Eschew Obfuscation

Below is the text of an email that I sent to someone to post on a forum that I didn’t feel like signing up for that already had a thread going on cloned Treo phones.

Enjoy!

---

---

I will apologize up front here as I’m tired and this is mostly just a
way to get past being pissed off at VZW for not watching out for the
customer.

I have a Treo 700p and it was cloned Friday night, just in time for the
weekend. If you’re wondering how to tell if your phone has been cloned,
it’s really easy. Call yourself from another phone. If you get no
indication whatsoever of that call happening, including voicemail
notification, you’re in trouble. If you periodically get through, it’s
likely due to the other phone having been turned off and your phone is
termporarily winning.

I just went through the process of getting my phone back from being
cloned. The most awesome part of this is the complete lack of support
that VZW gives to prevent the inconvenience of having your phone cloned.

The sequence of events:

1. Drive to Vegas for a weekend conference on a Thursday
2. Friday evening, no calls or text messages are getting through to my phone
3. Sunday, while driving back, I have eleven (11) voice mails with no evidence of a missed call or that I might have a voicemail.
4. Sunday night, contact VZW help (611) and find out that:

A) support will try to help you and tell you they believe that
your phone has been cloned. Once they believe that your phone
has been cloned, they will tell you that something is wrong
with the device and you should hard reset it.

This will do you no good, whatsoever. However, I’m pretty sure
that they have a pool running on the other end of the phone to
see how many customers they can stroke out by zapping all of
the data on their phones “on accident.”

B) The cloning and fraud department at VZW only works M-F,
0500-1800 PST. Obviously, this is because your phone can only
get cloned during banker hours. *SIGH*

C) Nobody at VZW can actually look at your account and tell you if
there are weird charges on the bill. In my case, there was no
indication of misuse during the episode and the one phone call
that I did get from the DR was from a local area code.

5. Monday morning, call VZW cloning/fraud department. I had to speak to two separate people to complete my phone transaction.

The first person was very kind and genuinely wanted to help me but
was an idiot. “Yes, Mr. HalfDime, I’m going to send you a text
message with the URL you can use to update your phone firmware
with.”

“But my phone has been cloned.”

“Right. Did you get the text message?”

The second person was pissed off to be alive. They cut me off
every time I started to say something and then seemed to think
that it was obvious that doing a complete restore from backup to
the device would not overwrite the settings just downloaded from
Palm.

Anyway, the information that you will need to get your phone uncloned,
or that you should use to keep from having it get cloned in the first
place:

1. Go here
2. Follow the directions on updating your phone firmware.
3. After the 35 minutes it takes the software to install, call cloning/fraud at the number below:

Cloning/Fraud Dept.
888 483-7200
Hours: M-F, 0500 - 1800 PST only

4. They will “verify” your phone via the following process:

• Dial #2539 - Authorization from verizon host, they send programming to phone.
• Turn phone radio off
• Tell support person when it’s off
• Turn phone radio on
• Tell support person when it’s on

NOTE: It’s very likely that over the air programming ( *228, option 1 )
will not work at this time since your phone has been flagged in
the system as being cloned. It may take a day or more for this to
clear. However, updating roaming ( *228, option 2 ) works.

After updating your phone, the firmware version displayed for the phone
firmware is Treo700p_-1.10-VZW.

According to a treocentral article on the interweb [0] and the Verizon
tech, this flaw is due to there being no AKEY shipped with the phone
firmware and has been known for quite some time. It’s just now coming
up in numbers as it’s been discovered at large. Most of the phone
numbers are being cloned to the Dominican Republic.

The importance of the A-Key is described well by this quote:

“Security of the A-Key is critical in a CDMA system. Over-the-Air
provisioning uses Diffie-Hellman algorithm, making it the best choice
for A-Key programming from the alternatives mentioned above.
Diffie-Hellman algorithm is used for secure key exchange between two
entities so that a third party cannot deduce the value in the process
of exchange.” [1]

What this basically boils down to is that all the information required
to clone a phone is being broadcast unencrypted over the air for anyone
to partake of with very little effort.

Thank you so much, Verizon.

Adding insult to injury, not only did I lose use of my phone for an
entire weekend because my phone got nabbed on a Friday night and VZW
fraud/cloning works banker hours, but I had to perform a 90 minute hokey
pokey to get the new software installed, call back to VZW and then do
the hokey pokey, turn the phone off and on with VZW on the phone.

