Jimiz.net – Jim Becher on the web

I am always interested in how secure my devices are? Is my data safe, can people get to my info, am I at risk of giving out any private information. The iPhone /iPad has proven to be pretty secure if you take precautions. Lock your screen and keep sensitive data out of the clear. The one interesting item you can hack is the backup. There is a lot of information to be gathered and searched in your simple backup.  Many people don’t think twice about the sync that happens with your computer and iTunes. I’ll go into a little discussion on what can be seen.

Before I go too far into this  information, it should be noted that this can be corrected by encrypting your backups.   The process to encrypt your backup is a simple check box in iTunes.  You can do this by connecting your iphone / ipad and selecting summary -> options -> encrypt iPhone backup.

Now that you have secured any future information let’s look at the wealth of informaiton that is now residing on your computer from your previous backups.  To find your backups on a windows machine navigate to :

(Windows 7 or vista) - C:\Users\{your username}\AppData\Roaming\Apple Computer\MobileSync\Backup\

(Windows XP) - C:\Documents and Settings\{your username}\Application Data\Apple Computer\MobileSync\Backup

Once in the directory you will see your backup sets.  Select one to look at.    First we will start with the info.plist file.  You can open this file with any text editor (xml formated file).  This file contains the overall information regarding the ios device:

• Device Phone number
• Device name
• Device GUID
• ICC-ID: Integrated Circuit Card ID serial number of the SIM card
• Serial number of the device
• and Much more

You can see in the screen capture above that this device name is “jimizphone”.

I know at this point you are thinking why is this stuff important.  Well after some research and some reading I was able to find out what some of those files contained.  Thanks to team over at hrgeeks in their great post here is some definitions of the files.  These files are all .mddata files that can be viewed using a SQLite browser.:

• Call Log: ff1324e6b949111b2fb449ecddb50c89c3699a78
• SMS (TEXT) Log: 3d0d7e5fb2ce288813306e4d4636395e047a3d28
• Notes Application : 740b7eaf93d6ea5d305e88bb349c8e9643f48c3b
• Contact List: 31bb7ba8914766d4ba40d6dfb6113c8b614be442
• Voice Mail List: 992df473bbb9e132f4b3b6e4d33f72171e97bc7a
• Calendar: 2041457d5fe04d39d0ab481178355df6781e6858

Let’s review one of the files.  I choose to look at the SMS log.  This would be the most damaging file if someone could review what I have said.   It could also be the target file for people looking for information (ex-wife, girlfriend, or business competitor).  Using SQLite browser I did a select statement on the file “select * from messages”  it returns records of text messages from the phone.

You can see from the image, that a record of all text messages was saved.  I have not verified if the deleted items are saved but the information is clear enough.  Your iPhone  backup file contains in clear text your SMS text messages.  It has the date, phone, message, and time stamp that can be searched.

Opening the contact list quickly allowed me to look at names and numbers that were stored on the phone.  This could be dangerous for people who don’t want that information shared.   A person would not need physical access to their phone, only access to their computer.

Armed with file name information you can also get other non-phone related information that may be stored by applications.

Facebook friend list – 6639cb6a02f32e0203851f25465ffb89ca8ae3fa

I did a quick check, and I was able to see all my facebook friends information (cell phone, email are hashed) but names and contact are available.  This is interesting in that you can gather information outside of the phone that could be used against you.

So with a little information and a simple tool you can get a lot of information from an iPhone / iPad backup.

To view the email accounts accessed or setup on the phone you can view this file in a text view application:

• Email Account: 5fd03a33c2a31106503589573045150c740721dd
• Safari History: 1d6740792a2b845f4c1e6220c43906d7f0afe8ab
• Safari Searches: bd38afa30b5a43c146db02a46ee11d82cdc817fe

I have been looking at new a new laptops and have been watching how people use them. My reasons for this are simple. I am a firm believer in the trackpoint, the little joystick thing in the middle of a laptop keyboard. Particularly on the IBM thinkpad laptops. The new laptop I will be using is a Dell and may or may not have have the trackpoint available. It is difficult for me to understand why a person would use the touchpad. I will go into detail for both, but I must warn you I have only used the touchpad on limited occasions. So let’s start this argument.

Reasons for the Trackpoint

1. You never have to let you fingers leave the keys. You can just move your pointer finger over and move the mouse and then click while still on the asdf key sets.

