ShopSavvy and Compare Everywhere use the phone’s camera to scan barecodes! It’s pretty cool. I have both simply because they both have their own different databases. For example, what I like to do is go to at my local super store and see what movies I would like. I always cringe when I see an older movie for $25 or more. That’s when I scan the barcode. Now I can see where to go to get the better deal. Keep in mind that the local portions don’t do very well all the time. This is by no fault of the program or it’s writers. It’s just the way things are.

Below are screen caps from both programs. Thinking back when I did those shots, I don’t know why I didn’t check the same product to see how the results differ.

First up, ShopSavvy. (Click on the picture to see the full size!)
Picture Index:
1. Main Screen.
2. Scan the Barcode. See the Use Keyboard button. You can type in what you want to find!
3. It found the book just fine.
4. Two different local businesses were found.
5. And a local map showing where to go.
1  2  3  4  5

Now I forgot to take a picture, but ShopSavvy will take you to the website where you can see more on the product and if you really want to you could buy it right away. That part is the same as the other programs.

Ok, so ShopSavvy is pretty cool. Now check out these pictures for Compare Everywhere:
Picture Index:
1. Main Screen
2. Scan the Barcode
3. Get your local and online store options.
4. Just a scroll down from picture 3.
5. Lets check these guys.
6. Opened the browser and took me right there.
1  2  3  4  5  6  

Not to bad so far right? Now I want to talk about SnapTell. If my memory serves me well, this app was originally written for the iphone, but it’s the same thing in the end. The difference here is that you take a picture of the movie, book, or what ever, and SnapTell tries the find you a match. As you will see in the pictures below, I took an alright picture of the book and SnapTell still figured it out very quickly.

Picture Index:
1. The picture I took (This is an awesome book).
2. The results.
3. Took me right to the website I wanted.
1  2  3

As you can see, all three of these programs are very cool. I use them quite often. Did you find an app like these and really like it? Let me know so I can share the information.

It’s an interesting thing isn’t it? Why is it that we as admins and security experts and never seem to keep computers clean? Even the most skilled professionals can’t keep a computer clean. Well, it’s not our fault. There are so many security issues out there, and to be very blunt, the bad guys are always one step ahead of the security experts. Sometimes the good guys get a patch out (or publish the exploit) before the bad guys get a chance to exploit the security hole.

Unfortunately even when the good guys find the security hole before the bad guys there is the problem of getting the OS patched before someone becomes a victim. For example, a short time ago there was an ActiveX Draw exploit that affected millions of Windows PCs. Basically the bad guys somehow gained access to Google’s Adsence archive (and several other advertiser’s archives) and “infected” roughly 20% of the ads in the archive. I’m unsure of how the exploit functioned. I have heard everything from nothing to allowing someone to gain full control of your computer. Now, lets say for example that you visit a site, any site. You usually have two ads. One along the top and one down the side. So with one page view you have seen two ads. You click on something, new page, four ads have now been seen. You click again, six ads. Now you have reached the mark. There is a high probability you just saw one of the exploited ads. Whether you like it or not what you see in your web browser is also stored locally on your computer. No one was at fault with this (excluding the bad guys). Microsoft put out a patch after about a week of the exploit being known and Google fixed the hole allowing the bad guys to gain access to the Adsence servers. The problem now? Actually, two problems. One, some people are still making ads that are infected and trying to get them onto your computer. Two, there are still millions of computers that have not been updated.

There are always problems like this. I never like to blame any company directly unless they know of the issue but don’t bother fixing it. Other examples include more advanced techniques. You can gain access to a computer by sending certain information to it causing a hole to open temporarily.

