the blog of a bear

this is where a bear will post stuff.

Freedom Scientific

and again, GWMicro prooves why their the superior company over freedom screw you over.

by 4 Comments

So after krista’s
computer kurFuckle
we’re to the point where now we have to get it upgraded, and back to spec for use during the next school semester and beyond.
This includes upgrading the OS, swappping out sticks of ram, etc.
I decide most of the software stuff can be done remotely.
We both have window-eyes, so we decide, let’s use remote assistance via wineyes.
Great, in theory.
Practically. not really.
Things seemed to work, but apparently not all the way.
I couldn’t get control of the remmote computer, so dial up
GWMicro
technical support and play 20 questions.
It’s near the end of their business day, so they give me a suggestion to try, and to call back if it doesn’t work.
This is, to forward port 3389 thrrough any router/firewall present.
I did that, on my machine, and on Krista’s.
Things still don’t work.
I redial support at GWMicro, and explain the entire situation to today’s representative.
He tells me that this knew feature is buggy, and sometimes doesn’t work do to a bunch of inharrent nat issues, etc.
I ask if it’s being worked on.
I was told, it’s not on the todo list, it’s in *active* constant development, and the issue is being worked on as we speak.
He couldn’t give me an ETA for resolution, but it if not in the next hotfix, it’ll be in the next major upgrade.
If this issue had been told to
Freedom scientific?
I’d have been blown off and the bug would go unresolved, just like the hundreds of other bugs that have been present since their murger.
They add knew features, and the hell with bugs.
So, GWMicro 1. Freedom screw you over, 0.

and freedom scientific makes a goddamn fool out of me and james.

by 3 Comments

Their are times when I sit back and go

why the hell didn’t I think of that?

Short version, my computer decided that not reading in windows explorer would be cool and stalling more then a 1912 ford would be nifty.
So I decided to blame freedom scientific and ring them up and scream at a few people.
We do the basic troubleshooting and figure out, ok, it’s not the video mirror driver, so the tech goes, let me tandum in.
We dig around, bounce a few oh shit ideas around, he goes, what’s this do. He hits alt+p. this disables the preview pane in windows 7, and holy shit all my problems go away.
Yes I know, me and
james
fail at the whole tech thing, this time.
Better luck next time. I suppose.

a note to freedom scientific, primus, and windows mobile.

by Leave a Comment

Since I’m lazy, have the following small notes to three companies, crammed into one post, and in list format.

  1. Freedom scientific
    it’s good practice not to break your access to windows mobile applications right after an upgrade.
  2. Windows mobile:
    When your told to send mail on an alternate port, actually doing it, without throwing 7 types of fits, would rule to.
  3. primus
    This blocking of port 25 is not cool, kindly quit it.

With no love, the other geek in this apartment.
Refer to
this
for james view on this same thing.

Is freedom scientific finally losing their touch?

by 2 Comments

Hello fellow blog readers
It’s been awhile since I posted something of major substance to the blind community here.
On
this blog
We have some very interesting posts to reference.
I’m going to post each of them below, exactly as posted, and I’ll follow each one of them up with my comments.
The first one is entitled

Critical security flaw in JAWS

and was posted on october 16, 2009.

Critical security flaw in JAWS
October 16, 2009 by Tyler Spivey
I have found a critical security flaw in the JAWS Screen reader that allows an attacker to gain full system-level access to
the machine. I have tested this on 32-bit Windows Vista
with JAWS 10.0.1154 and 32-bit Windows 7 with JAWS 11.0.611 Beta.
Instructions:
1. From the Windows logon screen with JAWS running, press insert+f2. Run JAWS Manager will appear.
2. Select Settings Packager, and press ok. Settings Packager will open.
3. From Settings Packager, go to File menu > Open, or press ctrl+o.
4. In the open dialog, type “%windir%\system32\*.exe” into the file name field (without the quotes) and press enter.
5. In the list of files, find cmd. Right click on it, or press the applications key and select Run as Administrator.
A system-level command prompt should open. To get out of it, type exit and press enter, then close the Settings Packager.

my comments on this one
Note that this was during the last public beta build of jaws 11, build 611. I was able to varrify this issue with this build of jaws on all machines I have access to. After build 729 the final release to the public on DVD version of jaws came out on october 19 2009, tyler reported in his next post, see below, had been fixed. but as this next will show, this problem still exists using a different set of varrifiable instructions.
The next post entitled

JAWS security flaw, round 2

has this to say.

