Creepy GMail “Feature”

Posted in Random, security with tags , , , , , on April 8, 2010 by hellnbak

I stumbled upon this creepy GMail “feature” the other day.  Basically, it appears that there is some logic that notices when you type the phrase “see the attached” and then checks for a file attachment alerting you if you fail to attach a file.

With all the privacy concerns around GMail I found this to be very creepy.


Nexus-1 Honeymoon is Over

Posted in Random with tags , , , , , , , , on April 8, 2010 by hellnbak

As many of my friends know.  I am very hard on my electronics.  My laptops, my MP3 players, my cell phones and even the TV remote all get abused in various ways.

So, in typical dumbass fashion, over the weekend I dropped my Nexus-1 phone and sadly, even though it wasn’t a far fall – a couple of feet at most – the screen shattered.  😦

(I am travelling right now for work and I forgot my camera cable so I will have to post pics later) 

After I was done swearing and calling myself an idiot I called HTC.  The service from HTC was awesome, they told me up front a range in price to replace the screen (between 150$-250$) and via email sent me out a pre-paid shipping label to send the phone back.  In fact,. just by having my phone serial number they were able to bring up all my account information including email address and T-Mobile billing address.

Because I am travelling, I did not want to be without a cell phone so I immediately pinged all my geek friends that were local to me and as expected one of them came through with an unlocked Samsung Blackjack.  While this isn’t the most cutting edge phone in the world, it would work just fine.  Before I was able to pick up the phone, I called T-Mobile just to give them a heads up on the impending device change and wanted to make sure that I didn’t need to modify my plan in any way to avoid extra charges.  This is where things got really sketchy.

The first person I talked to at T-Mobile told me it would be no problem at all.  She said she would put a note on my account and when I was ready to put my SIM Card in the loaner phone simply call them back and let them know.  She also told me that there would be no charges as she would just adjust my plan temporarily so that I can still use both data and voice.

The next day I picked up the loaner phone (thanks again Mike you are a life saver!) and popped in my SIM Card.  After entering the unlock code for the phone, it connected to the T-Mobile network with no issues.  I made a quick voice call to test voice and then fired up the web browser.  I was met with an error that I didn’t have a data plan.  So I thought I would call T-Mobile back again and make sure that all was still well with me changing the phone.

The rep I got this time informed me that he would not be able to change my plan.  Apparently, there is an automated system (I am paraphrasing what I was told) in place that would notify Google that I have changed my plan triggering Google to charge my on file credit card the various fees for changing my contract and “deactivating” my Nexus-1.  I explained again that I was not trying to deactivate my Nexus-1 but was simply getting it repaired and needed to use this phone while I waited for mine to return.  The rep apologized but said that there is nothing he can do and that I can use the other phone but for voice only.  Changes to my data plan trigger the extra charges from Google and according to the rep — T-Mobile has no control over this.


So not only has Google kept my credit card on file, but they also shared my contact and billing details with HTC and T-Mobile.  I don’t necessarily have a problem with this, it does make life easier when dealing with each company but during the design phase of this data sharing system how did they fail to consider the broken phone scenario?

Not willing to believe that the three companies who brought probably the best phone I have ever owned to market can actually be this dumb I called T-Mobile for a third time today.  This time the rep said no problem and that he would make chances to my account.  I interrupted him and specifically brought up what I was told the previous day.  This seemed to confuse the support rep and he said that he wasn’t sure if that would happen or not.  I asked him to verify.  This seemed to be an annoyance to him and he offered to call me back once he knew.  That was about 11 hours ago.  Something tells me I won’t receive a call back.

I suppose I can live with the broken screen until the new Windows Mobile 7 devices are released and then add my Nexus-1 to the chopping block like I did my iPhone and Blackberry.  It’s really too bad that such a nice piece of hardware backed up by what seems to be a great company (HTC) and runs a flexible Operating System (Android) gets tarnished by outright stupidity by both Google and T-Mobile.

Clueless FUD Article…

Posted in security with tags , , , , , , , on April 2, 2010 by hellnbak

I haven’t blogged anything of good use lately so I thought I would start up again by calling out this completely useless and incorrect opinion piece.  On the Dark Reading blog an article appeared entitled; “Share — Or Keep Getting Pwned”

Sigh.  Clearly zero research was done in to this posting as there really is a lot of information sharing going on in the industry.  While I will admit that the industry as a whole needs to be better organized the assumption that no one shares inside the industry is a wrong one and very misleading to the sheep who actually believe what they read.

Take the second paragraph for example;

“Take the attacks on Google, Adobe, Intel, and others out of China (aka “Operation Aurora”). McAfee and other security firms investigating victims’ systems each had is own fiefdom of intelligence, occasionally publicly sharing bits of information, like the Internet Explorer zero-day bug used in many of the initial attacks. But did anyone have the whole picture of the attacks?”


Actually, yes.  Yes multiple people at multiple different organizations did in fact have the whole picture.  I personally was witness to a lot of inter-vendor information sharing that was extremely helpful for those affected by this issue.  I obviously am not going to comment on who exactly shared what information or what was shared.  But a lot of information that was never made public was in fact shared amongst many parties.  Even more “shocking” this was done without the use of silly non-disclosure agreements (NDA) and done based on reputation and personal trust relationships.  Meaning that there was zero corporate bullshit in the way of moving forward.

Using a second example, that I can talk more publically about without getting myself in trouble, we all remember the Marsh Ray TLS MITM bug from earlier this year.  Marsh Ray and Steve Dispensa both went above and beyond what was expected with sharing information with anyone.  They even attempted to leverage the muscle at ICASI ( to pull all the major vendors together and share.  Taking things a step further, Marsh personally offered to sit down and work directly with any vendor having issues with the bug.  Sure, the vulnerability release did not go as planned, these things rarely do happen that way, but it was handled in a very open and progressive manner.

These are only two of multiple examples.  There are even private mailing lists where COMPETITORS on the product side of the house routinely share information on various threats ranging from malware to new exploitation techniques.  So again, the whole process could use some improvement (maybe I just found a use for VulnWatch) but the insinuation that sharing doesn’t happen because of jealousy or competitive reasons is way off base.  Most want to do the right thing even if it means working directly with a competitor.

Tattoo Complete

Posted in Personal Shit with tags , , , on April 2, 2010 by hellnbak

Just a quick personal note.  I got my latest tattoo all colored in and finished.

I already have ideas for more.  I may end up doing an entire sleeve on my right arm.  We will see.  😉

New Tattoo

Posted in Personal Shit, Random with tags on March 14, 2010 by hellnbak

Yes, I had to go and get myself a new tattoo. 😉 Best addiction ever!

So that is the starting outline.  At the end of the month it will look closer to this with all the colors.

Finally a use for my iPhone and Blackberry

Posted in Random with tags , , , , , , on February 2, 2010 by hellnbak

“Recycling” my iPhone and Blackberry now that I have a real smartphone – Google Nexus-1.

Quick Note – Twitter

Posted in Uncategorized with tags , , on January 3, 2010 by hellnbak

No the person using is not me. I deleted my twitter account and someone else has jumped on the name.