2. It is easy to use and learn on.

3. Takes up less space on the laptop. This is not an issue with todays Monster desktop replacements.

4. I find it very accurate.

Reasons for the Touchpad

1. Touchpad allows for multiple functions – scroll, slide, click and application launching

2. It seems to cause less stress on the wrist when using

Failures of the trackpoint

1. The pointer stick often gets dirty (kinda sticky)

2. You may hit it by accident when typing

3. There is not scrolling option unless you have a newer IBM.

Failures of the touch pad

1. People often hit it it when they are moving their wrists or fingers.

2. Difficult to learn quickly or use accurately

3. You cannot use it with one hand.

4. It can get very dirty , chips and dip are not very nice to the touchpad.

So who wins. Well have you ever been to an airport or at a seminar and watched all the laptop users fire up their computers and then pull out a mouse. Why is this. Why not use the built-in mouse. Well my thoughts are the fact that the touch pad sucks… They spend all this money for a laptop and then have to go out and get a mouse. To me, it is not a laptop then it is now just another computer. I have noticed and figured out that most IBM thinkpad users tend to stick with the trackpoint and end up dropping the mouse. I have not found any surveys, but it would be interesting.

From a usage standpoint, the trackpoint allows you to do development and movement very effectively. I can type and move the mouse to the properties section of the Visual Studio IDE quickly.

I would love to hear peoples thoughts. When I was in our IT group and new people started and were issued a new thinkpad. They always wanted a mouse. In about 2 days we would get the mouse back. They would get the hang of the trackpoint.

I have a lot of apps loaded on the iPad. Many of these apps are games, productivity, social media, and just entertainment. However, there are a few that are really tech and work related. Since I am in the IT field I found a few apps that I would recommend.

Remote Desktop

1. winadmin – $8.99 http://itunes.apple.com/us/app/winadmin-ipad-edition/id364898965?mt=8

This is the most simple tool to use for remote desktop, it is easy to use and just works. It is a great tool for the price

2. desktop connect – $14.99 http://itunes.apple.com/us/app/desktop-connect/id364907570?mt=8

This app does both VNC and RDP. It has a lot of potential.

3. iTeleport – $24.99 install soft on the PC – http://www.iteleportmobile.com/

4. iTap – $11.99 – http://itunes.apple.com/us/app/itap-rdp-remote-desktop-for/id317062064?mt=8

LogMeIn #29.99 – https://secure.logmein.com/products/ignition/iphone/

Well done app. This app allows you to remotely use LogMeIn and access to PC. This cost is worth it if you use LogMeIn.

jump – $19.99 – www.jumpdesktop.com

This app does both VNC and RDP.

Remote control – VNC

VNC is a great remote control software. It is free and open source, supports windows, linux and Mac.

screens – $19.99 http://edovia.com/screens

Screens is probably the best VNC iPad app. The cost is not cheap but it always works. http://itunes.apple.com/us/app/screens/id400012962?mt=8

realvnc – $9.99 – ok http://itunes.apple.com/us/app/vnc-viewer/id352019548?mt=8&ign-mpt=uo%3D6

Is the 2nd best I can recommend. The cost is attractive.

Mocha VNC Lite – free – http://itunes.apple.com/us/app/mocha-vnc-lite/id284984448?mt=8 just that unattractive / good for ocasional users. I used this prior to getting screen.

Here is another link discussing VNC

http://lifehacker.com/5713455/the-best-vnc-apps-for-your-ipad

SSH

iSSH – $9.99 – http://itunes.apple.com/us/app/issh-ssh-vnc-console/id287765826?mt=8

I love iSSH. It is simple and always seems to amaze me. From the quick control key send to the Xviewer that has a keyboard overlay.

SSH Terminal – $.99 – http://itunes.apple.com/us/app/ssh-terminal/id369875227?mt=8

A basic SSH client. Not many features, but it works.

Network tools

IT Tools – $4.99 – http://itunes.apple.com/us/app/it-tools/id324054954?mt=8&ign-mpt=uo%3D4

What a great tool. This allows you to ping, traceroute, DNS and arp tables.

iNetwork-utility -$2.99 – http://itunes.apple.com/us/app/inetwork-utility/id378676317?mt=8&ign-mpt=uo%3D4

The price of this app is fantastic. Ping, portscan, dns, whois, and Alexia info

zScan – $2.99 – http://itunes.apple.com/us/app/zscan/id381019397?mt=8&ign-mpt=uo%3D4

A great network scanner. It will scan ports, udp, tcp, look for sql, banners. Overall a great tool to have.

I’ve got a few hacking items I need to eventually get to.

First I’d like to make a Pirate box. I think the concept is great for parties, groups and overall travel. Pirate Box (http://wiki.daviddarts.com/PirateBox)

I also have not used my pineapple in a while. If you are not familure head on over to hak5 to read. http://www.hak5.org/store/wifi-pineapple-version-2

I’ve demo’d this for a lot of people who are interested in hacking. I need to update the tools on it.