JAWS security flaw, round 2
October 19, 2009 by Tyler Spivey
In my First Post, I described a security vulnerability that allowed local users to gain system-level access to a machine. A quick test with JAWS 11.0.729, the release build of JAWS 11, reveals that it is fixed. Here is a slightly different set of instructions that will do the same thing.
1. From the login screen, press insert+j, and navigate to utilities/configuration manager.
2. When configuration manager opens, press control+o.
3. press the Import button. The open dialog will appear.
4. On my Windows 7 test machine, I got an error box that can safely be dismissed. Once done, type %windir%\system32\*.exe into the open dialog.
5. find cmd in the list, and press the applications key on it. Select Run as administrator if it appears. If not, keep following these steps.
6. From cmd’s context menu, pick select. answer no to the question asking you to overwrite settings files, if it comes up.
7. press import, and pick cmd from the list again. Activate the context menu, and select Run as administrator.
If done correctly, you should have an administrative command prompt

I took that set of instructions and again tested them on as many systems as possible, and low and behold, I received an administrative command prompt.
But the ensanity doesn’t end there.
On the same day, this post

Gathering passwords with the JAWS builtin keylogger

hit his blog.
The text is below.

Gathering passwords with the JAWS builtin keylogger
October 19, 2009 by Tyler Spivey
JAWS so helpfully contains a built-in script that logs all keys pressed on the keyboard. This method has a better chance of working on XP than the others. You must have a user account on the machine to make this work.
1. Open Keyboard manager, and open the default file. Add a key to the “ToggleKeyboardLogging” script.
2. Once done, log out of the machine. Your profile will still be loaded. Press that key. The only thing JAWS will say is “enabled”. Log into the machine, then open keystrokes.log in your jaws program directory. all keys pressed will be there, from the last time the script was enabled

At the time of writing, do to my keyboard manager acting up, I have not been able to test this particular vulnerability relating to the keylogger.
At the time this went to press, Freedom scientific LLC,
http://www.freedomscientific.com
was closed.
But the following e-mail was dispatched to both the support and info addresses.

subject: freedom scientific’s response to the security wholes found in jaws 11?
To whom this may concern,
I am writing this message in reference to three blog posts available at:
http://tspivey.wordpress.com/
and who’s text and my comments were placed on my own blog at
http://stickbear.me/blog
To summarize these posts, it was discovered that not only can system level access to the computer be gained using your software, but your program includes a hidden keylogger that isn’t even documented that logs all keystrokes entered and can gain sensative information from a users computer?
These keys hense are logged to keystrokes.log.
I would like to ask, what is freedom scientifics stand on these issues, and is freedom scientific willing to comment publicly for airing on ACBRadio’s main menu and in other public venues regarding these security wholes?
I Thank you for your time.
Sincerely,
Shane Davidson

We shall see what comes of this.
until then.
piece yall.

my take on this whole thing about freedom scientific.

by 1 Comment

I don’t post on this blog much because i have my own, but I have a profile here so i can comment and not get spammed.
I asked shane to update my level to author, so I can post this.
If you read my previous comments on the previous posts on this blog, you’ll know my views, so I won’t bore you with those details, but here is a message, and it’s headers that prooves shane’s header theory and that the headers that he posted did indeed come from freedom scientific!
First the headers:

