How to Disable Weak SSL Protocols and Ciphers in IIS

March 17th, 2011 Wayne Zimmerman

I recently undertook the process of moving websites to different servers here at work. This required that university networking group scan the new webserver with a tool called Nessus. Unfortunately this turned up several errors, all of them had to do with Secure Sockets Layer or SSL which in Microsoft Windows Server 2003 / Internet Information Server 6 out of the box support both unsecure protocols and cipher suites. These problems would have to be solved before they would allow the new server though the firewalls. The report they university sent me was generated by Nessus generated errors like this:

?View Code TXT
SSL Version 2 (v2) Protocol Detection
 
Synopsis :
 
The remote service encrypts traffic using a protocol with known
weaknesses.
 
Description :
 
The remote service accepts connections encrypted using SSL 2.0, which
reportedly suffers from several cryptographic flaws and has been
deprecated for several years. An attacker may be able to exploit
these issues to conduct man-in-the-middle attacks or decrypt
communications between the affected service and clients.
 
See also :
 
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.linux4beginners.info/node/disable-sslv2
 
Solution :
 
Consult the application's documentation to disable SSL 2.0 and use SSL
3.0 or TLS 1.0 instead.
 
Risk factor :
 
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
 
Nessus ID : 20007
----------------------------------------------------------
SSL Medium Strength Cipher Suites Supported
 
Synopsis :
 
The remote service supports the use of medium strength SSL ciphers.
 
Description :
 
The remote host supports the use of SSL ciphers that offer medium
strength encryption, which we currently regard as those with key
lengths at least 56 bits and less than 112 bits.
 
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
 
Solution :
 
Reconfigure the affected application if possible to avoid use of
medium strength ciphers.
 
Risk factor :
 
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
 
Plugin output :
 
Here are the medium strength SSL ciphers supported by the remote server :
 
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv2
DES-CBC-MD5 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
SSLv3
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
TLSv1
EXP1024-DES-CBC-SHA Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export
EXP1024-RC4-SHA Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
 
The fields above are :
 
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
 
Nessus ID : 42873
--------------------------------------------------------------------
SSL Weak Cipher Suites Supported
 
Synopsis :
 
The remote service supports the use of weak SSL ciphers.
 
Description :
 
The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all.
 
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
 
See also :
 
http://www.openssl.org/docs/apps/ciphers.html
 
Solution :
 
Reconfigure the affected application if possible to avoid use of weak
ciphers.
 
Risk factor :
 
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
 
Plugin output :
 
Here is the list of weak SSL ciphers supported by the remote server :
 
Low Strength Ciphers (< 56-bit key)
SSLv2
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
SSLv3
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
 
The fields above are :
 
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
 
Other references : CWE:327, CWE:326, CWE:753, CWE:803, CWE:720
 
Nessus ID : 26928
-----------------------------------------------------------------

These three error messages pretty much mean that you need to turn off SSL 2.0 due to exploits that were found after the standard was created. You need to turn off any encryption suites lower than 128bits. The third error message says we need to turn off anything for less than 56bits, but this will be accomplished by turning of anything less than 128bits. Basically your are modifying the settings that restrict the use of specific protocols and ciphers that are used by the schannel.dll. More detailed information can be found at Micorsoft’s KB187498 or KB245030

How do we do this?

Disabling SSL 2.0 on IIS 6

  1. Open up “regedit” from the command line
  2. Browse to the following key:
    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
  3. Create a new REG_DWORD called “Enabled” and set the value to 0
  4. You will need to restart the computer for this change to take effect. (you can wait on this if you also need to disable the ciphers)

Disable unsecure encryption ciphers less than 128bit

  1. Open up “regedit” from the command line
  2. Browse to the following key:
    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56
  3. Create a new REG_DWORD called “Enabled” and set the value to 0
  4. Browse to the following key:
    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128
  5. Create a new REG_DWORD called “Enabled” and set the value to 0
  6. Browse to the following key:
    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128
  7. Create a new REG_DWORD called “Enabled” and set the value to 0
  8. Browse to the following key:
    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128
  9. Create a new REG_DWORD called “Enabled” and set the value to 0
  10. You will need to restart the computer for this change to take effect.

How to verify the changes?

Now that you have made these changes how can you be sure that they have taken place without having to go to your boss or higher authority just to find that you did them wrong. Well I found a nice tool called SSL-SCAN which you can download at http://code.google.com/p/sslscan-win/ for the Windows port or you can download an compile for your favorite operating system at the original project SSL-SCAN site http://sourceforge.net/projects/sslscan/. This tool provides some great detail about what is allows and not allows plus some analysis of the SSL certificate itself.

