Newly publicized android "Fake ID" vulnerability

Similar Messages

• Question about new android 4.3 bug

  Hi I want to ask Sony that, you already know that there is many bugs in the newly realeased android 4.3 jellybean by Sony. We are all facing serious trouble for this issue. Ok now I just want to know that, what Sony planning about this matter? Are you guys going to launch any fix for these bugs? If you are planning to do so ok then we will wait but if you are not planning to do anything about it then just tell us we are going to switch our loveable Sony product.
  Waiting for sony's response
  Thank You

  You can contact xperia care after the weekend,now they do not work:
  http://www.sonymobile.com/global-en/support/contact-us/
  All we have to decide is what to do with the time that is given to us - J.R.R. Tolkien

• IE8 zero day vulnerability

  Vulnerability in Internet Explorer Could Allow Remote Code Execution (Published: Friday, May 03, 2013)
  http://technet.microsoft.com/en-us/security/advisory/2847140
  Microsoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability.
  IE 6, 7, 9, 10 are not affected.

  Temporary FixIt workaround available http://support.microsoft.com/kb/2847140

• Can a nook be used with os7

  Can a Nook be used with Apple products?  I don't want network or virus problems.

  Android is the most malware-prone, insecure platform there is - but millions of users seem to survive without dropping like flies!
  I can't answer Q.1 but as for Q2:
  How safe is your smartphone? (Android is the top malware collector)
  A major source of malware, apart from sites like Facebook and Hotmail, is the Android Marketplace:
  More than 50 applications available via the official Android Marketplace were initially found to contain a virus.
  Analysis suggests that the booby-trapped apps may have been downloaded up to 200,000 times. The apps are also known to be available on unofficial Android stores too. Once a booby-trapped application is installed and run, the virus lurking within, known as DroidDream, sends sensitive data, such as a phone's unique ID number, to a remote server. It also checks to see if a phone has already been infected and, if not, uses known exploits to bypass security controls and give its creator access to the handset. This bestows the ability to install any code on a phone or steal any information from it.
  Remote removal of the booby-trapped apps may not solve all the security problems they pose. The remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection.
  Moreover, more than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.
  http://www.bbc.co.uk/news/technology-13422308
  The data being leaked is typically used to get at web-based services such as Google Calendar.
  The open nature of the Android platform was a boon and a danger, and as Facebook have already discovered it is also a very attractive criminal playground.
  http://www.bbc.co.uk/news/technology-12633923
  Smartphones and social networking sites are likely to become the next big target for cyber criminals, according to a security industry report.
  Symantec's annual threat analysis warns that the technologies are increasingly being used to spread malicious code
  Users of Facebook, Twitter and Google's mobile operating system, Android, are said to be particularly vulnerable.
  In several cases, the security holes were exploited and used to install harmful software on Android handsets - suggesting that criminals now view smartphone hacking as a potentially lucrative area, and Android is still in the firing line:
  http://www.bbc.co.uk/news/uk-15600697
  Android: it's getting worse: Juniper found a 400% increase in Android malware from 2009 to the summer of 2010.  We have since seen exponential grow in Android malware over the last several months. The Juniper Global Threat Center found that the months of October and November are shaping up to see the fastest growth in Android malware discovery in the history of the platform. The number of malware samples identified in September increased by 28% over the number of the known Android malware samples. October showed a 110% increase in malware sample collection over the previous month and a striking 171% increase from what had been collected up to July 2011.
  July 2012: Smartphones running Google's Android software have been hijacked by an illegal botnet, according to a Microsoft researcher.
  Botnets are large illegal networks of infected machines - usually desktop or laptop computers - typically used to send out masses of spam email.
  Researcher Terry Zink said there was evidence of spam being sent from Yahoo mail servers by Android devices:  http://www.bbc.co.uk/news/technology-18720565
  One question Juniper always get when discussing our research is if Apple’s iOS is more or less secure than Android? Maybe, but it’s not necessarily because of the security or lack of vulnerabilities in the platforms themselves. The main reason for the malware epidemic on Android is because of different approaches that Apple and Google take to police their application stores. Android’s open applications store model, which the lacks code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware. There is still no upfront review process in the official Android Market that offers even the hint of a challenge to malware writers that their investment in coding malware will be for naught.
  http://globalthreatcenter.com/?p=2492
  At least six different varieties of malware were discovered hidden in applications that were distributed through a Chinese download service.