–HalfDime

[0] http://discussion.treocentral.com/showthread.php?p=1477412

[1] Over-The-Air Provisioning in CDMA, Rohini P.P., Gemplus Technologies, October 2004
http://www.cdg.org/resources/white_papers/files/Gemplus%20Over-The-Air%20Provisoning%20in%20CDMA%20Oct%2004.pdf

written by halfdime

If this takes on the appearance of a rant, I apologize. I have some strong feelings about this topic.

I was talking to someone the other day who commented that I seem to be in a good mood much more often than bad. I told them that I don’t have a reason to be unhappy when I have so much good in my life.

This seems to be a difficult thing for many geeks to do. I’m not really sure if it’s the belief that it’s cool to be grumpy or if it’s just a lack of perspective brought on by being blessed with so much for so long. Regardless, we tend to dwell on the negative and often thrive on contention.

What’s perhaps even more disturbing is that instead of making an attempt to fix the problems we see, more often than not, we grouse about them and then do nothing beyond adding fuel to the discontent of those around us. The true irony of this situation is that we as geeks have an innate ability and drive to fix things. We thrive on fixing things that are truly challenging. Why then do we so often retreat from societal problems?

To be fair, I don’t see this as just geeks. As a society we are moving aggressively away from being a part of the community that we live in. Each person goes from their home to their car to work and back making as few social interactions as possible. We spend too much time tending our devices and not enough time taking care of what matters most. How do we expect any of the societal ills that we perceive to be remedied if we’re only willing to make sure that we’re not contributing to them? When will we decide that it *is* worth our time to help others?

So here’s my hope. If you’ve read this far, maybe you’re willing to do something besides flame me in the comments.

Sign up for something to improve the life of someone around you. The only stipulation that I would make is that you do something you’ve never done before and that you get no recognition of any kind.

If you feel brave, leave me a comment about what you’re doing/have done/will be doing.

p.s. No. I’m not going to blow my own horn. Just suffice to say that I feel pretty comfortable about what I’m doing and have done in the past to call on folks to be more active in the community.

written by halfdime

As I’m wont to blog about a number of technical things, I find that I’m thinking about personalities in the IT landscape.

To that end, I wanted to jot down the broad categories of people as I see them in the IT world. As far as I’m concerned, there are only really four classes of people in IT.

The Closet Geek
We all know the stereotypical geek who has bad hair, acne a chronic clothing problem and lacks the social finesse necessary to successfully buy candy at a drug store for fear of interacting with a clerk of the opposite sex. The seemingly dominant personality traits in this type of person is hard to find due to the overwhelming lack of self confidence in a social setting. This is the person that they make movies about and that some people believe can shoot energy rays out of their noses [1].

The Casual Geek
These folks can be hard to spot by other casuals and are often targeted by Alpha’s without a moral backing. The most notable trait these folks have is an absolute passion for computer hardware (everything from PC hardware to gadgets). A common mistake that’s made on their resume is considering using the record function in Excel to be programming. There are scores of these folks working at retail computer establishments doing a great job helping folks determine the best of consumer grade electronics. My most recent encounters with this class of geek has been through IBM support but that’s another story entirely.

The Alpha Geek
These are the closet geek escapees. They’ve managed to become functional in a social setting and some may actually excel in social situations.[2] Frequently alpha’s come off as arrogant due to the, “I NEED TO BE RIGHT” setting in their brains. Patience with anything that isn’t interesting (like people) is often in short supply. The irony of this is that the social ability of alpha’s puts them in constant contact with people who are going to ask that the obvious be explained ONE MORE TIME! If you’re not the one asking for the explanation, it can be quite entertaining to prolong this process and watch the alpha’s head near bursting.

The Non Geek
You know who you are. If you’re reading my blog, we won’t be talking about you any more because we’re really only interested in flavors of geeks here, right? Ok, maybe not. The non-geek in an IT setting is really fun. This is the person that everyone looks at and asks, “You’re not offended by profanity, are you?” Regardless of the answer, this is quickly followed by a quick string of obscenities.

If you’ve kept with me to this point, you’re probably wanting to know what this has to do with the topic line at all.

It’s the interaction of the various groups in an IT environment. Mix in one of each class from above and sit each down with or without alcohol (preferably with for at least one) and wait for the topics to move. It’s a great to watch the verbal gymnastics to get to the topic that each excels at so that they can stick it to each other.