Below the screen shot shows that we have disabled any ciphers that attempt to use the SSL 2.0 protocol and we’ve disabled all ciphers that less than 128bit.

Death of the Zune

March 15th, 2011 Wayne Zimmerman

It’s sad to hear that the only major competitor to Apple’s Ipod is pulling out of the game. I am all about more competition within product market, but this section of the market being replaced by faster, larger smartphones. And you don’t have to be a genius to begin to wonder how much longer Apple will continue to make Ipods. Microsoft’s Zune was late to the party but I found that I was much happier using it than having to deal with iTunes and paying the standard Apple Tax. I wonder what use I can find for my old Zune 30 considering I just purchased the new Motorola Atrix which can hold all the music I need plus stream some over the cell network. Thanks for all the good times Zune.

Acer Aspire 1410 Hulu YouTube HD Playback Review

March 10th, 2010 Wayne Zimmerman

Just this week I purchased a new Acer Aspire 1410-2990 and while researching this “netbook” I never could get a definite answer on if it would be able to handle this type of demanding Flash video that I would love to be able to view in a hotel when I travel. The answer is Yes it can handle almost all of it. Check out the results below for detail.

Hulu Testing

  • Hulu 360p Windowed: Plays Perfect
  • Hulu 480p Windowed: Plays Perfect
  • Hulu 360p Full-Screen: Plays Perfect
  • Hulu 480p Full-Screen: Plays Well (depends on video)

This test was conducted using The Office – Delivery, part 1 which played well but had a few dropped frames in fast motion scene at 480p full screen. I also played a few Family Guy episodes 480p which looked perfect but this is probably not a very intensive video because it lacks lots of fast motions and many colors. I also played an American Greed episode which played perfectly. Please note that the Family Guy episode and American Greed are standard format where as The Office is in wide screen.

YouTube Testing

  • YouTube 360p Full-Screen: Plays Perfect
  • YouTube 480p Full-Screen: Plays Perfect
  • YouTube 720p Full-Screen: Plays Perfect
  • YouTube 1080p Full-Screen: Slideshow

This test was preformed with OK GO’s new This Too Shall Not Pass (Rube Goldberg Machine) music video.

These test was performed with out of the box driver set and Mozilla Firefox 3.6 and Adobe Flash 10.0.45.2 running on Microsoft Windows 7 Home Premium on battery with power plan set to “Balanced” over WiFi.

Specifications

  • 1.2GHz Intel Celeron SU2300 Processor (Dual-Core / 1MB Cache)
  • 2GB DDR2 667MHz Memory
  • 250GB SATA Hard Drive
  • 802.11a/b/g/Draft-N Wifi Connectivity
  • 11.6″ HD WXGA Acer CrystalBrite LED-backlit Display
  • Intel GMA 4500MHD Graphics
  • Windows 7 Home Premium
  • Up to 6 Hours of Battery Life

Models

  • Acer Aspire AS1410-2706 Ruby Red
  • Acer Aspire AS1410-2990 Sapphire Blue
  • Acer Aspire AS1410-2920 Diamond Black

Please notice that there are other 1410 models that have either a Core 2 Solo SU3500 or a Celeron M 743 both of which are single core processors that on most benchmarks I’ve seen don’t perform as well as the Celeron SU2300. These processor are slightly faster in clock speed and may have larger caches, but I don’t believe that overcomes the true dual cores advantage that exist in the SU2300. Don’t let the Celeron name scare you this is much faster than those Atom based netbooks.

How to export MySQL database to MSSQL using phpMyAdmin

March 5th, 2010 Wayne Zimmerman

Using phpMyAdmin to export data has always been very useful to me, however I found when trying to run the SQL scripts it generates for Microsoft SQL server I found that there is a variety of incompatibilities. This is further compounded by the Microsoft SQL Management Studio that is a much improvement over the previous Enterprise Manager however it seems to fair badly when trying to do bulk inserts. I ran into many out of memory issues when trying to execute large SQL scripts over 25 megabytes. I also tried using the sqlcmd to try to have it directly process the files but it also ran into memory issues. I choose to use SQL scripts rather because this makes it easy to get back to the original database if needed.

phpMyAdmin Export Config

Exporting from phpMyAdmin
Select your database and then go to the Export tab. You will need to change the following options to have it export SQL file that is mostly compatible with MSSQL.