  Several pieces of malware were also found on iPhones, however only devices that had been "jailbroken" to bypass Apple's security were affected.
  The company's process of pre-vetting all new applications is believed to have spared its devices from a major attack.
  (Apple closed out 2011 with a commanding 52.1 percent share of mobile devices tracked browsing the Web, while Google's Android had just 16.2 percent.)
  And most recently this:
  Millions of people are using Android apps that can be tricked into revealing personal data, research indicates.
  Scientists tested 13,500 Android apps and found almost 8% failed to protect bank account and social media logins.
  These apps failed to implement standard scrambling systems, allowing "man-in-the-middle" attacks to reveal data that passes back and forth when devices communicate with websites.
  http://www.bbc.co.uk/news/technology-20025973
  And this:
  Freezing an Android phone can help reveal its confidential contents, German security researchers have found.
  The team froze phones for an hour as a way to get around the encryption system that protects the data on a phone by scrambling it.
  Google introduced the data scrambling system with the latest version of Android called Ice Cream Sandwich.
  The attack allowed the researchers to get at contact lists, browsing histories and photos.
  http://www.bbc.co.uk/news/technology-21697704
  Update from May 2013:
  Malware targeting mobile devices is rapidly growing in both the number of variants found in the wild and in their complexity and sophistication, but the only platform being actively targeted is Google's Android, which researchers now say is resembling Windows on the desktop PC.
  http://appleinsider.com/articles/13/05/14/mobile-malware-exploding-but-only-for- android
  And in early June 2013 a highly toxic trojan began attacking the Android platform:
  According to reports:
  Obad.a exploits previously unknown Android bugs, uses Bluetooth and Wi-Fi connections to spread to near-by handsets, and allows attackers to issue malicious commands using standard SMS text messages.
  By exploiting this vulnerability, malicious applications can enjoy extended Device Administrator privileges without appearing on the list of applications which have such privileges," Unuchek said. "As a result of this, it is impossible to delete the malicious program from the smartphone after it gains extended privileges."
  More information here:
  http://arstechnica.com/security/2013/06/behold-the-worlds-most-sophisticated-and roid-trojan
  A recent study on smartphone malware has found that 92 percent of nefarious mobile software is targeted at Google's Android platform, and the amount of attacks are growing:
  The latest data released in June 2013 by Juniper Networks reveals that Android malware has grown at a "staggering rate" over the last three years. In 2010, it accounted for just 24 percent of all mobile malware, while as of this March the platform accounts for nearly all of it.
  In the last year alone, the total number of malicious apps has grown 614 percent to 276,259. The annual Mobile Threats support also identified more than 500 third-party Android application stores worldwide that are known to host mobile malware.
  http://newsroom.juniper.net/press-releases/juniper-networks-finds-mobile-threats -continue-ram-nyse-jnpr-1029552
  The far reaching vulnerability, discovered by San Francisco's Bluebox Security, involves "discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature."
  Android apps (packaged as an "APK") are signed with an encryption key (just like iOS apps) to prevent a malicious party from changing the code. Signed apps are expressly designed to enable the system to detect any tampering or modification.
  However, due to the newly discovered Android flaw, a rogue developer can trick the system into thinking that a compromised app is still legitimate, giving it system wide access to do virtually anything.
  "A device affected by this exploit could do anything in the realm of computer malice, including become a part of a botnet, eavesdrop with the microphone, export your data to a third party, encrypt your data and hold it hostage, use your device as a stepping stone to another network, attack your connected PC, send premium SMS messages, perform a DDoS attack against a target, or wipe your device," a representative of the company wrote AppleInsider:
  http://appleinsider.com/articles/13/07/03/security-flaw-opens-all-modern-android -devices-to-zombie-botnet-takeover
  The problem (with Android) is: that committee design has failed to make Android a good platform for either users or for developers. By not making any hard choices and giving people what they said they wanted, Google simply abandoned the future to cling tenaciously to the past.
  Rather than conceptualizing and engineering really new solutions to historical computing problems as Apple did with iOS, Google has only attempted to wrest control away from iOS via volume shipments and has effectively sent mobile computing back in time into the 1990s, resulting in the same malware, spyware, viruses and usability issues of Windows.
  http://appleinsider.com/articles/13/07/14/editorial-googles-android-haunted-by-s teve-jobs-warnings-on-app-signing-security
  The Department of Homeland Security considers the malware threat from Android so serious that they issued a public warning on July 23, 2013:
  http://info.publicintelligence.net/DHS-FBI-AndroidThreats.pdf

