Last Friday morning, Aimee Whitcroft of the Science Media Centre sent her boss Peter Griffin a text message:



It was a heck of a coincidence because almost simultaneously he sent her one that said:



In actual fact - and it spite of what the caller IDs on their respective phones told them - I sent both messages.

It's called spoofing - using technology to masquerade as someone else - and it's just one of the mobile phone hazards I look at in the December issue of NZ PC World, on sale from today.

(And in case you're wondering, no one quit/got fired. I'd asked Aimee and Peter if I could use them as crash test dummies and warned them to be on the lookout for odd messages.)

Test #1: SMS Spoofing

Spoofing the text messages was simplicity itself. I used SMSgang. You purchase pincodes from the site and one pincode is enough for one message. There are a number of plans ranging from 3 pincodes for €2.50 (NZ$4.65) up to 25 pincodes for €8.00 (NZ$17.20). After your purchase, you're emailed the code. The whole process only takes a few minutes.

The site lists the networks supported (and not supported) in each country. For New Zealand, Telecom, TelstraClear and Vodafone all make the grade, so no worries there.

Messages are sent from the site. Enter your message, pincode, your victim's phone number and the number of whoever you'd like the message to appear to be from, and click the Send SMS button.



It's simplicity itself and message transmission time is virtually instantaneous. I timed a message to myself at a whisker under 10 seconds.

Neither of my crash test dummies spotted anything to suggest the messages weren't from who they purported to be from, so a good result. It's a moderately expensive prank - even at the 25-pincode rate each call will cost you around 70 cents - but the spoofing works flawlessly.

Test #2: Voice Spoofing

I chose SpoofCard for a voice spoofing the test. The site claims that not only can spoof someone else's caller ID, but you can also disguise your voice and even record the call to replay your prank.

Purchasing credits is straightforward. Like SMSgang, a number of plans are offered ranging from 25 credits for US$4.95 (NZ$7.10) up to 560 credits for US$79.95 (NZ$114.68). Credits don't necessarily equal minutes though. A handy lookup table on the site shows that local landline calls cost 1 credit per minute but mobile calls cost 3 credits per minute.

After purchase, you're emailed a PIN number that you use to login to the site. You can either place a call by dialing an access number or via the "Place a Call" web dialer ...



Seems pretty straightforward. But the web dialer didn't work.



I tried several times, leaving it for over 10 minutes on the last attempt, but nothing happened.

The other option is to go via an access number. It's only when you click on the drop-down list that you discover SpoofCard only works from certain countries - and one legendary submerged island ...




That's the complete list.

I tried the Australian number - several times - but couldn't get through. In the end I called the US. So that's a call to the States, spoofed and routed back to New Zealand. Even without paying SpoofCard, this is getting expensive!

But worst of all it simply didn't work. The number that came up on my target's phone was prefixed 001 - the US country code - meaning there's no way to use SpoofCard to spoof a New Zealand voice call. And don't bother with the voice changer. The quality was terrible. (Imagine shouting down an echoing waterpipe while a freight train rumbles past.) No doubt this due to a local call being routed via the States, but even so ...

The website claims that "SpoofCard now offers international calling capabilities". Technically, it does. It just doesn't spoof.

It you're looking for voice spoofing, find a site that specifically lists the countries and networks it supports before your purchase time on their network. As always, caveat emptor.

Posted by Geoff Palmer at 8:41 AM | Permalink | Comments ( 3 )

I've just been tinkering with Google's Chrome Operating System. Though it's not officially scheduled for release until the second half of next year, that ever helpful chap Anonymous has built and uploaded a version to the dreaded Pirate Bay torrent site. This link has full installation instructions, but you don't need to set up a throwaway account to sign in, just type 'mark' (with no password) and you're there.


Just type 'mark'

It's still very much a work in progress of course. The current iteration is little more than a combination of Google's Calendar, GMail and search engine ...



... but it's brimming with potential. So much so that veteran IT commentator Robert X. Cringely reckons that "that Microsoft should be worried, very worried."

... Google’s real target is Microsoft Office. Redmond makes money from Windows but makes a lot more money from Office, its productivity app monopoly. Google already has its Google Apps pitted against Office, but Brin and Page know they won’t crack Office’s hold on corporate America without addressing the Windows flaws that effectively underlie both Office and Google Apps in their current incarnations. That’s where the Chrome OS comes in.  The Chrome OS strategy comes down to services, servers, security, and an iTunes-like app store (this latter part having been missed by nearly all the pundits) ... Remember that unapproved applications won’t be able to run on the Chrome OS and the best (maybe only) way to find approved apps will be through a Google store as pioneered by Apple with iTunes. This wasn’t lost on Eric Schmidt during his days on the Apple board. Through such an app store, Google will get a percentage of all third-party software sales — something Microsoft has never been able to do with third-party Windows apps. The potential revenue from the app store alone is billions per year. [more]

The major downside - apart from users commiting virtually everything to the cloud - is the company's onerous Terms of Service and Privacy Policy. A couple of years ago Google earned the dubious honour of being rated the only internet service company "hostile to privacy" by watchdog group Privacy International, beating the likes of Microsoft ("serious lapses"), Yahoo! ("substantial threat") and Windows Live Space ("substantial threat") hands down. (Rankings here.)

Then again most users seem to prefer "free" over "privacy" any day. Don't they ...?

Posted by Geoff Palmer at 7:04 PM | Permalink | Comments ( 1 )

If you're familiar with the bouncy-icon dock that runs along the bottom of the Mac OS X's screen you'll have an idea what the Avant Window Manager (AWM) is all about. It's a bouncy-icon dock for Linux.