  • Change the export type to SQL
  • Under Options – Uncheck Comments, Change the SQL compatibility mode to MSSQL
  • Under Structure – Uncheck Add IF NOT EXISTS, ADD AUTO_INCREMENT value, Enclose table and field names with backquotes
  • Under Data – Uncheck Extended inserts

These options will ensure that the INSERT lines will be valid when importing.

Data Structure / Table Definitions
phpMyAdmin does not intemperate data definitions to be compatible. So you have to options here, use Microsoft Management Studio to create your tables or modify the SQL script to be compatible. Here are is an example of a definition that I fixed and what I did.

phpMyAdmin export Microsoft SQL Compatible
CREATE TABLE transactions (
id int(11) NOT NULL,
medmgrid float NOT NULL,
medmgridpri int(11) NOT NULL,
medmgridsub int(11) NOT NULL,
“date” date NOT NULL,
department int(11) DEFAULT NULL,
“type” text NOT NULL,
detail text,
doctor int(11) DEFAULT NULL,
“procedure” text,
description text,
reference_date date DEFAULT NULL,
diagnosis text,
unit float DEFAULT NULL,
amount float DEFAULT NULL,
total float NOT NULL,
PRIMARY KEY (id)
);		 CREATE TABLE transactions (
id int IDENTITY(1,1)PRIMARY KEY,
medmgrid float NOT NULL,
medmgridpri int NOT NULL,
medmgridsub int NOT NULL,
“date” datetime NOT NULL,
department int DEFAULT NULL,
“type” text NOT NULL,
detail text,
doctor int DEFAULT NULL,
“procedure” text,
description text,
reference_date datetime DEFAULT NULL,
diagnosis text,
unit float DEFAULT NULL,
amount float DEFAULT NULL,
total float NOT NULL
);
  • ID Field is AUTO_INCREMENT in MySQL, for MSSQL use “IDENTITY(1,1)PRIMARY KEY”
  • INT does not allow specificaton of lenght, remove these entries “(11)” after each INT
  • DATE is not a valid datatype for MSSQL, replace with DATETIME
  • Any Data Field name that is also a Keyword for MSSQL needs to be Double Quoted
  • Remove ANY comments from the phpMyAdmin export, even if you didn’t check this there still maybe some in there. Be sure to check the end of the file for them.

For other datatype issues you may need to consult – http://webcoder.info/reference/MSSQLDataTypes.html and check to see if it is even a valid data type. Most datatype errors are easily resolved by Googling the error that is returned.

Data Insertion
If you have used phpMyAdmin export specifications from earlier in this article your data should mostly script in just fine. However, you may need to encase any of your Data Field names with double quote if the word is also a keyword. For example I have used the word Procedure which requires double quote or MSSQL thinks you are calling a stored procedure. To do this I would suggest a program called TextPad that not only does really fast replacements and can do it across multiple files but also is able to handle a few hundred megabyte text file with ease.

If you are using an AUTO_INCREMENT field you will need to add “SET IDENTITY_INSERT field_name ON;” line in before inserting any entry that tries to set that field to a specific value. This happens when your AUTO_INCREMENT ID field has already been created from MySQL. If you don’t do this you will receive an error of “Cannot insert explicit value for identity column in table ‘field_name’ when IDENTITY_INSERT is set to OFF.”

When doing bulk inserts you will be required to keep your single SQL file < 25 megabytes. Microsoft SQL Management Studio will prompt you with "The operation could not be complete. Not enough storage is available to complete this operation" or "System.OutOfMemoryException". To divide up these files I used a free program appropriately called TextWedge which was able to handle up to 100MB SQL files and easily divided them up. You may have to open SQL Studio, execute one 25MB SQL script then close and repeat depending on how much data you have to move.

Subsonic Internet Streaming Software Review

February 16th, 2010 Wayne Zimmerman

Recently I found myself at work without my Microsoft Zune mp3 player and wondered, is there a way for me to listen to all of my music from my home server? I did a few Google searches and found this great open-source project called Subsonic. Subsonic allows you to stream your mp3s across the internet to a browser or a phone or most other internet connected devices. You don’t necessarily have to have a home server to make the product work but it does need local access to the mp3s.

Interface
The interface is very simple for anyone to use. It lists all the bands on the right side and you can select though to view the different songs and albums you have in the main window. Then all you have to do is build a playlist and hit play. It will also show any album art for any of the albums you have (I’m not real big on album art as you can tell). It has a few different methods to play music but by far the most important for my use is the flash player that streams the mp3 directly to your browser. This is how I listen to my music everyday.