I recently purchase a new (to me) laptop. I now get the fund job of installing all my favorite software. I’ve been tracking what I use for the last few years and have a few basic apps that I install right away. Below is my list. One addition this year is I am using allmyapps to install the latest releases.

Here is my list:

1. VS2010 / iis7 / vs2008

2. Chrome

3. Firefox

4. Dropbox

5. ISO burn

6. truecrypt

7. digsby

8. 7zip

9. itunes

10. VLC (video lan client)

11. Notepad ++

12. gimp (Graphical Image Manipulation program)

13. Magic Disk (mount ISO)

14. Tortoise SVN

15. Cdburn XP

16. Foxit Reader

17. ccleaner

18. windirstat

19. Skype

20. audacity

21. Utorrent

22. Thunderbird

23. Imgburn

24. microsoft Security essentials

I recently decided to keep my new years resolution and get more life insurance. Now that there are 4 children running around at our house it is important that they are taken care of in the event that I pass away.

I listen to Dave Ramsey and he is a believer in term life insurance. I would have to agree. Term insurance is basically that. You are buying insurance for a duration of time. In my case I decided on 20 years. The amount of time when my youngest would be independent.

To start the process I decided to also follow Dave’s advise. I contacted Zander Insurance.

A quick online form filled out and a confirmation email. Let me review prices and setup an appointment to get a health screen. So far the process has be inexpensive and painless (unless you are afraid of getting a blood test)

The only thing I would recommend against is going to other insurance sites. After my original quote from zander I decided to do a google search and do another online form to get a quick quote. That was a mistake, I’ve been getting spam for the last 2 weeks.

I use Filezilla as my main FTP client. It is a wonderful tool for ftp, ftps, scp (sftp) and other transfer protocols. I am getting a new laptop and needed to transfer / backup my settings. I have a lot of sites stored and did not want to go looking for all the username and password information.

Filezilla allows you to backup your information and transfer it to a new system. To do this you need to:
1. Open Filezilla
2. File | Export

3. select (export site manager entries and export settings)
4. Save the XML file to your hard drive.

This backup contains all your site manager information. It also stores your password in the clear. If you look at the XML file you can see the element has your passwords. This is not a safe thing, for those of use who are security conscious. I am no-longer storing my passwords in filezilla and will be prompted when using ftp or sftp. As much as I like filezilla, I’ve started looking for an alternative. One option I’ve read about is to use a password storage tool like “keypass” to use with filezilla I will have to try this.

If anyone has suggestions please let me know.

I love technology. I love how the process of doing tedious tasks can be simplified. I can remember when creating an favicon was a true task. You had to download some type of app that would transform your image to a PNG then do some maniuplation to make it the right size.

Today there are some great sites that take your image (almost any size) and generate a favicon.

• http://www.favicon.cc/
• http://www.html-kit.com/favicon/
• http://tools.dynamicdrive.com/favicon/

If you are creating an iphone or ipad app you can also create an image online. Here is a pretty good site for doing so. http://www.midnightmobility.com/iphone-icon/

I thank those who run the above sites and how they have made my life easier. Happy icon generating.

So today I updated my iPhone to 4.3.2 and Jailbroke it again.   I always get asked why I jailbreak.  The simple answer is because I like to hack devices.  The more to the point reasons are the cool customizations.  The business reason is simple, MyWi it allows me to make the device a wifi hotspot and always have internet where ever I go.

I used the redSn0w process to jail break.  You can follow this process it is for 4.3.1 but  but can work with 4.3.2 if you download the proper IPSW version.   Lifehacker always has hst up to date version of the files.

My intial attempt failed.   This is because I did not follow the steps for x64 and modify the affinity for redsnow.exe and set to cpu1

I also did not run redsn0w.exe as administrator.  To do that you just need to right click on the exe and select (run as administrator)

These steps are all in the instructions. Have fun and enjoy if you do decide to jail break.  Drop me a note with your experiences.   I

I have not jailbroken my iPad yet.  I do know this version will not do the iPad2

Update:  I got a note from someone asking if I backed up my iPhone prior to jailbreaking.  Yes, I used AptBackup for the jailbroken apps and did a lot of system file copy with ssh.

I went to a coffee shop today to do some work. Update a few documents and get some random things I have been putting off.    As always I log onto the coffee shop wireless and connect to my VPN.  (read other articles here and here).

After completing the items I had set out to do.  I took some time to do some poking around on the wifi.  Since wireless is basically you sharing a network with others, it is easy to see what people are doing.  I used a simple nmap query to see who my neighbors are.

