has laid his cards on the table here, if you think he just needs to "get over it" or hasn't "researched" enough, then let's see your cards.

It's not Sascha's anger management that needs work here, looks like yours-you can hardly make a point without flinging insults.

In real commentary, this doesn't surprise me one bit. By locking down and crippling features, cellular providers can funnel you into their own preferred services, and leave plenty of room for them to offer "enhanced" services and applications down the road that you'll have no choice but to opt-in with them for, and you have no choice but to believe that your device CAN'T do x or y without their specialized app.

We've seen this from the way Verizon cripples its bluetooth phones and media functionality, making you believe the only way you can get music and photos onto your phone is either through their services (for music and pictures and video) or through your camera (for pictures and video).

I sadly see this trend moving in the wrong direction, personally, as there's less competition in the marketplace for cellular services, and the message to customers is "if want these services that you seem to know every one of our phones is capable of, you'll have to buy special 'versions' of the phones, or upgrade to significantly more expensive devices," and that's a real shame.
Reference Here>>

Anger management comments aside, at Symblogogy we believe - Less Is More - meaning less control over applications and hardware is more service from the mobile network service provider. By opening up the restrictions, the retailer for the service provider would actually make more money (software and hardware sales) as opposed to providing protection for the consumer as well as the enterprise mobility marketplace.

Truth is, one can have access to the applications and services that open up the function of the phone with the purchase of hardware directly from the manufacturer.

Saturday, February 24, 2007

Beyond Memory Spot & Memory Dust to Memory Powder

Hitachi’s new RFID chips, pictured here highlighted next to a human hair, are 64 times smaller than their first super miniature - mu-chips. Image Credit: Hitachi

Beyond Memory Spot & Memory Dust to Memory Powder

Symblogogy visited the Popular Science Magazine's "Best Of What's New - 2006" breakthrough and application of Memory Spot manufactured by Hewlett-Packard thinking that this form factor was pretty much about as small as RFID would or could get ... and then along comes Hitachi.

It turns out that they have been miniaturizing RFID memory ID devices for awhile now and getting these devices down to a rough dust size ... the "dust" just got smaller.

mu-chip size as compared to a grain of rice. Image Credit: Hitachi

The breakthrough announced by Hitachi in Japan (February 13, 2007) has the size of an RFID capable particle going from a 0.4 X 0.4 mm square "mu-chip", to last year's breakthrough at 0.15 X 0.15 mm square all the way down to a 0.05 X 0.05 mm square powder size.

One wonders what additional applications are achieved just by going from "dust" to "powder" because the dust was already targeted for use by embedding in paper documents such as checks, paper currency, retail gift certificates, and covert tag identification.

Diagram of mu-chip in an embed application in sensitive and trace documents. Image Credit: Hitachi

The cost is unknown, but at a 5 micron thickness one can imagine powdering an area to help identify, at a later time, who or what may have visited the area that had been powdered. Hitachi said that the powder will be commercially available in 2 to 3 years.

Would anyone notice this RFID powder if it were placed into food or even drug items? Just asking.
Reference Here>>

Saturday, February 17, 2007

Subliminal Advertising With A PWC/PWH Twist

The phone can read invisible images on printed paper. Image Credit: BBC NEWS

Subliminal Advertising With A PWC/PWH Twist

And you thought this digital … phone connection (hyperlink) stuff would never catch up with you.

Fujitsu has been working on a way (whitepaper PDF released July 2005) by which printed materials like advertisements, articles and other printed communications could lend themselves to be more effective and connected at the same time.

In a process called Steganography, Fujitsu has perfected a method whereby a reference barcode or QR Code can be embedded in a photo or other printed article and the reader of this printed material would be able to take a photo with his cellphone camera and instantly be connected (via physical world connection or hyperlink - PWC or PWH) to a website for additional information.

A hidden latent image is placed within the printed material that the human eye cannot see but the camera could pick-up and decode for additional functionality.

Excerpts from BBC NEWS -

Hiding messages in plain sight
Steganography can be embedded as part of the normal printing process
BBC NEWS - Last Updated: Thursday, 15 February 2007, 07:35 GMT

A technology that can "hide" information in plain sight on printed images has begun to see the first commercial applications.