Return-Path:
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from partners.FreedomScientific.com (partners.freedomscientific.com [66.77.170.196])
by spaceymail-mx1.g.dreamhost.com (Postfix) with ESMTP id 5DF20CE779
for ; Thu, 4 Sep 2008 08:44:08 -0700 (PDT)
X-MimeOLE: Produced By Microsoft Exchange V6.5.7235.2
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset=”us-ascii”
Content-Transfer-Encoding: quoted-printable
Subject: RE: ILM Activation Reset Requests
Date: Thu, 4 Sep 2008 11:43:25 -0400
Message-ID:
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: RE: ILM Activation Reset Requests
Thread-Index: AckOF0/pm7Ri/KzZTrys4idaqymQHQAdspxAAAQ6IXAAAKTGsAAAfb7AAAAe/GA=
X-Priority: 1
Priority: Urgent
Importance: high
From: “Bryan Carver”
To:

so, to Mr. Damery and the rest of you losers at freedom fuck me over, please, play again. the headers shane did post were accurate and valid, so ha!
Let’s move on to the e-mail message itself

—– Original Message —–
From: “Bryan Carver”
To: “monty icenogle”
Sent: Thursday, September 04, 2008 8:43 AM
Subject: RE: ILM Activation Reset Requests
Hello Monty, Thank you for your e-mail. Since it has been 9 months since your last reset request, I have reset your activations back to 3. I did notice that for the first few years, you had an unusually high number of resets, so I am glad to see that whatever technical issues you had that caused so many resets has been resolved. If you again start experiencing such technical issues again that require a large number of resets, please do not hesitate to give our tech support line a call at:
727-803-8600
Monday through Friday from 8:30 AM to 7:00 PM Eastern time.
Regards,
Bryan Carver Director of Technical Support Freedom Scientific Inc.
Phone: 800-444-4443 Extension: 1062 E-Mail: [email protected]
—–Original Message—– From: [email protected] [mailto:[email protected]] Sent: Wednesday, September 03, 2008 6:50 PM To: activate Subject: ILM Activation Reset Request Importance: High
Subject = ILM Activation Reset Request
==========
* * * Contact Information
Serial or Auth Number partial = 59243 Registered User Name = Monty Icenogle Registered User Email = [email protected]

Let’s take that e-mail one chunk at a time.
He first states:

Hello Monty, Thank you for your e-mail. Since it has been 9 months since your last reset request, I have reset your activations back to 3.

wait a second, why should it matter how long it’s been since my last activation, I own the product, and should be able to do whatever I want with it!
Ok, so then he says:

I did notice that for the first few years, you had an unusually high number of resets, so I am glad to see that whatever technical issues you had that caused so many resets has been resolved.

Technical issues? um, no, hardware changes, system reloads, among other things that commonly plague computer users caused me to have a high number of activations!
Let’s see, does freedom scientific expect me to never have to upgrade? never have to reload my system? come on!
I liked the old days where you could sticka floppy in the drive, and move said authorization back to the floppy!
Why don’t they allow us to put ILM activations back?
would that not prevent high numbers of reactivations and reset requests?
If I want to upgrade my computer, I’m gonna certainly do it and I won’t think twice about it.

    Ok, my rant is over so comment away!

Freedom scientific responds to my april 11th post and my opinion on their response and my response to them

by 4 Comments

***note*** This post is based on factual information, and also will contain my opinion on the matters listed herein ***end note***
hello my faithful readers,
after:
This post
was posted on April 11th, 2009 I received a phone call on April 14th, 2009 from Eric Damery Vice president of blindness software products at freedom scientific stating that, no, Mr. Bryan carver did not send the message posted in that post, and can I please take it down because I was being spoofed by someone.
After receiving that call, I sent the following headers to Mr. Damery that show that indeed Mr. Carver did send this message that was in the post referenced above:

>
Delivered-To: [email protected]
Received: by 10.103.223.18 with SMTP id a18cs371379mur;
Wed, 7 Apr 2009 10:42:26 -0800 (PST)
Received: by 10.229.89.146 with SMTP id e18mr3676622qcm.23.1234299018989;
Wed, 7 Apr 2009 10:42:18 -0800 (PST)
Return-Path:
Received: from partners.FreedomScientific.com (partners.freedomscientific.com [66.77.170.196])
by mx.google.com with ESMTP id 9si2359251qyk.56.2009.02.10.12.50.17;
Wed, 7 Apr 2009 10:42:18 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 66.77.170.196 as permitted sender) client-ip=66.77.170.196;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 66.77.170.196 as permitted sender) [email protected]
X-MimeOLE: Produced By Microsoft Exchange V6.5.7235.2
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”—-_=_NextPart_001_01C98BC1.2EB5F266″
Subject: your jaws license .
Date: Wed, 7 Apr 2009 10:42:18 -0500
Message-ID:
From: “Bryan Carver”
To: “Shane Davidson”

He calls me back and still tells me that Mr. Carver did not send this message, their are inconsistancies in capatilizations of the signature, this isn’t how his signature looks, on and on and on and on it goes and he is still insisting I remove the post.
Dear faithful reader, you’ve seen the headers, and those with an incling of technical knowledge know just as well as I do that headers, can not be faked unless you really really know what your doing.
I am stating here and now, that in my *opinion* freedom scientific is scared, they don’t want to here the customers opinion because it gives them bad PR, but I’m sorry to say, I will continue to state my opinion, and post the facts as I see it, because I don’t work for them, and I’ll gladly use the compitition and tell you exactly what I think of your products, weather you like it or not.
So I *will* not remove the post, the post remains as is.
I have a right to post the facts as I see it and I am excersising that right as a canadian citizen and as a consumer and freedom scientific will have to deal with it.
Now, if I receive an official seese and desist letter telling me to do something about it, I may or may not, we’ll just have to see when that time arrives.
Thank you all for reading and have a great night and I look forward to your comments on this ever expanding issue.

Freedom Scientific Responds To: "Another Satisfied Freedom Scientific Customer, NOT!!! (Revised March 26, 2009)"

by 4 Comments

the drama continues.
from:
the blog of denise
We have this:

The following conversation occurred on February 9, 2009 via internet between 12:00PM and 1:00PM:
poohbear, and the day’s bullshit mounts! can this day get any worse? Wait, don’t answer that.
fredom needs their nuts chopped off with a god damnknife.
Wil: Living On The Edge Radio Is Live! http://www.livingontheedgeradio.com!
Hmmm.
poohbear, and the day’s bullshit mounts! can this day get any worse? Wait, don’t answer that.
how the flying fuck do you screw up a shipping label that badly to where it gets shipped to the wrong god damn city!
we’ll cut the nuts off, reattach them with glue and then do it all over again
Wil: Living On The Edge Radio Is Live! http://www.livingontheedgeradio.com!
Hmmm.
poohbear, and the day’s bullshit mounts! can this day get any worse? Wait, don’t answer that.
they were *supposed* to send me a dongle, oh, it got sent all right, but someone fucked up really bad and it got shipped to the wrong mother fucking city!
Wil: Living On The Edge Radio Is Live! http://www.livingontheedgeradio.com!
Hmmm.
poohbear, and the day’s bullshit mounts! can this day get any worse? Wait, don’t answer that.
according to freedom they have all the right information on file, and I varrified it like 12 fucking times with bryan carter the director of the incompitents in the office of technical retardedness. so I told him he’d better start getting me answers or I’ll raise more hell then his ass could handle in one day.
everything was entered correctly, so I made him check every god damn system and do it thoroughly and to not call me back unless he had something substantial to tell me
Wil: Living On The Edge Radio Is Live! http://www.livingontheedgeradio.com!
Hmmm.
poohbear, and the day’s bullshit mounts! can this day get any worse? Wait, don’t answer that.
oh he hasn’t seen the worst of it yet, I’m just getting fucking started, and I don’t work for them so I can write whatever the fuck I want and write it whereverI want and say what I want and nobody can say shit about it!
Wil: Living On The Edge Radio Is Live! http://www.livingontheedgeradio.com!
So can my wife, Denise!
poohbear, and the day’s bullshit mounts! can this day get any worse? Wait, don’t answer that.
wooooot! wait, so can you because you don’t work for them no more, neener neener neener fucking neener!
Wil: Living On The Edge Radio Is Live! http://www.livingontheedgeradio.com!
Not for close to another year, but Denise isn’t bound by them and their contract.
poohbear, and the day’s bullshit mounts! can this day get any worse? Wait, don’t answer that.
lolls! but I can come on living on the edge and bitc, wait won’t that step on their little biddy egos? aw’w’w’w I’m so tarrified! not
Wil: Living On The Edge Radio Is Live! http://www.livingontheedgeradio.com!
Hmmm.
poohbear, and the day’s bullshit mounts! can this day get any worse? Wait, don’t answer that.
heheehhehehehehehehehehehehehehehehehehehehe wwooooot!
I don’t have denise on my msn anymore, what the fuck!
Wil: Living On The Edge Radio Is Live! http://www.livingontheedgeradio.com!
Add [email protected] to your messenger.
poohbear, and the day’s bullshit mounts! can this day get any worse? Wait, don’t answer that.
how fucking long does it take to check a shipping label machine you stupid incompitent morons!
Wil: Living On The Edge Radio Is Live! http://www.livingontheedgeradio.com!
Hmmm.
poohbear, and the day’s bullshit mounts! can this day get any worse? Wait, don’t answer that.
damn straight, now we all understand why when I get the chanse I’m dropping $695 on wineyes and blowing the shark to hell
Wil: Living On The Edge Radio Is Live! http://www.livingontheedgeradio.com!
Hmmm.
poohbear, and the day’s bullshit mounts! can this day get any worse? Wait, don’t answer that.
fucking right! woooot!

Bryan Carver, the Director of Freedom Scientific Technical Support, responded with the following:

from: Bryan Carver
to: “Shane Davidson”
sent: Wednesday April 7, 2009 10:42AM
Subject: your jaws license .
Shane,
Your jaws license has been suspended pending review.
You made some comments on
http://www.wilanddenise.com/jobina/
That in my opinion are uncalled for, and make it seem that you wish to discredit the company I work for. You also said you’d give me hell because I fucked up?
What right do you have to make these statements when I went out of my way to help you resolve the issue in the first place.
I didn’t have to give you a dongle for free, and I didn’t have to ship a second one when the firstone was lost.
I ask you to retract your statements as listed, or face legal action for undo hardship and defimation of character.
Regards,
Bryan Carver
Director of Technical Support
Freedom Scientific Inc.
Phone: 800-444-4443
Extension: 1062
E-Mail: [email protected]

All this tells me is that freedom sscientific is scared of their customers who pay over a grand for their products speaking their minds in a public setting.
What surprises me is that I received this in an e-mail and not in a seese and desist letter, witch I expect to be receiving shortly with a nice little notice card from the mailman to ride the heal toe express to the nearist postal outlet to pick it up.
I find this one funny as well. Freedom scientific were the ones to initially suggest that I get a dongle to begin with because of the amount of resetting that happened, and my authorization number getting flagged. I found this out when they called me one day after I submitted the reset request form after yet again changing hardware that made the authorization not work, I was informed that the authorization couldn’t be reset because of it being flagged.
Who called me? you guessed it, Mr. Carver himself.
I asked him for alternate methods, he suggested a dongle, and the rest, well, is in this post.
Ladies and gentlemen, that is, yet another, happy, and satisfied freedom scientific customer, not!