RSS Subscription

Please Donate
By Time
By Categories
Ads

Social Media Links
Web Hosting
Powered by Squarespace

The Security Undertow Blog

This the home of the Security Undertow Blog.

 

Add to Technorati Favorites

Friday, July 30, 2010
7:46AM

Optus iPhone 4 - News - The Perth Midnight Launch was a Blast!

Date7:46

Optus's iPhone 4 Midnight Launch in Perth

Thanks Optus!

This is an interim Post to thank Optus and all the other people, who put a truly great party last night (and early this morning) that was the Optus iPhone 4 Launch in Perth.

I got there at 18:00 hours (Thursday 29 July 2010) and was the 12th in the queue. The first person at the head of the queue had got in line at 14:00 hours. The sky was clear, the ground was hard and it was starting to get cold. Slowly the party began to roll.

The crowd was well behave, some of the curious by-standers checked out the line from time to time, baffled some of them wandered over to ask what we where all doing. Slowly the queue got longer and by 19:00 hours I estimated we had around 100 people.

With music, entertainment, food, coffee, magic tricks and free handouts, Optus and the crew of staff and entertainers, did the very best to keep everyone from getting cold, stiff, bored or hungry and by 20:00 hours the party was in full swing.

During the seven hours I was present there was very little trouble - I saw the police had to deal with a confused and possibly enebriated onlooker but other than that, everyone remained calm, civilised and well behaved.

By the time the doors opened at 00:00 hours the queue had grown to an estimated 400 people. I was the third batch of people allowed into the store to get an iPhone. Optusstaff had simplified the process by providing us with new SIM's and then pre activating them, after taking as many of our details as they could during the time before the Store opened at midnight.

Once I was inside the Store I would guess that it took around 30minuts to complete the purchase of my new iPhone. It was going to those hardworking Optus sales people very long time to process everyone in that queue. I hope no one missed out but I am glad I wasn't any further down the line.

I will post some more details later, about the phone and some other interesting details I discovered during the long wait. But as I am still very tired, I will close by again saying, thank you Optus for a fun night and especially for letting me be one of the first in Perth, Western Australia to get my hands on a brand new iPhone 4. And a big "well done" to everyone who worked so hard to make the night a huge successes, it was worth the wait!"

 

Safe Surfing!

| | | Print ArticlePrint Article
Categories: , , ,
CommentPost a Comment
Thursday, July 29, 2010
7:47AM

Optus iPhone 4 - News - HOT - Free Bumpers with Every Optus iPhone 4!

Date7:47

Optus Confirms Free Bumpers on Facebook

Wow! Hot News! Free Bumpers!

In reply to my earlier rumor post, speculating on Apple including the Bumper Case as a standard accessory (see my post here: https://turbulance.squarespace.com/blog/2010/7/27/iphone-4-rumor-will-the-iphone-4-be-released-in-australia-wi.html), I have had Optus confirm the next best thing: They will be giving away a free Bumper case with every iPhone 4 sold.

Here is a direct Quote from from the Optus Fan-page on Facebook:

"Just to confirm, Optus will be giving a free bumper to our iPhone 4 customers - available from the day of launch. Cheers - ScottD"

I am not sure if this is a "while stocks last" offer or if Apple has supplied a Bumper with every new iPhone out of the box to meet their commitment of free cases that Steve Jobs announced at the July 16 Press Conference. We'll have to wait and see if other Australian carriers make the same offer.

I am also not sure if we get a choice of colour (expect black).

Anyway, well done Optus!


Safe Surfing!

| | | Print ArticlePrint Article
Categories: , ,
CommentPost a Comment
Tuesday, July 27, 2010
3:02PM

iPhone 4 - Rumor - Will the iPhone 4 be Released in Australia with a Free Bumper Case in the Box?

Date15:02

Apple Logo (R) Apple Inc.This is pure speculation on my behalf, made up of: part wishful thinking, part guess work and part interpretation based of comments I overheard in a local mobile shop.

I wonder if the main reason that the Apple can't make enough Bumper cases for its US refund program, is that the all the new cases are being included in the box as standard iPhone 4 accessories?

If I am correct, then I expect these will be the black Bumper Cases and that purchasers of these newer iPhones will also not be eligible for any free iPhone 4 cases or Bumper case refunds.

Personally I doubt that that I am correct and expect that Apple's existing policy for free cases will still apply come July 30. Only time will tell...