Japanese firm Fujitsu is pushing a technology that can encode data into a picture that is invisible to the human eye but can be decoded by a mobile phone with a camera.
"The concept is to be able to link the printed page into the digital domain," said Mike Nelson, general manager for sales operations at Fujitsu Europe.

The technique stems from a 2,500-year-old practice called steganography, which saw the Greeks sending warnings of attacks on wooden tablets and then covering them in wax and tattooing messages on shaved heads that were then covered by the regrowth of hair.

Fujitsu's technique works by taking advantage of the sensitivities of the human eye, which struggles to see the colour yellow.

"The key is to take the yellow hue in the picture and we skew that ever so slightly to create a pattern," said Mr Nelson.

"A camera is perfectly sensitive to that yellow hue but the human eye doesn't see it very well.

"Any camera, even those in mobile phones, can decode it very easily."

Pictures printed with the technique look perfectly normal but a camera can see the code printed into the image.

Screen image taken from a PDF whitepaper issued by Fujitsu titled "Steganography - Code Recognition Technology. Graphic example of how the PWH/Steganographic process works. Image Credit: Fujitsu PDF via ecj photo
That data could be a phone number, a message or a website link.

Printed materials can then connect to the online world by storing information which tells the phone to connect the web.

Almost any mobile phone can be used but a small java application must be downloaded before it can be used to decode the information. Other devices such as PDAs with a camera could also be used.
Once installed the same program can be used to read other codes on other products. It takes a few seconds for the phone to decipher the data.

And because most modern mobiles can connect to the net they act as a gateway to content that firms want to send to people who have decoded the steganographic pictures, such as music and video.

The first commercial use of the technology is in Japan where a Music Club has embedded codes into flyers it sends to subscribers.
Mr Nelson believes the technology is more useful than barcodes because of its invisibility and because it connects printed matter to the internet, via the phone.

"There's a lot of printed material out there today whether it be food wrappers, billboards, catalogues, phone directories and business cards and they are not going to go away.
"We need an added dimension to that flat material and linking that to the digital domain is what we are trying to do."

Mr Nelson does not believe steganography is competing with technologies such as RFID tags, tiny radio chips which can hold information and be scanned at a short distance.

"You have to physically mount a chip into the device - it's expensive and time consuming.

"Steganography can be embedded as part of the normal printing process."

Mr Nelson said he believed promotions and competition would drive take up of the technology as a prize would act as an incentive to use a mobile phone and download the decoding application.

Read All>>

Friday, February 16, 2007

Consumer Automation Made Easy At Smart Communications

Decode is a tool that simplifies the act of entering complex codes on a mobile phone. The system allows cameraphones to scan specially printed codes, called mobile codes or mcodes. These codes can represent web URLs, phone numbers or instructions that include keywords and an access number. All you need to do is scan and send! No more typing. Caption & Image Credit: Smart Communications

Last week, the Smart Communications mobile phone carrying person in the Philippines just became automated through the announcement of “Decode”.

With the download of Decode software, a camera cellphone user on the Smart Communications network will be able to turn their phone into an Auto ID/Physical World Connection powerhouse.

Highlight from advertisement for Smart Decode. Image Credit: Advertising Image – Smart Communications

Based on the simplified 2D format mCode symbology, the average consumer on the Smart Communications network with Decode on their phone will be able to access information, look at their phone account, share contact information, and connect via code to a whole new world of automated services.

Excerpts from a weblog description at CHETTE.COM -

Smart Decode -- Not quite ready, but seems alright
Written by chette (blog) - Sunday, 11 February 2007

Smart Communications launched Smart Decode yesterday. Although it's probably going to be used for a bunch useless promotions (Ringbacks? Seriously?), I just realized that this is actually The Solution to all the senseless typing of VAS ("value added services") commands.

Let me give you an idea:

"Type DUMMYKEYWORD space REGISTER space your FIRST NAME space YOUR LAST NAME space asterisk space YOUR ADDRESS space asterisk YOUR LANDLINE space asterisk, and send this to 999."

