Noah's Randomness

So, I went to log into Facebook today, but typed in an incorrect password. Well, actually it was an old password. Facebook, in all its infinite wisdom, stated this – “Sorry! You entered an old password” as well as informed me when I last changed my password (click the image below to see the full-size version):

Now, when you enter a totally wrong/incorrect password, you get “Please re-enter your password” “The password you entered is not correct” (again, click the image below to see the full-size version):

Does anyone else see an issue with this? I know I do. Knowing human nature, people reuse passwords. So, now, from one single page, you have my email account AND knowledge of a password I’ve previously used. While the password may not work for Facebook, it probably would work somewhere else. The first place I would think to test it? Your email account. And what happens if I get access to your email account? Well, how do people usually get password resets? Ah, email! Bingo! So now I’ve got access to other accounts… and on and on and on.

It wouldn’t be too hard to automate testing Facebook passwords using a tool like Burp Intruder (http://portswigger.net/burp/intruder.html). Judging on the response sizes, you could determine whether A) You found a totally incorrect password B) You’ve found an old password, or C) You’ve successfully logged in/gained access to the FB account.

Now, this does not take into account any other protection mechanisms that Facebook might have in place, such as locking out an account after a series of invalid logon attempts, login approvals, etc.

Oh Facebook, you fail again…

This XKCD comic is SO TRUE!

EDIT: Starbucks has released an official version of their Blackberry app that works with the Blackberry Torch. For more information, see the following links:

• http://blogs.starbucks.com/blogs/customer/archive/2010/09/02/starbucks-card-mobile-now-available-for-blackberry.aspx
• http://www.starbucks.com/coffeehouse/mobile-apps/starbucks-card-mobile-bb

Original Post is below:

I recently purchased a BlackBerry Torch and have been trying to find similar applications for it that I had previously on my iPhone 3G. So, I was happy to find out that Starbucks had released a BlackBerry app for their Starbucks cards.

So, as the instructions on the Starbucks website state, I sent a text message with the word “GO” to 70845

I received a message back with the following response: “To download Starbucks Card Mobile go to http://mobilecard.starbucks.com/wap/home“

So, I go to the site, click the “Download Starbucks Card Mobile App” and get the following error: “We’re sorry, your mobile device is not supported at this time.

For the list of supported devices and more information on Starbucks Card Mobile, please go to http://www.starbucks.com/coffeehouse/mobile-apps on your computer.”

No Starbucks Card Mobile app for the Torch? WHAT?!?! This can’t be. Starbucks, you create an app and don’t make it work with RIM’s latest and greatest BlackBerry? This can’t be!

So, enter google. A quick search and I come across this link for the .jad file. http://testcardmobile.starbucks.com/downloads/bb/5.0/release/MobileCard.jad

So, I click the link, download it to my phone, and run it. Guess what, IT WORKS!

Hope this helps anyone that’s looking for the Starbucks Card Mobile App for the Blackberry Torch!

Just yesterday I was comparing the new Android OS-based HTC Evo and iPhone 4G’s hardware specifications and features as my 2-year contract with AT&T is up. With the supposed announcement of the iPhone 4G at Apple’s Worldwide Developer Conference, I wanted to determine my best course of action when purchasing a new phone (as it would most likely lock me into another 2-year contract).

As I was digging through a few news articles online, I found a few that mentioned AT&T had changed it’s pricing model for data plans. Wait WHAT?! For the past few years AT&T and Apple had touted the fact that you could pay $30 a month and have unlimited data on your iPhone (and subsequently iPad as well).

Today I found an article that pretty well sums up my feelings on the matter. Per Gizmodo: AT&T Just Killed Unlimited Wireless Data and Screwed Everybody in the Process

To recap AT&T’s new data plan structure: The $30 unlimited iPhone/iPad data plan is killed/gone (but existing subscribers will still be able to keep their existing unlimited plan/be grandfathered in). In its place, DataPlus w/200mb for $15/month, DataPro w/2gb for $25/month. This chart from Gizmodo’s article may make it easier to understand:

Read the rest of this entry »

Apparently the suspicious knockoff iPhone that was found in a bar in Redwood City, California, is the real deal. It is the ACTUAL iPhone 4G!

