SMS

A sad loss for security

Monday, July 20, 2015 

Whisper systems wrote the very useful TextSecure app for Android. It had a great feature of encrypting text messages, a standard communication modality in much of the world and one I rely on often. I have previously suggested it is a good tool.

The last “update” removed the ability to establish new encrypted chats over SMS and, it appears, the next will remove the function entirely. For me, this change substantially reduces the utility of the app.

Reading their arguments for doing so, I find myself disagreeing with their justifications. I understand there was some complexity in establishing encrypted SMS, but frankly initiating a one-time key exchange was about as easy as encrypted communication gets. That iOS users can’t play along is pretty irrelevant: iOS isn’t exactly the platform for secure communications anyway, you carry iOS devices when you want to impress people with your brand awareness, not get things done. That people occasionally end up with a conversation that is half-encrypted seems annoying but hardly all that problematic. The person that uninstalled the app will try to send messages in the clear, not the person who is still running it and a partial session. I can see the annoyance, but not any security leak.

I think the final result is somewhat dangerous. The first incarnation used SMS as the starting point, and once a secure communications were established, if available, coms moved transparently to the data channel. If not, it stayed with SMS. As I work in a place where data service is frequently disabled, this was the most reliable non-voice communication protocol.

Now SMS is unencrypted and data-mode communication is encrypted. You have to remember which is which and that is dangerous.

If they don’t restore encrypted SMS functionality, I will switch back to the standard SMS app, which is insecure SMS only and so not confusing and use chat secure or xabber for encrypted data communications so the difference is clear. You’re probably going to run a jabber-based chat tool anyway chat secure’s Tor integration makes it a better choice for data-mode chat while text secure no longer does anything particularly useful over the default app for SMS-mode nor anything particularly unique for data mode.

Posted at 00:53:41 GMT-0700

Category: cell phonesSecurity

Singapore Air: Nice planes, Crappy customer service

Saturday, July 2, 2011 

Singapore Airlines sucks… OMG.   Not only do they seem to have real trouble handling bags, they have absolutely no customer service at all.  None.  Zilch.

I flew SFO-JFK on a UAL PS flight first class on the 1st; JFK-FRA on Singpore Air, first class on the 1st-2nd; FRA-FLR on Lufthansa business the 2nd.  When I arrived in FLR, no luggage.  I waited for the next FRA-FLR flight to arrive, no luggage.  There had been 3 FRA-FLR flights before mine my luggage could have taken, no luggage.

I had a 3 hour layover in JFK, somehow Singapore did not get my luggage on my flight, despite flying first class and having one of those “priority” tags on my bag (as if). United’s scan showed they delivered the luggage to singapore on time, but that Singapore just hadn’t boarded it, and rather than find the fastest way to get it to me at my destination, put it on the same flight (SQ25) 24 hours later.  They hadn’t bothered to try to contact me.  At all.

Now that’s lame, lame for coach, pretty much intolerable for first, but to make matters worse:

Their online luggage check tool at http://www.worldtracer.aero/cgi-bin/fileframe.exe?tran=XXXsqXXXXXl1=enCB=Y does not have current information, but United has more recent information – FOR SINGAPORE. If they could give me some information, any information about the luggage, I’d be more confident, but that the only useful information I could get at all came from United, and from them only as a courtesy, is just astonishing.

I was given this number by united to call: 800 742 3333, it is a call center that could do nothing at all to help but sound vaguely apologetic and give me the Local airport number.

I called that number, 718 751 3832, and got voice mail. Of course I left a message, of course nobody called back.

I called their lost and found number at 1 800-2244243 and got fast busy every time (during daylight hours Singapore time, daylight hours EST, daylight Europe time… the number seems disconnected: WIN SQ!).

I wrote them at sqbaggage_enquiry@sats.com.sg, no answer so far.  (update, 12 72 hours later, no response at all).