Sounds familiar, no?

Of course it does. This is the language that we Earthlings have learned from Pluto. Coincidentally, this is the same language that content partners decided to use in order to confuse, er, help users in using their SMS-based mobile services.

Need to download a wallpaper?

Type DUMMYWALLPAPER space PHONE MODEL space WALLPAPER NAME, shake it to the left, jump ten times, and send to 999.

With Smart Decode, this insanity will pretty much be eradicated. The content partner will simply generate a code (which can be printed in their posters, fliers, and print ads).

When you, The User, see this code, all you have to do is take its picture using your phone's camera. Almost instantaneously you will be presented with a nice interface where you can fill in forms, download your operator logo, etc. -- all in human readable form.

The code is called an mcode ("mobile code"). It’s a 2D barcode which stores information in a bunch of dots.

Examples - PWC/PWH "mCode" access codes from Decode. Image Credit: Advertising Image – Smart Communications

But ooh-la-la, mcode is not just for those boring content partners who can't seem to make a decent mobile application. We regular users, The Much Cooler Ones, can have a little fun of our own:

Contact information.

Definitely a lot more hip than sending a vcard thru bluetooth. Make your friends take a picture of your mcode (which you conveniently printed out & kept in your wallet). Voila! Your contact info will automatically be saved in their address books.

SMS message.

You can have an mcode to generate a specific SMS message. You can also have it sent to a predefined number.

URLs. Your mcode can contain the URL of your website.

When your friends scan it, they will be shown a link (which they can click to launch your website in their phone's browser).

Phone numbers.

You can scan an mcode to automatically dial a specified phone number.
In order to scan an mcode, you need to download & install Smart Decode (don't worry, you won't get charged for the download). Using your phone's browser, go to Click on the link on the website to install the software automatically (no need to mess around with those jar and sis files).

Take note that you need to use your Smart cellphone to download Decode. You cannot download the application using a Globe or Sun SIM, or even your good ol' DSL connection.

Some observations on Smart's credit (give two points for Smart over here!):

The application loads real fast even on a crappy Nokia 6600. It takes an average of 2 seconds for the software to "decode" the mcode. You can actually scan the mcode even if its tilted (it will just take a little longer to scan it).

There's something missing in the equation, though (gimme back those points, dear): The ability for users to create their own codes.

C'mon, Smart, share the love. Help us look cool with those mcodes in our pockets.

Reference Here>>

Tuesday, February 13, 2007

Symbology News Invades 3GSM Conference

Image Credit: Ecrio Inc.

Symbology News Invades 3GSM Conference

A PR Newswire release timed for the opening of the world’s premiere conference for GSM mobile phone communications (3GSM World Congress in Barcelona, Spain - February 12-15) highlights the announcement of a newly patented process.

The process helps to ‘Beam’ regular barcodes from cellphones to everyday barcode scanners at the PoS checkout lane.

With over 35 million barcode scanners used throughout North America in retail checkout applications, combined with the use of the MoBeam™ Service patented by Ecrio, the cellphone can now be employed as a primary consumer coupon redemption device for products sold universally.

Excerpts from PR Newswire -

Ecrio 'Beams' Barcodes From Mobile Phones to Scanners
MoBeam(TM) Service to be Integrated Into the Visa Mobile Platform
By PR Newswire - CUPERTINO, Calif., Feb. 12

Ecrio, a leader in real-time communications and commerce software for mobile phones, today launched MoBeam(TM), a patented new service ( United States Patent #6,685,093) that bridges the gap between mobile handsets and the global barcode point-of-sale infrastructure.

This new service will be available globally; Visa International, a leader in payment services, has agreed to integrate MoBeam barcode technology into Visa's recently announced mobile platform.

In addition to the service launch, Ecrio announced that the MoBeam value projector already has been tested on several leading mobile phones, including the ASUS P525, the Hewlett Packard iPaq, the Motorola Q, and the Palm Treo.

