Related
I am using Exchange server for work email and use LockPicker to get by the constant entering of a security code to un-lock the phone. Not sure I should load 2.2 because the developer has informed me that LockPicker will not work with 2.2. If anybody is running 2.2 and Exchange server, does 2.2 offer an option of the screen time out vs. the exchange lockout????
Im running exchange and have to enter the code if the phone sleeps for more than 15 minutes. The time is adjustable, plus the code entry keyboard is huge not a problem to enter at all, overall its a minor pain but workable. The guys that developed lockpicker have an app out that disables this, it is only in the beta stage now and not released to the general public but should be soon.
if found that any of my end users were attempting to disable/bypass the Exchange security...i would haul their ass to HR faster than they could enter their PIN.
DraginMagik said:
if found that any of my end users were attempting to disable/bypass the Exchange security...i would haul their ass to HR faster than they could enter their PIN.
Click to expand...
Click to collapse
He He, I'm thinking if I were an IT guy i'd do that too. Lucky for me I'm an end user, I'm hoping somebody comes up with a way to just toggle the time to a longer value say options for 30 - 60 minutes. In reality the new code entry screen is a breeze to use, not such a big deal as before. I'm just wondering if the time delayed is specified by the Exchange server or if it is built into the phone app.
ifly4vamerica said:
I'm hoping somebody comes up with a way to just toggle the time to a longer value say options for 30 - 60 minutes.
Click to expand...
Click to collapse
/shudders at the thought.
I haven't played with it yet, but pray there is no way for my end users to set a 60min lockout period. that's just waaaaaay too long. how long do you have before your work desktop auto-locks? 15min? and that is for a device that doesn't move and if anyone else is at it would draw attention.
perhaps you feel that you are not important on the food chain and have nothing important in your email. but as these type devices get more powerful folks keep more data on them... pictures, movies, xls, doc, mp3 etc. plus tons of email (with email addresses, names and numbers), some folks will setup the VPN function and map network folders or setup VNC/RDC connections (server names, ip addresses and domain name).
it's not "JUST" that someone may see who you're going to lunch with or that your racquetball game got rescheduled. its all that other crap that concerns us. stuff that you may or may not have. for things that you probably don't see as being a possible security breach. sorry if this has an overbearing tone, it's one of those things i have to beat into folks head everyday.
"i don't care if they know my password, maybe they'll do my work." /facepalm
no...they won't.
ask your favorite IT nerd how many pwd's he has floating in his head and how many times he has to unlock his computer each day.
/steps down from security soapbox
DraginMagik said:
/shudders at the thought.
I haven't played with it yet, but pray there is no way for my end users to set a 60min lockout period. that's just waaaaaay too long. how long do you have before your work desktop auto-locks? 15min? and that is for a device that doesn't move and if anyone else is at it would draw attention.
perhaps you feel that you are not important on the food chain and have nothing important in your email. but as these type devices get more powerful folks keep more data on them... pictures, movies, xls, doc, mp3 etc. plus tons of email (with email addresses, names and numbers), some folks will setup the VPN function and map network folders or setup VNC/RDC connections (server names, ip addresses and domain name).
it's not "JUST" that someone may see who you're going to lunch with or that your racquetball game got rescheduled. its all that other crap that concerns us. stuff that you may or may not have. for things that you probably don't see as being a possible security breach. sorry if this has an overbearing tone, it's one of those things i have to beat into folks head everyday.
"i don't care if they know my password, maybe they'll do my work." /facepalm
no...they won't.
ask your favorite IT nerd how many pwd's he has floating in his head and how many times he has to unlock his computer each day.
/steps down from security soapbox
Click to expand...
Click to collapse
I here ya!!! can we comprimise at 55 mins???? Ok 30 mins?? ;-P How did you know my R-Ball game was rescheduled????????????
/retires from badgering the IT guy!
LOL ... if only we lived in a perfect world.
Solution here: http://forum.xda-developers.com/showthread.php?t=745065
Google is releasing a security fix for all phones, is this going to affect the ROMs? Will this be something Devs will have to build a ROM patch for?
Here is the article with the details:
Google Fixes Android Glitch That Affected '99 Percent' of Devices
Google said Wednesday that it has fixed a security glitch that reportedly opened up 99 percent of Android-based devices to a security breach.
"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," a Google spokesperson told PCMag. "This fix requires no action from users and will roll out globally over the next few days."
Google would not say what percentage of devices were actually affected.
At issue is a Tuesday report that said 99 percent of Android devices are vulnerable to attack when they're used to log into a site on an unsecured network. The report, which came from researchers at Germany's University of Ulm, claimed that phones or tablets running on Android 2.3.3 or earlier were vulnerable because of an improperly implemented ClientLogin authentication protocol. ClientLogin is used to verify users' identity on Android apps, and it saves the authentication data (authToken) for up to two weeks. The authToken is obtained from ClientLogin by providing a username and password on an https connection.