I found the JFK office number on the Singapore site, which is actually their “traffic number” at +1 (718) 751-3830 and called and got voice mail, no answer, no response. (update, no call back 12 hours later UPDATE again – still no contact at all from Singapore – 3 days).

I found the JFK baggage office email at JFK_LostNFound@singaporeair.com.sg and sent a note there, of course no response.

I filled out the form at https://www.singaporeair.com/baggageFeedBack.form and at https://www.singaporeair.com/customerServiceFeedBack.form, but of course got nothing back – so far not even an automated response (update: got an automated response, but no real response 12 72 hours later).

I called the 24 hour call center in singapore at +65 6223 8888 and their phone tree system had real trouble recognizing DTMF signals and they had no default to human operator. It’s a reservations system and has endless hold problems, but at least I eventually got hold music. No help, but hold music. Update – I did eventually get someone but they were as useless as the first number. I had serious trouble explaining that I needed to speak to a human being and that it wasn’t useful to give me a number to call where nobody answered.

I demanded that the operator connect me, and she finally connected me to someone who said “hello.” I said “hello.” He said “hello.” I said “hello.” Excuse me, who are you? No “can I help you?” No “I’m sorry we screwed up and didn’t get your luggage on the flight?” But finally, finally, someone at Singapore who could, if not entirely politely, at least look up the status. I had to correct him when he said “you lost your bag” to me: “No YOU lost my bag, you failed to board it on my flight. Where is it?”

People rave about Singapore Air and while the flight was comfortable enough and the food excellent… and the FAs the nicest and most attending I’ve experienced, their baggage handling and customer support is horrible. Unbelievably worse than even a discount airline in the US. And the thing that pisses me off most (and this is the same with UAL): they KNEW my luggage didn’t get on the plane before my flight took off – certainly long before I landed. Why wait until I get to my final destination to file a claim before fixing it? Flying first class on a transcon flight they should have had someone waiting for me at FRA with a toiletries kit and an apology and an update as to where my luggage was so I didn’t have to waste 90 minutes at the airport filing a claim and another hour or two following up to find out the status of their screw up (Update: 4 days later and Singapore has yet to take a single step to rectify their mistakes or apologize).

UPDATE 1: 12 hours after arrival, UAL is still the only airline that is willing to answer their phone or check on updates.  I haven’t tried to track down Lufthansa, though they haven’t yet answered  their email.  UAL is at least polite and responsive on the phone and can track the bag for me, even though they didn’t lose it, Singapore did.  Note that Singpore has known my bag wasn’t on my flight for almost 36 hours already and has not bothered to contact me (update: 4 days later and not a word from Singapore)

UPDATE 2: 24 hours after arrival, Singapore’s web site still says “Bag 1 Status TRACING CONTINUES. PLEASE CHECK BACK LATER”   But FINALLY got through to Singapore Air and spent some time teaching the bag guy there how luggage scanning works at different airports and why it is reasonable for him to be able to answer whether my bag had made it to FLR yet or not (shaming him a bit by explaining that if he couldn’t answer, I can call UAL and they DO know because their computer WORKS).

He kept telling me he was the one who “rushed” my bag to FLR.  I’m sorry, using the word “rushed” for putting my bag on my same itinerary 24 hours late isn’t “rushing.”  Just like making me call HIM to find out the status when he knew my bag was misplaced isn’t “customer service.”  In a moment of honesty he said “I don’t know why your bag didn’t get on your flight.”  SQ simply screwed up, but hasn’t done anything to fix it at all.

He finally managed to look it up after I basically explained how to do it over the phone and confirmed it was in Florence, but had made no arrangements for final delivery.  At least he knows how to check on the status of a missing bag now, so if anyone else loses their bag out of JFK on Singapore and wants to find the status, call +1 (718) 751-3830 during regular daytime hours and if you’re lucky the same guy will be there and know how to look it up for you.  You’re welcome.  I forgot to ask him to add a local cell number to the record, but that was too painful, I’ll call UAL and ask them to do it, even though this is all SQ’s fault.

