Some people were upset about this and others were complaining that this is “No big deal”.

On it’s own it might not be but O2 has several ‘Self Service’ portals on it’s website which can be used to gather information about a user.

Some items require two factor authentication but once a SMS has been sent an attacker could call and simply ask for the code.

Are they prepay or Contract?
URL: https://registration.o2.co.uk/o2/webtopup/mobiledetailssubmit.do
POST: topUpNumber_req=xxxxxxxxxxx&cardCategoryId_req=2&topupamount_req=10&continue_88=Continue

Have they registered for MyO2 yet?
URL: https://registration.o2.co.uk/Reclaim/ReclaimUserNameAndPassword
POST: Continue=Continue&actionname=CustomerSearchMsisdn&remindMsisdn=xxxxxxxxxx

Cause a ‘Denial of Service’ Against Registering for MyO2 by exhausting verification tokens
URL: https://registration.o2.co.uk/Register/PreRegister
POST: “msisdn=xxxxxx&Continue=continue”

Are they signed up to O2 Priority
URL: http://www.o2priority.co.uk/Register
POST: ReturnUrl=http%3A%2F%2Fwww.o2priority.co.uk%2Fmoments&JavascriptEnabled=true&AccountManagementUsage=Register&AccountManagementStep=EnterMobileNumber&CoreMetrics.TertiaryTag=Register%20-%20Step%201&CoreMetrics.SecondaryTag=Account&Mpn=xxxxxxxxxxx&butRegisterEnterMobileNumber=Get%20code&X-Requested-With=XMLHttpRequest

Request PUK Code:
URL: http://www.o2.co.uk/apps/getPUK/getPUKService
POST: MPN=xxxxxxxx&viewmode=getPuk

Start the Swap My SIM Process
URL: http://swapmysim.o2.co.uk/validatempn
POST: msisdn=xxxxxxx

Give them ‘Double Data’ on mobile broadband
URL: https://mobilebroadbandaccess.o2.co.uk/services/login
POST: mpn=xxxxxxxxx&submit=Let%27s+Go

One thing I haven’t tried is tethering to an O2 phone and manipulating the x-up-calling-line-id header and hitting http://wap.o2.co.uk/myo2account/ to see if I get somebody else’ details.

I ONLY USED MY O2 PHONE NUMBER FOR THESE TESTS. THERE IS PROBABLY LOTS OF LEGISLATION THAT WOULD APPLY TO ADDING OTHER PEOPLES PHONE NUMBERS INTO THESE REQUESTS

@OllieParsley has found a temporary workaround;
Change your APN settings to mobile.o2.co.uk and username o2web

Most of these facts are not surprising; for example people are still bleating on about ‘cloud’ as if it were something new and the gender disparity is huge. With that said there are some interesting facts such as the overall sentiment was a meagre 0.18 out of 100 with the lowest and highest sentiment of -20 and +8 respectively.

Additionally it would appear that those discussing managed hosting are not really making an impact in social media circles as out of 66,363 interactions over 24 hours the highest Klout score was only 18.

I tried putting some of this data (and other meta data such as top avatars, most retweeted etc) into some form of infographic, I’m not a UX person or an artist so if you don’t like it / it’s an abominable crime against infographics you have been warned;

The new version required a total overhaul of the UI, a new home screen, caching to allow ‘instant’ access, widgets, improved background polling and many other improvements such as;

• Past 8 hours events count bar graph widget
• Current Zenoss Event count widget
• SSL support
• Dock mode
• Instant access caching
• Move to SD support
• Zenoss Event log management
• Online help
• Searching (including voice search)

The app should feel a lot more polished as it makes far better use of UI and layout hints and should be far more responsive in normal conditions and will cope better than before in less than ideal conditions (laggy or no network etc).

If you have any suggestions or bug reports please file them on the GitHub issues page.

You can also keep up to date with the latest news about Zenoss on Android applications and features at the website: http://www.android-zenoss.info

As an avid Android user and developer I took the opportunity to make use of the Zenoss 3.1 JSON API and write an Android app that’ll allow Operations teams who use Zenoss to interact with their installations using a native app rather than via the web interface on the normal browser.