• False Positives for id=12713 version=S149

  Just started receiving numerous firings of 12713. Looks like false positives. Is anyone else observing this?
  Cisco MARS is creating the following : System Rule: DoS: Network - Success Likely
  thanks
  John Stark

  This is indeed a false positive. You can either filter out trusted hosts or create a metasignature using this signature as a component to reduce the chance of false positives.
  Tune signature 3327-6 and remove the produce alert action.
  Create a custom signature as follows:
  Engine Meta
  Component list:
  3327-6
  3328-0
  Meta-reset-interval = 2
  Severity high
  Summarize
  Met-key = Axxx – 1 unique victim
  Component-list-in order = false
  Event action: produce alert
  This signature will only fire when signatures 3327-6 and 3328-0 fire. Since 3327-6 would have no event action of its own you would not see alerts from it.
  Note that this signature does not have as high fidelity as the original 3327-6, that being said signature 3327-0 detects almost all public exploits for this vulnerability. We will note this in the NSDB.

• Problem:statement cannot be reached

  this program should compute the factorial numbers with recursion and iteration. But now,this error occurs:Fak.java [37:1] Statement not reached.
  return fak;
  ^
  1 error
  This is my program:
  import java.io.*;
  * @author ***
  * @version
  public class Fak extends Object {
  public static void main (String[] args)
  {   try{
  InputStreamReader reader=new InputStreamReader(System.in);
  BufferedReader in =new BufferedReader(reader);
  System.out.println("Gib ne zahl ein");
  String a=in.readLine();
  int n=Integer.parseInt(a);
  System.out.println("Fakult�t: "+fakultaet(n));
  }catch(IOException e){System.out.println("FEHLER");}
  static int fakultaet(int n){
  int wert=1;
  int fak=1;
  if (n>0 || n!=0)
  wert=n*fakultaet(n-1);
  for(int i=1;i<=n;i++)
  fak=fak*i;
  return wert;
  return fak;
  }return 1;

  Now I have combined it. But why throws the compiler the following error?
  Fak.java [36:1] 'else' without 'if'.<<<<<<why???
  else return 1;
  ^
  1 error
  import java.io.*;
  * @author ***
  * @version
  public class Fak extends Object {
  public static void main (String[] args)
  {   try{
  InputStreamReader reader=new InputStreamReader(System.in);
  BufferedReader in =new BufferedReader(reader);
  System.out.println("Gib ne zahl ein");
  String a=in.readLine();
  int n=Integer.parseInt(a);
  System.out.println("Fakult�t: "+fakultaet(n));
  }catch(IOException e){System.out.println("FEHLER");}
  static int fakultaet(int n){
  int wert=1;
  int fak=1;
  if (n>0 && n!=0)
  for(int i=1;i<=n;i++)
  fak=fak*i;
  fak=n*fakultaet(n-1);
  } return fak;
  else return 1;

• Microsoft Security Advisory (2757760): Vulnerabil​ity in Internet Explorer

  Vulnerability in Internet Explorer Could Allow Remote Code Execution
  Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9. Internet Explorer 10 is not affected. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability.
  A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
  On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
  Article including some suggested actions is continued here: http://technet.microsoft.com/en-us/security/adviso​ry/2757760
  Related: http://nakedsecurity.sophos.com/2012/09/17/new-ie-​zero-day-exploit-poison-ivy/
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

