It seems that O2’s legacy MMS platform doesn’t implement even the basic security my own service did… use of security through obscurity techniques surely is not an appropriate way to protect private images sent to O2 customers by MMS.

Ironically, my own o2mms webapp thrown together in a week or so was more secure in most respects than the solution built by the multi-national O2.

As soon as O2 relaunch the service with improved security I will restore my service, although no doubt this will take some time.

More information on the outage;

• http://www.theinquirer.net/gb/inquirer/news/2008/07/19/o2-allows-mms-pictures-seen
• http://www.theinquirer.net/gb/inquirer/news/2008/07/20/o2-responds-mms-leak
• http://www.informationweek.com/news/mobility/security/showArticle.jhtml?articleID=209101313

Firstly, sorry for the lack of updates … been busy

Secondly if you normally use my mac.com address to contact me it currently does not work as (a) it has expired, (b) due to Apple’s ‘migration’ to MobileMe I appear to be completely unable to renew it!!!

I was asked recently by someone to investigate the security offered by obfuscation scripts such as the one at http://www.rightscripts.com/phpencode (also available as a paid-for download)

Obviously anything which relies on PHP itself to ‘encode’ the script, must have the means of decryption built into the script - if it doesn’t then it wouldn’t run.

Around 5 lines of code later, and you have this … http://www.iross.net/phpdecode … a simple proof of concept which reverses the code generated by http://www.rightscripts.com/phpencode (and one or two other sites that work in a similar way)

So is there any way to really secure your PHP code? Yes, systems such as IonCube or the ByteCode encoder which require a ‘loader’ to be installed on the server are substantially more secure as the code is compiled rather than just obfuscated - these provide a secure option

Of course, all my own freelance web development clients get the source code without any sort of obfuscation - since they have paid for it!

Sorry for the complete lack of updates lately, but this has been a hectic / stressful week (delete as appropriate)

At work on Monday our internet connection died due to someone from BT being so kind as to pull our (perfectly happy up until that point) ADSL line out of it’s krone block…. After 2 hours dealing with the numpties at Bulldog this was fixed some 26 hours later on Tuesday afternoon (we are currently seeking a new ISP)

Wednesday most of my time was spent dealing with other phone-related issues (including finding numbers and working out what’s wrong with our internal phones and mobile contracts)

I also ended up fixing phones at the shop I don’t even work in!

My own phone isn’t working properly either, right now I just dont want to see / deal with telephones.

Today was spent in IKEA and I’ve left with loads of bedroom furniture… which is still sitting in boxes all over the bedroom floor….

I want to sleep

Thought those days ended when I stopped working in JustMac, but yet again I find myself in work on a Saturday (to install a shiny new UPS, which involves cutting off power to servers which generally people don’t like happening in the middle of a working day)

Remarkably it takes only 45 mins to get into work from home on a Saturday…. As opposed to my usual 1 hour 15 mins - 1 hour 40 mins ish