Follow these simple steps to use your iPhone as a broadband modem when you laptop is not within range of a wireless network. Warning, this is a bit technical :-)

First of all you have to Jailbreak your iPhone and install OpenSSH via Cydia. I won't go through how to do that. You can go to http://www.quickpwn.com to download QuickPWN and jailbreak your iPhone. Once the phone is jailbroken, use Cydia to install OpenSSH.

The next think you will need to do is to create an ad-hoc wireless connection between your PC and iPhone. Once the ad-hoc connection is established, write down the IP address if your iPhone.

Using your favorite ssh client, execute the following command from your PC

ssh -ND 5555 root@IPHONE_IP_ADDRESS

You can use Putty to accomplish the same by clicking on SSH->Tunnels and then type 5555 in the Source Port box and clicking the Dynamic button. This will create an encrypted SOCKS Proxy tunnel between your PC and your iPhone. The last thing you need to do is to change your browser proxy settings on your PC to point to 127.0.0.1:5555

A few words of advise:

1. The AT&T data plan specifies “... Furthermore, plans(unless specifically designated for tethering usage) cannot be used for any applications that tether the device (through use of, including without limitation, connection kits, other phone/PDA-to computer accessories, Bluetooth® or any other wireless technology) to Personal Computers (including without limitation, laptops), or other equipment for any purpose. Accordingly, AT&T reserves the right to (i) deny, disconnect, modify and/or terminate Service, without notice, to anyone it believes is using the Service in any manner prohibited or whose usage adversely impacts its wireless network ...”

2. Some browser such as Firefox, do not send DNS requests over SOCKS even if the browser proxy settings are set to use a SOCKS Proxy. In Firefox, you can fix this by going to about:config and changing network.proxy.socks_remote_dns to true

Happy surfing! Some report getting 2500Kbps down and 250Kbps up on the 3G network!

Posted by |-Fidem-|

While looking back at my blog about Your ISP's EULA, I was drawn by a statement from my ISP which says that it is prohibited to use devices that perform: “IP address translation or similar facilities intended to provide additional access.” The statement is intended to discourage the use of home routers such as wireless or wired routers.

What's interesting is that the same ISP has a whole page in its high speed Internet website for home users, where it explains what to buy and how to install a home wireless network for the purpose of sharing the Internet connection amongst multiple home computers.  Not only, they will gladly come to your home and install a home network for you as part of their professional services.

On the same page, there is a section about the future of home networking which reads: “When abroad, you will be able to access your network using your cell phone, palm pilot, or computer.”

Again, this is in contrast with the End User License Agreement (EULA), which reads “You may not operate, or allow others to operate, servers of any type or any other device, equipment, and/or software providing server-like functionality”

I understand that EULA's are written in a language that may be broad enough to cover the unexpected, but I think that it is not right to mislead the end users by stating that something is prohibited and then giving them detailed instructions on how to go against those very rules.

Posted by |-Fidem-|

A new browser feature allows users to browse the Internet without leaving a trace on their personal or company computer.  This feature, which was quickly dubbed Porn Mode, is called Private Browsing in Safari, InPrivate Browsing in Internet Explorer 8, and Incognito Mode in the new Google Chrome Browser.  Stealth mode did not make it in Firefox 3.0 but is available in the Alpha version of Firefox 3.1 or as a browser add-on in 3.0.

Users are mislead to believe that this ‘off the record’ feature leaves no tracks, when instead you are still leaving tracks all over the Internet.  First of all, your ISP or company could be recording your every move just by ‘looking’ at what’s going through the network cable that connects your PC to them.  Secondly, the remote host’s website is probably recording your IP as part of the normal operation of their web server.

Although you may be able to cover your tracks on the very PC you are browsing from, you can’t cover your tracks from your ISP/company unless you are also using encrypted anonymous proxies.

What makes me giggle is how this feature was dubbed.  I wonder what the original guy who came up with this alternate name was thinking when he (or she?) saw the new option on his/her browser ☺

There are a lot of free services which allow a user to backup or store their files remotely; the best one I have seen so far is DropBox. DropBox is available for Windows, Mac and Linux, it integrates seamlessly with the file explorer, and it is fast and easy to use. Although their storage size is 'only' 2Gb, compared to some other services which start at 5Gb with a free account, this is enough to back up 1,000 songs, or 10,000 large word documents. You get the idea. In addition, they only upload the changes or delta instead of the full document, therefore speeding up the upload process and saving bandwidth. They even have a versioning system, so that you can check out different versions of a document you have backed up with their service.

Since I do not like to entrust my files to someone else, I used TrueCrypt to create and map an encrypted container within the DropBox share. I put my personal files in the encrypted container and my less important ones outside of the container. This works great, and now my files are available and synchronized across all my personal computers!

DropBox allows you to create public folders where the documents are available via public web link. In addition, DropBox allows users to share computer folders and documents amongst other users. This is a great collaboration tool which allows one to edit someone else's documents directly on their PC, mmhhh!

The problem I see with this and similar services, is one of corporate data leakage. Improperly used, such services could lead to confidential corporate documents being exposed. What if someone accidentally drops a confidential document in the shared folder, instead of the personal folder, making the document available to the web?

In addition, since the DropBox program is resident, always running on the user's PC, a new virus could take advantage of the public folder feature and drop the content of My Document to the public share. Ouch! How long before we see such a virus?

Posted by |-Fidem-|

For some reason, I found myself reading my Internet Service Provider’s End-User License Agreement.  Don’t ask me why I entertain myself with such an exciting bedtime reading; I will just read pretty much anything I stumble across.

