Sony Ericcson Xperia Neo :-(


Normally, I would never really rant on our beloved blog but seeing no-one from our space really wants to blog stuff, I'll try to keep it alive with my ranting about the "security questions" as back-up to a password. :) Yesterday I received my new mobile phone, a Sony Ericcson Xperia Neo. I was browsing the security options to look for screen lock and to set passwords...

Yesterday I received my new mobile phone, a Sony Ericcson
Xperia Neo. I was browsing the security options to look for screen lock and to
set passwords, this because I'm a suPeRseCuReHax0r-man of course! Cool, I can
set my own "pattern" to draw as password, I kinda like that. It's not
like numbers where a lot of people use default numbers like "1111",
"0000" or "1337" and of course easy to remember numbers
like dates for example. On the other hand, I think a pattern is a bit easier to
steal while shoulder surfing, but that's another issue.

After setting my own pattern I get a pop-up; "Security
question - You need to select a security question as a backup solution, in case
you forget the pattern." where I can only select "OK". Now I get
to choose between four options, the questions are set - I can't make my own. I
need to choose between:

  • What is your mother’s maiden name?
  • What is your place of birth?
  • What is your favourite place?
  • What is your favourite film?

The first two questions are pretty easy to find out if you
know the name of the owner of the phone, they are set and unchangeable. The
latter two are usually easy to find if the owner of phone uses social media
like Facebook for example, other than that – they seem pretty easy to social

This is 2011, this phone is brand new and they make security
“errors” like this. It annoys me. This is not the first time I’ve seen it, it’s
a well-known flaw in security at a lot of sites. Half of the time some kid’s Hotmail
gets hacked, it’s because he or she set a stupid security question which got
answered by someone who knows how Google works.

People who are into security or those who are more aware of
it know that entering something like this is silly. That’s not the problem. It
becomes a problem when kids, elderly people or just people who don’t have a
lot of experience with technology set these
answers, they don’t second-guess when technology comes up with a question, they
just add it and are happy about it. I expected people at a huge company like
Sony-Ericcson to foresee stupid flaws like this, especially because it’s been
known for years.

A solution? A temporary solution could be entering a random
answer. What is my mother’s maiden name? Well, it’s “tUm$Gjfk%p” of course! It’s
the only solution I can think of at the moment, seeing I have to enter
something.  But, I’d like to see this "feature" to be gone or fixed in an upcoming patch.

This isn’t really a lash-out towards Sony-Ericsson, I just
get annoyed by these big companies with lots of money that still make stupid mistakes like this. We
have a Dutch saying which translates to “It was the drop that made the bucket
overflow” which suits the reason why I wrote this blog perfectly but now I have to use the English “the straw
that broke the camel's back". :)

Hacker community condemns denial of service attacks, advocates ethical hacking.

13 Dec 2010 - PERSBERICHT: 10 december 2010(English translation in extended version)In reactie op de recente berichtgeving rondom de aanvallen op verschillende websites en de arrestatie van een tiener uit de regio Haaglanden organiseert het lokale hackerhonk 'Revelation Space' in Den Haag op 18 december 2010 een bijeenkomst over ethisch hacken. Dit met medewerking van o.a.

Hack Square at CCC camp

It's all about the future... in the near future CCC camp is coming up. Randomdata is going to join together with other hackerspaces and groups of the BeNeLux. Our dream is called Hack Square (H2X), a nice square filled with hackers, geeks, projects and much more. The sky is NOT the limit.What to expect?

Randomdata at the HiTB Hard-hack village in Kuala Lumpur

A 12 hour flight and you are in Kuala Lumpur where the friends of HiTB and Hackerspace KL are waiting for you. This is what Deathzor, Thursley, beloved friend DrWhax and myself found as soon as we arrived in KL.

TOG, the Dublin hackerspace

So, last week I was in Ireland and wanted to meet up with the 2600ie guys. Some confusion inside my head lead to writing down a phone-number wrong and I missed that event. The day after they invited me to come to their hackerspace, TOG, in the center of Dublin for "A few pints and a movie". How could I not accept?

We gotz more pixels!

So, it took a while to get everything ready. But we are proud to announce that we finally have everything we need to have a decent movie night. Our own flat screen TV is now part of the space!

A big THANK YOU!! to ITQ for this great gift! It will be used well

More movie night wiki action coming up...

Eth0: Not your average packing list

One minute you are driving along the scenic Dutch landscape and the next you are surrounded by a bunch of geeks, tents and network cables. A few of us (fish_, [com]buster, and myself) had the pleasure of attending eth0 (an outdoor computer with some people from the 2600nl meetings we created our own little tent-village.

Randomdata goes KL

In October two of Randomdata's participants and a very close friend will visit the Hack in The Box Conference in Kuala Lumpur.


Been a while since last post so I thought I'd give some updates!

Hack in The Box security conference

The biggest security conference from Asia, Hack in The Box, is coming to Amsterdam, the Netherlands. Hack in The Box started in 2003 in Malaysia and aims for Security Professionals. The conference will be held on the 29th of June till the 2nd of July.


Subscribe to Randomdata RSS
2013 © All rights pwned by Randomdata ;-)