Subsonic Home Screen

Subsonic Song Selection

Features
Subsonic has tons of built-in features that makes it both flexible yet not complicated to get running. It has a lot of options that allow you to customize how the application transcodes on the fly files that aren’t mp3s so they can be played via the flash player. You can also limit the bandwidth to a player which can help if you are trying to support multiple users, have limited bandwidth from the server location or sending music to a mobile device (cell phone). It has an integrated WAP site so you can browse and build playlists with any phone with a browser. It also supports downloading of podcasts so you can listen to those as well, however I have yet to try this feature. The application also supports scrobbing to Last.fm so you can share with your friends what you listen to via Subsonic. The application also supports library searching so you can find whatever song you need for the moment without having to remember or browse to that artist.
For a full list of features please visit: http://www.subsonic.org/pages/features.jsp

Subsonic Search

Subsonic Status

Why I Use This App
This app was impressively easy to setup, and reliably streams all the music from my house to where ever I might be on the go. The interface is intuitive and supports search and Last.fm integration. On top of all of that it is free and open source, which I just love.

More Information
Website: http://www.subsonic.org/
Download: http://www.subsonic.org/pages/download.jsp
Installation: http://www.subsonic.org/pages/installation.jsp

Digsby Encounters The Dark Side Again

February 12th, 2010 Wayne Zimmerman

A while back I blogged about how Digsby had gone to the dark side, well with their most recent update they take another step in that direction. Today they introduced a new “feature” that allows: “Trending News: We’ve partnered with the folks at OneRiot to bring the latest trending news stories to your social feeds.”, in other words we put random spam in your feed.

Yes, this can be disabled by going Preferences > General & Profile and unchecking “Show trending news articles in social network feeds”, but that’s not really the point. Digsby continues to introduce features to increase their bottom line by auto-opting in all of their users without notifying them of the changes. How did they not learn their lesson from Facebook’s Beacon fiasco or even their own policy of automatically opting in users for their own for-profit research? I ask of you again Digsby if you are going to change the way your product work you need to explain it to the user and let them opt in or out. You’ve done this when you added features like achievements but you fail to do so when it comes to your bottom line. I ask you again please come back from the dark side.

How to Remove H8SRT Trojan / Rootkit TDSS

February 11th, 2010 Wayne Zimmerman

The H8SRT Rootkit is a modification to the TDSS Trojan that installs a driver to hide itself, hijacks Internet Explorer, gives fake security and virus warnings, redirects search queries and major site access, as well as disables Task Manager, Registry Editor and blocks most anti-spyware applications. Not only does it disrupt normal use of the computer but also does a good job at trying to keep you from removing it by disabling the tools you would need.

I’m not sure how I got this little bug but it was one of the most stubborn apps that I had seen in quite a while. The hardest part about this is that it won’t let you download or execute applications that are used to remove it or identify what malware I had on my system. When I come across malware I typically go download MalwareBytes Anti-malware (MBAM) and run it and problem solved, however this time it wouldn’t download the application until I renamed it to just a generic “Setup.exe” and saved it. After it was installed I then was unable to execute it as “mbam.exe” I had to rename it to “notepad.exe” which then allowed me to execute it. Once I got it to run it removed some of the fake AV items, but after a few reboots and even safe mode the H8SRT Trojan was still on my computer. I did a bit of internet research and found out that Kaspersky has created a removal tool for TDSS.Rootkit which the H8SRT Rootkit is based. Once I downloaded and ran the Kaspersky tool: TDSSKiller, I follow up with another round of MBAM and now my system is clean.

Download TDSS Killer: http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Kaspersky Documentation on TDSS Killer: http://support.kaspersky.com/viruses/solutions?qid=208280684
Kaspersky Free Virus Removal Tools: http://www.kaspersky.com/removaltools
Download MBAM: http://www.malwarebytes.org/mbam-download.php

How to Set Permission on a Service Using Subinacl

February 9th, 2010 Wayne Zimmerman

A couple of months back I was installed some communication software that made a VPN connection to the main server. It used OpenVPN to establish the connection and worked fine as long as your were an administrator on the PC. As I researched it further it installed a service and required that service to run on demand when the user launch the program. Since your standard limited user does not have privileges to start and stop services the application would fail to connect to the server.

So now the question becomes, how do you add permissions to a service?

Microsoft has an answer with a little known command line application called subinacl. This application allows you to view and edit security information for files, registry keys, and services. This can be handy if you are writing a script to change permissions on registry keys or files but the real power lies within the ability to edit the security information on services.