UPDATE 3: 36 hours after arrival, Singapore’s web site now says “Bag 1 Status ITEM LOCATED, PENDING CONFIRMATION”  According to Singapore Air the bag was actually delivered to FLR last night. I called the airport and they were very polite but couldn’t give me any information other than to take my number and offer to call tonight.  As it might be out for delivery, I won’t drive back to the airport yet.   Singapore still has yet to call me, message me, or respond to any email. UPDATE – they were wrong, the bag had not made it to FLR.  They were either lying or incompetent.

UPDATE 4: 48 hours after arrival, still can’t reach anyone at Singapore at any number.  I’ve taken to calling sequentially all of their listed numbers in the entire world trying to reach someone, anyone, with 1/2 a clue… or who will even answer the phone.  As that was complete FAIL I called UAL again.  Of course they knew exactly what was going on.  My luggage seems to have gone on SQ 25 from JFK a day late, and flown to FRA… but…  it seems they FORGOT TO UNLOAD IT.  WTF?  OMFG.

So UAL tells me it is now actually on SQ 326 from SINGAPORE to FRA.  It is supposed to connect tomorrow on LH308 arriving on the 5th.  They lost it on the 1st.  That’s 4 full days Singapore has known they screwed up, and two MAJOR screw ups, and not a single contact from them, not an email, not a phone call, not an SMS, not anything.  I’ve written them maybe 6-8 emails and called every number I could find and actually talked to two people, including the guy in NY who insisted that he RUSHED to get my bag on the same flight 24 hours later (but didn’t bother to contact me or assist me in any way to either locate my luggage or offer to assist with the absence of luggage) and still not one single proactive step from them at all.

I finally got some poor guy at the LA office and gave him a bit of a chewing out for their corporate incompetence.  He promised to tell his manager and try to get back to me.  We’ll see, but what can they say?  “Um, sorry we forgot to load your luggage.  Sorry we didn’t bother to say anything at all about it.  Sorry we forgot to unload it in Frankfurt and took it on a world tour instead… I guess we’re just incompetent morons?”

UPDATE 5: 60 hours after arrival.  Still not a word by any means from Singapore Air. They have yet to even apologize for losing my luggage, not once, but twice on the same trip.  That’s just inexcusable.  I called FLR’s automated luggage line and they told me the luggage has been found and will go out for delivery as I arranged with them.  No call yet to arrange delivery, but at least it is no longer in Singapore Air’s incompetent hands.

UPDATE 6: 72 hours after arrival.  I got through to someone at FLR.  Their automated line in English and Italian is at +39 055 3061 302.   The information they provide has so far proven correct, so it is a fairly reliable system (unlike Singapore Air).  They also have a direct line, though the people there are quite hassled and busy, but if you need to update your record, you can reach them at +39 055 3061 680.  Still not a word, not an email, not an SMS, not a call from anyone at Singapore.

UPDATE 7: 84 hours after arrival.  I finally got an email from Singapore Air – first contact from the company.  It reads:
Dear Mr Gessel,

thank you for your e-mail sent to our baggage enquiry department in SIN.

According to your Missing Report FLRLH82547 raised in Florenz with LH, the bag was received in Florenz yesterday, on the 05th of July.
Unfortunately, I cannot tell you the status of the delivery as I´m at Frankfurt. But I´m confident that our colleagues from LH will arrange a fast delivery to your mentioned adress in Italy.

We apologize for any inconveniences caused to you because of this unfortunate incident.

Best regards,
SINGAPORE AIRLINES LTD.

Silke Ruthotto
Senior Customer Services Agent
_____________________________________________

SINGAPORE AIRLINES LTD.
Gebäude 201 HBK 277
60549 Frankfurt/Main

Tel.: 069-690-32881
Fax.: 069-690-54681

I appreciate the apology, but it has been 5 days since Singapore first discovered they lost my luggage and this is the first they’ve bothered to say anything, and that thing is “OK, we’re done screwing it up, Lufthansa can sort it out.”   Still no delivery advice. Perhaps he could have taken the time to find out what the delivery timing will be and let me know.