The application is open source: https://github.com/NetworksAreMadeOfString/Rhybudd so people can compile it themselves to make sure that their credentials stay safe or to branch the project and help me out.

The name Rhybudd is Welsh for ‘Caution’ or ‘Warning’.

The App is available for download here.

There are still a lot of features missing but I hope to get them finished and pushed live soon!

Eventually, his party launches a special project in the name of national security. At first, it’s believed to be a search for oil and is pursued without regard to its cost. However, the true goal of this project is power. Complete and total hegemonic domination. The project, however, ends violently.

It is at this point in our story that along comes a spider: Someone seemingly without a conscience for whom the ends always justify the means, and it is they who suggests that their target should not be an enemy of the country, but rather the country itself. Three targets are chosen to maximize the effect of the attack: a Currys, JJB Sports, and a Miss Selfridges. Several hundred are arrested within the first few days.

Fueled by the media, fear and panic spread quickly, fracturing and dividing the country until at last the true goal comes into view. Before the London Riots, no one would have predicted the results of the election that year, no one.

But the end result, the true genius of the plan, was the fear. Fear became the ultimate tool of this government, and through it our politician was ultimately appointed to the newly created position of High Chancellor.

Original from the movie:
Our story begins, as these stories often do, with a young up-and-coming politician. He’s a deeply religious man and a member of the conservative party. He’s completely single-minded and has no regard for the political process. The more power he attains, the more obvious his zealotry and the more aggressive his supporters become. Eventually, his party launches a special project in the name of national security. At first, it’s believed to be a search for biological weapons and is pursued without regard to its cost. However, the true goal of this project is power. Complete and total hegemonic domination. The project, however, ends violently. But the efforts of those involved are not in vain, for a new ability to wage war is born from the blood of the victims. Imagine a virus, the most terrifying virus you can, and then imagine that you and you alone have the cure. But if your ultimate goal is power, how best to use such a weapon?

It is at this point in our story that along comes a spider: He is a man seemingly without a conscience for whom the ends always justify the means, and it is he who suggests that their target should not be an enemy of the country, but rather the country itself. Three targets are chosen to maximize the effect of the attack: a school, a tube station, and a water treatment plant. Several hundred die within the first few weeks.

Fueled by the media, fear and panic spread quickly, fracturing and dividing the country until at last the true goal comes into view. Before the Saint Mary’s crisis, no one would have predicted the results of the election that year, no one. And then not long after the election, lo and behold, a miracle! Some believed it was the work of God Himself, but it was a pharmaceutical company controlled by certain party members that made them all obscenely rich. A year later, several extremists are tried, found guilty and executed while a memorial is built to canonize their victims. But the end result, the true genius of the plan, was the fear. Fear became the ultimate tool of this government, and through it our politician was ultimately appointed to the newly created position of High Chancellor.

The rest, as they say, is history.

Visiting https://market.android.com/publish usually redirects via a 302 to https://market.android.com/publish/Home but this returns a 404. I attempted to add an additional /home to the URL and then the page partially loaded;

Pulling up Firebug we can see that the CSS and javascript resources are relative;

<link rel="stylesheet" href="gwt/client2.css" type="text/css">
<link rel="stylesheet" href="gwt/devsite.css" type="text/css">
<link rel="shortcut icon" href="gwt/images/favicon.ico">
<script language="javascript" type="text/javascript" src="gwt/com.google.wireless.android.vending.developer.HomeMod.nocache.js">


Adding ../ via Firebug allowed the CSS and Javascript to load;

Unfortunately shortly after triggers an error about not owning my applications;

Using a proxy of evil and some browser trickery I managed to get the site to fully load but loading the app list failed 90% of the time;

This could be due to the POST https://market.android.com/publish/editapp receiving a 500 error.

As I find more Ill update.

