Showing posts from 2012

MailAnyoneAnywhere: a generous idea

But that does not make the idea actually usable. Beside using SMTP/TLS instead of plain SMTP, the implementation lacks security awareness (having to - securely - use hardcoded credentials alone is a software challenge already, proposing the application to the "general public" is... naive?)
"Mail Anywhere has its own Gmail® account!" is on the other hand... "incorrect": Mail Anywhere (the binary I could download on April, 22 2012 at least - still unchanged today) uses an account at (I didn't bother to check whether the statement was true for the previous version).

It is remarkable that nobody among the reviewers and software download sites "noticed" this: there is no communication with any google/gmail server whatsoever.

What I called a "security advisory" in my previous post is the simple consideration that the absence of certificate validation leaves no means to prevent the TLS session to be transparently proxy…

Security advisory MailAnyoneAnywhere

...just notified the author of the MailAnyoneAnywhere Windows application about a number of security problems with his software.

The application, probably first reviewed by, is currently being offered/recommended with positive reviews on larger networks such as and

Expect the current version of the application to be pulled out (or - easily - made unusable by some miscreants, before then) - you should not rely on it too much ;-)

[ details in a week ]

iPhone Internet Tethering | Personal Hotspot
on Backtrack 5 running kernel 3.2.6

I am an occasional user of the Internet Tethering feature of my old iPhone 3G running iOS 4.1. The feature is now called Personal Hotspot in iOS 5. On my laptop, I (also) run a Backtrack Linux installation which has no built-in support for iPhone USB tethering and - differently than plain Ubuntu - no installable option from the default repositories.

For some unclear reason, the modified dkms from the pmcenery repository stopped working once I removed the old kernel modules (one of the anomalies being the interface shown as wwan0 instead of the usual eth1, even after removal and rebuild).

Executing the below commands *literally* across updates might be unsafe for the system, it worked fine for 2 of my - updated - BT5R2 systems as of today, though:
apt-get install ifuse gvfs libimobiledevice0 libimobiledevice-utils \linux-source-3.2.6 linux-headers-3.2.6 build-essential cd /usr/src
(of course, only if not already done before ;-)
tar xfvj /usr/src/linux-source-3.2.6.tar.bz2
(same as above)