The $1000 question is how do we keep out computer clean. Everyone has their own ways, but we came up with just a few basics. So if you run Windows try these out: Run FireFox instead of Internet Explore. Within FireFox get the extensions Adblock Plus and NoScript. Make sure you have a good Virus Scanner and it’s up to date. Turn on Automatic Windows Updates and keep your Windows up to date. Get anti-spyware programs like Adaware (the free one is fine for me) and Spybot: Search and Destroy. Make sure you have a firewall even if it’s the one built into Windows XP (or later), and lastly, be sure your not connected directly to the internet. Most ISPs will provide you with a modem or router, make sure you have a router even if it has the modem built in! It adds just that slight bit of extra protection.

Granted, those are just a few of the things you can do to keep your computer clean. I always recommend talking to an expert when wanting to try new software. If you feel your computer may not be clean find a “hole in the wall” style computer shop. Those are often the better choice compared to the larger companies. Ask questions to the shopkeep. Will they charge you even if they don’t fix the problem? Do they guarantee their work for at least 30 days? Will they wipe your computer’s hard drive or remove personal files without asking? Will they look at your personal files or web history? The best repair shops will answer honestly and quickly. Hesitation is a bad sign.

Lastly for all your Windows users out there. Get a program called Secunia PSI. It is free for home users. This program will check almost every piece of software on your computer and see if there is an update for it. It works very well. For example a few weeks ago Adobe was consistently updating their Flash Player because of several security holes. Secunia PSI found the version I was running was insecure and provided me with a link to directly download and install the updated version! I must say it has been one of the best security programs I have seen for some time.

P.S. Just a note about NoScript. It can be hard for some users to get accustom to using it, and if you unblock the wrong script you will get infected.

The next day I was at my parents house and while waiting for other family members to arrive I went to check my e-mail using my Mother’s computer that I keep clean… very clean. I found that exact couponprinter.exe program on her computer. I didn’t think much of it at the time. I did my thing including backups and cleaning as I do when ever I see my family. It turns out that the very next week I was back. I checked on my mom’s computer. She said the only time it was used was to check on her e-mail. I found more spyware. I thought that was pretty interesting.

To test I removed all the spyware and rebooted. It was back. I then decided to remove the couponprinter.exe program she installed just as a test. I rebooted and nothing. The computer was clean. Now why I didn’t write down what I found I will never know. Just a lapse in judgment. Just to double check when I got back home I downloaded the installer on my Linux machine and uploaded the file to jotti’s virus scanner. Only one program reported it bad. Dr Web reported it as Adware.Coupons.34. Check it out Here. I’m pretty sure I saw more than just the one when I ran Spybot: Search & Destroy.

So, as much as I hate to say it (for possible legal issues), I would recommend NOT installing this program. Screw the free burner. I don’t want it anymore.

If you installed the program I highly recommend removing it and use free programs like Adaware and Spybot: Search & Destroy to remove any traces the coupon printer program installed. These programs are available for windows users. If your on a mac I’m not sure. I don’t have a mac nor did I test the mac version of the program to see if there was anything bad.

function getElementsByClass(searchClass, domNode, tagName) {
     if (domNode == null) domNode = document;
     if (tagName == null) tagName = '*';
     var el = new Array();
     var tags = domNode.getElementsByTagName(tagName);
     var tcl = " "+searchClass+" ";
     for(i=0,j=0; i<tags.length; i++) {
          var test = " " + tags[i].className + " ";
          if (test.indexOf(tcl) != -1)
               el[j++] = tags[i];
          }
     return el;
}
 
var hidden = false;
function toggle_hideme1() {
     hidden = !hidden;
     var newDisplay;
     if(hidden) {
          newDisplay = 'block';
     }
     else
     {
          newDisplay = 'none';
     }
     var showfirst = getElementsByClass("div_class_name", null, "div");
     for(var i = 0; i < showfirst.length; i++) {
          showfirst[i].style.display = newDisplay;
     }
}
 
var hiddenb = false;
function toggle_hideme2() {
     hiddenb = !hiddenb;
     var newDisplay;
     if(hiddenb)
     {
          newDisplay = 'block';
     }
     else
     {
          newDisplay = 'none';
     }
     var showsecond = getElementsByClass("div_class_name", null, "div");
     for(var k = 0; k < showsecond.length; k++) {
          showsecond[k].style.display = newDisplay;
     }
}

For the variables ’showfirst’ and ’showsecond’ you can call them what ever you want, just make sure they stay the same in only one function, not two. Be sure to change ‘div_class_name’ to a custom name for each field.