  The suggested setting in EMET for IE is to be protected against ALL the available exploits --- that is to say, including Mandatory ASLR as well as BottomUpASLR.   Unless you experience an issue with it [and the EMET Notifier should advise you of any problems it encounters], there's no reason to "generically" turn-off MandatoryASLR.
  Having said that, here are the common exceptions people need to be aware of:
  1) Windows Media Player users should UNcheck Mandatory ASLR for their Windows Media Player.
  2) Skype users should UNcheck EAF for their Skype.
  3) Some versions of Trusteer Rapport are having trouble with Microsoft EMET - web browsers do not open at all or open a blank, unusable window. In such case, Windows XP users should UNcheck EAF protection for each of their web browsers; and Windows Vista and 7 users should UNcheck Mandatory ASLR protection for each of their web browsers.
  4) Configuring the system setting for DEP changes a boot option for Windows. For systems using BitLocker, this will cause BitLocker to detect that “system boot information has changed” and you will be forced to enter your recovery key the next time you boot Windows. It is highly recommended that you have your recovery key ready before changing the system configuration setting for DEP on a system with BitLocker enabled.
  Windows 7 Pro SP1 (64-bit), avast! V7 Free, MBAM Pro, Windows Firewall, EMET, OpenDNS Family Shield, IE9 & Firefox (both using WOT & KeyScrambler), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS, SAS (on-demand scanner), Secunia PSI.
  [I am experimenting with Sandboxie, and believe computer-users who sandbox are acting prudently.]

• OnPlus not providing new HWEOL, SWEOL or PSIRT updates

  The Cisco HWEOL, SWEOL and PSIRT notification functions in OnPlus are currently not providing new updates.
  The Hardware End-of-Life team determines the end of use for Cisco Products OnPlus will display any related Hardware EoL notices on supported Cisco devices, with a link to the notice on the Cisco.com website.
  The Software End-of-Life team determines the end of use for Cisco IOS software versions that are related to Cisco products which run IOS. OnPlus will display any related Software EoL notices on supported Cisco devices, with a link to the notice on the Cisco.com website.
  The PSIRT team manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. OnPlus will display any related PSIRTs on supported Cisco devices, with a link to the notice on the Cisco.com website.
  These function are currently not providing new updates to those devices in OnPlus and the OnPlus engineering team is working on a resolution to the problem.
  Users can still find updated information on Cisco.com about any new Software End-of-Life and Hardware End-of-Life notices that have been issued at the website below, and can sign up for an RSS feed for information updates.
  www.cisco.com/go/eol  
  As additional information is known for the time to resolution, we will post more details. 
  Thanks,
  The OnPlus team

  We have resolved this issue and OnPlus is now providing complete lifecycle  information for new devices scanned or discovered through ON100.
  We applogize for any inconvenience.
  Thank you,
  OnPlus Team

• Galaxy Nexus 4.3 OTA Upgrade?

  It's Tuesday, 11 June 2013, and rumors continue about the much anticipated release of Google Jelly Bean 4.3 (or some variant of it). Though it didn't happen yesterday the 10th as some had expected--others now say July, an article by Robert Triggs just a few hours ago on Android Authority begs the question "Galaxy Nexus passes through Bluetooth SIG, is Android 4.3 incoming?" Apparently, a GT-I9250 (aka "Maguro": GSM/HSPA+ Galaxy Nexus variant on AT&T/T-Mobile networks) was spied being tested against Bluetooth standards, a requirement for new update releases. That, my friends, is a major step toward our beloved GNexes getting another transfusion that's slated to resolve the over-discussed problems of overheating and rapidly draining batteries. Plus, gaining a couple of new features: a new camera UI and a power-saving Bluetooth upgrade to v4.0 that most higher end devices have. To read Robert Triggs' complete article, go to " http://m.androidauthority.com/galaxy-nexus-passes-bluetooth-android-4-3-224336/ " . I'm so (steam)punked, I check my phone's System Updates in Settings every hour or so.

