I wanted to share a strange thing that happened today. I know a while back Google filed a patent that implied they wanted to advertise based on the "background content" of your phone calls, but today I got a call on my Google Voice number that was forwarded to my mobile. During the course of the conversation I recommended my friend contact his attorney. I said it twice during the course of the conversation. Now, a couple of hours later  I'm seeing all sorts of Google ads for local lawyers in places where I usually see targeted ads (specifically, Cracked.com, a website that I visit regularly that seems to always have ads for things from my last Newegg or Thinkgeek search on every article, but also other instances of Google adwords ads around the web.). I haven't done any searches for lawyers, composed or recieved any emails about attorneys, This leads me to believe they are absolutely using keywords from my conversation target ads. I can't find anything in the Google Voice TOS or Privacy Policy that says that I am agreeing to them doing this. I'm pretty sure I agreed that they could do this with the content of my voicemails so I could have them automatically transcribed, but certainly not answered calls. 

     A while ago I created an app meant as a source code example of adding messages to the Android default SMS Content Provider.  Today I finally got around to publishing the app up on Google Play and GitHub. Click Here or SMS History Faker on the navigation menu for the main app page. 

    The app itself will let you add messages you never sent, or never recieved to your own message history. There are plenty of prank / dishonest uses for that kind of functionality, so please use responsibly :-p.

 Made a bunch of UI and usability updates in the last few versions. Haven't had time to post the updates.

 This isn't really related to anything normally on my site, but if you're an Afternic customer, you should change your password as soon as possible. Before the website went down for a little while just now to a " / is Forbidden" message, I got the error message pasted at the bottom.  

For those of you who don't know what that gibberish means, there are a few things going on that tell me that their security is severely lacking.
 
First, they are connecting to their SQL server from their web site application as "admin." It could be a dummy account, but it could be their actual MySQL admin account. This is extremely bad practice. Any successful SQL Injection attack against their web server would be running SQL as the administrator account. 

Second, the admin password was in cleartext in the error message. I'm sure I'm not the only one who saw this. I've removed it from the paste, but the best I can figure their SQL Admin password is now out in the wild. You can't just get to their SQL server, as resolves to an internal IP, but a successful attack on their web server would give you access. Hopefully their downtime right now is a technical glitch, and they're not being attacked. 

Third, their PHP Configuration is set to show full errors out to remote users, which is what allowed me to see their admin password in the first place. This will let you see the next password if they change it to a more restricted user if they have the same problem.
I've emailed them, I'll update here if I get a response. 
 

Error: mysql_connect(): Can't connect to MySQL server on 'devandb1.buydomains.com' (110)
Code: 256 | Severity: 2 | File: /etc/helium/system/core/DB.php | Line: 108

#0 [internal function]: Helium\exception_error_handler(2, 'mysql_connect()...', '/etc/helium/sys...', 108, Array)
#1 /etc/helium/system/core/DB.php(108): mysql_connect('devandb1.buydom...', 'admin', 'THEIRSQLADMINPASSWORD!!!')#2 /etc/helium/system/core/DB.php(87): Helium\DB->bridge('devandb1.buydom...', 'admin', 'THEIRSQLADMINPASSWORD!!!')
#3 /etc/helium/system/core/DB.php(62): Helium\DB->point('master', false)
#4 /etc/helium/system/core/DB.php(19): Helium\DB->connect('master')
#5 /etc/helium/system/load.php(82): Helium\DB->__construct()
#6 /var/www/BuyDomains/html/index.php(23): require_once('/etc/helium/sys...')
#7 {main}

I'm updating the price of SMS Assistant Pro down to $0.99 USD for the next week to celebrate!

 Been sick the last couple days so I've been taking the opportunity to tinker with the SMS Assistant code a little bit. I added Portuguese translations at the request of a user from Brazil, and tweaked the Options menu on the main screen today. 

I made a small change to the AutoForward function so that you can decide not to add the outgoing forwarded messages to the phone's SMS history.  This is done at the individual AutoForward Rule level, so you can add some messages to the history, but not others. 

     A user reported that the app was not automatically replying or forwarding messages as it should. After hours of troubleshooting it turned out that code designed to make sure that Replies and Forwards were not looping in the phone was preventing AutoReplies and AutoForwards from being sent in situations where the application is unable to pull the phone's number from Android. 

I've added documentation on how to use the DefendSMS SMS Blocking feature for SMS Assistant Pro / Free. You can view it by clicking SMS Assistant Pro to the right, or Click Here.