Also, these are setup to be hidden first, you can change that by swapping the ‘newDisplay = ‘ lines.

For the HTML code we are going to use check boxes. We need two boxes each with names that call the function.

<input type="checkbox" name="showone" id="showone" value="showone" onClick="toggle_hideme1('showone');"><br />
<input type="checkbox" name="showtwo" id="showtwo" value="showtwo" onClick="toggle_hideme2('showtwo');"><br />

If you want the boxes checked to start first swap the ‘newDisplay =’ lines, and use this.

<input type="checkbox" name="showone" id="showone" value="showone" onClick="toggle_hideme1('showone');" CHECKED><br />

As in my previous post you need to put what ever will be shown or hidden in a div class tag.

<div class="div_class_name" style="display: none;">

The style hides everything in the class until the box is checked.

That will start the boxed checked, when you un-check it the data in all div classes with that name will hide (remember the ‘div_class_name’? that’s what we are working with).

I wrote this up in just a couple minutes, so I truly help it makes scene. You can check out an example of how it works here.

This was my 4th year attending Defcon (all in a row!) and was by far the best year. I’m going to try putting everything in chronological order, lets see how well I do.

It all started shortly after arriving at the Riviera Hotel and Casino in Las Vegas on Thursday, July 30th. We has just gotten to our room and started relaxing after the crappy plane ride when we realized that it was time to prepare for the Toxic BBQ. Having a good friend that lives in Vegas is very handy at times like these. After going to Walmart to pick up the items everyone forgets (Thanks again for paying for everything Spyder) like: Water, Ice, Napkins, Paper Plates, and Plastic Silverware, we arrived at Sunset Park. Everyone was very grateful to us for bringing ice and water. Many were dehydrated and were happy for cold clean water. We all had a great time, good food, good friends. We even ran into Winn and his daughter Ashley (maker of Hackers Are People Too). When it was time to go we piled back into the truck (with about 9 or so people in the back that needed a ride) and went back to the Riviera. It was pretty quiet after that. We all thought it would be a good idea to take it easy so we could get up early for the fun.

Friday morning was just like any other… except having to stand in line for a few hours to try and exchange our paper badges for real ones. A special thanks there goes to my buddie Mikey for getting in line early. I don’t want to go into too much detail on the days, mostly the events and special occasions.

This year I was fortunate enough to meet Johnny Long who was there to do a talk about his charity work in Uganda. If you don’t know about it goto johnny.ihackstuff.com and help out! The next day (after winning a little extra cash in the casino) I got a book called “Stealing the Network: The Complete Series Collector’s Edition” and got it signed my Johnny Long and Ryan Russell, but unfortunately Timothy Mullen wasn’t there. A special thanks goes to Ryan Russell, I can’t wait to read the book, and thank you Johnny Long for also signing my book.

I was to talk a little bit about Hacker Jeopardy. As usual Winn was awesome, and Gmark did a great job this year. As Spyder said in his post, Bansee is no longer Vynl Vanna. She always did a great job, she will be missed. The questions this year were kinda lame, Spyder and I talked to Winn about it and gave a few suggestions (they were all Spyder’s ideas), lets see if they use them next year.

Moxie’s talk about SSL was a real eye opener. Spyder has been blogging about it for quite some time, but seeing it in the presentation was a real eye opener. It’s true, security is an illusion. Scary thought, but it’s true, I have seen it with my own eyes.

Adam Savage from Mythbusters did a talk, I missed it. I wanted to see it. After the talk he was signing autographs. I found out from defcon’s twitter feed. The instant it was posted I got it on my phone and rushed to the War Room. I got there a few minutes late and a Goon kept me out of the line. If I had a beer for him he probably would have let me in, but I don’t drink beer so I was out of luck.

