Tag Archives | Security

Line2’s Troubles Persist

Posted by Harry McCracken on March 28, 2010 at 12:40 am

I’m still looking forward to trying Line2 on my iPhone, but the VoIP app’s launch continues to be hobbled by Internet-borne attacks. Earlier today, David Pogue of the New York Times reported that the problem was someone’s auto-signup bot that was registering bogus accounts as fast as it could, but that Line2 parent Toktumi had figured out a workaround. But now that’s out of date: I was able to download the app, but once I’d stepped through the sign-up process on my iPhone, I got this:

The Toktumi blog explains what’s going on: The company has put the app back in the App Store, but is limiting the number of new signups each hour to foil the bot. It doesn’t seem like a long-term solution–especially since you only learn about the signup cap after getting most of the way through registering, and apparently have to start all over again if you want to give it another go.

As Pogue says, it’s a lousy thing to happen to a promising service. Maybe Toktumi’s original stopgap–temporarily ending the month of free trial service and requiring payment of $15 in advance for the first month of service–would be the best way to ensure that people who really want Line2 can get it and nobody’s time is wasted.

[UPDATE: As of early Sunday morning, the app is available on the iTunes App Store, but if you step through the signup process you eventually get a message that new memberships are on hold, and that you’ll get an e-mail when they’re available again.)

6 comments

Line2 Goes Down

Posted by Harry McCracken on March 26, 2010 at 12:02 am

Weird: Line 2, which I wrote enthusiastically about earlier today, is now suffering a denial-of-service attack (chronicled on parent company Toktumi’s Twitter feed). The app is currently missing from the iPhone App Store, which gave me a scare: There are multiple other examples of programs you’d think Apple might have a problem with hitting the store, attracting attention, and then getting yanked by Apple. (Here’s one.) But Toktumi founder Peter Sisson told me that the company pulled the app itself so that new users wouldn’t start off with a bad experience during the attack.

As I write this, the attack has been going on for at least six hours. I’m still looking forward to trying Line2 once it’s back.

17 comments

LifeLock Settles With the FTC, States

Posted by Harry McCracken on March 11, 2010 at 12:38 am

Somehow, it just isn’t a stunner that identity-theft protection company LifeLock–the one with the ads that revealed its CEO’s Social Security Number–turned out to be a tad questionable. After being charged by the FTC and 35 states with everything from failing to live up to its sweeping claims to being sloppy with customers’ personal information, the company has ponied up $12 million and promised to try and do better.

One lesson: cheesy ads nearly always means cheesy company…

2 comments

Video Demo of the Enigma Machine

Posted by David Spark on March 4, 2010 at 3:46 pm

This video is part of David Spark’s (@dspark) coverage of the 2010 RSA Conference on security. For tons of video interviews and articles from the conference, check out the summary of Spark’s coverage on the Tripwire blog.

Our good friends at the NSA had a booth at the RSA Conference, and the highlight for me was the opportunity to see, touch, and play with the Enigma machine. It was the same machine the Nazis used for code creating and breaking during WWII. The U.S. broke the Enigma code, but the Nazis never realized we had. Our ability to decode their Enigma-written messages helped shorten the war considerably.

I had seen these machines before, but I never knew how they actually worked. So I asked one of the NSA staffers if he could demo the machine while I videotaped it, but he told me he couldn’t be on camera. Since I don’t work for the NSA, I can be on camera. After he showed me how it worked, I shot a demo.

The Enigma machine had a series of relays of which at each point the letter that you selected could be changed to any other of the other 26 letters in the alphabet. In total, a single press of a key stroke could change that letter between seven to nine times. But the rotors on the Enigma kept shifting, so if I pressed the same key twice, it would deliver a completely different result. Watch the video to see how it worked.

9 comments

ZoneAlarm’s DataLock: BitLocker for the Rest of Us

Posted by Harry McCracken on March 2, 2010 at 11:52 pm

If you’re supercautious about protecting your PC’s data from prying eyes–especially when it comes to a laptop that might get lost–you could use Windows 7’s BitLocker disk encryption to secure every last file. But BitLocker only comes with Windows’ two priciest versions, Windows 7 Enterprise and Windows 7 Ultimate. Encryption, Microsoft clearly thinks, is of interest mostly to big-business types and hardcore users.

Enter DataLock, a new utility from Check Point Software’s ZoneAlarm division. Like Bit-Locker, it does full-drive encryption–the whole thing gets locked up, and you have to enter a password before the boot process starts to get access to Windows and your data. Unlike BitLocker, DataLock is aimed at consumers and small businesses, with a price to match: $19.95 (an introductory price–list is $29.95). And just in case you encrypt your drive and then forget the password–hey, I’ll bet it’s been know to happen–the software comes with a phone-based password recovery service that’s available 24/7.

DataLock was announced this week at the RSA security conference in San Francisco, and is available now as a download from ZoneAlarm’s site.

Continue Reading →

5 comments

Help!

Posted by Harry McCracken on March 2, 2010 at 3:07 pm

It’s a PC convention that dates to the 1980s: Press the F1 key, and you’ll pull up online help. Except Microsoft is now warning Windows XP users to ignore any Web site that asks them to press F1.

As Gregg Keizer is reporting over at Computerworld, a Polish researcher has discovered an XP (and Windows 2000) vulnerability that would let a Web page trick an unsuspecting user into pressing F1 and thereby launching a malicious program disguised as a Windows Help file. Microsoft has published an advisory recommending that users not press F1, and explaining how to disable Help altogether.

It’s a way more fascinating security hole than your average exploit, since it could let a bad guy make trouble for a Windows user at the particularly vulnerable moment when that person is seeking help. But it’s a sobering argument in favor of choosing a modern operating system–be it Windows 7 or Snow Leopard or Ubuntu–over a creaky old one that dates to the start of the last decade.

2 comments

TechCrunch Hacked Again

Posted by Harry McCracken on January 26, 2010 at 10:36 pm

TechCrunch is down again–someone with hacking skills, a vendetta, and–it seems–a dislike for certain ad formats appears to have crippled the site for the second night running.

No comments

TechCrunch Hacked

Posted by Harry McCracken on January 25, 2010 at 11:29 pm

Uberblog TechCrunch appears to have been hacked. At the moment, I’m getting either a blank screen or a “We’ll be back shortly.” message. Right before that, though, I got this (bad word censored by me, but I bet you can figure it out):

Dupedb.com looks like a porn torrent site or or somesuch–all I know for sure is that it looked so disreputable that I turned around and left within seconds of getting there.

And…the site’s back up. At least as of this moment. Details on what happened to come, I hope.

[FURTHER UPDATE, 12:20am PT: It’s down again.]

[EVEN FURTHER UPDATE, 12:56am PT: Site’s down, new message is up.]

One comment