If you haven’t heard, Vodafone and 3 have announced that they are to merge their Australian businesses together to form VHA (Vodafone Hutch Australia).
Interestingly enough, Telecom NZ actually own a 10% stake in 3’s Australian business – and in NZ, Vodafone are Telecom’s main rival.
I have inserted several comments from a Gizmodo article below, which were taken from a conference call that the companies hosted.
- The new merged company will have about 6 million customers, with annual revenue of about $4 Billion and about 26% market share in Australia
- Nothing will change for 3 customers. All contracts will remain. There will also be no change to the Crazy Johns brand.
- They refused to confirm whether the 3 brand would be completely phased out (considering the press release mentioned that they could maintain and use the brand until the transition and thereafter). That includes rebranding the 3 retail stores. In the end, they said that they need to work out the details of how the new joint venture will present itself to market. I wouldn’t be holding my breath for 3 to stick around though…
- The network arrangement between 3 and Telstra for 3 customers to roam on Next G later this year is still in place. I’m not sure how this will work – they were short on details – but apparently it will still go ahead.
- There will be redundancies, probably most from 3, but nothing has been decided yet.
- The whole thing isn’t set in stone. It still needs approval from shareholders (it’s been unanimously recommended by the boards of both companies), the ACCC and the Foreign Investment Review Board.
$9 million dollars stolen from 130 ATM’s in 49 different cities around the world.
A highly coordinated attack on dozens of ATMs around the world happened last night. A company called RBS WorldPay has service which allows employees to be paid onto a system similar to debit-card accounts, that can be used from most ATMs.
Someone hacked into their site and found several vulnerabilities that were exploited, allowing people to use fake cards to withdraw money from people’s accounts. Additionally, they also found a way to remove the maximum withdrawal limit so they could essentially take out as much money as the ATM had. Reportedly 130 ATM’s were targeted for a total of 9 million dollars – roughly $70 000 per ATM.
So far, the FBI have made no arrests and have no leads, other than the pictures of people at a few of the ATMs. A class action lawsuit has already been filed.
Initial thoughts were had that it was organised by the mob, but it does seem a little too dispersed. A few users comments on Slashdot posted a much cooler alternative – that it was a group of hackers with a small, organised worldwide user base. Wouldn’t surprise me either way.
Imagine how the phone call would have went to the CIO in wee hours of the morning!
Not only poor people should experience this.
These words were quoted from Bill Gates as he unleashed a swarm of mosquitoes onto an audience he was in the middle of addressing.
This is going to make me sound like a huge geek.
But someone else has to tell me that this reminded them of the scene in X-Men the movie (2000) where Magneto tries to make all the world leader mutants with that special machine? It would seem rather fitting that Bill Gates infect a large group of powerful people with Malaria.
That’s the first thing that came to my mind when I read this. Luckily, the mosquitoes released were not carrying malaria. I’m glad he made his point though, but wow, what a way to do it.
Johann posted today that OCS 2007 R2 has officially launched. It adds quite a few new features that are definitely worth checking out.
Release notes can be found here.
A 180 day trial can be downloaded here.
Keepass Password Safe
I have always been a skeptic of password keepers. Putting all of your passwords in one place was never really an appealing idea. What happens if someone gets a copy of it and tries to brute force it? My train of thought always led me to not wanting to put all my eggs in one basket.
But what if that basket required two factor authentication (ooooh) and was encrypted with an AES 256bit key (aaaah)?
Keepass is one of those programs that I just started using and wondered how I ever got on without it. It has a nice security feature that you can enable, which makes use of a key file, generated with the help of using random mouse movements and random keyboard strokes (mash the pad).
You then need a combination of this key file and a password to gain access to the database. This is essentially a master password to all your other passwords, so make sure it’s not something simple to guess. In fact, using a passphrase with a few complex characters isn’t a bad idea either.
Brute force attacks are also prevented by encrypting the actual key X amount of times – this can be specified by you. Basically, increasing this number increases how long it takes to open the password database on your computer, but it would also increase the time required for each attempt in a brute force attack. If it takes a second longer to open on your computer, this would mean an exponential amount of time until the brute force attack was successful (if the attacker was still alive by then!).
A few points about Keepass
- It is quite flexible in setting timeouts and lockout actions (lock and minimise to tray after x, remove text from clipboard after x, etc).
- The entire contents of the database is encrypted – titles, usernames, notes, and of course, passwords.
- You can use keyboard shortcuts to enter usernames and passwords into fields in web browsers, avoiding the clipboard. This means you can have huge passwords and never have to remember them, or even type them.
- You can add attachments, though this greatly increases the amount of time needed to encrypt and decrypt the database
Yes, again. Another security vulnerability has reared it’s head. The fix is exactly the same as the last one – a short delay in message delivery will be incurred, but nothing major (no reboot).
I’ve had some of the following thoughts for a while now.