For years, technologists have known how to send barcode information to mobile phones (via email, WAP, SMS and more), but have been unable to transfer that barcode information (for tickets, coupons, gift cards, etc.) from the handset to barcode scanning devices. Issues with screen resolution, reflection and other technical limitations have prevented scanners from effectively "reading" barcodes displayed on a mobile device screen. MoBeam finally solves these longstanding problems, enabling the instant transmission of any barcode sequence from handset to scanner.

"MoBeam is the missing link between today's mobile consumer and a worldwide commerce infrastructure based on barcodes," said Nagesh Challa, Ecrio Chairman and CEO. "For instance, a traveler using mobile search functions can be sent a digital coupon, easily redeemed at point-of-sale via the traveler's handset."
Patrick Gauthier, Senior Vice President of Innovation for Visa International, said "Ecrio shares our commitment to deliver the convenience of mobile payments and services to consumers worldwide. We see MoBeam as a valuable enabling technology for barcode based value added applications using the recently launched Visa mobile platform."

Added Dr. Alex Sun, Vice President of ASUSTeK's Wireless Communication business unit, "As a leading handset supplier to several major European wireless operators, ASUSTeK is pleased to have the MoBeam technology showcased on our phones during 3GSM. MoBeam offers a whole new class of application that we expect will readily be embraced by today's mobile, savvy consumer -- regardless of geography."

Several companies in the current barcode ecosystem have expressed interest in MoBeam, along with major retailers and carriers.

Reference Here>>

Saturday, February 10, 2007

Cross Match Delivers Biometrics For “Snakes” In Iraq

The MV 100 offers in-the-field identity checks using a forensic quality fingerprint scanner, an integrated Personal Digital Assistant, a digital camera, a magnetic stripe card reader and wireless communications. The MV 100 uses the same optical technology found in Cross Match’s industry leading Verifier® fingerprint scanners capturing high quality fingerprint images regardless of skin pigment or the presence of stains from ink, dyes, grease, or dirt. Image Credit: Cross Match Technologies

Cross Match Delivers Biometrics For “Snakes” In Iraq

The military and police forces in Iraq have much in common with the police forces in major cities throughout the United States, especially those cities with organized gang activity.

For both efforts, quick field identification of suspected individuals who may be involved in illegal or deadly insurgent activity is a must in order to remove offending culprits.

At home, our police departments are provided full IT (information technology) tools, all of the way down to their patrol units, where the patrol officer can log-in and check available databases (many linked to nationwide networks) and have delivered to him all of the information he would need to make a proper assessment. Job done!

In Iraq, however, there does not exist the infrastructure to place all that equipment the average patrol car has but through technology, there is an answer.

The cornerstone to a database development system as well as a field tool that identifies people once the information has been captured is supplied by Cross Match Technologies. This portable tool combined with radio access to existing databases in Iraq may help the military and Iraqi security forces turn the tide in hunting down and stopping insurgent activity.

The Iraqi Army has a nickname for the “gang” of insurgents who seek to do harm to the citizens of Iraq – “Snakes”.

Excerpts from The Wall Street Journal’s Opinion Journal –

The Snake Eater
Give our troops the tools our cops have.
BY DANIEL HENNINGER, Deputy Editor – Editorial’s, The Wall Street Journal - Thursday, February 8, 2007 12:01 a.m. EST


A case study of how the U.S. got bogged down in Iraq.


If a cop in Anytown, USA, pulls over a suspect, he checks the person's ID remotely from the squad car. He's linked to databases filled with Who's Who in the world of crime, killing and mayhem. In Iraq, there is nothing like that. When our troops and the Iraqi army enter a town, village or street, what they know about the local bad guys is pretty much in their heads, at best.


Give our troops what our cops have. The Pentagon knows this. For reasons you can imagine, it hasn't happened.

This is a story of can-do in a no-can-do world, a story of how a Marine officer in Iraq, a small network-design company in California, a nonprofit troop-support group, a blogger and other undeterrable folk designed a handheld insurgent-identification device, built it, shipped it and deployed it in Anbar province. They did this in 30 days, from Dec. 15 to Jan. 15. Compared to standard operating procedure for Iraq, this is a nanosecond.