What do you think? Will Apple release iPhones in Australia (and the other 16 countries) this Friday, with a case in the box? Leave me a comment to let me know what you thoughts on this are.

 

Safe Surfing?

| | | Print ArticlePrint Article
Categories: ,
CommentPost a Comment
Monday, July 26, 2010
4:54PM

Optus Security Issues - Opinion - Stop Teaching your Customers to Fall for Phishing Scams!

Date16:54

Optus Ad

In recent days I have received two emails for my Australian Telco, Optus, that are offering information and services related to their upcoming release of the Apple iPhone 4.

Now I am not complaining that Optus is contacting me. The services they are offering are things I want to hear about and sign up to. What I am complaining about is the way they have chosen to go about contacting their customers.

Here are some specifics related to these emails:

  • Both emails where from iPhone4@optus.com (where is the .AU)
  • Both emails contained links to URL's that where not specific to Optus's main website
  • When each link was followed, they lead to a page where a SSL certificate warning was displayed
  • When the user had finally got through the warning and to the registration page, they where asked to enter personal details such as Name, Surname and Phone Number

The first email was for the Optus's 2-in1 SIM Card Upgard Offer (now expired). It's embedded link was for http://app.en25.com/e/er.apsx? (followed by a long string of parameter data). If this link was followed, a browser window opened and then redirected to http://optus2-in-1order.com.

Before opening this new page, the browser displayed the following SSL Certificate warning (as seen in Chrome):

Optus 2-in1 Upgrade Site Certificate Warning

This is the type of warning a user would see when a site is using an invalid or forged SSL certificate. The reason this warning was being displayed is because the certificate was issued for use with *.securesite.net not optus2in1offer.com:

This is Not the SSL Certificate you are Looking For!

If the user proceeds though this warning, they will see a page requesting they enter some personal details to be able to register for the offer. Does any of this ring alarm bells for you?

The second email was much the same, except that the embedded link in the email was now explicitly pointing to https://optusiphone4.com/content/launch (followed by some long parameter data), instead of the more obscure http://app.en25.com as was used in the first email (still the link is not related to Optus's main site http://optus.com.au, which would have been a more secure address for both these emails).

If the link was followed, the browser then showed a certificate error again (though this error now relates to missing owner information, rather than what appeared to be a forged SSL certificate for a different URL, as was displayed with the first email). This is the warnign (as shown in Chrome):

Optus http://optusiphone4.com Site Certificate Warning

The reason for this warning is less obvious - and may have now been resolved as I get the following when I click on the on the the Orange Triangle with Exclamation Mark in Chrome's Address Bar:

Now you See It now you Don't (Is the Cert Fixed Now?)

By now you might be asking: "What's the big deal? If it's all owned by Optus and ends up being safe, why all this fuss?"

Well, other than confusing and scaring the average customer, and otherwise looking very unprofessional, here are my concerns:

  • This approach conditions Optus customers to become easy marks for phishing scams, by conditioning them that emails from Optus will contain links to 'foreign' URL's outside of Optus's official web site
  • That it is usual for Optus's external websites to contain incorrect SSL certificates that the customer has to allow (ignore) to get to the main offer page
  • That Optus's approach in these emails makes the phishing scammer's job much easier, as all they have to do is copy one or more of these emails, change the embedded links to point to a site of their own, and send them out to potential Optus customers
  • That the scammer can also use any SSL certificate the like (even ones they have create themselves) so they can use Secure HTTP (HTTPS) to make their fake site look more 'official'

Once a scammer has got an Optus customer to their own site, they could then 'phish' the customer for any details they might be interested in and expect that a reasonable percentage of Optus's customers would fall for the scam.

I hope Optus has leaned from their mistakes in this campaign (that this is not the way to go about making these types of offers to customers). But given that marketing is more interested in selling, than in customer security, I expect that it would be a good thing if each of you reading this post, was to consider contacting Optus personally. If you did this, it would help to reinforce to Optus that these practices are not acceptable to their customers and that they must reconsider how they will undertake future campaigns like these, both for their customers' security and for their own professional standing in the tech community.

Optus can be contacted via this link on their website: Contact Optus.

I hope that other companies, considering such marketing campaigns, take note of these mistakes and put their customers' security above the of priority of making sales.