For more info, see Gizmodo’s post here: http://gizmodo.com/5520164/this-is-apples-next-iphone

Per Gizmodo, here’s whats new:

• Front-facing video chat camera
• Improved regular back-camera (the lens is quite noticeably larger than the iPhone 3GS)
• Camera flash
• Micro-SIM instead of standard SIM (like the iPad)
• Improved display. It’s unclear if it’s the 960×460 display thrown around before—it certainly looks like it, with the “Connect to iTunes” screen displaying much higher resolution than on a 3GS.
• What looks to be a secondary mic for noise cancellation, at the top, next to the headphone jack
• Split buttons for volume
• Power, mute, and volume buttons are all metallic
Read more, including the changes from the current iPhone 3G norm

I was playing around on Reddit today when I came across this and felt I, too, had to share it with the world.

As I stated on Facebook: “Oh… My… God… Watch this video and let it blow your mind. 4 chords are all you need to play every single pop song ever made…”

Axis Of Awesome – 4 Four Chord Song (with song titles)

Hurry up! Less than an hour left to enter PowerBookMedic’s iPad giveaway.

Details here: http://www.powerbookmedic.com/wordpress/2010/03/29/enter-the-ipad-giveaway

For quite some time I have had issues with my iPhone 3G’s battery life. This week it had gotten to the point that even with my Mophie Juice Pack Air that I would be getting the dreaded 20% battery warning around 7-8pm each night (after taking my iPhone off the charger around 8am). So I took it to the Apple Store to have them look at it. I also took it there due to having cracked plastic near my headphone jack. This was causing audio to drop out when listening to music on my iPhone via headphones.

The Genius I worked with hooked my iPhone up to one of their MacBooks and asked me to accept an agreement that “would send a bunch of 1s and 0s to Apple about my iPhone.” I was assured that no personal information would be transmitted. Yeah, OK (I don’t fully buy that)…

But that’s beside the point. The first thing the Genius said is that he saw a lot of unresponsive apps on my phone. The second thing he indicated was that an update to the new 3.1.3 version of the iPhone OS would possibly cure my battery life issues. I’ve heard that song and dance over and over again and wouldn’t believe it for a minute. They’ve said that about every single iPhone OS update but none have delivered any significant battery life improvement, IMHO.

Then came the surprise. As the Genius scrolled down in his “Behavior Scan” report of my iPhone, up came a section entitled “Third-Party Apps.” What did this show? An entry labeled “Cydia_”… Oh, crap. The next thing I know the Apple Genius turns to me and says “There’s your battery problem. You’re using third-party apps.” I replied by telling him that I had jailbroken my iPhone once a while back and that I indeed did see a slight decrease in battery life which then prompted me to go back to a stock version of the iPhone OS. He replied “Well when we see that, we typically won’t do anything for the customer. Jailbreaking voids the warranty and after that, Apple won’t honor it.” First thing that went through my mind was “Oh, crap…” especially since I had purchased AppleCare for my iPhone (as it has been beneficial on my other laptops, except for my latest one. I’ll tell that support nightmare some other time). Read the rest of this entry »

I was looking to find an iPhone app that would allow me to upload pictures automatically from my iPhone to my gallery on this site. So, with that said, I googled for a few to see what apps I could find that would allow me to do this. I came up with two (that interact/upload to Gallery2, the photo gallery software I use on this site). They are PixelPipe and Eye-Fi, both available in the Apple App Store for “free” (notice the free in quotes — I’ll get to that in just a few).

PixelPipe

Eye-Fi

So after finding the two, I downloaded them and installed both of them to my iPhone. Up first — Eye-Fi. I went to open it and it asked me for my username and password. Not having one, I returned to the Eye-Fi Website assuming I could register for one. Once there I found that in order to get an account, one must own one of Eye-Fi’s Secure Digital card products. So, in essence, this “free” application actually costs $49.99 (which is the cost of Eye-Fi’s lowest cost product). Read the rest of this entry »

UPDATE/Fix Information: I found out that this was all related to the previous solution of disabling the postgresql instance on the machine. I had (mistakenly) thought that by doing /etc/init.d/postgresql-8.3 stop that BackTrack’s posgresql instance would stop. Unfortunately I was wrong, and a “ps aux | grep -i sql” showed me this. After I did a “kill <PID>” I removed all NeXpose files/folders and reinstalled it. However it still wouldnt run correctly/gave me the same error. After some discussion in #rapid7 on irc.freenode.net, I was informed that NeXpose requires 1GB of RAM. So I edited my VMWare config to provide 1GB of RAM to my BackTrack guest.

However, then I had another issue — the NeXpose server kept crashing after starting. So, again I turned to the guys in #rapid7. With their help, I ran “cd /opt/rapid7/nexpose/nsc && rm conf/nsc.xml && ./nsc.sh” and voila! Success! Read the rest of this entry »