Palringo has severe security issues

Many iPhone users are happy that there is finally an instant messaging client that claims to support all the important services like ICQ, MSN, Gtalk, Yahoo-Chat and so on. So was I, and happily installed Palringo today. But after a short while the happiness was gone. It was already suspicious from the beginning that you have to register an account with Palringo before being able to use it. After a short investigation I knew why.

In fact the Palringo client on the iPhone does not support any of the aforementioned services. All the client is doing is setting up a connection to a server (echo.palringo.com:38535), which then connects to the different services you want to use. This implies several security issues.

First, this means that Palringo is storing all your passwords of the different IM services you are using, and this is dangerous. For many services, like Google or MSN, these passwords are not only used for the chat system, but might also be used for your personal email account or even credit card payments! Are you sure you wanna share that with some random company? Beside that they can read all of your communication. (At least if you don’t use end-to-end encryption.)

But this is not the whole story. What really bothers me is that this connection from the iPhone to the Palringo server is completely unencrypted and plain text! Since the iPhone exclusively uses wireless technologies this is particularly severe. It means that everybody in your vicinity can very very easily intercept all of your communication and all your passwords as well. Remember, the same passwords might be used for your personal email or credit card payments. You don’t want that. 

So please do yourself a favor and don’t use Palringo! (At least not the current version.)

RapLeaf leaks?

There is a company named RapLeaf, that collects all information it can find around email addresses in the internet, mostly from social-networks and similar sites. Others have already noticed, that at RapLeaf, your personals are public. Yes, it is quite scary what they do. But on the other hand they are right, when they say: “it’s only aggregating what’s out there”. They are showing us the data, that anybody could collect. In fact we should be thankful, that they prove that it is actually very feasible to do, what privacy advocates always warned about: if you correlate all the small digital traces we produce every day, it can become a very powerful and potentially unpleasant data mine.

As for every huge collection of email addresses, one can assume that spammers are, among others, highly interested in that data, although they don’t want to pay for them. So it is not really surprising, that another statement from RapLeafs privacy policies turns out to be very true:

“Despite Rapleaf’s efforts to protect your personal information, there is always some risk that an unauthorized third party may find a way around our security systems”

By some coincidences I found a link, which seems to give access to RapLeafs (probably huge) list of email addresses: http://thebes.drakkenterprises.com/rapleafsrch/getpage.php?TYPE=RAPLEAF

Congratulations, probably this will eventually reveal your email address as well!

Update: the link doesn’t seem to spit out email addresses anymore. But I can testify, that it did until today in the form “<largenumber>, user%40example.com”. Every time you hit the reload button, you got a new one.

Dam 20 km from epicenter

When I was just examining the area around the epicenter of the Sichuan earthquake, I discovered a dam very close to it (about 20 km) which is about 600 m wide and located next to D?ji?ngyàn (???). Interestingly it only appears if you zoom in, so it seems that it has been built recently or some of the image data is very old. I wonder how it can have survived that earthquake, if they even worry about the 760 km distant Three Gorges Dam. If it broke, this would be an additional disaster for the people there, but it is completely uncovered by media so far.

Update: The dam is the Zipingpu dam (???). According to reports it has severe cracks now and is not operational anymore.

(Click on the pictures for the original maps)

Das heilige IT-Handbuch

Handbuch

Gepriesen sei das it Handbuch

Habe das gerade im Netz gefunden… einfach genial wenn man Insider ist… 😉
Für welche die es nicht sind: Dieses Buch ist ein Hilfsmittel welches für die Abschlussprüfungen der IT- Berufe zugelassen ist… und so manchem das Bestehen der Prüfung bescheren kann und auch hat…. ich fand es einfach sehr lustig, da ich in und nach der Prüfung diesem Buch auch in ähnlicher Form sehr dankbar war!

BahnCard kündigen per Fax

Wer seine BahnCard per Fax kündigen möchte, muss sich schon anstrengen um an die entsprechenden Nummern des BahnCard Service zu gelangen. Es gibt eine alte Nummer, die wahrscheinlich bald nicht mehr funktioniert: 04421-999800. Dann gibt es noch eine 0180er-Nummer, die entsprechend mehr kostet: 01805-121998. Beide werden aber weitergeleitet an ein und dieselbe Nummer, die (zumindest im Moment) aktueller und trotzdem günstig ist: 0951-70030321. Ich empfehle daher, gleich diese Nummer zu verwenden, und nicht unnötig Geld rauszuschmeißen, so wie ich das getan habe.

Ein vorgefertigtes Kündigungsschreiben gibt es hier. (Link zu www.kopfbahnhof.info)

Update (20.12.07 ): Als meine Frau kürzlich eine “Umwelt BahnCard 25” beantragte, hat ihr der Bahnangestellte einen kleinen Merkzettel mitgegeben, auf dem neben dem spätesten Kündigungsdatum(!) folgende Kontaktdaten für den BahnCard Service angeben sind:

BahnCard Service
60643 Frankfurt/M
BahnCard Servicerufnummer: 01805 / 34 00 35, Mo-Fr von 7 bis 21 Uhr
Fax.-Nr. 04421/999 800
E-mail: info@bahncard-service.de

Man beachte die normale (alte) Faxnummer. Der Bahnangestellte hat außerdem explizit erwähnt, dass man auch per Email kündigen kann.

Helmut Kohl schläft nicht, er wartet!

Helmut Kohl

Wer sind eigentlich Chick Norris, Mac Gyver oder Batman? Im Gegensatz zu Helmut Kohl alles nur lächerliche Witzfiguren!

Helmut Facts


Wenn Helmut Kohl mit einem Mann schläft, liegt das nicht daran das er Schwul ist, sondern daran das ihm die Frauen ausgegangen sind.

Helmut Kohl liest keine Bücher: Er starrt sie so lange an, bis sie ihm freiwillig sagen was er wissen will.

Wenn du Helmut Kohl fragst wie spät es ist, sagt er immer: „Noch 2 Sekunden…“ Wenn du dann fragst: „Noch 2 Sekunden bis was?“ Verpasst er dir einen Roundhouse-Kick in die Fresse!

Continue reading