The syntax for subinacl: SUBINACL /SERVICE \\MachineName\ServiceName /GRANT=[DomainName\]UserName[=Access]

The Access parameter is broken down like this:

F : Full Control
R : Generic Read
W : Generic Write
X : Generic eXecute
L : Read controL
Q : Query Service Configuration
S : Query Service Status
E : Enumerate Dependent Services
C : Service Change Configuration
T : Start Service
O : Stop Service
P : Pause/Continue Service
I : Interrogate Service
U : Service User-Defined Control Commands

For my example I just needed to allow the Domain Users group access to run the OpenVPN service.

subinacl /service OpenVPN /GRANT=DOMAIN\Domain Users=TO

You may need to execute this from the folder where subinacl.exe is located. Also if it is running the command on a local system you can just type the name of the service and not the UNC path to the service.

Download subinacl.exe from Microsoft
For more information about this command please visit: http://support.microsoft.com/kb/288129

AT&T Tilt2 Review

October 21st, 2009 Wayne Zimmerman

HTC_Tilt2_Front_Open_AngleI finally got my much needed phone upgrade to the AT&T Tilt2. This is a large touchscreen slider phone with a full QWERTY keyboard that runs Windows Mobile 6.5 and HTC’s Touch Flo 3D interface. Previous to this phone I had a Samsung Blackjack running WM6.0 so as you can see this is a considerable upgrade. AT&T was pretty late in getting this phone to market as it was announced back in February 2009 and the first Touch Pro 2′s came to the US market in August with Windows Mobile 6.1 installed. AT&T opted to wait for Windows Mobile 6.5 to be ready and that pushed the date back farther than expected I think. The AT&T Tilt 2 officially launched on October 18, 2009 but was available early though their Premier website.

Calling
Comparing the two on just basic features the Tilt2 has fantastic call quality and reception compared with my old Blackjack, I have yet to drop a call. The speakerphone is also fantastic as it is very loud with little speaker distortion at full volume, it also has feature of is you place it face down on table it automatically enables the speakerphone. I have found this to be quite handy when I am busy with my hands and still need to answer the phone. In using the speakerphone most people don’t notice they are on it so that is always a plus in my book. To make calls on the phone you must either use the on-screen keypad or the contact list both of which are finger friendly and easy to read. This phone also has ability for conference calling, although I have no need for this I have heard that it is one of the best phones out there for setting one up.

SoftwareHTC-Home-TF3D-Tilt2
You’ll notice straight away that you have HTC’s Touch FLO 3D installed as it gives you several tabs to slide over and allow you to easily get to your Contacts, SMS, Email, Internet, Calendar, Stocks, Pictures, Music, Weather and Settings. I enjoy using Touch Flo 3D as I find that it consolidates what I do most on my phone and makes it easier and quicker to complete that one task. Touch FLO 3D isn’t just a skin, it also has a few applications that substitute for the still clunky versions of SMS, Contacts and Calendar, although if you are used to the WM way the apps are still easily found. SMS and Email work as expected, I am able to setup several email accounts to check no real surprises there. Email still isn’t HTML based so if it isn’t text it just looks garbled. The contact manager also has adds a nice touch by integrating with Facebook and allows you to import pictures and contact information directly to the phone. The contacts also allow you to slide between either contact information, SMS, Emails or phone log about each contact that I find very handy. My few minor complaint, the weather app doesn’t get my local weather only the larger cities around mine, also the clock on the home screen refreshes the time every time I tap the screen which I find quite annoying when trying to close apps with the task manager.

Web Access
Mobile web browsing I would say is a good solid A. I find that the 3G coverage in my area is quite fast providing just a few seconds to get most pages and is able to download a several megabyte file quickly as well. The AT&T Tilt2 comes with an updated Microsoft Internet Explorer and Opera Mobile 9.5. I find that both IE and Opera a pretty fast at rendering pages, however the inability to zoom all the way out on a web page in IE makes me favor Opera a bit more. I have configured my phone to use IE when viewing mobile sites and Opera when trying to get a real web page. In Opera I have noticed that it tries to render pages at about 800px wide which is makes most web viewing very pleasant, it takes just a few seconds to load up my page and even renders the embedded Google Maps with only minor delays. I also installed Skyfire via the new Windows Marketplace to round out my browser attack which works well as expected with my experience on the original Tilt and even my Blackjack.