UPDATE 7: My luggage was just delivered, at 0710 ET July 6.  Singapore Air first became aware they had failed to board it on SQ 25, presumably shortly after takeoff at 2125 ET July 1.  It took them 100 hours to contact me at all, and then only after I sent them dozens of messages and called every number they had to try to track down my luggage, and my luggage finally go to me 92 hours late.

It has been all over the world since I checked it in at SFO 5 days ago.  The Singapore reroute tags tell the tale: they start on the 2nd, and are crossed out and updated with 4th and then 5th.  Nice work!  Once it got to LH, it was delivered quickly.

My Luggage travels more than I do

Conclusion: Singapore Air gives a great front office experience, but their back office needs some serious work.  With the amount I’ve flown, I’ve had my luggage misdirected plenty of times, but never twice on the same flight – never misdirected in the effort to get it to me.  That is a special category of fail.  I’m particularly annoyed by Singapore’s astonishing lack of responsiveness: they provide no functional way to track down luggage they’ve lost.  None at all.

If you’re lucky and you’ve connected with another carrier, a responsible one, you can get updates and keep track of what is taking so long, but not through Singapore.

Singapore’s in-cabin reputation is well deserved, definitely one of the best in the business, but their back office is one of the worst.  Discount airlines do a better job.  I would not trust them with my luggage again.

Posted at 16:15:59 GMT-0700

Category: planestravel

26c3 Berlin

Thursday, December 31, 2009 

26c3 was a blast, as was Berlin. It’s a good conference in the olde school hacker style: mostly younger people, mostly wearing black. There weren’t a lot of women, but Carolyn, Isabella, and Meredith tried to even out the ratio a bit.

Some of the best lectures included one by some German engineers working on the lunar x-prize. They had their prototype rover with them and gave a great talk about the various challenges.

Another great one was Dan Kaminski’s talk on PKI. I don’t agree with the premise that SSL should be a reliable method for identifying the owners of websites as people just can’t tell the difference between bankofamerica.com and bancomerica.com and so it doesn’t make anyone safer if the bankofamerica site is super green if bancomerica.com is also super green, and so the complexities of getting an accepted certificate simply reduce the use of secure connections and the overall security of the internet. But he had some pretty great attacks on the security of SSL that causes problems no matter what.

We enjoyed fuzzing the phone as well. It was a very entertaining talk on attacking phones with crafted SMSes. The method of creating the attacks was very clever – rooting the phone, redirecting the radio to a wifi link to a CPU so they could try zillions of SMS and see what would happen. In the process they discovered they could remotely root the communications manager (which runs as root). And %n to specific windows phones and they’ll crash and fail to reboot until the SMS is cleared out of the inbox.

Berlin is a great city and it was fun working in the shadow of the TV tower.

We made reservations for lunch but we could tell it wasn’t going to be a great day. In the end it was a very intimate lunch with pretty clouds pressing against the glass.

The fog lifted but was replaced by snow, which is a lot of fun in a city when you don’t have to drive.

IMG00220-20091228-0842.jpg

IMG00224-20091229-1405.jpg

IMG00225-20091229-1438.jpg

IMG00226-20091230-1303.jpg

IMG00230-20091230-1653.jpg

IMG00214-20091228-0802.jpg
Posted at 11:42:34 GMT-0700

Category: cell phonesEventsFreeBSDLinuxphotoplacestechnologytravelweather

DEMO 08 Palm Desert

Friday, February 1, 2008 

Capsule summaries of the companies presenting at DEMO 08 in Palm Desert. 76 reviews continue past the break (click to expand):

Read more…

Posted at 16:55:51 GMT-0700

Category: reviewstechnology