I was fortunate enough (also thanks to Spyder) to meet Keven (DJ Shadowvex) and talk with him for a bit. I enjoy his music and always look forward to next year’s disk. I also meet up with a few of his friends, but I’m bad with names. Sorry guys!

Over all this year was a great year and I look forward to going back next year. I think I have started to get myself known to some of the best people at Defcon and I know they will recognize me next year and I can’t wait to see them again. Special thanks to Spyder. If it wasn’t for you I’m not sure I would have made it since I couldn’t afford a room by myself. Special thanks to Mikey. You are an awesome friend. I couldn’t ask for a better one. You know how to get around town and even help me win a few extra bucks on the video poker machine. Thank you for picking us up and dropping us off at the airport, and for the ride to and from the Toxic BBQ. Thanks for everything! I feel very fortunate that I have good friends and good times. By the end I didn’t want to leave Vegas since I was having such a great time, but all good things must some to and end. So I went home and took a nap.

What was your Defcon 17 experience like? Did you meet me? Who did you meet? What fun things did you do? I was to hear all about it.

To solve this I setup a Linux box on my network and point port 22 to it. 22 is the default SSH port in case you didn’t know. Then I create a secure tunnel from my laptop to my home box (my laptop also running Linux).

SSH -D 1080 username@ip

This creates what is essentially a SOCKS v5 proxy on port 1080. Anything and everything you do remotely can be routed through 1080 (any port works, I just like that number).

Now I don’t know how to setup my Linux machine so that I don’t need to configure every program I use to work with the proxy and currently have to setup everything manually. Here is how to do it with FireFox.

Open FireFox, goto Edit –> Preferences –> Advanced –> Network –> Connection –> Settings

Click “Manual proxy configuration:”, then under SOCKS Host put “localhost” port “1080″ and make sure that SOCKS v5 is clicked.
Where it says “No Proxy For” you can leave localhost in, I’m not really sure, never tried. I just cleared it out and everything went smoothly.

Close the window and start surfing!

As long as you keep the SSH connection alive this will work. If you SSH connection does die you will know right away when you can’t surf. You will also need to revert your connection settings back when you are no longer using the SSH proxy. Also keep in mind that even tho you are routing via an encrypted tunnel to your remote machine, traffic will still be unencrypted after that point. Surfing may take longer than you would like. This is due to the fact that ALL traffic will be routed first to your remote machine then to you via the tunnel.

Lastly, I’m told that not every SSHd configuration allows SSH proxies. Mine does. I’m not sure why, I haven’t bothered to look into that yet. You may need to check your /etc/sshd_config file as there may be an option there. If you need help you know where to ask for it. Enjoy!

Before I continue with how I solved the problem let me first give some information about how this all came to be. My battery would stop charging (or so I thought) at about 87%. While using the phone throughout the day I noticed that the battery level didn’t drop below 87% for quite some time. This told me that there is nothing actually wrong with my battery and must be related to the phone (I wish I realized that before getting a replacement battery from HTC, whom by the way has excellent customer service!).

So here is what I did to solve the problem. Granted I did this only a couple of days ago. The first day of charging 100%, the next, about 97%, the third, 100% (that’s today). I will keep track of the battery level throughout the next week or so and update this post. First, open your Market and search for “Battery Widget”, for me it was the third in the list. Make sure you get “Battery Widget” and nothing else. Install, then place it on your desktop. You will get an icon that looks like this.

The program does add a couple nifty features. Just click on it and you get:

The top and bottom option will load into new windows (these same things are found in your Settings menu.)
   
If you hit wifi, it will just turn your wifi on, it doesn’t take you to your settings menu.

Did Battery Widget fix your phone’s battery issue? Hit the comments and let us know!

UPDATE! Well it seems this really didn’t solve anything for me. Damn, I was very hopeful it would. Guess I need to either get that giant extended life battery or manually reinstall cupcake.

