Monthly Archives: February 2010

Convenient security flaw in BYU network authentication

Posted by on 17 February 2010 13:01 No comments

My 54 Mbps NetGear router

A few months ago I purchased a Netgear wireless router for my dorm room at Brigham Young University. It’s just a simple, low-end router, but it does the job. And I recently discovered an interesting way of using this to get around BYU network authentication procedures.

In the past, any user connecting to the residential network was required to authenticate about once a week with their NetID (a personally identifiable username on the BYU network) and password. This had to be done through a web browser (a process with which I disagree, but that’s a topic for another post). The system would record the MAC address or something and use that to link all network activity originating from that address with that NetID. In this way, BYU network security analysts have a way to pin down any suspicious activity to a responsible person.

That is still in force, but starting this month a new layer of security is being added. All Windows computers connecting to the BYU network are required to have (a) the most recent operating system patches from Windows Update and (b) an approved, up-to-date virus protection program. Note that this only applies to Windows computers. Macs and Linux boxes can get onto the network with just a NetID and password.

BYU has had these security measures on their campus-wide wired and wireless networks since last fall, but this is the first time these measures are being implemented in the residential wired network.

This is where it gets interesting. Enter NetGear router.

My router manages the laptops that my roommate and I use (which are connected to it via Ethernet), as well as my iPod, my Palm Pre, and any of my other roommates’ computers (via the router’s wireless). The two laptops on the Ethernet have Linux or Windows (or both), my iPod is recognized as a Mac, and the login page doesn’t know what to call my Palm Pre. Of all of those, the Windows side of my laptop is the only one the network authentication will quarantine for virus checking.

Because the router assigns private IP addresses (192.168.1.x) to all the devices connected behind it, the only thing the BYU network ever sees is the IP address it gave my router through the DHCP. As far as the network can tell, I have only one device connected.

Because of that, I can run through the network authentication using my Linux box, or my iPod, or even my Palm Pre. None of those are required to have anti-virus or the latest Windows updates. That clears the way for me to connect any virus-infected, out-of-date PC to that router, and the network will never know the difference.

Brilliant. Network security circumvented.

Of course, everything that goes onto the network through my router will be linked to whatever NetID I used to authenticate it. So that still leaves me in charge of making sure nobody does anything stupid through my router.

I don’t know if there’s any way for our beloved network administrators to fix this (rather large) hole in the system. But until they do, my router will carry on connecting anyone and everyone I authorize, regardless of whether BYU thinks them fit for the network.

Palm Pre Plus vs. iPhone OS

Posted by on 13 February 2010 18:48 5 comments

First a disclaimer. I don’t own an iPhone, only an iPod Touch. As such, this is a comparison of the two operating systems, not necessarily the two phones.

Motorola EM326g, iPod Touch, and Palm Pre Plus

I had a Motorola EM326g from Net10 (a prepaid phone). Its MP3-playing abilities were marginal at best, so I bought an iPod Touch. Most of the places I go (home, school, and work) all have WiFi, so this combination of mobile devices suited my needs most of the time. But I still wanted a single smartphone that did it all.

After trying to decide between the iPhone, the Nexus One, and the Palm Pre, I finally settled on the Pre.

First of all, the multitasking is phenomenal! With the iPhone OS, I found myself switching apps and having to wait a few seconds for each to load up. I couldn’t go check Twitter in the middle of writing an email without first saving the draft, closing Mail, opening Twittelator, waiting the 4-5 seconds it takes to open, and then scrolling through my new tweets. On the Pre, I simply flick up to go into Card view, then flick over to Twee, wait half a second while it loads the new tweets, and start reading. No time is lost while going between applications because they’re already running.

The screen is a bit smaller (1.75″ x 2.63″ versus 2″ x 3″ on the iPod). The phone is (I think) also a bit thicker, partly because of the slide-out keyboard.