Instead of the conventional toolbar, icons are used to represent open windows, startable applications or information sources. Move your cursor over the them and they bounce expectantly to indicate selection.



Installation is a doddle. Ubuntu users simply need to select awn-manager from the repository or type

sudo apt-get install awn-manager

in the console.

Once installed, simply run it from the menu. AWM lies at the bottom of your screen so if you already have a toolbar there I suggest you move it first. (A right-click on the toolbar should lead to the appropriate options.) I suggest moving rather than deleting it because that provides the easiest way to restore the status quo if you find out AWM doesn't appeal.

You'll find a ton of options in the AWM Manager and there's a lot of useful info in the project's wiki, including details of available plugins and extras and a preview of the effects of different themes.

While AWN is a standalone application, it's not surprising it's also become a cornerstone of Mac4Lin, a project aimed at putting the Mac OS X interface on to operating systems like Linux and FreeBSD. Ubuntu users will even find full step-by-step guides here (for Hardy) and here (for Intrepid).


OS X? Actually it's Linux!


<--Previous Hidden Linux      Next Hidden Linux -->

Posted by Geoff Palmer at 10:21 PM | Permalink | Comments ( 2 )

Any local users caught up in the great Microsoft Xbox switch-off? According to overseas reports (here, here and here) somewhere between 600,000 and million Xbox 360 users have had their Xbox Live access cut because their machines contain "mod" (modified) chips.

Yes, mod chips may be used to play pirated games, but many people just use them to play games purchased in other regions. And apparently even having a non-Xbox hard drive will lead to a ban.

It appears that the consoles themselves are banned, not their users. That could lead to a flood secondhand ones on sites like TradeMe, so if you're in the market, caveat emptor!

Mind you, I reckon caveat emptor applies to all corporate-controlled hardware. In the real world you'd be allowed to know what your crime was, be given some means of redress and even have the right of appeal if the powers that be got it wrong. But not in corporate court.

Updated: (2009-11-15)
Looks like the ban is permanent:


This has a number of implications. As I suggested earlier, expect more Xboxes to hit the online auction sites, but what interests me more is that since modding takes a degree of technical savvy and that since Microsoft has essentially 'bricked' thousands (or possibly millions) of consoles, Xbox Live hackers now have nothing to lose. Something in those machines - possibly a Palladium-like hardware key - is coming up with a UUID for the console. Hack the console, spoof the UUID and you're back in business. There's plenty of stuff online already about hacking the Xbox - like this 56-minute presentation on The Xbox 360 Security System and its Weaknesses - so I don't expect it'll take long.

Of course, you could always upgrade your Xbox to run something useful ...

Posted by Geoff Palmer at 5:07 PM | Permalink | Comments ( 9 )

Linux's file system check utility fsck is little recognised and largely unloved, no doubt because it seems to know whenever you're in a hurry to boot your machine. Then - and why is it only then? - it starts doing what it was designed for: checking the consistency of the filing systems on your hard drives and making any necessary repairs.

Since Ubuntu 9.04 users have at least had the option of hitting the Esc key to cancel the process, (users of earlier versions might like to consider Bonager), but what's actually going on and why does the checking seem so intermittent?

All file systems accumulate errors over time, often the result of application crashes, improper shutdown or bugs. Checking and recovery tools should be run periodically and fsck simply automates the process by setting a counter and checking off how many times each filing system has been booted. (It has to be done at boot as fsck can't be run over a mounted partition.) And that apparent randomness actually isn't. fsck typically sets the default boot count at 30 meaning that with daily boots your file systems will be checked once a month.

In Linux of course you can control everything. If you want all your file systems checked next time you boot simply enter the command;

sudo touch /forcefsck

That simply adds an empty file to the root directory ("/") called forcefsck, the presence of which instructs the kernel to check everything.

You can also change the checking interval or even turn it off completely, but before you do anything else type

sudo fdisk -l

to remind yourself of what's mounted where.

The key command in controlling when fsck runs is tune2fs. You can use either count-dependent or time-dependent checking;

sudo tune2fs -c 15 /dev/sda1

will check the filesystem on /dev/sda1 every 15 mounts while

sudo tune2fs -i 60d /dev/sda2

will check the filesystem on /dev/sda2 every 60 days. (This interval could also be written as -i 8w - every 8 weeks or -i 2m - every 2 months.)

You can even turn off checking completely by setting either the count or interval to 0 or -1

sudo tune2fs -c 0 /dev/sda3

but this is not recommended!


The -C option is used to set the number of times the file system has been mounted, meaning you can use it to stagger when they're due to be checked. Assuming you've just re-booted after setting sudo touch /forcefsck ...

sudo tune2fs -C 1 /dev/sda1 sudo tune2fs -C 2 /dev/sda2 sudo tune2fs -C 3 /dev/sda3

... will change the counts so that the partitions will be checked on consecutive boots, not all at once.


<--Previous Hidden Linux      Next Hidden Linux -->

Posted by Geoff Palmer at 5:55 PM | Permalink | Comments ( 2 )

Why does a Windows 7 upgrade cost so much? Robert X. Cringely thinks he has the answer:

Microsoft doesn’t actually want you to upgrade to Windows 7 at all. Microsoft wants you to buy a new Windows 7 PC instead.

and

...have you actually done a Windows 7 upgrade? Mine took seven hours! It shouldn’t have to take that long unless part of the goal was simply to discourage upgrading.

Read the full story here ...

Posted by Geoff Palmer at 2:36 PM | Permalink | Comments ( 4 )