PaulSpoerry.com

Want in on Google Voice’s web-based, transcribed, custom-greeted voicemail, but you’re not quite ready to adopt a new number? Starting tonight, Voice users can choose to keep their number and still get Google’s upgraded voicemail features. (Note that this still requires a Google Voice invite as GV is still in beta).

Google Voice is a Swiss Army knife of cool and free phone service add-ons — including free SMSes, an online mailbox for voice messages, the ability to have one number ring all of your phone numbers simultaneously, low international rates and a customized voicemail messages for every contact. It’s not phone service per se though, since you still need a mobile phone or landline.

But using Google Voice requires users to use their Google Voice number as their main number. That’s a not-inconsiderable burden, given that some mobile phone users have thousands of contacts who know their number and don’t want the hassle of changing business cards and forcing others to update their contacts.

Google’s solution? Create a light version that gives phone-number-huggers better voicemail. Using a mobile carrier’s call-forwarding codes, Google Voice Light will send a mobile phone’s unanswered calls to a Google-powered mailbox. When callers leave a message there, Google records and transcribes it, and saves it in an online mailbox. The roughly translated text and a link to an online recording can be sent via SMS or e-mail.

The capability will also benefit those who have migrated to Google Voice, since currently the voicemail feature only kicks in when people call the Google Voice number, which forwards the call to a user’s mobile phone. Currently, those who call the mobile phone directly leave a message using the mobile carrier’s network, but with the new system, those calls can be diverted as well.

The voice messages can be stored in perpetuity, forwarded to family or friends, and they can be saved, even if you decide to switch mobile carriers. In return, Google gets your loyalty, more users with Google accounts and more pages for it to place online ads. That’s also not including the training data it gets for its translation engine — not dissimilar to why Google offers a free phone number lookup: GOOG-411.

This doesn’t really help me since my carrier charges for forwarded calls… bummer.

Whoever does the advertising for Apple is amazing. The commercials keep getting better and better (yes yes yes, I’m still a PC guy… but these are hilarious).

Broken Promises

Teeter Tottering

The Evil Maid Attack is an attack type against whole system disk encryption in a form of a small bootable USB stick image that allows to perform the attack in an easy “plug-and-play” way. The whole infection process takes about 1 minute, and it’s well suited to be used by hotel maids.

The Invisible Things blog goes into great detail on how most whole disk encryption is vulnerable in a relatively simple way. The scenario we consider is when somebody left an encrypted laptop e.g. in a hotel room. Let’s assume the laptop uses full disk encryption like e.g. this provided by TrueCrypt or PGP Whole Disk Encryption. Many people believe, including some well known security experts, that it is advisable to fully power down your laptop when you use full disk encryption in order to prevent attacks via FireWire/PCMCIA or ”Coldboot” attacks.  So, let’s assume we have a reasonably paranoid user, that uses a full disk encryption on his or her laptop, and also powers it down every time they leave it alone in a hotel room, or somewhere else.

Now, this is where our Evil Maid stick comes into play. All the attacker needs to do is to sneak into the user’s hotel room and boot the laptop from the Evil Maid USB Stick. After some 1-2 minutes, the target laptop’s gets infected with Evil Maid Sniffer that will record the disk encryption passphrase when the user enters it next time. As any smart user might have guessed already, this part is ideally suited to be performed by hotel maids, or people pretending to be them.

So, after our victim gets back to the hotel room and powers up his or her laptop, the passphrase will be recorded and e.g. stored somewhere on the disk, or maybe transmitted over the network (not implemented in current version).

Now we can safely steal/confiscate the user’s laptop, as we know how to decrypt it. End of story.

Read the rest of this entry »

Mostly via How-To Geek

There has been a lot of attention in the news lately about email passwords being compromised. Today we take a look at using KeePass to secure your passwords in an encrypted database so no one can get a hold of them.

KeePass

For this article we are using KeePass 2.09 but you can still download the Classic Edition as well, which you may want to do so you can use certain plugins. Installation is straight forward and after installing KeePass, the first thing is to create a new password database by clicking on File \ New.

You will need to come up with a Master Password which is the only one you will need to remember moving forward. Make sure and pick a strong password with several characters, symbols, and numbers. It can be an entire phrase, sentence, or whatever you want it to be with virtually any characters you want.

Alternatively you can use a Key File which a master password in a file. This makes it so you don’t have to remember a long Master Password, but if it gets lost and not backed up you’re out of luck. Also, you want to keep the file in a secret location other than your local hard drive, malware attacks can find it if it’s openly available on your hard drive.

Read the rest of this entry »

Sarah Silverman’s ambitious plan for feeding the world.