If you're running one of the 10.7 Lion Developer previews, you've probably noticed that your ~/Library folder is hidden. You can navigate to it by pressing CMD+SHIFT+G and opening the Go to Folder window and entering ~/Library or you can use chflags command and remove the hidden flag.
Open a new Terminal window and run the following command:
chflags nohidden ~/Library |
Recently the email address and ICCID (SIM serial number) of at least 140,000 iPad 3G owners were left unprotected by AT&T. AT&T chose to blame "hackers" for stealing this information, but that is just deflection. AT&T didn't adequately protect customer information, and as a result someone found it.
AT&T also claims that it was only the email address and ICCID that leaked, which is another partial truth. A 2008 paper titled SIMs and Salsa (quick view) demonstrates how the ICCID is directly linked to the IMSI.
AT&T SIM cards have a 20-digit ICCID, and the IMSI is 15 digits long.
The iPad ICCIDs all seem to begin with 8901410424 and followed by 9 important digits and then a single checksum digit. For example 89014104240123456781.
An AT&T IMSI is 15 digits, made up with the MCC (310), MNC (170) and the 9 underlined digits preceding the checksum in the ICCID. So if your ICCID was 89014104240123456781 as in the example above, your IMSI would be 310170012345678.
You can find your ICCID on your iPad by opening Settings, choosing General and then About.
Each device has a unique IMSI, and the IMSI is considered sensitive enough that it's rarely sent over the wireless network. Even the name – International Mobile Subscriber Identity – implies that it is something that shouldn't be shared freely.
The IMSI is also one of two pieces of information needed to clone a SIM card, the other being the Ki, or subscriber authentication key. Fortunately the Ki can only be retrieved with physical access to the SIM card.
But, knowing who a specific IMSI belongs to, for instance someone at the White House, allows an attacker target a specific user. Using technology like an IMSI catcher an attacker can insert their own device between a target and the carrier network and monitor data or voice conversations. There are a number of flaws in GSM that I assume could also be exploited relatively easily by someone – like a foreign government – with the proper resources and motivation.
AT&T is downplaying their own incompetence at securing customer information, and is putting customers at risk. Customers who are newsworthy in their own right. Even if the information on the iPad isn't sensitive, it can easily be compromised and used as an attack vector onto a previously inaccessible corporate wifi network.
Perhaps AT&T feels that is not a real risk? The latest jailbreak is a userland jailbreak and it's not inconceivable that it could be adapted to work in Mobile Safari. The first iPhone was able to be jailbroken simply by visiting a special website. And Dave Aitel has been selling Silica since 2006. One of the use cases Aitel would pitch for Silica was to mail it to a CEO and let it automatically hack anything it could find, beginning with wifi networks.
AT&T needs to immediately and proactively issue all iPad 3G subscribers new SIM cards.
Automator is incredibly powerful, but at the same time the most useless and semi-functional piece software I've ever encountered. I recently built my first Automator Workflow to watermark a PDF. I wanted to load selected PDFs from the Finder, and for each PDF create a file in the same directory with a -watermark suffix appended. file1.pdf and file2.pdf would yield file1-watermark.pdf and file2-watermark.pdf.
It took me much too long to figure out that it wasn't easy (or maybe even possible) with Automator, even though it's simple to do from the command line.
Each Automator action returns a result. That result is passed to the next item in the chain, assuming the item is accepting input. The key is to chain a series of Get Value of Variable calls together, which are passed to a shell script as $1-$n and the special $@ variable. I've written a short primer on using Arrays in Bash that may be helpful.
A crappy picture is worth at least 68 words, so here is what a sample workflow looks like:
You can download the sample workflow here.
If you want to loop through selected Finder items one-at-a-time, the best way is to use Nyhthawk Productions's excellent Dispense Items Incrementally action.
Fairly typical day, except that that I enabled phone service on the iPhone. This test was conducted with my usual rigorous standards, which means I happened to glance at my iPhone data usage around lunch, and ballparked the data transfer. The only thing I can be sure of is the quantity and duration of the phone calls, and that I had them with me all day.
iPhone 3GS, brightness set to ~55%. Wifi was enabled all day, 7:00 AM – 10:40 PM. 3G was enabled between 11:00 AM and 8:30 PM. A single two-minute phone call was placed. Roughly 11MB of data usage while on 3G (several web pages and Twitter using Tweetie).
Final result: At 10:40 PM there was 26% remaining on the battery.
BlackBerry Bold 9700, brightness set to auto. 3G and wifi enabled all day – 7:00 AM – 10:40 PM. Multiple background apps – SocialScope (Twitter) and Twitter for BlackBerry, multiple web pages and push email for 5 different accounts (4 BIS, 1 BES). 5 phone calls were placed, lasting a total of around 70 minutes.
Final result: At 10:40 PM there was 65% remaining on the battery.
Dear RIM,
Please shave 1-3mm off the thickness of my next device, I obviously don't need a replaceable battery1.
xoxo,
Corey
Side note: I have replaceable batteries for the BlackBerry Tour/Storm/Storm2/8900, the BlackBerry Bold 9700, my Mifi, and the BlackBerry 8530. I do not have any spare batteries for any of my Android devices, which would feel like trying to color coordinate my car with vehicles the rest of the highway. The BlackBerry 9700 is the first device I've ever owned where it takes significant effort to drain the battery (<20% remaining). Enjoy the high caliber of writing I produce right before I fall asleep.
Services used and recommended by Corey.
© 2007-2013, Corey Gilmore | Posts RSS Feed | Comments RSS Feed | Contact
The views expressed on these pages are mine alone and not those of any past or present employer. All information presented on this site was obtained lawfully and not through disclosure under the terms of an NDA.