UPDATE! … again… Here’s the thing. If you tried pulling the battery, draining it, or running Battery Widget and none of those worked try to reinstall cupcake. I have even tried that and it didn’t work for me. Apparently I need to install an older version then to cupcake again. For me it’s not a big enough of a deal to bother going through that headache.

Check out Android Central on instructions and links. Please keep in mind that before you can install you must turn the phone off then back on using the home + power button! That will not restart it! Turn the power off then home + power for it to start properly! I wish everyone the best of luck in this matter. I just hope when my 220mAh battery arrives I won’t have any problems… and it did! I would highly recommend the battery, the case makes the back speaker quieter, but I’m sure I can fit that with a plastic tube inside the case… that is, if I ever get around to it.

I start with creating the DB. Lets call the table ‘phone’. We need 3 rows. ‘idx’ int(10) with Auto Increment and primary key. ‘name’ varchar(30), and ‘numb’ varchar(20). You can setup the db how ever you choose. I create the idx so that I have a key field.

Now we need some javascript.

var counter = 0;
Start a counter. Yes, at 0
function add_phone() {
    counter++;
// I find it easier to start the incrementing of the counter here.
    var newFields = document.getElementById('add_phone').cloneNode(true);
    newFields.id = '';
    newFields.style.display = 'block';
    var newField = newFields.childNodes;
    for (var i=0;i<newField.length;i++) {
        var theName = newField[i].name
        if (theName)
                newField[i].name = theName + counter;
// This will change the 'name' field by adding an auto incrementing number at the end. This is important.
        }
        var insertHere = document.getElementById('add_phone');
// Inside the getElementById brackets is the name of the div class you will use.
        insertHere.parentNode.insertBefore(newFields,insertHere);
}

Now I like to put that in a seperate .js file, but you can add it to your HTML HEAD tag.

Next we need to build the form.

<form name="add_a_phone" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
<fieldset>
<div id="phone">
    <input type="text" name="phone_0" value="" />
    <input type="text" name="phone_num_0" value="" /><br>
</div>
<div id="add_phone" style="display: none;">
    <input type="text" name="phone_" value="" />
    <input type="text" name="phone_num_" value="" /><br>
</div>
<input type="button" id="add_phone()" onclick="add_phone()" value="Give me more fields!" /><br>
<input type="submit" name="submit" value="submit" />
</fieldset>
</form>

Notice how in the input button field that the ‘id’ and ‘onclick’ are the same. That’s important, and yes you do need the brackets for some reason.
Also note that the form name can NOT be the same as any div id!!! I keep making that mistake.
You will need some way of checking how many fields were added when you get to your ‘if(isset($_POST[’submit’))’ statement. This gets a little messy.
Because I like my forms to go back to this page and check if submit was clicked we need to put some php code at the very top.

<?php
    if(isset($_POST['submit']))
    {
        echo "You clicked submit!<br>";
        echo "Here is your data<br>";
        echo "<br>";
        if ($_POST['phone_num_0'])
        {
                $continue = FALSE;
                $i = 0;
                while ($continue == FALSE)
                {
                    if (isset($_POST['phone_'.$i]))
                    {
                    echo $_POST['phone_'.$i] . " = " . $_POST['phone_num_'.$i] . "<br>";
                    $phone = $_POST['phone_'.$i];
                    $phone_num = $_POST['phone_num_'.$i];
                    $query = "INSERT INTO phone (idx, name, numb) VALUES ('NULL', '$phone', '$phone_num')";
                    $result = mysql_query($query);
                }
                else
                {
                    $continue = TRUE;
                }
                $i++;
            }
        }
    }
?>

Obviously I left out some information. Like connecting to your DB. I’m assuming you already know how to do that.

I first wrote this on my main page. This post is almost a copy/paste from the main page. I like adding it to the blog since it gets better indexing from search engines and hopefully the information will be useful to you. On the main page there is also a working example so you can see how it all ties in. Check it out Here

Questions?