That scan showed me 5 active people and their IP.   It also let me know that the router had HTTP running.   Since I already knew the PC names and what ports they had open. (some one had a web server running).  I decided to look at the wireless router.  To my surprise it was running DD-WRT, my favorite router firmware.    DDwrt is a very powerful router firmware that can turn a basic wireless router into a great device.

However there are a few settings you need to understand when using DDWRT.  One in particular is to disable the default status page for unauthenticated users.  This page shows a lot of information that you don’t want snooping people like me to see.   Things like:

• Public IP
• Firmware version
• Device Type and name
• Connected users (IP address, mac address, dhcp lease)

Not only was this on but I was able to also see the other computers on the network (with out doing a nmap scan).   So everyone who had connected in the last 2 hours pc was listed on this page.  I decided to push up a pic.  My pc is called TP2.

This is scary to me because someone took the time to use a great opensource Firmware but not the time to properly secure it.    It is also interesting to see the number of android devices that were using the wifi.  I guess the same is true for iPhone devices.

I can’t stress this enough, when on public wifi use a VPN.  If you don’t have one.  Head on over to wifi-vpn.com and subscribe or purchase.

The other item on the list is BT, that is the backtrack vm that I started to do some network sniffing.

I have a few servers that I help maintain or use for VPN access.  I have found on a few machines that when I use VPN to secure my connection at a coffee shop or any other public WiFi that some sites will not load.  I have seen this issue before when using PPTP but had never taken the time to investigate.   Sites like Digg would just not load.   After a lot of investigation I as able to see a few obscure issues with the mtu size.  The default PPP0 interface MTU size was 1396

Output of ifconfig:

ppp0

Link encap:Point-to-Point Protocol          inet addr:192.168.240.1  P-t-P:192.168.240.2  Mask:255.255.255.255          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1          RX packets:9 errors:0 dropped:0 overruns:0 frame:0          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:3

After some google searching I was able to see that my eth0 MTU was set to 1500.    To correct the issue  I increased the PPP0 MTU size to 1492.   That change allowed the sites to load.

Manually change the MTU:

sudo ifconfig ppp0 mtu 1492

I was unable to find a clean permanent solution to keep this set.  I tried the /etc/ppp/options and options.pptp.  The work around I created was to modify the MTU size on the first PPP connection.  I used the ip-up.local file to make this change on every PPP connection.  The ip-up file is executed once a PPP (vpn) connection is started.

I added the following line to ip-up.local

• ifconfig ppp0 mtu 1492

After these changes every connection will set the mtu to 1492.   This corrected my issue with browsing some sites.

I can now surf the web and get to any site.

I love to browse engadget and gizmodo to see the new things in tech.  Technolust is just something that is in me.   The most interesting lists I have seen in a while are the CES 2011 items to watch and the travel gadgets.

I’ve had this link bookmarked for a while. The tech is a bit old, but the items are good. http://www.vagabondish.com/12-killer-travel-gadgets-every-geek-needs/.  I think a solar backpack / charger of some type is just a great idea.   I can’t say how valuable a waterproof case is.  For those who know me, I’m fond of the ziplock waterproff case for the iPhone.

The like page has a good list of items for 2011. I have to say this will be the year of the tablet.  Though, I can’t wait for what Apple will do with the iPhone 5.  If NFC comes to the phone, I’d love to do a few little programs with that.

http://likepage.blogspot.com/2011/01/top-gadgets-in-2011.html

http://mashable.com/2011/01/06/gadgets-to-watch-2011/

http://www.time.com/time/specials/packages/article/0,28804,1827576_1827591_1827997,00.html

I’m not sure why these top 10 / 20 / 30 lists are so intriguing to me, I just really like them.

To follow up on my first post regarding Vibram 5 fingers, I’ve got a lot of feedback.  People asking how long it took to get used to the shoes.  How do they feel on my feet, do they hurt toes.   Someone even asked about the press that barefoot running is bad for you.  (runningbarefootisbad).

I’ll try to give feed back on each.   Overall, I love running barefoot.  It is a great change from my previous running experience.  I’ve run many 5k , 10k races and even a marathon.  Overall, I run every week and at least every other day.  I’m not a very good long distance runner, more of a sprinter.   So my running style when preparing for the marathon was to find out how to relax and pace myself.   I found from just the amount of running that I ran on the balls of my feet, and had to train myself on how to use the heal toe method to run longer distances.    So the switch to barefoot was really easy, that is just how I run.