 

Safe Surfing!

| | | Print ArticlePrint Article
Categories: ,
CommentPost a Comment
4:35PM

Optus iPhone 4 - Update - Proper Link to Register for Midnight Launch

Date16:35

Optus AdDear Reader, the following link is the correct one to use to register for the Midnight Launch: https://optusiphone4.com/content/launch - there are a couple of issues with the site that you need to know otherwise you not get to the registration page:

  • The Site is unable to handle the traffic so you need to keep hitting refresh (F5) until you get to the page loads (and yes this will increase the load on the server but there appears to be no other way at this time to register)
  • The Certificate that Optus is using is invalid and will throw warnings at you (if you are comfortable with clicking through there should be no problems. I have confirmed with Optus that the site is correct but I am very reluctant to tell anyone to click through a Certificate warning (if you are in doubt contact Optus first and confirm the address for yourself

This is what you will see in Chrome if you get through to the actual registration page:

Optus Certificate FAIL!

Safe Surfing!

| | | Print ArticlePrint Article
Categories: , ,
CommentPost a Comment
10:38AM

Optus iPhone 4 - News - Signup to be One of the First to Own an Aussie iPhone

Date10:38

Optus Add

Australian Telco, Optus, is currently taking registrations form people who want to come to an Optus store at 00:00 hours this Friday morning, 30 July 2010, to take ownership of a brand new iPhone 4.

Now the actual date as specified in the email was a little confusing: "Selected stores will be opening from MIDNIGHT on 29 July 2010 (we do mean 11:59pm plus 1 minute on Thursday)" - as this could have been referring to either; 00:00 hours Thursday the 29 July; or 00:00 hours Friday 30 July - I called Optus and confirmed it was definitely Friday.

The following stores will be open:

  • Sydney – Optus ‘Yes’ Shop George Street
  • Brisbane - Optus ‘Yes’ Shop Queen Street
  • Melbourne - Optus ‘Yes’ Shop Bourke Street
  • Perth – Optus ‘Yes’ Shop Murray Street

Here is the registration link if you are interested in being there then here is the link that might get you ti the registration page: https://optusiphone4.COM - I say might, as - one; I have removed some of the URL as it might refer to my account and - two; the site has been down since I got the email (Optus Marketing told me that demand for the site has been huge and it couldn't take the load).

Further you might note Optus has again been training there customers to accept phishing scam emails by using a URL that is not related to their Australian site. I again can confirm this is a legitimate email.

As to details of plans and upgrade pricing, well to date there isn't any. I asked Optus what I would expect to pay to upgrade early given there are no special discounts and the cost to me after just over a year on the two year plan I have is over AU$600.00. Ouch!

I will post further news on plans and pricing as they come to hand.


Safe Surfing!

| | | Print ArticlePrint Article
Categories: , ,
CommentPost a Comment
Friday, July 23, 2010
2:59PM

Website - Update - RSS Feed Changes and Other News

Date14:59

Dear Readers

The Security Undertow Blog is getting a facelift. Gone are the old, uncompleted pages, forums and their related side bars. RRS feeds have been consolidated into one so that posts and comments can be viewed together from a single feed.  Style and format changes to posts will speed up the writing and allow a wider range of topics to be covered

The site is now focused on bringing you the best news, reviews and tutorials related to security, privacy, technology and of course the iPhone (it's my favorite gadget and I find it fun to blog about).

Here are some future posts I am working on:

  • Privacy - Opinion - Third Party GPS Data Harvesting, the Good, the Bad and the Ugly
  • Security - Exploits - PayPal Secure Token Bypass Exploit for Non-US Customers
  • Hardware - Review - Jawbone ICON Bluetooth Headset Proves Good Things come in Small Packages

I hope you like the freasher look and please feel free to use the comments to let me know what you think and if you have any suggestions.

 

Safe Surfing!

| | | Print ArticlePrint Article
Categories: ,
CommentPost a Comment
Thursday, July 22, 2010
11:37AM

Optus iPhone 4 - News - 2-in-1 SIM Solves Micro SIM Upgrade Headaches for Existing Customers

Date11:37

The new cards have an embedded Micro SIM contained within a standard sized GSM SIM Card. This allows an Optus customer to receive, register and use their new iPhone 4 SIM's before the official release of the iPhone 4 in Australia (31 July 2010). Once the customer has ownership of their new iPhone 4 they can just push out the Micro SIM and have a fully working phone without having to wait for a new SIM (no cutting required).