Most Networks consist of a LAN and a WAN segment, unfortunately due to my previous IPv6 work and the inherant nature of IPv6 the LAN also has public Global Unicast addresses secured via rather crude RRAS filters. To increase the security of the LAN I need a firewall with seperate IPv4 and a IPv6 interfaces and a dual stack LAN interface.


interface Vlan1
nameif DualStack_Internal
security-level 100
ip address 172.16.0.2 255.255.255.192
ipv6 address 2a01:XXX:18e:4::1/64
ipv6 address autoconfig
ipv6 enable
ipv6 nd ra-interval 10
!
interface Vlan2
nameif IPv4_WAN
security-level 0
ip address 78.XXX.XXX.198 255.255.240.0
ipv6 address autoconfig
ipv6 enable
!
interface Vlan12
no forward interface Vlan2
nameif IPv6_WAN
security-level 50
no ip address
ipv6 address 2a01:XXX:18e:2::2/64
ipv6 address autoconfig
ipv6 enable
ipv6 nd ns-interval 2000
ipv6 nd suppress-ra


To ensure that hosts on the LAN can reach the outside world the IPv6 network needs a route and the IPv4 network needs NAT:

ipv6 route IPv6_WAN ::/0 2a01:XXX:18e:2::1
global (IPv4_WAN) 1 interface
nat (DualStack_Internal) 1 172.16.0.0 255.255.255.192
route IPv4_WAN 0.0.0.0 0.0.0.0 78.XXX.XXX.1 2


I’ve allocated Global Unicast addresses to the interfaces but this may not neccessarily be required as “Link-Local” addresses next hop addresses when routing but the output is as follows;

DualStack_Internal is up, line protocol is up
IPv6 is enabled, link-local address is fe80::222:55ff:fe2a:a42c
Global unicast address(es):
2a01:XXX:18e:4::1, subnet is 2a01:XXX:18e:4::/64
Joined group address(es):
ff02::1
ff02::2
ff02::1:ff00:1
ff02::1:ff2a:a42c
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 1000 milliseconds
ND router advertisements are sent every 10 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
!
IPv6_WAN is up, line protocol is up
IPv6 is enabled, link-local address is fe80::222:55ff:fe2a:a42c
Global unicast address(es):
2a01:XXX:18e:2::2, subnet is 2a01:XXX:18e:2::/64
Joined group address(es):
ff02::1
ff02::2
ff02::1:ff00:2
ff02::1:ff2a:a42c
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Hosts use stateless autoconfig for addresses.


With Router Advertisements enabled the IPv6 enabled hosts on the LAN had already acquired an IPv6 address and were already utilising the link;

Traffic Statistics for "IPv6_WAN":
27944 packets input, 28710029 bytes
14333 packets output, 1017380 bytes
5354 packets dropped
1 minute input rate 181 pkts/sec, 232507 bytes/sec
1 minute output rate 96 pkts/sec, 5989 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 2 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec


On a side note it looks like Google has moved http://ipv6.google.com away from the address it was when I was doing this testing last year from 2001:4860:0:1001::68 to 2a00:1450:8002::67.

Weirdness.

Unfortunately this saving comes at a cost of a lack of native serial / USB support for writing to the onboard chip. This is easily achievable with a USB to Serial TTL device which is great however upon delivery I had two devices with female 0.1″ headers. The picture below shows the pin outs needed to get the two working;

Top to Bottom from JST pins to CR2302 battery clip

FTDI Stalker
N/A DTR
Blue GND
Yellow RX
Orange TX
Purple 5v


Coupling the Stalker with various addons such as Zigbee transmitters and RFID chips allows the creation of a varied array of props for Airsoft Skirmishing and Milsims.

I’m planning on using the NanoNote to do local admin or create a Zigbee / NanoNote interface for remote admin.

Once the devices are all finished and had their ‘real world’ playtests I’ll post some more info.

Now that IPv6 is enabled by default in all of the OS’s I use in my home (Fedora, Windows 2008 & Windows 7) I decided to go back and check my traffic graphs and the results surprised me.

There was a spike in Oct ’08 when I was first experimenting with IPv6 and visiting as many native IPv6 sites as I could and then it tailed off as one would expect. Interestingly the traffic started to pick up again in July of 2009 and in the 2 years of having IPv6 Internet connectivity I’ve pulled over 364Gb of traffic!

Looking at this year on it’s own shows a pretty consistent amount of throughput;

I’ll try and profile the traffic and work out what or who has adopted IPv6 so well that I can do so much without even realising it.