Speaking of the keyboard, I’m still not used to it. I’ve become quite the fan of the iPod’s keyboard. It’s responsive and (once you get the hang of it) can make typing quite fast. The Pre has a physical keyboard with tiny keys. While I’ve gotten faster at it since I first got the device a few days ago, it’s still not nearly as easy to use as the on-screen keyboard on the iPod. Also, the auto-correction (what little there is) doesn’t hold a candle to the intelligence of that of the iPhone OS.

The camera seems to take really nice pictures, and it has an LED flash. But beyond that, you’ll have to go to others’ evaluations for more info.

The flimsy-looking USB port cover

The USB port cover does a nice job of concealing the port and keeping the body smooth, but it’s very hard to get off. I have to open the slider and then use my fingernail to pry the cover off. The first time I did it was scared I was going to break it, that’s how flimsy it feels. To date, I haven’t had any trouble with it, but it just feels like something that will eventually break off under prolonged use. (Perhaps this is just a ploy to get you to buy the inductive charger. Who knows.)

Ringer switch and power button on the top

On the top, next to the power button, is a ringer switch. It allows you to silence the phone (or put it on vibrate) without having to unlock it and go through menus or push the volume-down button a million times. This is a feature I really like.

Touch movements, especially scrolling, tend to be less smooth on the Palm Pre than on the iPod. Also, some of the gestures are simply not intuitive. For example, the gesture to go back to the previous screen in an app (where iPhone OS usually has a left-pointing button at the top of the screen) requires you to swipe from right to left in the “gesture area” right below the screen. Intuition would tell you to swipe in the opposite direction.

To go from an app into the Card view (where you can flick through all the open applications), you swipe up from the gesture area onto the screen. To close an app from the Card view, you flick it off the top of the screen. (It even makes a cute little noise to make it even more fun.)

At the top left of the screen in any app is a menu where a few well-chosen commands are kept. This allows you to access the preferences pane for that app or perform copy/paste operations if you haven’t figured out the shortcuts yet. From the upper right corner, you can also access a few system-wide things, such as WiFi, battery level, and Bluetooth (shown at right).

Selecting text, copying, and pasting, while not inherently difficult operations, are not quite as simple as they are on iPhone OS. Selecting text often involves using the shift key (meaning they keyboard has to be open). Cut, copy, and paste (as well as select all) can be performed with a shortcut in which you press on the gesture area with one finger and type C, X, V, or A on the keyboard. Another cool thing is the ability to move the cursor anywhere when editing or selecting text, without having to tap directly on the place you want to go: hold down the option key and pan across the screen in any direction. (iPhone OS doesn’t have this, but the magnifying glass makes that obsolete. I personally find the iPhone way more intuitive.)

So here’s the run-down of my take on the Palm Pre versus the iPhone OS:

Upsides:

  • The multitasking is a must-have for a power user. It drastically improves my productivity when I have to use multiple apps to get the information I need. With the iPhone OS, in order to avoid spending time waiting for apps to start, I’m forced to make my work more confined by limiting the frequency of app switching.
  • While I haven’t played with it much yet, the development platform is much more open than that of Apple. Palm still has an “app store” which requires some sort of approval process, but it also has a “homebrew” channel on which any developer can post apps. (Actually installing them requires jumping through some hoops to put the phone in developer mode.)
  • The Pre does have some multitouch gestures, including pinch-to-zoom.
  • The Palm Pre Plus is carried by Verizon. If you consider that an upside.

Downsides:

  • Since it’s not as popular as the iPhone, there aren’t as many good apps for the Pre. Yet. (Whether iPhone’s dominance is a good thing or not is debatable.)
  • The Pre’s interface just isn’t quite as smooth, sleek, or responsive as the iPhone’s.
  • The Palm Pre Plus is carried by Verizon. Their EVDO network supposedly doesn’t support data and voice connections at the same time. So no GPS turn-by-turn navigation while you’re talking on the phone in the car.

If you’re looking for tutorials, lists of good apps to get, and other tidbits about the Pre, Totally Palmed is a great website to visit.

What are your thoughts on either platform?