  With the revelation of a security vulnerability that has existed since Android 1.6, an update of some sort is due. The vulnerabilty allows for a previously signed App to be modified (assumedly maliciously) and still appear to be correctly, digitally, signed.
  There's an app to test for this:
  https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner
  Read more here:
  http://it.slashdot.org/story/13/07/11/134228/android-master-key-vulnerability-checker-now-live

• Override a method from a different Type

  Below will hopefully highlight what I want to do. I am trying to override an instance's (Mammal) super class (Animal) method, from a class (Android) that doesn't inherit from either classes.
  Would Innerclasses be ideal in this case? Or Generics? If so, can you post a simple example.
  //Animal.java
  public class Animal
      public breathe()
  //Mammal.java
  public class Mammal
      public Android android;
      public static void main(String[] args)
          android = new Android(Mammal.class);
  //Android.java
  public class Android
      public Android( Animal type )
          //here is my attempt
          @Override
          type.breathe()
  }Edited by: myIP on Feb 5, 2009 9:21 AM

  you want the following?
       public class Android
           public Android( final Animal type )
               //here is my attempt
                Animal animal = new Animal(){
                     @Override
                     public void breathe() {
                          //Your code here
                          type.breathe();
                          //Your code here
                          super.breathe();
                          //Your code here
       }

• False positive for Windows RPC DCOM Overflow id=3327 version=S188

  Hi,
  Could you take a look at the below capture to see if there is false positive at work.
  Thanks,
  Matt
  signature: description=Windows RPC DCOM Overflow id=3327 version=S188
  subsigId: 6
  sigDetails: \\\x3c400 chars>\
  interfaceGroup:
  vlan: 0
  participants:
  attacker:
  addr: locality=INTERNAL <address removed>
  port: 1914
  target:
  addr: locality=INTERNAL <address removed>
  port: 445
  context:
  fromTarget:
  000000 63 00 5F 00 66 00 73 00 2E 00 6E 00 6F 00 72 00 c._.f.s...n.o.r.
  000010 74 00 68 00 62 00 61 00 79 00 62 00 61 00 6E 00 t.h.b.a.y.b.a.n.
  000020 63 00 6F 00 72 00 70 00 2E 00 63 00 6F 00 6D 00 c.o.r.p...c.o.m.
  000030 00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 ....W.i.n.d.o.w.
  000040 73 00 20 00 35 00 2E 00 30 00 00 00 57 00 69 00 s. .5...0...W.i.
  000050 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 n.d.o.w.s. .2.0.
  000060 30 00 30 00 20 00 4C 00 41 00 4E 00 20 00 4D 00 0.0. .L.A.N. .M.
  000070 61 00 6E 00 61 00 67 00 65 00 72 00 00 00 00 00 a.n.a.g.e.r.....
  000080 00 7E FF 53 4D 42 73 00 00 00 00 98 07 C8 00 00 .~.SMBs.........
  000090 00 00 00 00 00 00 00 00 00 00 00 00 FF FE 00 48 ...............H
  0000A0 C0 3E 04 FF 00 7E 00 00 00 09 00 53 00 A1 07 30 .>...~.....S...0
  0000B0 05 A0 03 0A 01 00 57 00 69 00 6E 00 64 00 6F 00 ......W.i.n.d.o.
  0000C0 77 00 73 00 20 00 35 00 2E 00 30 00 00 00 57 00 w.s. .5...0...W.
  0000D0 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 i.n.d.o.w.s. .2.
  0000E0 30 00 30 00 30 00 20 00 4C 00 41 00 4E 00 20 00 0.0.0. .L.A.N. .
  0000F0 4D 00 61 00 6E 00 61 00 67 00 65 00 72 00 00 00 M.a.n.a.g.e.r...
  fromAttacker:
  000000 00 04 41 32 00 01 00 00 00 00 00 71 00 00 00 00 ..A2.......q....
  000010 00 D4 00 00 80 B9 00 A1 6F 30 6D A2 6B 04 69 4E ........o0m.k.iN
  000020 54 4C 4D 53 53 50 00 03 00 00 00 01 00 01 00 58 TLMSSP.........X
  000030 00 00 00 00 00 00 00 59 00 00 00 00 00 00 00 48 .......Y.......H
  000040 00 00 00 00 00 00 00 48 00 00 00 10 00 10 00 48 .......H.......H
  000050 00 00 00 10 00 10 00 59 00 00 00 15 8A 88 E2 05 .......Y........
  000060 00 93 08 00 00 00 0F 47 00 57 00 2D 00 30 00 30 .......G.W.-.0.0
  000070 00 32 00 38 00 37 00 00 46 5A 5E 7D 09 B9 25 FB .2.8.7..FZ^}..%.
  000080 EF 1F 07 DE BD 60 85 13 57 00 69 00 6E 00 64 00 .....`..W.i.n.d.
  000090 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 o.w.s. .2.0.0.0.
  0000A0 20 00 32 00 31 00 39 00 35 00 00 00 57 00 69 00 .2.1.9.5...W.i.
  0000B0 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 n.d.o.w.s. .2.0.
  0000C0 30 00 30 00 20 00 35 00 2E 00 30 00 00 00 00 00 0.0. .5...0.....
  0000D0 00 00 00 58 FF 53 4D 42 75 00 00 00 00 18 07 C8 ...X.SMBu.......
  0000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FE ................
  0000F0 00 48 00 3F 04 FF 00 58 00 08 00 01 00 2D 00 00 .H.?...X.....-..

