Security Hole in IPhone with AT&T
September 5, 2009
To be more precise, the security hole is with the network (AT&T network) IPhone uses. I noticed this problem while working on a Voice-enabled application using Asterisk and surprised to see that my voicemail is wideopen to public. Then later found out that this has been reported earlier by various folks (here and here) but seems like it is not fixed yet. So if you own an IPhone (or any other phone for that matter) with AT&T network, please keep reading and I show you how to fix the problem yourself.
So what is the problem?
Others can listen to your voice mail, change your personal greeting and other settings. AT&T voicemail identifies user based on incoming caller ID, so if callerID matches the phone # you are calling from, it assumes that you are calling yourself to check voice mail then it simply goes to voice mail (if you don’t have password set).
Am I protected or Not?
Call yourself with your phone (by dialing 1 or dialing your number). If you are prompted for a password, then you are fine. If it takes your directly to voice mail menu, then you are NOT secured. See how to set password below.
How to protect my voice mail?
Dial 1 to call Voicemail from your phone
Press * to get to the voicemail Main Menu
- Press 4 for Personal Options
- Press 2 for Administrative Options
- Press 1 for Passwords
- Press 2 to turn password on
- Select any random 4– to 14–digit password
Why I am blogging this?
I don’t know if new AT&T users may be forced to set password or not, but when I got my phone couple of years back and my voicemail was setup without password. It ended up that most of my friends with IPhone also don’t have password setup for voicemail because simply they are not aware of the security hole. With easy access to Open source PBX like Asterisk or spoofing calling cards, its not hard to exploit this security hole. So if this blog helps people to realize how important is to set password, then my job is done.
Disclaimer
The opinions expressed in this blog post are my own and not of any company. The usual standard disclaimer applies, especially the fact that I am not liable for any damages caused by direct or indirect use of the information. I bear NO responsibility for content or misuse of this information or any derivatives thereof. This post is NO WAY intended to blame anyone, especially AT&T. They may have already posted about this issue somewhere on their website.
Nice and easy tool tip
July 16, 2009
I found this snippet of code from somewhere on internet which is simple yet elegant. Idea here is pretty simple: hide tooltip originally using CSS display property and show it when mouse hover over it.
Usage :
<a class=’tooltip’ href=’#'>link text goes here <span> tool tip text goes here….</span></a>
CSS needed:
<style type=”text/css”>
a:hover {background:#ffffff; text-decoration:none;}
a.tooltip span {display:none; padding:2px 3px; margin-left:8px; width:130px;}
a.tooltip:hover span{display:inline; position:absolute; background:#ffffff; border:1px solid #cccccc; color:#6c6c6c;}
</style>
Interesting comments found on other technical blogs
February 22, 2009
“If it is fast and ugly, they will use it and curse you; if it is slow, they will not use it.”- David Cheriton, The Art of Computer Systems Performance Analysis (From http://www.kriskrause.com/2009/04/mysql-connector-net-mysqlbulkloader.html)
Weighing cost versus reliability is always a difficult choice in systems administration. (From http://www.linuxhomenetworking.com/wiki/index.php)
I have noticed that people who hate George Bush also hate internet explorer and Windows in general. You people are mentally ill, sorry to say. (From http://sql-info.de/en/mysql/gotchas.html#1_5 )
If you download any Pre-Janauray Design template from http://www.asp.net/mvc/gallery/default.aspx?supportsjs=true and trying to test with latest MVC Release (after following ReadMe.txt), chances of you getting an ugly error like below are real high.
So how to make these template with new version? You can with very few changes to site.master page (This following example is for Bluebubbles template but this may work for most of the templates)
Views/Shared/Site.Master
Page Directives Before
Page Directives After Changes
Head Section Before
Head Section After Changes
Creating a generic “Please Wait…” page for ASP.NET
February 8, 2009
I was looking at Peter Bromberg’s post ”Build a dynamic progress page” which is about creating a “Loading” page for time-taking asp.net webpages. The problem with Peter’s solution is if your destination page has more than one query string params, then it wont work. Another small problem is non-standard DOM access which wont work in non-IE browsers (it was written almost five years back so it might not a big concern at that time)
Here is the modified code to make it work with query string AND non-IE browsers.
The basic idea is having a transient ‘Loading’ page which loads the time-taking page in the background and in meantime show a nice animated progress bar. Lets name our middle page ‘loading.aspx’
loading.aspx
Header section has javascript code to show, hide progress bar while loading the destination page
Body has nothing but visual element for progress bar. Note that we are calling Begin() on body load and End() on unload.
loading.aspx.cs
In the code-behind, destinal URL is generated.
Finally, to use this page to call a time-consuming page (say longloadingpage.aspx) which takes ID1 and ID2 as query params simply call
/loading.aspx?destPage=longloadingpage.aspx?ID1=123&ID2=345
Houston Techfest
January 21, 2009
For folks in houston area, remember that this weekend we have wonderful Techfest at University of Houston. Visit http://www.houstontechfest.com and register. It features lot of exciting sessions in .NET, Java and Rails. And best of all its free.
See you there!