Before fastening our seatbelts, let's check the status quo. As a high Defense Department official told the Journal's editorial page, "We're trying to fight a major war with peacetime procurement rules." The department knows this is awful. Indeed, a program exists, the Automated Biometric Identification System: retina scans, facial matching and the like. The reality: This war is in year four, and the troops don't have it. Beyond Baghdad, the U.S. role has become less about killing insurgents than arresting the worst and isolating them from the population. Obviously it would help to have an electronic database of who the bad guys are, their friends, where they live, tribal affiliation--in short the insurgency's networks.
Some, like Marine Maj. Owen West in Anbar, have created their own spreadsheets and PowerPoint programs, or use digital cameras to input the details of suspected insurgents. But no Iraq-wide software architecture exists.

Operating around the town of Khalidiya, north of Baghdad, Maj. West has been the leader of a team of nine U.S. soldiers advising an Iraqi brigade. This has been his second tour of duty in Iraq. When not fighting the Iraq war, he's an energy trader for Goldman Sachs in New York City.

It had become clear to him last fall that the Iraqi soldiers were becoming the area's cops. And that they needed modern police surveillance tools. To help the Iraqi army in Khalidiya do its job right, Maj. West needed that technology yesterday: He was scheduled to rotate back stateside in February--this month.

Since arriving in Iraq last year, Maj. West had worked with Spirit of America (SoA), the civilian troop-support group founded by Jim Hake. In early December, SoA's project director, Michele Redmond, asked Maj. West if there was any out-of-the-ordinary project they could help him with. And Maj. West said, Why yes, there is. He described to them the basic concept for a mobile, handheld fingerprinting device which Iraqi soldiers would use to assemble an insurgent database. Mr. Hake said his organization would contribute $30,000 to build a prototype and get it to Khalidiya. In New York, Goldman Sachs contributed $14,000 to the project.

Two problems. They needed to find someone who could assemble the device, and the unit had to be in Khalidiya by Jan. 15 to give Maj. West time to field-test it before he left in February.
To build the device, they approached a small California company, Computer Deductions Inc., Its basic platform would be a handheld fingerprint workstation called the MV 100, made by Cross Match Technologies, a maker of biometric identity applications. The data collected by the MV 100 would be stored via Bluetooth in a hardened laptop made by GETAC, a California manufacturer. From Knowledge Computing Corp. of Arizona they used the COPLINK program, which creates a linked "map" of events. The laptop would sit in the troops' Humvee and the data sent from there to a laptop at outpost headquarters.

Regardless of whether a weapon system is wired or wireless, the biggest challenge facing any Military market is obtaining proper connection between weapons systems. Since reliability is a major factor under the toughest environment, only a rugged notebook such as the A790 can meet the challenge. The A790 can be modified to be equipped with special interface cards in its expansion bay allowing it to receive and transmit data between systems. Image Credit: GETAC, Inc.

Meanwhile, SoA began to think about how they'd get the package to Maj. West by Jan. 15. They likely would have less than seven days transit time after CDI finished.
This meant finding someone who could get into Iraq quickly.

The someone was Bill Roggio. Mr. Roggio is a former army signalman and infantryman who now embeds with the troops and writes about it on his blog, the Fourth Rail, or for the SoA Web site. He was at home in New Jersey, about to celebrate his birthday with his family. He agreed to fly the MV 100 to Iraq as soon as it was ready, in conjunction with an embed trip. With SoA's Michele Redmond, he started working out the logistics for getting to Iraq ASAP.
And so, a month from inception, Bill Roggio handed the electronic identification kit to Maj. West.

Fingerprinting and photographing the bad guys. Database development and identification in the field. Image Credit: U.S. Marines, The Iraqi Army via Opinion Journal

On the night of Jan. 20, Maj. West, his Marine squad and the "jundi" (Iraq army soldiers) took the MV 100 and laptop on patrol. Their term of endearment for the insurgents is "snakes." So of course the MV 100 became the Snake Eater. The next day Maj. West emailed the U.S. team digital photos of Iraqi soldiers fingerprinting suspects with the Snake Eater. "It's one night old and the town is abuzz," he said. "I think we have a chance to tip this city over now." A rumor quickly spread that the Iraqi army was implanting GPS chips in insurgents' thumbs.