But the researchers said that when a user would login to a site like Facebook or Twitter that stored data could be open to attackers who could use the info to falsely gain access to their private information like Google Contacts and Calendars.
The researchers—Bastian Könings, Jens Nickels, and Florian Schaub—decided to simulate an attack to see if there findings were correct.
"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," they said. "The answer is: Yes, it is possible and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."
There was also an issue with the way data was handled when devices were synced with Picasa, but Google said this has also been fixed. Called a "silent fix," a Google spokesperson said all users will get the update automatically.
Click to expand...
Click to collapse
My understanding is this is a Google server side fix, and isn't something that needs to be "pushed" out to mobile devices.
Sounds more like it'll be an update to 1-2 apps to patch the security hole.
I'm a bit confused why more than one person can't register on the site from the same household in one day. ? My boyfriend recommended the site to me and I wanted to thank people so I created an account. He then tried to create an account later and got: "Sorry, our IP has already been used today to register an account today, please try again later"
And even worse, as I was typing this, when he tried to register from his phone (without wifi) he was blocked because he has Sprint as a carrier and got a message "Sorry your IP address is blocked from registration. The reason is: Sorry, to prevent spam and abuse we do not allow registration from a Sprint wireless IP."
So now I'm really confused. With multiple people in a household, and routers everywhere with the same IP, why can't two people register on the same day???
And the best yet, I got on my phone (without WiFi) and clicked register... I got "Sorry your IP address is blocked from registration. The reason is: Sorry, to prevent spam and abuse we do not allow registration from a Verizon wireless IP." ... only I don't even have Verizon, I have AT&T (which still uses Cingular servers at least here ... I know because of my personal web hosting stats always show me on a Cingular server).
Why block people from registering from their phone??? What about people that only have access to internet on phones, or is just random carriers (and invented this is your carrier) that are blocked.
I am honestly confused by both things.
We have the IP restrictions in place to prevent spammers from signing up with multiple accounts. If this restriction wasn't in place, you have no idea how many spammers we'd have on the forum, posting their cheap iphones and hair dryers
It's also their to stop members creating multiple "scok puppet" accounts. That is, if we ban someone, it prevents them from coming straight back with another account.
Same sort of thing applies with the mobile IPs. If we have a problem with a member, and ban him, and we allowed registration by mobile IP, we would never be able to prevent them from creating new accounts, since they can just disconnect and reconnect to their network and obtain a new IP and register again.
These restrictions are all in pace to help us (moderators/admins) control the "problem" members.
I realise it's a bit of a pain in your case, but one more day won't hurt
Hope that answers your question
I guess it makes sense, it was just really confusing on the surface, and frustrating. Thanks for answering so quickly. Can you say when the "day" rolls over? Just curious, is it our time zone or GMT/UMT or something else?
You should be good to go again for another registration now
This measure is absolutely to prevent spammers and abusers from continuously re-registering accounts and not to stop legitimate users. The Verizon and AT&T IPs may have been incorrectly labeled, but they are indeed Mobile 2G/3G/4G IPs and not wireline (DSL/Cable/Fiber/etc) IPs. We are very careful about blocking any IPs from registration and we don't block a particular set of mobile IPs until abuse has occurred from that set/range.
Thanks for your understanding
Hi,
There seems to be an infuriating bug with the site. I keep getting captcha prompts despite entering the correct information.
I know this because if I enter incorrect information the I get a correct error message saying the Captcha didn't match.
However, if I enter correct data then I still get a form rejection with words to the effect that XDA adds a captcha for those with less than 10 posts.
This is a fairly major bug because there's no way for me to contact anyone, including site administrators.
Obviously the bug is intermittent.
captcha bug still here
captainbadger said:
Hi,
There seems to be an infuriating bug with the site. I keep getting captcha prompts despite entering the correct information.
I know this because if I enter incorrect information the I get a correct error message saying the Captcha didn't match.
However, if I enter correct data then I still get a form rejection with words to the effect that XDA adds a captcha for those with less than 10 posts.
This is a fairly major bug because there's no way for me to contact anyone, including site administrators.
Obviously the bug is intermittent.
Click to expand...
Click to collapse
BUG still here today, 7-27-2014
No problem here, apparently. Can you give steps to replicate the problem?
We're using the industry-used reCaptcha. It's difficult to prevent spammers. I know it's frustrating sometimes, but it's a necessary evil to keep XDA free of spam.
svetius said:
We're using the industry-used reCaptcha. It's difficult to prevent spammers. I know it's frustrating sometimes, but it's a necessary evil to keep XDA free of spam.
Click to expand...
Click to collapse
So how do we get through this?
If you guys could provide some screenshots of you entering in the proper code and the system rejecting it, that would be helpful.
I've been testing this, sometimes I do get an incorrect code but usually the next time it is fine.
You can use the round 'reload' button to get a new one if it fails.