  This is indeed a false positive. You can either filter out trusted hosts or create a metasignature using this signature as a component to reduce the chance of false positives.
  Tune signature 3327-6 and remove the produce alert action.
  Create a custom signature as follows:
  Engine Meta
  Component list:
  3327-6
  3328-0
  Meta-reset-interval = 2
  Severity high
  Summarize
  Met-key = Axxx – 1 unique victim
  Component-list-in order = false
  Event action: produce alert
  This signature will only fire when signatures 3327-6 and 3328-0 fire. Since 3327-6 would have no event action of its own you would not see alerts from it.
  Note that this signature does not have as high fidelity as the original 3327-6, that being said signature 3327-0 detects almost all public exploits for this vulnerability. We will note this in the NSDB.

• Nokia N96 in Iran

  Hi there
  Anyone knows if Nokia N96 is in Iran yet? And if so, do you guys know how much it is? I don't live in Iran right now, but my father is coming back in 3 weeks, and I want to buy that sweet phone if it is out yet ...!
  Thanks
  Kousha

  It's not available anywhere in the world, except to beta testers.
  It has not been released to the public.
  Fakes have already appeared in some countries.

• Wrong insert order MySQL and J2EE

  We have MySQL 4.0.17, mySQL Connector/J 3.0.10 and J2EE 1.3.1 installed on our server. When inserting values from a CMP Entity Bean the column order ends up alphabeticly inside mySQL.
  Here is our insert-query:
  INSERT INTO kunde (kundenr, firmaetternavn, fornavn, badresse, bpostnr, bpoststed, padresse, ppostnr, ppoststed, telefon, faks, epost) VALUES(?,?,?,?,?,?,?,?,?,?,?,?)
  Here is our kunde-table:
  Kunde(kundenr, firmaetternavn, fornavn, badresse, bpostnr, bpoststed, padresse, ppostnr, ppoststed, telefon, faks, epost)
  After a insert-query the kunde-table looks like this:
  KUNDENR FIRMAETTERNAVN FORNAVN etc.
  [badresse-value] [bpostnr-value] [bpostste-value] etc.
  [badresse-value] [bpostnr-value] [bpostste-value] etc.
  Does anyone know what could be the cause of this problem!
  Sorry for my bad english.

