Monthly Archives: August 2010

Telco security messaging fail?

Earlier on, I tweeted about this but I had to take down the twitpic because I realized that it had my phone number on it (^_^). I received this message a while back and I couldn’t help but think: WTF. O_O

image

The real WTF was finding out that this is 99% likely a legitimate message although there is nothing AT ALL in these two messages that these are legitimate Singtel services.

image

With all the phishing attacks that’s been happening for years, the IT Savvy-er of the netizens are doing their best to tell their friends and family not do download stuff from unknown sources and always check the domains of the sites you are accessing, etc. With the advent of 3G/mobile internet connectivity, people doing mobile banking, and so on, malicious attacks have been spreading to the mobile platform as well, as we’ve seen happening with the iPhone’s PDF vulnerability. We all have a part to play in helping each other keep our guards up against these issues, the Telco’s more so.

By doing something like this, they are basically saying “Yeah, we sometimes send you recommendations of services from a number that anyone can own” or “Yes, sometimes we offer free apps for download from website addresses with gibberish numbers and not even bother with a domain name” or “Yep, as long as there’s singtel in the web address that’s us!”. It’s very ironic how this is for a security & privacy application. No offense to WaveSecure, I know for a fact they’re a great product, McAfee does too. This was all good intention but sadly, poor execution.

How ugly can this get? If I were a malicious person who’s intelligent enough hack together an mobile app I could upload it to a domain like http://singtel.aimeegurl.com and send text messages to all the phone numbers I find, and say it’s an update to the software they’ve downloaded previously. The app can practically ask the user anything it wants since to the user, it’s their Telco’s app so of course they could trust them with their private information if they asked for it (Phishing++?) or if I were even more intelligent, I’d hack up an app that just straight away does nasty stuff without the users knowledge. Needless to say, possibilities are endless.

What’s done is done though. I’m sure investments were made on this project. Let’s hope no one exploits this. Meanwhile, the message still stands, NEVER download stuff from site domains that you don’t know for sure are legitimate, and just like in real life, there HAS to be proof of identity before complying to a request from someone who claims to be someone.

Review of Using Desktop Connect

I’ve been using Desktop Connect for a bit and wanted to share my experiences.

First I did a speed test with my iPad. I called Singtel up yesterday and asked to have my 1Mbps data plan switched to the iPad data plan that’s supposedly 7.2Mbps. Maybe it hasn’t taken effect yet.

IMG_0014

This is the screen shot of my usage prior to the remote session. I have turned off WiFi by the way.

IMG_0013

So when you launch Desktop Connect (or Easy Connect I’m not really sure what the name is cause it’s listed Desktop Connect in the app store) I can see the machines that I have associated with my account. You’ll need to be running an application on your host machine and sign in with the same Google ID there too.

IMG_0015

You’ll see here I’m logged in at 19:49.

IMG_0016

For about 7 minutes I clicked on links, scrolled around, queued up a download.

IMG_0017

After I disconnected, this is the screen shot of my data usage.

IMG_0018

So for the quick browsing and initializing of download, it was about 6MB down for 7 minutes. Of course, your usage will probably depend on what you do during the session. Perhaps if you brows images, or even videos, or flash animations, you’d have higher consumption than when you’re only browsing through text.

One thing I’ve discovered is that it doesn’t work well when your host has an external monitor. I was trying to access my home machine from my iPad earlier and I had left it on with the external monitor attached. I couldn’t I could see what was going on on the screen but everytime I try to click or scroll, nothing happened. I discovered when I got home that although my PC brought all windows to the primary monitor, the mouse pointer was still on the other screen Confused smile. So, remember to disconnect external monitors before you go out in order to let it function properly.

Another thing, if you’re using Win7 on your host machine, right clicking (there’s a button to toggle click mode to right or left click) to get the jumplist works on the host machine (since you can see the screen simultaneously on the host and ipad) but it doesn’t seem to render on the iPad. Strange.

Some folks have asked whether the multitouch functionality for Win7 works. Answer is no, the app actually maps out the mt gestures of the ipad for things like showing the toolbars, alt+tabbing. two-finger scroll works though not very well. No matter how small I make the movement, the window always seems to scroll all the way to the end.

All in all, I think it’s good enough to at least send some files from home that I’ve forgotten or set up a folder to sync with Windows Live Sync so I can access more files from anywhere, etc.

No decent blogging application for the ipad

What started out as a rant about how Office Web apps doesn’t seem to work well with the ipad has become a rant about how the ipad, just like the mac, doesn’t have a decent blogging application.

Fine, the ipad seems to be marketed more as a content consuming and non-content creating device but my question is why? it’s a great form factor for writing on the go, its just a shame how the device seems to lack in terms of hardwawre (camera) and software (blogging app (& dvorak keyboard while I’m at it)) to enable such.

Okay so now to the supposedly main rant..

I thought it would be great to be able to access the office web apps through my iPad, getting word, excel and office for free but to my dismay, I’ve experienced some hiccups..

So first try heading down to http://office.live.com and signing in with your windows live id. Once your signed in, click on the “PC Site” at the bottom of the screen.

.photo

You can now proceed to either opening or creating a new document

photo

 

So my experience with creating a new document was getting stuck at 95%. When I tried opening an old document, it just tanks my safari. Sad smile not sure if its my account or my ipad but its what im seeing   hope it gets fixed eventually. I just think it would be very cool.

photo

 

//painfully blogged on my ipad using a remote desktop connection to win7 with live writer, the best blogging software evah, and I say painfully because the first half of the blog post I was actually trying to touch type on this device.. eventually I succumbed to semi-hunt-and-peck Confused smile also, I had to send those screenshots one by one over email so I could access them on the remoted win7 machine.