It seems like the James Bond series is always showing as a marathon on one of the major television networks. This is nothing new; I can remember sitting on the couch with my father back in the town I grew up in watching them. Despite that fond childhood memory, my love for anything involving Russians, and the fact that Goldeneye for the N64 was one of the best video games of all time I never felt any particular attachment to the James Bond series. I had trouble connecting with the character. His predictable but narrow escapes, his gadgets, his stylish attire… growing up I just didn’t find that any more enchanting than other action films. Finally, a couple months ago I caught Casino Royal on the television during one of the aforementioned marathons. This time I was hooked.
Since my first viewing of Casino Royal I’ve gone back and seen a bunch of the other classic Bond films and, while they remain good films, they cannot compare. The Bond of Casino Royal is complex, has flaws, makes mistakes, and has believable motivations. His successes are earned through cunning and detective work. When angry he is an awe-inspiring sight. By comparison the Bonds of old are mere playboys that most frequently luck themselves out of a pinch or rely on the inventions of Q branch to do the work for them.
So, melodrama aside, I decided to expand my arsenal with a Walther PPK 32ACP, the classic Bond sidearm (ignoring his odd choices prior to Dr. No). First lesson was that the PPK has an odd history and just figuring out who makes it now was interesting to say the least. Additionally no one seems to like 32ACP so finding ammo and accessories is just a pain.
What I didn’t expect was just how difficult it is to keep this thing clean. My Ruger SR9 gets a little dusting in the slide when I go shooting, and really only needs a cleaning if I put a hundred rounds through it. The Walther turns black inside as soon as a single round is fired. The barrle, the slide and the action end of the firing pin I can understand. The stupid magazine, the decocker and anywhere else you can imagine becomes coated in thick black. In addition to getting dirty, it is not easy to clean. Right above the firing pin is a second pin that pushes out an indicator when a round is fired. Because it is so high in the slide and so close to the firing pin it makes the entire region nearly impossible to get into with a Q-tip or similar implement. I love the fixed barrel but getting the underside of it where the trigger guard meets and the slide rides is equally painful. I made the mistake twice now to disassemble the magazine for cleaning and the first time the butt plate shot across the apartment and landed near the dog’s bowl. This time I have no clue where it went. Having a 3 piece butt plate under spring pressure is just asking for an explosion during disassembly.

With all that said, it is my favorite. For all the frustration it gives me at cleaning time it returns a greater amount of satisfaction at the range. The thing is impeccably precise, reliable (if you use Fiocchi ammunition, anything else will occasionally jam on the feed ramp) and has as surprisingly little kick. Its compact, light and beautiful.

Over at Gizmodo a story popped up this morning regarding GoogleVoice doing some webapp upgrades. If you have a phone with an HTML5 browser stop reading immediately and surf to GoogleVoice Mobile. What was a moderately cool service just got a caffeine shot.

Before I get into how GoogleVoice just got better, first let me explain how I am already using it. I’ve been using GoogleVoice for months now since I moved. I kept the cell phone number I was using back in Rhode Island so that friends and family can still reach me easily but down here I’ve been telling everyone my GoogleVoice number. The first awesome thing is that I can give people this number and if they try to call me it rings on the cell phone, at my office desk phone, and it will also pop-up the call on my Gizmo5 account if I am logged on at a computer. This means that if I want to be I am instantly contactable no matter where I am during the day.

Also, people can text message me at my GoogleVoice number and they come through as an email, which through Exchange is immediately pushed to me phone from my Google hosted domain email account. When I reply to the email it is turned back into an SMS and sent to their phone. Instead of paying $0.10 to give someone 140 characters of text I can carry on a lengthy conversation for free.

When I get a call from someone I have the option to set up a wide range of options including call-screening, the caller ID appearance of numbers on my phone, what voicemail message they hear, and when I want to be Do Not Disturb. I can leverage these features to customize the call handling not only for my own benefit but for how I want the caller to be treated. If I like you I can immediately answer; if I’m not sure I can listen to you live while you leave a voicemail and pick up at any time; or if I really don’t like you I can have you straight to voicemail or simply blocked.

Now then, using GoogleVoice on the iPhone used to be a bit of a pain. You went to the website, it forwarded you to the mobile version, you got this text-only 1995 style page that was simply a textbox with the number you want to call or a list of your contacts. When you wanted to place a call you hit the persons name or typed a number and hit submit and a few seconds later you got an incoming call from GoogleVoice (odd phone number from random place – possibly long distance). For text messages you had to go to another page via a link, wait for it to load, & fill out the form. It got the job done but it wasn’t especially sexy.

Today when I booted up the page the interface was completely different. Now we get images and fading between pages and buttons and drop down menus. While I imagine this could cause some slowness on Edge once it is all cached I suspect there will be little of a noticeable difference in speed. In fact I’d expect a speed improvement with the current design because you spend less time making page requests and more just doing little Ajax query/responses. The interface is streamlined and more intuitive, and I have yet to notice a loss of any features.

While previously the entire list of my contacts was pulled up every time I went to the site there is now a button to switch to them. This probably speeds things up if you make the majority of calls from dialing a number but might mean one extra button push if you do it from contacts. It seems to store the contacts in a local cache so while the first load of the list took a couple seconds it was instantaneous after that.

The procedure for placing a call has changed a little bit, but this change I really like. When I dial a number and hit submit it begins to setup the call session through Google. Now instead of receiving a call from Google the app told my phone to dial a number. Because I told it I was on my cell phone when I logged in and it already knew my cell number it used that information to find me a local call exchange who I assume is owned by Google. So now I was definitely calling a local number to route the call which makes GoogleVoice even more free-er than it was before.

The changes, while mostly aesthetic, add up to a vast improvement for the usability of the service on an iPhone. I’ll have to see in the coming weeks how it modifies my calling behavior but I could legitimately see it being enough to compel me to use GoogleVoice instead of the native calling capability of my phone because I won’t have to worry about unexpected call charges, and I can easily get more people using the GoogleVoice number for my incoming calls when I show up on their caller-ID.

Apparently, Bank of America thinks it’s totally appropriate to ask for your login credentials to other bank’s websites.

Bank of America asks for login credentials from other bank websites

I was a customer of my old bank for nearly 12 years. Sadly, my old bank just doesn’t do business in the area I’ve moved to. Seeing as I didn’t want to run into this problem again I decided to go with a nice big bank that covers all the places I might move in the foreseeable future. I figured that Bank of America would fit those needs. That was until I started the application process.

First half of Application Page at BoA

Second half of Application Page at BoA

Moxie presented at Blackhat this year about his discovery of a vulnerability enabled by the automatization of CA certificate assignments and failures by X.509 encryption implementations to handle null bytes. Video has a recap of his last presentation and then the new stuff starts at 15min.

Blackhat Presentations Archive

Basically all the big names in browsers, SMIME mail clients, IRC clients, and VPN are vulnerable. Also, sky is falling.

I know this is totally old news, but it’s some pretty heavy stuff that really kind of happened and then everyone went back to business as usual.

SSLStrip is a tool for MITM attacks where the attacker can intercept information to be transmitted between a user and the server such as login credentials.

Any information security professional worth their salt needs to see the video embeded at [Moxie's SSLStrip page].

The good news is that token keys and user/client certificates is the easy fix, though it makes for more cost/work than just your standard SSL connection. Also, web developers can help the problem by not embeding https links into an http page or translating those with HTTP/redirects.