10 Steps to deploy your RubyonRails Application on Windows Vista/2008 using Apache and Mongrel cluster
November 24, 2008
I wrote a similar blog post last year if you are interested on setting up a production server on Linux( BTW which made lot simpler by Passenger now and recommended way to do it). But there are some cases, we have to deploy to MS servers. In the following article lets us look at doing the same on a Windows 2008 Server (I think it works for windows XP or 2003 too).
If you are like me, you usually develop RoR applications on linux (I am talking about non-mac people, anyway…). My setup is usually looks like this : XUbuntu + Netbeans + Mysql/Sqlite3 + Apache + Phusion Passanger. Assuming you got all your development done andi it’s called “MyApp”.
On Windows 2008 Box
Step 1: Install Ruby, gems and rails
Get Ruby 1.8.6 One-Click Installer (from http://www.ruby-lang.org/en/downloads/) and make sure to install gems.
Then installing rails is a breeze. Open a command line window and type
gem install rails –include-dependenciesStep 2: Install mongrel & mongrel_service
gem install mongrel gem install mongrel_serviceStep 3 : Install Apache and enable required modules
A. Get Latest msi version for windows (currently apache_2.2.10-win32-x86-no_ssl.msi) from http://httpd.apache.org/download.cgi
B. Install as a service.
C. Enable required modules by uncommenting these following line in httpd.conf file (which can be found at C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\
if you followed the default installation)
LoadModule rewrite_module modules/mod_rewrite.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_http_module modules/mod_proxy_http.soD. Start the server to makesure it starts and runs OK. If there is a problem with config file you would see an error.
Step 4 : Install database drivers
This really depends on your database. Remember that for sqlite3, if you are having trouble installing latest
drivers, try giving a version no as follows.
gem install –version 1.2.3 sqlite3-rubyStep 5 : Create a skeleton rails application
I am assuming we are keeping our rails application in C:\railsapps\
So create the new rails application by changing to that directory and running
rails MyappThe reason for creating a skeleton instead of just copying our application from Linux, is that the way some files are created on windows may not be same as linux. So let it create a dummy app and test it to make sure, its able to pullup the welcome page.
Step 6 : Copy your application Files over to windows
The directories usually copy are
app/ all directories belowpublic/ any static files you created, directories stylesheets, javascripts and images. config/ routes.rb, database.yml db/ schema.rb
(Again, this is highly dependent on your application. May be you didn’t have any custom javascripts or stylesheets in that case you could skip public/ folder all together)
Step 7: Load Database Schema into production db
rake db:schema:load RAILS_ENV=productionStep 8 : Create Multiple Mongrel Server Instances and start them as automatic
I am creating 3 instances here
mongrel_rails service::install -N mongrel_Myapp1 -p 3001 -e production -c c:\railsapps\Myapp mongrel_rails service::install -N mongrel_Myapp2 -p 3002 -e production -c c:\railsapps\Myapp mongrel_rails service::install -N mongrel_Myapp3 -p 3003 -e production -c c:\railsapps\Myappwhich creates three services (you could see them Start>>Administrative Tools >> Services Panel). By default the services are created as “Startup Type — Manual”. Set that to “Automatic” so that they will start back again if you reboot the server.
Step 9: Setup Apache
In the apache’s httpd.conf file make sure to have these following lines
# Virtual hosts Include conf/extra/httpd-vhosts.confThen make your conf/extra/httpd-vhosts.conf File look like this
#——- Start of http-vhosts.conf file ———————————–
NameVirtualHost *:80 #Proxy balancer section (create one for each ruby app cluster) <Proxy balancer://Myapp_cluster> BalancerMember http://127.0.0.1:3001 BalancerMember http://127.0.0.1:3002 BalancerMember http://127.0.0.1:3003 </Proxy> <VirtualHost *:80> DocumentRoot “C:/railsapps/Myapp/public” ErrorLog “logs/Myapp-error.log” CustomLog “logs/Myapp-access.log” common <Directory C:/railsapps/Myapp/public/ > Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> RewriteEngine On # Rewrite index to check for static files RewriteRule ^/$ /index.html [QSA] # Rewrite to check for Rails cached pages RewriteRule ^([^.]+)$ $1.html [QSA] # Redirect all non-static requests to cluster RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f RewriteRule ^/(.*)$ balancer://Myapp_cluster%{REQUEST_URI} [P,QSA,L] </VirtualHost> #——- End of http-vhosts.conf file ———————————–If you ever used apache’s mod_rewrite module then you dont need any explanation. If you don’t, then breif explanation wont make much sense to you either….
Becareful with name of Proxy balancer and make sure to use exact name in last RewriteRule (in the above case its Myapp_cluster), then you should be fine.
Step 10 : Start the mongrel services and Restart Apache.
Now when you go to http://localhost/ you should be sent to one of the 3 servers of balancer and see the application. If you see broken images or ugly layout, then it means you didnt copy my “http-vhosts.conf” file properly! Have a careful look at <Directory> directive again. You would know.
Happy programming and happy holidays. Ciao.
p.s. If you want to run multiple rails applications on same server like MyApp1, MyApp2…., have a look at rails.conf I used in “Fedora production setup“. By adding another balancer and modifing RewriteRules littlebit, its not that tough.