Once ordered, the new 2-in1 SIM's will be sent out to customers via registered mail and before the 28 July. This will allow the SIM to be registered and used in customers' existing iPhones well in advance of the release.

If your are an existing Optus iPhone customer, you maybe eligible for a free 2-in-1 SIM upgrade. If you are interested to find out if you are eligible click through here: Optus 2-in-1 SIM Card Upgrade Offer


Safe Surfing!

Side Note:

I found out about this offer via an email. I had singed up with Optus for iPhone 4 news so I was not suspicious when the email arrived. I followed the link and filled in the form and received confirmation emails.

Everything looked good until I went to add the link to this post. First, it looked nothing like a legitimate Optus address. It also contained some coded values that may have been crafted specifically for my account. Second, when I entered it into Safari I saw the browser redirected several times to the following URL: https://optus2in1order.com/ - all the hallmarks of a phishing scam and something I had to investigate before posting.

I am happy to report that it is not a scam and is very legitimate. I called Optus and spoke to their marketing department. Explained my concerns, which they where happy to discus. and I found that this upgrade offer should be available to anyone thinking of upgrading to the iPhone 4.

Hopefully Optus will consider the way the formate future campaigns, as their current methods are training customers to accept copy-cat emails that could be used by phishing scammers and with very little effort (just copy the email and replace the link with one that takes the customer to a malicious website).


Safe Surfing!

| | | Print ArticlePrint Article
Categories: , ,
CommentPost a Comment
5:14AM

iPhone Skype App - Update - V2.1.0 (120) Blew me Away with It's Audio Quality over Wi-Fi

Date5:14

The iPhone Skype App has just been updated and available now on the AppStore. it has been made iOS compliant and provides background VoIP and Chat functions.

I just got off a chat session and then a VoIP call, made over Wi-Fi, between Perth, Western Australia and Ottawa, Canada (about as far apart as you can get on this planet with a 12 hour difference in timezones).

The quality of the Audio was just amazing, clear as a bell, full duplex and absolutely no perceptible delay. The chat session was also very quick and very responsive.

This is not an exhaustive review and may have been a fluke. I just wanted to give you all a heads up and suggest you all go and download the App (its free) and give it a try for yourselves. Please leave a comment on your experiences.

I will now bang away on the App so I can post a full review, warts and all. i am very interested in testing its multitasking background features and how well the VoIP works on 3G.

One interesting fact is that it looks like the App allows the chat to work in the background as well. Something that was thought not to be capable with the new iOS multitasking. It would appear that iOS is more capable than first though. Skype appears to use the new local Push to notify you of a new chat. Anyway the good news is that Skype now has push and can receive VoIP calls when it is in the background.

Get Skype in the AppStore

Safe Surfing!

| | | Print ArticlePrint Article
CommentPost a Comment
Monday, March 8, 2010
5:00PM

ScreenDimmer App - Update - iPhone Jailbreak Tweak (Version 1.20)

Date17:00

Now at Version 1.20

The new version fixes a number of bugs:

  • ScreenDimmer's new Preference ScreenApps with disabled idleTimer that are set in ScreenDimmer to be dimmed, will no longer lock 
  • ScreenDimmer will no longer dim when the battery is fully charged and set not to dim when the iPhone is charging or on power

This update introduces a welcome, new feature; when ScreenDimmer is set to turn off the Back-Light, it will first wait for a second timer interval to pass before doing so. This allows the iPhone to have two levels of dimming if the user desires.

I find this very useful at night time, as I put my iPhone in a dock besides my bed. With this new setting I can leave the phone unlocked and have ScreenDimmer turn off the Back-light for me, so I can go to sleep without the iPhone's screen annoying me. In the morning when the alarms go off, I just touch the screen to so I can turn the alarms off. No more fumbling with the iPhone trying to unlock it while I am half asleep.

During the day the second timer interval allows me to keep the dimmed screen visible for a short time, so I can still see what is on the screen while using the iPhone and still have ScreenDimmer turn off the Back-light after a time for reduced power consumption.

The new version of ScreenDimmer is now available on Cydia and Rock so why not give it a go?

 

Safe Surfing!

| | | Print ArticlePrint Article
Categories: , , ,
CommentPost a Comment
Page 1 2 3 4 5 ... 5 Next 10 Entries ยป

Safe Surfing!