Over the past 10 days, Maj. West has had chance encounters with two Marine superiors--Maj. Gen. Richard Zilmer, who commands the 30,000 joint forces in Anbar, and Brig. Gen. Robert Neller, deputy commanding general of operations in Iraq. He showed them the mobile ID database device.

I asked Gen. Neller by email on Tuesday what the status of these technologies is now. He replied that they're receiving advanced biometric equipment, "like the device being employed by Maj. West." He said "in the near future" they will begin to network such devices to share databases more broadly: "Bottom line: The requirement for networking our biometric capability is a priority of this organization."

As he departs, Maj. West reflected on winning at street level: "We're fixated on the enemy, but the enemy is fixated on the people. They know which families are apostates, which houses are safe for the night, which boys are vulnerable to corruption or kidnapping. The enemy's population collection effort far outstrips ours.

The Snake Eater will change that, and fast." You have to believe he's got this right. It will only happen, though, if someone above his pay grade blows away the killing habits of peacetime procurement.

Read All>>

Friday, February 09, 2007

Security Testing PDA Tool Hacks All WiFi

The palm-sized PDA tucked away in Justine Aitel's pocketbook just might be the most scary device on display at this year's RSA security conference. Aitel is roaming the hallways here with Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform. Image Credit: ZDNet/CNET Networks, Inc.

Security Testing PDA Tool Hacks All WiFi

Introduced at this year’s RSA Security Conference (Feb. 5-8, 2007 - Moscone Center, San Francisco), a pen testing tool produced by Immunity Inc. (a penetration testing company based in Miami Beach, Florida) offers covert wireless network hacking through the use of a PDA handheld computer.

Penetration testing (pen test) is a process by which a test of a network's vulnerabilities by having an authorized individual actually attempt to break into (exploit) the network.

The tester may undertake several methods, workarounds, and "hacks" to gain entry, often initially getting through to one seemingly harmless section, and from there, attacking more sensitive areas of the network.

Security experts recommend that an annual penetration test be undertaken as a supplement to a more frequent automated security scan.

What Immunity Inc. has been able to do is deliver a tool that automates the process of hacking into 802.11 (WiFi) access points and can be taken and used anywhere, anytime without drawing suspicion to the person using the device.

Excerpts from ZDNet “Tracking the hackers” blog post -

Wi-Fi hacking, with a handheld PDA
By Ryan Naraine - ZDNet @ 11:10 pm, February 6th, 2007

SAN FRANCISCO - The palm-sized PDA tucked away in Justine Aitel's pocketbook just might be the most scary device on display at this year's RSA security conference.

Aitel is roaming the hallways here with Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.
Silica is the brainchild of Aitel's Immunity Inc., a 10-employee penetration testing outfit operating out of Miami Beach, Florida. It runs a customized version of CANVAS, the company's flagship point-and-click attack tool that features hundreds of exploits, an automated exploitation system, and an exploit development framework.

Immunity uses the Nokia 770 Internet Tablet in the first version of Silica but Aitel says it can be customized for a wide range of hardware devices. You start it, run a scan, connect, run your exploit, get an HTML report of what was done. Image Credit: ZDNet/CNET Networks, Inc.

Running a customized installation of Debian/Linux running kernel 2.6.16, Silica comes with a touch-screen interface featuring three prominent buttons — "Scan," "Stop," "Update Silica."
The idea is to give pen testers a tool to launch exploits wirelessly in the most covert fashion. At startup, Silica offers the user the option to scan for available open Wi-Fi networks. Once a network is found, the device connects (much like a laptop at Starbucks) and asks the user if it should simply scan for vulnerable/open ports or launch actual exploits from CANVAS.

Whenever CANVAS is updated with new exploits — typically once a month — Silica automatically gets an update to ensure all the newest attack code is available for mobile pen testing. (Penetration testing is used to evaluate the security of a computer system or network by simulating an attack by malicious hackers. Pen testers typically assume the position of the attacker, carrying out active exploitation of known security flaws to search for weaknesses in the target system).

