It just shows that China has an inherently weak infrastructure if such a large portion of people can be disrupted with an attack to a single location.

I guess the users haven’t heard of OpenDNS either, or perhaps they can’t use it because it’s blocked by the ‘Great Firewall of China‘.

An attack on the servers of a domain registrar in China caused an online video application to cripple Internet access in parts of the country late on Wednesday.

Internet access was affected in five northern and coastal provinces after the DNS (domain name system) attack, which targeted just one company but caused unanswered information requests to flood China’s telecommunications networks, China’s IT ministry said in a statement on its Web site. The DNS is what computers use to find each other on the Internet.

The incident revealed holes in China’s DNS that are “very strange” for such a big country, said Konstantin Sapronov, head of Kaspersky’s Virus Lab in China.

The problems started when registrar DNSPod’s DNS servers were targeted with a DDOS (distributed denial of service) attack, described by the company in an online statement. In such an attack, the attacker orders a legion of compromised computers to try to communicate with a server all at once, which overwhelms the server and crushes its ability to return requests for information.

A DoS attack on the root domain servers of any organisation is always one of the most effective as you don’t have to saturate a large pipe, you just have to make the machine max out it’s CPU/RAM so it can’t serve any more requests.

It’s much better than trying to take a corporate network offline by filling up their main line. Targeted attacks are always the most effecient.

Internet access returned to normal in the late night several hours later, according to the government statement.

China had almost 300 million Internet users at the end of last year, according to the country’s domain registry agency, and streaming online video is as popular among young people as it is in Western countries.

The event, the first of its kind in China, suggests the country needs to improve its rules managing the DNS, said Zhao Wei, CEO of Knownsec, a Beijing security firm.

The original attack transformed into a regional DNS jam essentially because Baofeng is so popular, said Zhao.

Such programs may need smarter code, which could instruct them to withdraw DNS requests that go unanswered, he said. The way unanswered requests are redirected to higher-level servers could also be changed, Zhao said.

An interesting point is that the registrar that was attacked hosted the DNS for the very popular video streaming site Baofeng – the traffic was so high for this site that that unanswered DNS requests turned into another traffic jam having the effective of multiplying the original DDoS attack.

I’m guessing this was an unintended side effect, but it worked out well for the attackers.

Source: PCWorld

Before that it was illegal to unlock your phone but finally in November 2006 it came out in court that it’s ok now.

Most cell phones in the United States are purchased as part of a service plan. The phone itself is cheap or free, but it must be bought as part of a one-year or two-year service contract. Phones can also be purchased separately, but are often hundreds of dollars more expensive then the phones that come with service plans. This is because phone companies take a loss on the phone up front and hope to make up that loss over the life of the contract in monthy fees.

Nearly all of the phones purchased as part of a service plan (and even some that are purchased separately) are SIM locked to only work with that phone companies’ network. The phone’s software will reject SIM cards from competing phone networks. Phones bought from T-Mobile only work with T-Mobile, phones bought from Cingular only work with Cingular, etc. This way the phone company can be certain that a customer is stuck and they will make back their investment.

The fact is the protection was frequently broken and many people were unlocking their owns anyway. The US made a smart decision this time to legitimize the dodgy unlocking market and make it straight forward. It also gives the consumers back the rights they should have anyway.

Yesterday, the Library of Congress announced six new exceptions to DMCA rules. Among those was the declaration that breaking SIM locks will not be considered a DMCA violation starting on Monday:

5. Computer programs in the form of firmware that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network.

Library of Congress Rulemaking Statement

This has the potential to legitimize the shady market of cell phone unlockers. It also has the potential to change how cell phone companies do business. If awareness of these rules spreads and legitimate cell phone unlocker services appear, the current cell phone business model might not make as much sense. It is also likely to further frustrate “pay as you go” cell phone providers who have been trying to stop resellers who purchase their phones and then sell them overseas for a profit.

So please, feel free to and unlock your phone, it’s no longer a DMCA violation!

Source: Uninnovate

Even if you don’t open it, people will copy it anyway (See the mass of Cisco knock-offs in China for a fraction of the price with almost exactly the same functions and IOS).

So why not open it, let us play with it.

At least let us know how the hardware we are paying for works.

The following webpage contains ROM images from various mobile phone operating systems. Our intention is to motivate other reverse engineers to take a look at the images and to discover other hidden secrets. Other reasons are that it is said to be hard to extract the ROM. Certainly another reason is that Nokia does not release any technical information about the hardware and I find this rather disappointing. (It’s my strong believe that when I buy hardware that I should also be allowed to know what’s in it and how to use it.)

There are ROM images from various models such as NOKIA 6630, NOKIA n70, NOKIA N-GAGE and also from SE the SonyEricsson P900 ROM image.

Mobile Phone ROM Image and Reverse Engineering Invitation

If you’ve ever used one of the half-dozen websites that allow you to control the phone number that appears on someone’s Caller ID display when you phone them, the U.S. government would like to know who you are.

Last week the FCC opened an investigation into the caller-ID spoofing sites — services that began popping up late 2004, and have since become a useful tool for private investigators, pranksters and more than a few fraud artists.

One of the example services that received the 7 page FCC report is called Telespoof.

On their website it says..

Telespoof.com offers the first domestic and international Caller ID spoofing service, allowing business professionals to remain anonymous when calling from anywhere in the world, to anywhere in the world. We like to think of it as “mobile invisibility”, the highest quality Caller spoofing service available anywhere in the world.

Another example is Spoofcard.com that sells a virtual ‘calling card’ for $10 that provides 60 minutes of talk time. The user dials a toll-free number, then keys in the destination number and the Caller ID number to display. The service also provides optional voice scrambling, to make the caller sound like someone of the opposite sex.

USA Today also reported on how Caller ID spoofing has become easier, saying..

Tim Murphy’s office started getting phone calls from constituents who complained about receiving recorded phone messages that bad-mouthed Murphy. The constituents were especially upset that the messages appeared to come from the congressman’s own office. At least, that’s what Caller ID said.

So if you have used one of these services for whatever reason, the federal government is interested in YOU..

The FCC is demanding business records from both companies, as well as the name of every customer that has used TeleSpoof, the date they used it and the number of phone calls they made.

Dated February 24th, the FCC letter gives TeleSpoof 20 calendar days to respond.

Source: Wired

Over the past year a number sites have popped up offering web based mobile phone tracking services. To use their services you purchase a monthly subscription or set number of credits, and enter in the targets phone number. The target then receives an SMS message asking them to confirm they consent to the tracking. After the target replies, the tracker can then request their position online and receive a street address, post code, and map of their location with an accuracy of around 250 meters.

Source: Rootsecure

• Although it is possible to get the location of a phone the target will receive the various SMS confirmation messages, alerting them to the fact they are being tracked.
• Malicious use can be traced back to the tracker via credit card records / the trackers registered phone.

More:

For the past week I’ve been tracking my girlfriend through her mobile phone. I can see exactly where she is, at any time of day or night, within 150 yards, as long as her phone is on. It has been very interesting to find out about her day. Now I’m going to tell you how I did it.

The Guardian

A service has launched in the UK which allows you to track any mobile phone around the globe and follow its movements from your own computer. The Guardian ran a feature on it yesterday called ‘How I stalked my girlfriend’. It painted a scary picture.

The service is run by World-Tracker, a company based on the Isle of Man. When a mobile number is entered onto the World-Tracker website, a text message is sent to that phone, to ask if the person carrying the phone wishes to be tracked.

The Register