  I'm quite sure that our bean class is not the problem, but maybe the driver or something else. Anyway, here's the code
  HERE IS OUR BEAN CLASS:
  package no.fonnafly.oslo;
  import javax.ejb.*;
  public class KundeBean implements EntityBean
  public String kundenr;
  public String firmaetternavn;
  public String fornavn;
  public String badresse;
  public String bpostnr;
  public String bpoststed;
  public String padresse;
  public String ppostnr;
  public String ppoststed;
  public String telefon;
  public String faks;
  public String epost;
  private EntityContext ctx;
  public String getKundenr() {
  System.out.println("getKundenr()");
  return kundenr;
  public String getFirmaetternavn() {
  System.out.println("getFirmaetternavn()");
  return firmaetternavn;
  public String getFornavn() {
  System.out.println("getFornavn()");
  return fornavn;
  public String getBadresse() {
  System.out.println("getBadresse()");
  return badresse;
  public String getBpostnr() {
  System.out.println("getBpostnr()");
  return bpostnr;
  public String getBpoststed() {
  System.out.println("getBpoststed()");
  return bpoststed;
  public String getPadresse() {
  System.out.println("Padresse()");
  return padresse;
  public String getPpostnr() {
  System.out.println("getPpostnr()");
  return ppostnr;
  public String getPpoststed() {
  System.out.println("getPoststed()");
  return ppoststed;
  public String getTelefon() {
  System.out.println("getTelefon()");
  return telefon;
  public String getFaks() {
  System.out.println("getFaks()");
  return faks;
  public String getEpost() {
  System.out.println("getEpost()");
  return epost;
  public void setFirmaetternavn(String firmaetternavn){
  this.firmaetternavn = firmaetternavn;
  public void setFornavn(String fornavn) {
  this.fornavn = fornavn;
  public void setBadresse(String badresse) {
  this.badresse = badresse;
  public void setBpostnr(String bpostnr) {
  this.bpostnr = bpostnr;
  public void setBpoststed(String bpoststed) {
  this.bpoststed = bpoststed;
  public void setPadresse(String padresse) {
  this.padresse = padresse;
  public void setPpostnr(String ppostnr) {
  this.ppostnr = ppostnr;
  public void setPpoststed(String ppoststed) {
  this.ppoststed= ppoststed;
  public void setTelefon(String telefon) {
  this.telefon = telefon;
  public void setFaks(String faks) {
  this.faks = faks;
  public void setEpost(String epost) {
  this.epost = epost;
  public void ejbActivate() {
  System.out.println("ejbActivate()");
  public void ejbLoad() {
  System.out.println("ejbLoad()");
  public void ejbPassivate() {
  System.out.println("ejbPassivate()");
  public void ejbRemove() {
  System.out.println("ejbRemove()");
  public void ejbStore() {
  System.out.println("ejbStore()");
  public String ejbCreate(String kundenr, String firmaetternavn, String fornavn, String badresse, String bpostnr, String bpoststed, String padresse, String ppostnr, String ppoststed, String telefon, String faks, String epost) throws CreateException {
  System.out.println("ejbCreate()");
  this.kundenr = kundenr;
  this.firmaetternavn = firmaetternavn;
  this.fornavn = fornavn;
  this.badresse = badresse;
  this.bpostnr = bpostnr;
  this.bpoststed = bpoststed;
  this.padresse = padresse;
  this.ppostnr = ppostnr;
  this.ppoststed = ppoststed;
  this.telefon = telefon;
  this.faks = faks;
  this.epost = epost;
  System.out.println("etter ejbCreate()");
  return null;
  public void ejbPostCreate(String kundenr, String firmaetternavn, String fornavn, String badresse, String bpostnr, String bpoststed, String padresse, String ppostnr, String ppoststed, String telefon, String faks, String epost) throws CreateException {
  System.out.println("ejbPostCreate()");
  public void setEntityContext(EntityContext entityContext) {
  System.out.println("setEntityContext()");
  ctx = entityContext;
  public void unsetEntityContext() {
  System.out.println("unsetEntityContext()");
  ctx = null;
  OUR REMOTE INTERFACE:
  package no.fonnafly.oslo;
  import java.rmi.*;
  import javax.ejb.*;
  public interface Kunde extends EJBObject
  public void setFirmaetternavn(String firmaetternavn) throws RemoteException;
  public void setFornavn(String fornavn) throws RemoteException;
  public void setBadresse(String badresse) throws RemoteException;
  public void setBpostnr(String bpostnr) throws RemoteException;
  public void setBpoststed(String bpoststed) throws RemoteException;
  public void setPadresse(String padresse) throws RemoteException;
  public void setPpostnr(String ppostnr) throws RemoteException;
  public void setPpoststed(String ppoststed) throws RemoteException;
  public void setTelefon(String telefon) throws RemoteException;
  public void setEpost(String epost) throws RemoteException;
  public void setFaks(String faks) throws RemoteException;
  public String getKundenr() throws RemoteException;
  public String getFirmaetternavn() throws RemoteException;
  public String getFornavn() throws RemoteException;
  public String getBadresse() throws RemoteException;
  public String getBpostnr() throws RemoteException;
  public String getBpoststed() throws RemoteException;
  public String getPadresse() throws RemoteException;
  public String getPpostnr() throws RemoteException;
  public String getPpoststed() throws RemoteException;
  public String getTelefon() throws RemoteException;
  public String getEpost() throws RemoteException;
  public String getFaks() throws RemoteException;
  OUR HOME-INTERFACE:
  package no.fonnafly.oslo;
  import java.rmi.*;
  import javax.ejb.*;
  import java.util.*;
  public interface KundeHome extends EJBHome
  public Kunde create(String kundenr, String firmaetternavn, String fornavn, String badresse, String bpostnr, String bpoststed, String padresse, String ppostnr, String ppoststed, String telefon, String faks, String epost) throws RemoteException, CreateException;
  public Kunde findByPrimaryKey(String kundenr) throws RemoteException, FinderException;
  public Collection findAll() throws RemoteException, FinderException;
  public Kunde findByFirmaetternavn(String firmaEtternavn) throws RemoteException, FinderException;
  public Kunde findByFornavn(String fornavn) throws RemoteException, FinderException;