Under Prohibited activities, my ISP’s EULA reads: “Resell or redistribute the Service to any third party via any means including but not limited to wireless technology.”

Besides the obvious security risks associated with running open wireless, you should also be aware that running open wireless is a violation of the EULA when someone connects to you access point.  That means you are breaking the EULA and the other guy is stealing service.

Many High Speed Internet Users have a wireless home router.  Let’s say the router is secure and encrypted and you also have more than one computer at home.  Apparently, you are still breaking the EULA: “IP address translation or similar facilities intended to provide additional access.”

In addition, if you are a geek and leave your home PC on at all times so that you can access it from work, or you use a P2P file sharing software, you are violating: “You may not operate, or allow others to operate, servers of any type or any other device, equipment, and/or software providing server-like functionality”

So what’s a power user to do nowadays?  Should you get a business account when you are not running a business, if some software on your PC is running in server-like mode?  Don’t some ISP give you a home router or wireless router with the service and isn’t a router main purpose to connect multiple PC’s?

Working with and supporting the IT needs of a large and diverse end user base it always a challenge. Last week, a colleague of mine and I decided to make things easier for both our end users and the help desk.

Since our users are prone to forgetting their passwords and our budget is pretty much NULL, we decided to take matters into our own end by writing a web based, self service password reset program. Such program will allow our users to reset their password on their own.

Believe it or not, one week later, the program is functional. It's is definitely not a beauty, but hey, we are techies, not artists. After polishing the code, which by the way was pretty much put together by my colleague, and adding some extra functionality (we love to always add more stuff) we will be ready for the artistic part. For us, that means listening to a bunch of colleagues trying to dissect every word on the web pages, finding 'baby lingo', and adding colors and images.

The finished product's source code will be made available to the world and for anyone to improve upon and use for non commercial purposes.

Posted by |-Fidem-|

Have our end users given up on reading? Is it too difficult, time consuming or challenging to read an error message, a disclaimer, or the FULL content of an email? The more I look at end user training and today's users habits and short attention span, the more I am lead to belive that the only solution to sucesfull training is a combination of highly interactive, high impact, audio/video clips.

As an IT security professional, I find it hard to belive that a user would reply to a legitimate looking but fake email which appears to come from the IT department, asking for a user's login and password. I wonder how far that user would go; would they send their SSN if asked? Would they send their Check Card Pin number or a scanned copy of their driver's license in reply to a fake email?

Some of them will, and since it is harder to intercept and stop the scammers than to tackle and train our end users, a good awareness program is what the users need, complementing central IT efforts to stop the bad guys with user education.

This is my favourite Security Awareness Video. It won the Bronze Prize in the Educause security awareness video contest.

Posted by |-Fidem-|

Here is how dedicated and relentless IT professionals are.  Last night, while I was watching AMW, just to keep the criminalsearches.com theme alive, I received an email from a colleague.

The subject like read SpyPig and it was Sent: Sat 8/2/2008 22:21, note day of week/time :-)  Being the carious type that I am, I had to open the message.

Within the message was a link to http://www.spypig.com, a free email tracking system that allows the sender of an email to verify if the recipient has read the message, regardless of the email reader they are using.  The only drawback is that the recipient's email reader must use HTML to link back to an embedded image used for tracking.  BTW, this is an old technique used by spammers and advertisers.

What's with IT and pigs?  A software that I use a lot is called Sort and by the way, it is a great Intrusion Detection System (IDS) used worldwide by small and large companies.

At this point I became curious and I plugged the term Pig in my favorite search engine.

1. http://incubator.apache.org/pig is a platform for analizing large data sets
2. http://research.yahoo.com/node/90 same as above
3. http://www.datapigtechnologies.com

The list goes on.  BTW, I just finished eating some turkey bacon that I made for breakfast, go figure!

Posted by |-Fidem-|

Yes, this is the tech space :-) I was doing some 'research' at a website that a colleague of mine showed me not too long ago, when the phrase “Do you know who you're dating?” popped up together with the mugshot of an inmate. I though it was quite interesting that a site dedicated to searching criminal record would advertise itself in such a manner. Nevertheless, I believe that you should be able to know if your friends and close ones are up to no good.

As the notion of privacy is weakened by the ever growing search engines and their thirst for information, data about everything is collected and correlated at warp speed. While we quench our thirst for information on the Web, our digital privacy is being violated by the same hand that gave us the glass.

Back to the technical info. You are probably curious about the site in question.

http://www.criminalsearches.com is a free site (for now) that allows you to search public criminal records across the nation without having to go to each individual courthouse website to accomplish the same. The website allows you to do a criminal history check, search your neighborhood and display known criminals on a Google map, search the public sex offender database and get other criminal stats.

I bet I know what you are going to do right after you are done reading this Blog!

Posted by |-Fidem-|

Today I received an email from IngDirect with a lot of tips for saving money.  I though I would share some of the more interesting tips with you.  With gas prices as high as they are today, I was expecting the usual tip on saving gas and sharing rides.  Instead, I found this useful website http://www.gasbuddy.com

Want to make free calls? http://www.voipbuster.com is a VoIP service offering free calls to many destinations.  I haven't tried this one but I have been using skype for a long time and find its voice quality incredible for both skype-to-skype calls and skype-to-landline.

If you are into coupons, this one is for you.  Save on your shopping with http://www.couponmom.combefore you go to the store. I tried to register on the website just to check it out and I found that it takes forever to register an account as the site keeps on asking and adding questions.

Posted by |-Fidem-|