Immunity uses the Nokia 770 Internet Tablet in the first version of Silica but Aitel says it can be customized for a wide range of hardware devices. "We wanted to make it touch screen, so you can actually use a stylus, launch a scan in attack mode, then stick it in your pocket while you run your exploits," Aitel explained. "It's aimed at the non-technical user interested in doing drive-by pen-tests. You start it, run a scan, connect, run your exploit, get an HTML report of what was done."

During a brief demo, Aitel used a stylus to manually click through the options to show how frighteningly easy an exploit can be sent to a vulnerable computer connected to a Wi-Fi network.
Some examples of places Silica can be used:

* Tell Silica to scan every machine on every wireless network for file shares and download anything of interest to the device. Then just put it in your suit pocket and walk through your target's office space.

* Tell Silica to actively penetrate any machines it can target (with any of Immunity CANVAS's exploits) and have all successfully penetrated machines connect via HTTP/DNS to an external listening port.

* Mail Silica to a target's CEO, then let it turn on and hack anything it can as it sits on the desk.

* Have the device conduct MITM (man-in-the-middle) attacks against computers connected to a wireless network
Read All>>

While all wireless networks utilize the wireless security standard known as WPA2, the wireless networks with the most access points installed in business locations that show the greatest “exploit” vulnerability are those based on a Cisco or Symbol Technologies (Motorola) network schematic where some of the wireless access points may not be properly integrated into the network systems security scheme.

Other network schemes like the type employed by Aruba Wireless Networks mobile edge technology are less vulnerable because Aruba is the only company that offers both modular data center mobility controllers as well as fixed-configuration branch office solutions.

The mobile edge uses wireless networks, both for voice and data, wherever wireless can be used. Image Credit: Aruba Wireless Networks

As Aruba Wireless Networks states from their website about mobile edge technology:

The mobile edge uses wireless networks, both for voice and data, wherever wireless can be used. Inside enterprise facilities, high-performance and highly-reliable wireless LANs are deployed to provide dense coverage. In homes, hotel rooms, other companies, and wherever Internet-connected Ethernet ports are available, portable wireless access points provide secure connectivity back to the nearest enterprise facility. Finally, at public wireless hotspots, client software provides a secure link to the nearest mobile edge location.

The first step in any wireless deployment is to get control of the wireless that is already there. This may mean existing enterprise access points, wireless-enabled client devices, and especially rogue APs. Rogue APs - access points that are installed by the users but are not under the control of IT - are incredibly dangerous to an organization because they allow outsiders to bypass network security mechanisms and obtain direct access to an internal network.

A wireless intrusion detection system (WIDS) can be deployed to combat Rouge APs using a small number of sensors placed throughout a building. These sensors continuously scan the air and the wired network looking for rogue APs, unauthorized wireless devices, and mis-configured devices. When these threats are found, the WIDS automatically blocks them while notifying the network administrator.
Reference Here>>

And this from the Linux community via Ziff Davis CIO Insight -

Linux Hackers Tackle Wi-Fi Hassles
By Steven J. Vaughan-Nichols - February 8, 2007

When it comes to troublesome Linux peripherals, Wi-Fi takes the cake. Sparked by the Portland Project's efforts to bring standardization to the Linux desktop, the Linux wireless developer community tackled this problem at its second Linux Wireless Summit last month in London.

The Summit was scheduled as a followup to the January IEEE 802 standards committee meeting, which, among other issues, moved a step closer to making 802.11n a real IEEE standard. As a result of this timing, participants at the Linux Wi-Fi meeting included kernel developers and vendor representatives from Intel, Broadcom, Devicescape, MontaVista and Nokia.

Once there, according to Stephen Hemminger, Linux Wireless Summit co-coordinator and a Linux software developer at the Linux Foundation, the attendees had a very productive meeting.