• Android 4.1.1 and New Bug (OpenSSL Vulnerability)

  I have updated my device to 4.1.1 recently which seems is the only version of android that would be affected by this bug.
  http://www.bloomberg.com/news/2014-04-11/millions-of-android-devices-vulnerable-to-heartbleed-bug.ht...
  Is there another update for my device to fix it?

  Hi SonyTab,
  Please provide us the exact model name of your unit so we can check the specifications and provide accurate solutions. You can use this guide to determine the exact model name. Thanks!

• Fake ID Security Vulnerability

  Another serious security issue has been found in all Android versions, called "Fake ID". It allows a malicious app to gain additional rights up to root, and it is present on the Toshiba Excite Pro. 
  Given the lack of response from Toshiba for the previous security issue that is still open, I assume that this one will remain unaddressed, too. 
  I have to say that I am flabbergasted by this blase attitude towards customers (call it stonewalling if you like). We paid good money for this tablet, and I think we are entitled to security updates for a reasonable period (2 years?). 

  Hi Mr Puddington, completely agree with you here re this and your other points. I was under the impression that android products had to be software supported for 18 months minimum from date of release. Also, the heartbleed issue, this latest security exploit and the complete and utter disrespect, lack of interest and ambivilence by Toshiba to their customers is frankly staggering and hugely disappointing.
  Awesome hardware on this item (I have the "write" model) but no matter how good the next gen' is, this will be my last Toshiba product (laptop / tablet / TV etc) due the complete disregard displayed here. To illustrate this, have a look through all the posts and try to find when a Toshiba "support representative" answered one single question regarding 4.4 updates.
  Hey ho, lesson learned, I hope none of us are affected by the security expolits found recently and earlier.
  IF... anyone at Toshiba is reading this dusty old "support" forum, this is a prime example of how to devastate your customer base. Can never get my head around this kind of thing. Spend huge amounts of R & D resource on developing a fantastic product, launch it to great reviews and then lose any future loyalty by abandoning those who put their wallets and trust in you! Madness and I hope you get what you deserve because of it.
  TOSHIBA - Any response... At all? Not holding my breath but would LOVE you to prove me wrong on all my points here.