Sunday, 20 November 2011

Securing security questions

We've all told the odd fib in our lives. Either to prevent someone we care about getting hurt or offended, or to protect ourselves or our families.

The difficulty with lying is that you have to remember who you've told the fib to and it will stay with you for the rest of you life. When it's the lesser of two evils, it seems to be the best course of action, and therefore we learn to live with that lie.

Now we've all learned this skill, I'd like to propose a new area of our lives to employ it in. Web site security questions.

The problem with security questions is that they are a back-door[?] into your accounts and quite often they are silly questions such as "What is your mother's maiden name?". Think for a moment how many people might know the answer to that question. You bank? Other sites that use the same security question? Relatives? Dodgey cousins? Close friends? It's pretty conceivable that this information like this could be obtained quite easily either via social engineering or it may also be available on-line in some capacity (there are plenty of on-line family tree sites nowadays which would help answer the security question in my example!).

So how can we secure this back-door? Why not lie..? If a site asks you what your first pet's name was, why not call him your brother's first name? The answer will be only something you know, not even your brother himself would be able to circumvent this security question!! (Well you wouldn't give him your Facebook password would you?!)

This isn't a de facto way to prevent you on-line accounts becoming hacked, but I think it is indeed a tool in your arsenal to make it that much some securer. I discovered this tip by accident one day when I was asked to complete a security question which I didn't even know the answer to myself, to I made something up and even to this day I can remember my answer!

Do you have a security tip that you'd like to share? Please leave it in a comment below. I hope this one has helped you!

Monday, 7 November 2011

Get a Vodafone 3G Dongle (Huawei K3770) working on Linux (Ubuntu, Archlinux etc..)

The funny thing about my Vodafone K3770 dongle was that it took me less time to get it working with Linux - which isn't officially supported - than it did getting it working on Windows 7 - which is its  recommended Operating System!!

The first problem that you will encounter, is that the USB dongle is in "file" mode when you first plug it in. This means it is ready to be mounted with the Windows/Mac software and not actually ready to surf the web.

To prove you have this problem, connect the dongle to your computer, open a Terminal, then type:

lsusb | grep

You should get something like this:

Bus 002 Device 005: ID 12d1:14d1 Huawei Technologies Co., Ltd.

"14d1" is the product id for the file mode of this dongle, we need it to say:

Bus 002 Device 005: ID 12d1:1c05 Huawei Technologies Co., Ltd.

UPDATE: Ubuntu may describe the dongle as 14c9 instead of 1c05.

for the modem to actually work.

The remedy is simple, install usb_modeswitch.
On Ubuntu, type:

sudo apt-get install usb_modeswitch

On Arch Linux, type:

sudo pacman -Sy usb_modeswitch

This program allows you to change the mode from file to modem. Next open the config file for usb_modeswitch and add a rule to change the product id (this will happen when you start the machine up and have the dongle inserted during boot):

Edit the config file like so:

gksu gedit /etc/usb_modeswitch.conf

and add the lines to the bottom of the file:


You can either now reboot your machine, or run:

sudo usb_modeswitch -c /etc/usb_modeswitch.conf

After you have done this, type lsusb and check that the product id has changed as expected:

Bus 002 Device 005: ID 12d1:1c05 Huawei Technologies Co., Ltd.

You now need to use something like wvdial or sakis3g* (recommended). To get you going, here is my command line that I use to get my Vodafone 3G dongle - Huawei K3770 - working on Linux:

sakis3g connect MODEM='12d1:1c05' APN='' USBDRIVER='option' USBINTERFACE='0'

and to disconnect, I use:

sakis3g disconnect