Still, it's been slow going in some critical areas of Linux and Wi-Fi, according to John Linville, the Linux wireless software maintainer. In particular, Linville reported that development work is proceeding too slowly on a new 802.11 stack (d80211), and with a new Wi-Fi API (cfg80211), "development is even slower." Hemminger described the cfg80211 as "a good start but there are no user interface tools (the iproute2 equivalent of iwconfig)."
Read All>>

Thursday, February 08, 2007

Writing Checks Almost So … Last Century

Personal Wallet Checks - Many great designs to choose from, starting at only $5.96 for 240 checks. Save Time -- Order Online Now! Image and Caption Credit: WAL*MART Financial Services

Writing Checks Almost So … Last Century!

When was the last time anyone drags a checkbook around with them every time they leave the house and run errands?

OK, if one doesn’t have American Express, one still needs a checkbook for an outing at COSTCO, but this is a rare exception.

Even retailers are moving to scanning checks they receive into an electronic communications package thus converting checks to electronic payments.

Plastic, plastic, plastic – it is just to convenient! And if one isn’t using their cerdit/debit card to pay for things, they are using the web to get things done.

Excerpts from AP via The Washington Times -

Check writing loses ground to electronic payments
By Josh Funk - ASSOCIATED PRESS - February 8, 2007

OMAHA, Neb. -- Some consumers may still be writing checks, but merchants increasingly are scanning those checks and converting them into electronic payments.

That, accompanied by the increasing use of credit and debit cards, may be tolling the end of check writing.

The Federal Reserve estimates that 49.5 billion checks were paid in the United States in 1995, compared with 36.6 billion in 2003.

The widespread availability of debit cards and the growing popularity of plastic are the biggest factors in the decline of check writing. From 2000 to 2003, the number of debit-card transactions nearly doubled, from 8.3 billion to 15.6 billion, and the number of credit-card transactions jumped from 15.6 billion to 19 billion.

Julie O'Neill of Omaha said she thinks her credit card is more convenient than writing a check, and all her spending is compiled on one statement at the end of the month.

When it comes time to pay bills, she turns to her computer instead of her checkbook because she can pay her bills at the last minute.

"I procrastinate, so then I can go online and not have to go through snail mail" to pay bills, she said.

Together, credit- and debit-card use accounted for 43 percent of all noncash payments in 2003, compared with 33 percent in 2000.
The decline in check writing, combined with the increase in electronic check processing, prompted the Federal Reserve to dramatically reduce the size of its check-processing department, whose operations are covered by the processing fees it charges for handling checks and electronic transfers. Since 2003, the Fed has closed more than half of its 45 check-processing centers, and by the end of 2008, only 18 such centers will remain operational.

At some stores that process checks electronically, such as Wal-Mart Stores Inc. and clothing retailers Gap Inc. and Banana Republic, the clerk hands the check back to the consumer with his or her receipt after scanning it and claiming an electronic payment for the store.

Converting checks to electronic payments allows merchants to get paid quicker, and it may help reduce the number of insufficient-funds checks that businesses have to deal with. Processing checks electronically also is cheaper than processing paper checks.

In 2003, about 8.9 billion converted checks were reported, accounting for about 11 percent of all noncash payments.

Consumers may not realize that many of the checks they write to utilities, mortgage companies and other businesses also are being converted to electronic payments when those companies receive the checks, said Terri Bradford, a payments researcher with the Federal Reserve Bank of Kansas City.

Some business payments might be better suited to checks than electronic payments, Ms. Bradford said. Writing a check instead of authorizing a wire transfer or making some other electronic payment may help a business better manage its cash flow because there is still some delay between when the check is written and when it is received.
Ms. Bradford said there's no way to predict how quickly check writing will continue to be replaced by electronic payments.

Still, checks continue to be used because older consumers are comfortable with what they have used for years. And Ms. Bradford said there are still some transactions for which checks are better suited, such as paying the neighbor youth who mowed the lawn or making a contribution to the church, to have a record of charitable donations at tax time.
Ms. Bradford said checks might remain popular for transactions in which the payment must be guaranteed, such as at real estate closings, especially when people and small businesses are involved.

And she doesn't expect checks to entirely vanish.

"There's a certain segment of the population that's going to write checks," she said. "You probably get stuck behind them in the check-out aisle."

Read All>> (free subscription)