Breaking out the BlackBerry router, yeah not a bad security consideration, but what about the attachment service? Take a look at most of the vulnerabilities reported in the list below. Most vulnerabilities associated with BES are to do with the attachment server.
http://www.blackberry.com/btsc/RSS-sec/servlet/RSS
- Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server
- Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server
- Updating the Microsoft GDI component that the BlackBerry Attachment Service uses
- Corrupt PNG file may cause heap overflow in the BlackBerry Attachment Service
- Corrupt Word file may cause buffer overflow in the BlackBerry Attachment Service
- Corrupt TIFF file may cause heap overflow resulting in Denial of Service in the BlackBerry Attachment Service
There were some with the Blackberry Router, some with the Blackberry Browser as well, but most are to do with this. To me, this seems like a great opportunity to put pressure on the powers that be to break out the attachment service to a separate box, for two reasons.
Security. If the Attachment service is broken out, and it gets compromised, it’s not as big a deal. Put it in a quarantined network with a subnet set to only allow two usable IP address (router and box), firewall the hell out of it and call it a day. Not much chance of someone launching an attack, even if that box is completely compromised.
Performance. Attachment server chews up the processor. Breaking it out would increase performance on the BES as well. Two birds with one server.
Anyway. Just some thoughts I’ve had for a while now, wanted to share.
I was working with one of the security guys at work on a report about the risks of implementing the iPhone in an organisation. Their are a number of reasons why IT managers should carefully consider these security risks. A few of these are
- Policies cannot be controlled at a granular level (compared to Windows Mobile or Blackberry)
- Lack of support for all of Exchange 2007 SP1 device policies (disable camera, disable WiFi, etc)
- Therefore split connections cannot be stopped (for example, connect to a WiFi network while connected to a VPN at the same time)
- Cannot control application exclusivity
- iTunes must be used to install updates.
- Known security vulnerabilities have been discovered and widely publicised.
To combat this, you can run a Powershell command on your Exchange 2007 CAS box to bind only one DeviceID to a user’s device.
To find all the DeviceID’s (and more) associated with a mailbox, type in
Get-ActiveSyncDeviceStatistics -mailbox <mailbox name> | fl *device*
You can then use the DeviceID here to input at the end of the following command
Set-Casmailbox <mailbox> -ActiveSyncAllowedDeviceIds <DeviceID>
I don’t think there’s an easier way to do this at anything beyond a per-user level. Please leave a comment if you know a way (Powershell script maybe?).
Now, you may notice in the above screenshot that there is a DeviceType listed. Unfortunately, I don’t believe there is Powershell command available that can allow the blocking a device by the DeviceType. The same goes with the DeviceUserAgent.
However, if you have an ISA2006 server, the guys over at the You Had Me At EHLO have posted a great article explaining how to block a device based on its User-Agent type.
I passed my exam!
Hi all, just a quick update to let you all know that I am now officially a Microsoft Certified Technical Specialist: Exchange 2007 (Configuration).
The exam was difficult. A lot of Powershell commands to remember, a fair amount of clustering based questions, and also quite a few questions about initial installation with the correct switches to use. There was also some questions about how to recover each of the roles. Lots of hard work but it’s all worth it.
I used the CBT Nuggets 70-236 training video pack which were quite good. I also spent a fair amount of time in my lab to make sure I understood each command as it was applied. If you are thinking about studying for it, start using Powershell. It’s not a scary as what you may think. The commands make sense (get-mailbox, will give you a list of mailboxes for example), and you can get to the point where you do some seriously cool stuff with piping the results from one command to another.
A big thanks goes out to Derrick and Craig who helped me out considerably with my annoying questions, and my girlfriend Sarah for putting up with my grumpy moods when I was studying!
BES 4.1 SP6 Released
A huge amount of people have been hanging out for SP6, as it (finally) adds HTML support for your corporate mail.
My biggest concern with this is the impact to the Exchange organisation. For smaller companies with relatively small Exchange environments, this would be a huge value add with a performance hit that may not even be noticed. However, for larger companies this may cause issues.
When the handsets request "More" of the email, the BES needs to go back into the mailbox of the user to retrieve the full email. It needs to do this to ensure that the all of the <html> tags are present – otherwise, the email would look extremely messy with broken tags all over the place.
RIM know about the issue, and in the BES 4.1.6 Release Notes mentions the following:
For more information about the impact of supporting HTML and rich-content email messages on system resources, visit www.blackberry.com/go/serverdocs to see the Impact of supporting HTML and rich-content email messages document.
Unfortunately this document does not seem to be published at the moment – will keep you updated as to when it shows up.
Some of you may have noticed an MSN icon appear on your BlackBerry devices over the past week or so. Unfortunately, many users are reporting that when they try and download it, they get quite an unhelpful error message of
“Sorry, your device does not meet the system requirements that are needed to support Windows Live Messenger”
Luckily for us, we have access to the Blackberry provisioning system that one of our telcos use, so all we needed to do is place an extra service on the account, resend the service books, and we could successfully download, install, and use it.
You may want to call your service provider and ask if they can add the service on to your account, however they may want to charge you an additional fee.