Some of the best humor I have ever been witness to has come from seeing someone go from the euphoria of a great quip to the low of being zapped themselves. The creative juices required to be flexible enough to laugh and still come off as a know-it-all prick is what I like to call, Creative Curmudgeonry.

---

[1] Let’s be honest. That’s the biggest thing on their body and likely dispenses a multi-jigawatt bolt if they’ve put any effort into “enhancements.”
[2] I believe that some of the closet dwellers were actually dragged out by their parents and dropped in a vat of toxic sludge and that changed their personality.

written by halfdime

So I’ve started this insidious little creature known as a blog. I think about it all the time.

I start a thought and then immediately diverge to, “Hey! That would be a good thing to blog about.”

Then I start to compose the blog post in my head and realize it’s, at best, a sound bite worth of information and really isn’t getting anything accomplished in line with my goal for this blog.

So I discard the idea and move on to something else.

After a few seconds, the person sitting across from me who said something that set off the whole chain of events in my little mental detour starts to get a concerned look on their face. You know the look. That, “Hey STUPID! I’m over here.” Pretty soon, it changes to the, “Is he having a seizure” look and if left too long, it becomes the wake up slap.

I’m fully aware of my problem with shiny objects and my coworkers (and my wife to a certain extent) are familiar with the problem and exploit it often.

This new blog thought-hijacking that is going on is just disturbing.

I think I need to find a qualified blunt-trauma specialist to knock some sense back into my dome.

Nah. I think I’ll just take a cue from my daughter and talk until someone hurts me. If I use a tape recorder, I should get at least a month’s worth of blog entries out of it before I lose consciousness.

written by halfdime

Having been doing the sysadmin gig for awhile now, some things have become abundantly clear.

• DNS, email and pretty much all core services are only sexy to other sysadmins
• Long hours are part of the game at times

Friday was a reinforcement day for me on the second one above. Sometimes there’s nothing to do but bite the bullet and put time into the problem.

The positive from this was that I got the thing working for our customer.

The negative was the time away from my personal affairs.

The true take away for anyone just starting out as a sysadmin, IMHO, is that you shouldn’t be shocked when things go terribly, horribly wrong and you have to spend the night at work. It happens. Hardware will fail. Someone has to fix it or do the restores.

What *SHOULD* shock you is if this is the normal situation at your work.

For example:

When I decided that I was going to look for work, I applied at my current employer and another company that shall henceforth be dubbed DysfunCo. I had already interviewed with $employer and was talking salary before I went to interview at DysfunCo. The two gentlemen (PHB #1 and #2) that interviewed me are programmers promoted to management. The following is paraphrased excerpts of the interview.

PHB #1: “We’re looking for a sysadmin to help our developers any way they see fit.”
PHB #2: “It’s really important that the candidate enable our developers to keep their creativity going.”
Halfdime: “Can you give me an example of what kinds of things you’re looking for?”
PHB #2: “We really need a broad based specialist to help us liaise with our corporate headquarters.”
Halfdime: “What’s your relationship with corporate like?”
PHB #1&2 (together): “Oh. They HATE us.”
PHB #1: “Yeah, remember the dhcp incident?”
Halfdime: “What was that?”
PHB #1: “One of our guys was working on new appliance and he needed to have it be a dhcp server. So he plugged it in to the core router here and it started handing out leases on the wrong network. Everyone in the office was down for like two days until he realized he was the cause of the problem.”
PHB #2: “Yeah, those guys in corporate were pissed. Good thing they never found out it was us!”

What followed the numerous tales of what they allow to keep their staff from having their creativity stifled was embarrassing. When they finished and asked me what I thought I would do to help them out, I gave them an hour long treatise on how broken their organization was and that any sysadmin worth hiring would start by setting boundaries.

They didn’t call me back.

I’ve thought about sending them a bill for two hours of consulting.

The morbid curiosity in me hasn’t grown enough for me to reach out to my contacts there and find out how long the guy that DID take the job lasted.

If you’ve made it this far, I would like to wrap this one up with another thanks to my wife. She put up with the horrendous hours I had at my previous job every May through October and is as unflappable as they come. She keeps me grounded and reminds me of what’s really important.

Thanks for being patient honey. You rock!

written by halfdime

I’m getting around to reading my google reader.

Of course I’m behind. Shut up!

So I see this one Jonathan Schwartz’s Blog: Give it Back and quickly recognize it as an April fool’s joke. The best part of the read is the last paragraph and one of the reader comments (no, it’s not me).

The reader posts this horror from the past as his response to Schwartz.

written by halfdime