Monday, June 14, 2010

Stupid Android market bug STILL affects 2.1 OS

I can't believe this hasn't been fixed yet.  I was not about to reset back to factory defaults and I had been meaning to root my phone anyhow so went this route.  It was difficult to find a solution that did NOT require resetting to factory defaults.  Enjoy.

Issue 3477 - android - HTC Hero - can't sign Gmail account if user skips signing when initially using the phone. - Project Hosting on Google Code
referring to my comment 37 above, and 16 ...
(1) First you need to root the phone. I had to Google how to do this, I found the solution (for 2.0, not 2.01) on some German site (yes, careless, I know).
(2) Then, you need a a terminal app (such as "Better Terminal Emulator"). With the terminal app you can navigate in the file system of the phone. However, you need root access (above) to be able to see the folder "/data/data/[and so on]". Without root access you cannot navigate to this folder. Then you need some Unix-fu to navigate to the correct folder, and remove the correct files. Look up the commands "ls", "cd", "rm", and "rmdir" (my Unix-fu was just sufficient, thank fate). Maybe a file manager app would to for step 2, I don't know. The process is likely slightly different for each phone (mine's a Milestone).


Wednesday, June 9, 2010

AT&T Leaks email addresses of 114,000 iPad users

I think it is disingenuous of this article to have "Apple" in the title.  It was an AT&T server with a stupid application that used AJAX calls to obtain email addresses by ICC ID.  And since the ICC IDs are apparently sequential, the group was able to iterate through thousands of them to obtain the information.

Then AT&T decides to claim as well that the researchers who discovered the flaw did not contact them.  It sounds like AT&T is lying.

Apple's Worst Security Breach: 114,000 iPad Owners Exposed


Sunday, June 6, 2010

SurveyMonkey has crummy logon security

FYI, SurveyMonkey is a great site, but they have really crappy security. They actually store your password in the clear, or in reversibly-encrypted format. If you request your forgotten login and/or password, they actually helpfully email you both your login _and_ your cleartext password. What year is it again? That is the kind of kindergarten mistake that there is no excuse for making. How to securely handle logons to systems and applications is fairly standardized and there are lots of simple options for supporting secure one-way hashes that are immune to a variety of attacks. No excuse for security this bad...

Fortunately, they allow you now to sign in with your Google login so that might be a better option -- get them out of the authentication business that it appears they have no business being in.

Friday, June 4, 2010

Alcohol, Caffeine and Pregnancy

Sorting through the myriad information and misinformation on these topics is difficult.  And remembering what the actual conclusion is can be even more difficult "Was coffee safe or not?"

So, I figured that I would blog about two very recent posts that summarize the data about these topics.

Summary:

Caffeine bad ("Pregnant women should avoid caffeine because of potential effects on
fetal growth and spontaneous abortion."), Alcohol seems okay in moderation (i.e. no known conclusive data exists that shows a problem with low intake during pregnancy)

Science-Based Medicine » Alcohol and Pregnancy

"The scientific evidence has not identified a threshold below which
alcohol consumption during pregnancy is definitely safe, but neither has
it shown any convincing evidence of harm at low levels of intake, and
it has not ruled out the possibility that low levels might provide a
small benefit."
NeuroLogica Blog » Caffeine


Wednesday, June 2, 2010

Proof that iframes are not risk-free

This one loaded drive-by-malware, a popular tactic.

Malicious iFrame on US Treasury and other sites?

http://community.websense.com/blogs/securitylabs/archive/2010/05/04/treasury-websites-compromised.aspx


AAP: Against Female Genital Mutilation after they were for it

Ridiculous but glad they changed their policy.

A retraction from the American Academy of Pediatrics : Pharyngula
"We retracted the policy because it is important that the world health community understands the AAP is totally opposed to all forms of female genital cutting, both here in the U.S. and anywhere else in the world," said AAP President Judith S. Palfrey.


Every Baby Knows Science

Then, if you're a baby in Texas, Arkansas, Kansas, or related states you get reprogrammed to fear and doubt science and believe horsepucky. Glad me and my baby live in Seattle.


I may have to order this print. Lots of other goodies for geeky parents like me there too.