Alexander’s Blog

If your laptop is stolen, it sure would be nice to be able to track it. Well, the researchers at the University of Washington (UW) along with the researchers at the University of California, San Diego have developed an open source software package, called Adeona (the Roman goddess of safe returns) to do exactly that. It uses state-of-the-art cryptography so you, the owner of the laptop, will be only person who can track your stolen laptop. If you are wondering about the cost of such valuable software, worry not….it’s FREE.

Adeona uses the Internet as a homing beacon by occasionally sending the laptop’s IP address and related information to OpenDHT, a free online storage network. By using the IP address, you can get a general idea where the laptop might be located. The tool works on laptops and desktops running Windows, Macintosh and Linux.

If you are using Macintosh you would like this tool even better because Adeona will use the computer’s internal camera to take a photo and send it to the server. The photo, along with the general location of your stolen laptop, could be valuable for law enforcement authorities to help you track your laptop.easy

The program is very easy to install and takes only 3.8MB on a Windows computer. The software consists of Adeona Client, which periodically sends private updates regarding your laptop to a remote storage location on the Internet. The Adeona Recovery Tools is the component that helps you retrieve the updates that were sent by your laptop. Of course, you want to install both the components. You will be prompted to provide a password. This password will ensure that only you will be able to reteive the information about the laptop.

Once you have installed the product, make sure that you back up the file created by the setup program on your desktop. The file is called adeona-retrievecredentials.ost and it contains the location-finding credentials of your laptop.

NOTE: Unfortunately, the extension .ost will confuse some people because it is used by Microsoft’s Outlook as an offline storage file. To read the contents of the file do not double-click it, instead you can open it in Notepad to read the content.

Here’s the message you will see at the completion of installation.

To retrieve a lost or stolen laptop you execute the Run Adeona Recovery tool from the Start menu. You will be prompted to enter your password. You may have to wait an hour before you do a retrieval after you install the software on your computer. In my evaluation of the software, I was able to get the location information relatively quickly, within 20 minutes or so after the installation. The retrieved location information will look something like this. I am using fake IP addresses in the example.

Retrieved location information:
update time: 10/03/2008,10:38 (PDT)
internal ip: 10.5.15.20
external ip: 192.168.9.8
access point: (n/a)
Nearby routers:
1 0.000ms 10.5.15.1 (MYROUTER)
===============================
Press any key to continue . . .

You can use one of the several free tools to look up the IP address information, such as IPLookup.

Check out this link for more details. You can download the tool at http://adeona.cs.washington.edu/.

Microsoft’s Excel application contains a vulnerability that could allow a remote attacker to gain access to a system.

The flaw affects multiple versions of the spreadsheet software, including Excel 2000, 2002 and 2003, as well as versions of Microsoft Office containing those versions. It can also be manipulated in Excel Viewer 2003 and Office 2004 for Mac. Click here for more details.

Saw these 15 Apple commercials on youtube. You’ve probably seen most of them on TV but in case you missed them :).

By the time excited consumers were unwrapping their brand new iPhones, hackers had already found ways to hack into the iPhone. While AT&T had a nightmarish time dealing with activation problems, hackers are claiming to have successfully activated iPhones without paying for the service. Web sites like iphonehacks.com and numerous blogs are full of information related to iPhone hacks.

It didn’t take very long for researchers at Errata Security to find several security holes in Apple’s new iPhone, as reported by DarkReading.com. Errata discovered at least three major flaws in iPhone, which is based on a version of OS X. One of them has to do with a heap overflow bug in Safari browser. If a user visits a malicious Web site, it can potentially take over your iPhone. For example, if a user clicks on a spam message it can take him/her to the malicious Web site. This is only one of several examples of how the iPhone can be hacked due to this vulnerability.

Another bug is in the iPhone’s Bluetooth feature related to a potential denial-of-service attack. A third bug has to do with data “seepage” that can potentially cause data to be exposed by client applications over a WiFi connection. Similar to the known problem on Mac notebooks, if you come close to a wireless access point (WAP), your iPhone may just decide to connect to it and expose your information without your knowledge.

Errata, Flexilis, and other security companies are finding more bugs. However, security researchers say that they will wait until Apples announces the flaws before they will go public with their findings.

Over the past one or two years, security professionals have attempted to raise awareness of the dangers associated with connecting smartphones, PDAs, iPods, and other devices to business network-connected endpoints. Some vendors stepped up and provided centrally managed methods of protecting information stored on company and privately owned devices. The Apple iPhone, however, does not fall anywhere near the “secure device” category.

In a Gartner publication released in June, Frederica Troni and Ken Dulaney provide a list of business reasons why businesses should shy away from the much touted touch-screen device (How to Plan for User Interest in the Apple iPhone, Gartner Research article G00148854), including,

* Lack of support from major mobile device management suites and mobile security suites
* A clear statement by Apple that it is focused on consumer rather than enterprise business

Further, the iPhone lacks support for popular wireless business email solutions-including Microsoft Exchange. Click here for more details.