If you continually have a problem with it even though it is entered correctly, maybe let me know your IP, and what browser plugins you may use.
Hi
I tried to join this forum yonks ago and could not get past captcha so I hope you don't mind me using this post to say the new photo image is much easier than the joined together hard to read letters.
Some sites use a form of joining to defeat spammers requiring joiners to rotate image a number of times, randomized of course to the correct way up. As you can guess this requires a real human....rather than a fake human like me....giggles to pass the test.
I also found I could login via google account
Hope that helps someone
Also - no errors for me, but 11 rounds?!?
11 rounds of selecting images seems a bit excessive..?
And another 6 to post this message!
So as the title says, I have a family member who recently passed away over the weekend. The family is trying to access his phone for any pictures and videos of him with everyone. As of right now, we don't have any info about his Google account info. We're afraid to keep trying passwords in case it ends up wiping the data after a certain number of tries. I tried using Dr. Fone but the unlock software doesn't support this phone. Not sure what to do from here but I thought you guys might be able to help. Thanks, guys.
perhaps contact the local police to inquire if they have the capability to unlock the phone? They will probably require that you prove your relationship to the deceased which I don't think anyone on this forum could do. It's not that I don't believe you, but any creeper/theif/etc could say the same thing.
GL and sorry for your loss.
Sorry for your loss. If he had 2 step verification where you can send a text message to his cell phone #, you could do a Sim swap, pop the Sim in a phone that you have access to. Trigger the 2 step verification for forgot password and it might work.
Sent from my Pixel 2 XL using Tapatalk
I'm so sorry for your loss, and Hope you'd recover the content without much of a hassle.
Good Luck!
You can force a factory reset...that will delete apps and texts and any unsaved pics from texts will be deleted....BUT....it will not delete any pics taken by the cam and saved to the phone.
Good luck and sorry for your lost.
Was he logged into Gmail on a computer? Could possibly go to Google Photos and check for backed up photos and videos.
Sent from my Pixel 2 XL using Tapatalk
sorry for your loss, I hope you can recover the photos.
1st: was already mentioned. sim swap
2nd: Try to sign into their google account. If you know their gmail (you should be able to figure this out pretty easily) and know them pretty well you can probably guess their password especially if you can remember an "old" password they've used because people are creatures of habit and reuse the same or variations of the same passwords for years. Or you can do the "forgot password" option
3rd have the legal rep ask google.
Google lets third parties request the content from a deceased user's account, but this must be requested by the deceased person's legal representative. The legal representative must upload a copy of their government-issued ID and a copy of the death certificate. Even then, there's no guarantee the legal representative will gain access.
If this works, the legal representative would be able to access data from the deceased user's Drive, Gmail, Blogger, Google+, Google Photos, YouTube and other services. But again, if the deceased user didn't back up any photos in the first place, getting into the cloud backup won't do any good.
https://support.google.com/accounts/troubleshooter/6357590?hl=en#ts=6357650
4th: okay, this one is a little macabre and you said password but I have 2 methods to get into mine so I figure I'd say it......sigh.............somehow before the funeral 1) find a way to be alone with your relative and see if either of their index fingerprints will work to unlock the phone OR 2) I GUESS you COULD ask the funeral director to unlock their phone using their fingerprints but I'm not sure how agreeable they'd be on that one.. Look, I know it's creepy but if the photos/vids are important then......sigh.....damn it sounds even more eff'd up reading it than it did in my head. Okay, sorry, I'll stop now....
good luck
First of all, I'm sorry for your loss...
I have some inquiries, and then a suggestion...
First, do you know if the former owner had "unlocked" or "rooted" the phone/device? When you turn the device on, is there a warning in the powering up process that "warns" about having an "unlocked bootloader"?
If it is unlocked and/or rooted, there are more/further options that can be done, but only if it is in this "state"...
And as for my suggestion...
You might be aware of how Apple and iPhones/iPads have a sort of "find my iphone" or "find my device" type of connection and protocol on their devices... I've personally used the "Android"/Google version (called Android Device Manager [or ADM for short]) of this to find the last location of my phone and to also ring it. But I have also noticed that they (Google) are constantly evolving it and later added a "lock" option. So, taking it a step further, I checked if there was possibly an "unlock" option; and there is! Again, I personally have never used it and do not know much about it. After some cursory reading, there are certain criteria that has to have been met while the original owner was using the phone; but if, by some amazing circumstance or miracle, things have been set up properly (and you know the deceased google account information/login), there's a good chance you might be able to get the phone unlocked. You can find the information all about this here: https://one.comodo.com/blog/itsm/unlock-your-android-device-using-android-device-manager.php
One additional thought I just thought of while writing this, along the lines of talking to Google and explaining the situation, even if you don't have the google account information/login, you might be able to obtain that information from them if the situation is explained and they have protocols for this type of situation.
Again, I'm sorry for your loss, and I hope this helps. Good luck to you...