Coolest hardware authentication device ever from Yubico.

I’m not typically a big fan of hardware tokens, but I discovered a neat little device at IIW that takes the cake when it comes to hardware based authentication. The YubiCard is a incredibly small device; requires no drivers at all and doesn’t need a LCD screen. In addition to being the coolest hardware token I have ever seen it has to be one of the cheapest to produce.

The way it works is that you plug it into any USB port on your computer; then when you go to a website to login all you have to do is tab over to the password field and touch your YubiCard (No buttons, it’s touch sensitive), then the YubiCard “types” in your one-time-password for you just as if it were a keyboard device.

Posted in Web | No Comments »

Android: Simple Tabs Example

It seems google may have shipped android with a tab widget that is said to be deprecated from the time of release.

Here is a simple method I’ve used to implement tab-like functionality that seems to work well for me. You can easily change the background of the buttons to look just like tabs, but I kept the example as clean and simple as possible.

Full source and example project can be downloaded here

Posted in Android | No Comments »

Accessing Android Resources By Name at Runtime

Here’s a little snippet I wrote to access resources in R.java during runtime. It just uses reflection to get the filed names of the objects in the R class.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

public class RR {
    public static Drawable getDrawable(Context context, String name) {
        Class<R.drawable> c = R.drawable.class;
        Drawable d = null;
        Field f;
        int i = 0;
 
        try {
            f = c.getField(name);
            i = f.getInt(f);
            d = context.getResources().getDrawable(i);
        } catch (Exception e) {
            Log.e("RR",e.toString());
        }
        return  d;
    }
 
    public static String getString(Context context, String name) {
        Class<R.string> c = R.string.class;
        String s = null;
        Field f;
        int i = 0;
 
        try {
            f = c.getField(name);
            i = f.getInt(f);
            s = context.getResources().getString(i);
        } catch (Exception e) {
            Log.e("RR",e.toString());
        }
        return s;
    }
 
}

With this class you could access resources at run time just like the example below. I found this extremely useful in one scenario where I switch Drawable resources out at run-time based on user interaction.

1
2
3

   // inside any view/action
   Drawable icon = RR.getDrawable(this,"myicon");
   String mystring = RR.getString(this,"icon_name");

Feel free to use the code above in your projects. I would really like to see your hacks and improvements for it.

Posted in Android | No Comments »

Google Hax0rs

I noticed this interesting entry in my server’s access log today. I certainly have phpMyAdmin running at that location, but you can’t get the process list unless you login.

66.249.70.89 xxxxxxxxx.com - [21/Nov/2007:13:43:18 -0800] “GET /MyAdmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=a1bb5490499a10bb493edc160625e33b&kill=49481 HTTP/1.1″ 404 345 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”

You can do two things at that screen:

1. See what processes MySQL is running
2. Stop a MySQL process

Neither of witch is something I would expect Google to be interested in on my personal webserver.

Posted in Security, Web | No Comments »

Android Iconified List

I’ve had a lot of fun hacking on Android applications recently and I’m really looking forward to seeing the future of Android unfold. My first project was the the password safe I mentioned in my last post and while working on some features for it I was looking for an example of a composite view that allowed you have cute little icons next to each entry in a list, I found a few examples that did similar things, but nothing was quite what I was looking for so I threw together the view you see here last night. I’m sure someone is else is looking to do something similar so I thought I would post about it and make it available to everyone.

Most of the magic happens by in the BulletedText View class. I basically just extend LinearLayout and create a composite view that contains an ImageView and TextView object: (Sorry if the code is a little cramped, I need to figure out how to keep wordpress from eating blank lines)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

public class BulletedTextView extends LinearLayout {
 
    private TextView mText;
    private ImageView mBullet;
 
    public BulletedTextView(Context context, String text, Drawable bullet) {
            super(context);
 
            this.setOrientation(HORIZONTAL);
 
            mBullet = new ImageView(context);
            mBullet.setImageDrawable(bullet);
            // left, top, right, bottom
            mBullet.setPadding(0, 2, 5, 0);
            addView(mBullet,  new LinearLayout.LayoutParams(
                 LayoutParams.WRAP_CONTENT, LayoutParams.WRAP_CONTENT));
 
            mText = new TextView(context);
            mText.setText(text);
            addView(mText, new LinearLayout.LayoutParams(
                 LayoutParams.WRAP_CONTENT, LayoutParams.WRAP_CONTENT));
    }
 
    public void setText(String words) {
        mText.setText(words);
    }
 
    public void setBullet(Drawable bullet) {
        mBullet.setImageDrawable(bullet);
    }
}

Then I created a custom list adapter for my view.
(more…)

Posted in Android, Programming | 3 Comments »

Android Password Safe

I’ve got my first working Android application together. It’s just a simple password safe with some decent features for a first release including:

• 128 Bit AES Encryption
• Password protected. Your password is needed to decrypt the data stored in the safe
• All data is entrypted including notes, website link, description
• Click through website link, will take you from your entry to the website.

Here are a couple of screen shots to give you an idea of what the application looks like (Click to enlarge)

Plans for future versions include:

• Fetching/Caching of favicons
• Customizable encryption. Maybe 256bit AES, DES, etc.

You can always download it and check it out for yourself. Let me know what you think and if you find any bugs or have ideas for improvements.

Posted in Android, Mobile, Programming | 7 Comments »

Yay, I’m a Anti-Phising Champion

I got an invitation to take the Paypal Anti-Phishing challenge. It’s all of 5 questions long, but it’s a neat way to educate user’s about phising.

Posted in Security, Web | No Comments »

Internet Identity Workshop

I have the privilege of attending this years Internet Identity Workshop in Mountain View. I’ll be hanging out there Dec 3-5. I’ll try to get some pics and things to post on my blog along with an overview of the event.

Posted in OpenID, Web | No Comments »

Leopard: Tiger, but uglier

Anyone who knows me, knows that I’m a huge fan of Apple hardware and enjoy using OS X. I love the sexy interface and actually embrace pressing ‘Apple’ + <Anykey> to do things. I’ve owned a Mac for quite a while. I even have a couple one-button mice that I still use. I’m typing this blog post right now on a Tiger machine.

I’m sure I’ll enjoy Leopard also, but I have to admit, my first impression of it was a bit of a disappointment, mainly due to the visual appeal of the new interface. Everything seems so drab and monochromatic. It just looks to me like a reverse evolution in the sexy interface department. Here is a small example of what I’m talking about

Old Tiger Icons:	New Leopard Icons:

I’m sure someone will find the Leopard drab color scheme appealing, but I like COLOR!

Posted in OSX | No Comments »

Week of JS hacks

This week seems to have been filled with ridiculous Javascript hacks.

I came up with this one. I’m sure you can figure out what it does.

function send_mail(body,subject) {
  var mailwin = window.open("mailto:admin@example.com?subject="
      + subject + "&body=" + body);
  mailwin.close();
}

I have to give credit to Ben from Vidoop for this one. It’s actually part of a Firefox plugin (you can’t usually create Java objects in JS). Apparently if you try to create a Java object the Javascript will often stop evaling completely if Java is not installed. This nice little trick creates a separate thread to check for Java support, this way if the thread never returns, we assume it failed.

function checkJava() {
    var test = new java.util.LinkedList();
    if (test != null)
        vpwsJavaWorks = true;
    }
setTimeout(checkJava, 100);

I saved the best for last. This is more of a rant than a hack. The following line of Javascript works in IE 6.0.2900 but evaluates differently in IE 6.0.3790

    var GetArg = window.location.search.match('foo=([a-z]*)')[1];

Posted in Programming, Web | No Comments »