GPS / Mapping
I was surprised to find that Google Maps was not preloaded on the phone as pretty much every phone I have seen that have GPS typically comes with this. I added it and it works as expected. Comparing this GPS speed with the Tilt is like night and day, it takes me about 15 seconds to get a GPS fix with the Tilt2 compared to the original Tilt where it could take a few minutes. This is a much welcomed improvement as I am counting on this more when navigating in big cities. The phone does come loaded with AT&T Telenav which I am not interested in as I am able to read a map. I have also installed an app found over at XDA developers called GPS Enabled Weather Radar. This app does something very simple by getting your GPS location and then getting the radar. It has some great configurable options for animating the map or zooming in on it, and is pretty fast and super handy.

Windows Mobile 6.5Start-Menu-WM65-Tilt2
One of the first devices to ship with this new mobile platform is the AT&T Tilt2. The largest changes can be found in the by pressing the Start Menu you will see a honeycomb layout of icons for you applications. Other changes in the OS are much smaller such as tabs and finger friendly menu text sizing. If your used to using a Windows Mobile don’t worry you will feel right at home.

Windows Marketplace
This has been a longtime missing piece of the puzzle for Windows Mobile users for years, too bad it took so long for Microsoft to realize this. The Marketplace is very good providing users a quick way to download and install applications for your mobile phone. It has a several categories and features that can help people find the correct app or allows you to search for the one you need by name if your in a hurry. There are both free and expensive apps in the store, however I don’t see the expensive ones getting bought all too often, with most of the applications in the iTunes store being 99 cents or so I can see some room for cheaper competition to come in and make a difference. The Marketplace allows you to send it to your AT&T bill or pay with a Credit Card which are nice options to have. My only real complaint is the large text size on the main screen, just not needed for my phone with such a large screen.

HardwareHTC_Tilt2_Back
The Tilt2 is very close to being almost a direct copy of the unlocked European version of the HTC Touch Pro 2 with an extra PTT button on the left hand side, which still doesn’t match the phone in color but is easily re-assignable. The only other difference is the toned down back cover which is a super dark gray and a brushed metal finish in the center of the speakerphone. The keyboard is on the one side of the fence or the other in that you either like it or you hate it, coming from typing on a Tilt and a Blackjack I like it. I think AT&T is right in that you really don’t use the numbers and much as the punctuation because you are typically writing emails and texting which usually don’t have numbers in them. I treat the FN key as I do the shift and find it rather natural. The keyboard also features silver keys with a white back-lighting and a the same brushed metal underneath the keys. I’ve notice that the silver keys are sometimes hard to read during the day but since it is configured like a standard keyboard I hadn’t really noticed this being a problem. The stylus is not magnetic but does activate the device, with WM6.5 and Touch FLO 3D you never really need to use it. The largest problems with the Tilt2 is the lack of a 3.5mm headphone jack, the adapter to it is way too big and clunky to make it truly practical. Battery life has been pretty good I have only managed to kill the phone once by using up the battery. I typically charge it every night and could stretch the battery life to 2 days if I didn’t use the internet and text so much, but where’s the fun in that.

Overall
This phone has been a real game changer when it comes to communicating with my world. The large screen allows me to view full web pages on demand, with GPS I can navigate the world or get exact weather information as needed, and using the large keyboard I am a text and email machine, plus to top it off it can call people and has a great speakerphone, this is one serious device. This is a welcomed upgrade for anyone who needs to get something done on the go and needs a real keyboard to get the job done.

AT&T Tilt 2 is now shipping

October 9th, 2009 Wayne Zimmerman

htctilt2I got my confirmation last night that my new phone the AT&T Tilt 2 is shipped and Fedex is working on delivering it. It looks like it should be here on Monday sometime before 4:30pm. I will be very happy to retire my current phone the Samsung Blackjack and I just hope this new phone lasts as long as the Blackjack has.

If you haven’t ordered yours yet and you have an AT&T Preimer account go check out: https://www.wireless.att.com/business/phones/phone_details_main.jsp?skuId=sku7311300030 and you will first need to login to AT&T to view this page. It currently shows $538.99 as the no-commitment price, however I got mine for $349.99 earlier in the week before the page was public, still unsure if I am signed up for 2 more years of AT&T but in any case my new phone is on the way. I will try to do a short review over it once it gets here. For more information about the phone check out the Prelaunch information I found over at http://www.waynezim.com/2009/10/att-tilt-2-prelaunch-info/.

« Older Entries
Twitter Delicious Facebook Digg Stumbleupon Favorites More