I’ll start with the question regarding all the press on how barefoot running is bad.  I guess my overall thought is that, anything can be bad for you.   Eating Apples can even be called a bad thing, if you eat the apple wrong and choke.  If you too many apples you can get sick.   I think that principle is true with barefoot running.    People praise it because it is suppose to be easier on the body, more natural.  However, if you do it wrong, it can hurt you.   So the news where people are getting hurt, is based on some people not doing this process properly.  What that means to me, is that barefoot running is not for everyone.  Just like running may not be fore everyone.   Thick cushioned running shoes protect your feet and you from hurting yourself.  You take those away, you need to protect yourself and not rely on those tools to help you.  Some good education and practice can help make barefoot running safe and easy.

Here are a few good tools to learn how to run barefoot (Video and Merrell).

The next question is based on comfort.  Do the shoes hurt my feet?  Do they feel funny on your toes?  No and Yes.   No, they do not hurt my feet.  It is really cool to be almost barefoot, it is a great feeling.    You have some safety from the elements with the bottom shell.

At first they did feel really funny with the toes.   I have somewhat flat feet and very wide feet.  The shoe not only felt funny on the toes, but looked funny.  Once I got over the look, I started to like the feeling on my toes.  It is not for everyone.  that is the reason I’m leaning towards the new Merrell shoes.   With my really wide flat feet, it is somewhat funny to see me in these things.

How long did it take me to get used to the shoes.  Well, since I did not start running in them and used them at first for just fun.  It did not take long at all.  By the time I started running I was used to the feeling and had worn them long enough to train my feet for shoes with out socks.

As for how long it took me to get used to running in them, it did not take long.  Just conditioning on my calf muscles and my stride.   After about a week, I was good for 3 plus miles.

Thank you for all the feedback.

I’m a network abuser. I use my internet connection for everything. VPN access when at any public wifi location (VPN ddwrt). I also use it for Streaming movies on netflix, backup for my data (mozy, dropbox, rsync for business data) and just general browsing. So overall I am using a lot of data. When comcast put their 250GB limit in place I was worried (I’ll post on this later).

What the cap did was make me think about my network usage. I realized that I have created more of my own cloud service locally (internal home backup and syncing) vs using online services. Just doing this has cut down on some of my internet usage. The main thing I can’t see changing is our TV / Movie streaming. From netflix, youtube, and hulu we are always watching something.

Netflix just made news as Netflix’s share of digital movie units, either downloaded or streamed, was put at 61 percent between January and February.

Read more: http://news.cnet.com/8301-1023_3-20043475-93.html#ixzz1INT6Z4Jm

That is a huge market share, as well as a lot of bandwidth.  When you watch an HD move it uses more bandwidth than a standard Definition movie.   That said, how much bandwidth are you using.  Are you consuming all your allocated bandwidth on Netflix?   Here is a pretty good breakdown of what that usage looks like:

Netflix Movies (HD): These guys are around 3.8Mbit, which means it’s about 3600MB for a 2 hour HD movie.
Netflix Movies (SD): Each of these movies are around 500-700MB each, depending on the length of the movie.
Netflix TV Shows (HD): A 30-minute TV show will be about 1500MB.
Netflix TV Shows (SD): A 30-minute TV show will be about 400MB.

Even though that is a lot of bandwidth you would need to watch a lot of HD movies to hit the cap.  Around 70 HD movies in a month depending on the quality.   That is a lot of movie watching.  However, if you have a large family (as I do) and some are using their computer, others on the TV, and ipad; you would build up some usage (I’m not sure that the netflix account would even allow this).

That is a lot of bandwidth.  Netflix is using our internet bandwidth (that I purchase from comcast) to deliver their service.   Until recently this did not matter, because comcast did not have a cap.  Now that the average consumer is using more, the providers have to find a way to either cap (conserve) their bandwidth or charge more.   I’m not against this model at all, I just want to have bandwidth available.   A few years ago, a person would purchase high speed internet and only use a fraction of it.   Now, with out knowing they are using more and more bandwidth.  Their media devices; wii, ps2, and xbox are online.   The new TV and DVD players are hooked to pandora and netflix.   They are getting more content from youtube and netflix on their Computer.    I’m ok with paying, what I don’t want is my neighbor’s youtube addition to cause my backups to go slow (I don’t want others to hinder my internet usage).

It was recently posted that netflix has 20% of peak US bandwidth usage. http://www.wired.com/epicenter/2010/10/netflix-instant-accounts-for-20-percent-of-peak-u-s-bandwith-use/ That is amazing.

There is a lot more going on behind the scenes on who controls the bandwidth and who pays for the internet bandwidth.  For now, just realize that if you are streaming movies you are using your bandwidth that you pay for.   It is amazing how quickly the internet has changed our TV / Media viewing.   People now at least understand what streaming video is.