July 30, 2007

Dude "Security Rocks"

What do you get when you attempt to combine rock music, IT security, and corporate (Intel) sponsorship?

via Schneier

Posted by Abner at 01:22 PM

July 23, 2007

iPhone Wi-Fi Vulnerability

These guys found a vulnerability and then crafted an exploit via the wi-fi connection and Safari. If Safari is going to the platform of Apple's choice for 3rd party app development, perhaps there is a bit more work to be done.

My favorite quote from the page describing the work.

Does this add credence to Apple's position that 3rd party applications are not allowed on the iPhone for security reasons? We don't think so. Almost all of the security engineering effort on the iPhone seems to have been spent protecting the revenue model, rather than protecting the user (which is, of course, an entirely understandable position). For example, a constrained environment is used to prevent users from loading new ringtones onto the phone, but the applications are not run in a constrained environment to contain damage caused by hackers who exploit them."

Nice "pre-Blackhat / starting the company up and looking to hire" marketing move too. NYT gets the scoop even those surprised that it only took three weeks.

Posted by Abner at 11:03 AM

July 19, 2007

Harry Potter Security

No time for comment other than to say this was a very hard problem that has the nice side benefit of boosting demand for the book.

NPR Radio Story on Harry Potter Security and why it's good for the book.

Where is Harry Potter Printed? Security at the printer seems a bit random, but then again, so is this poorly written article..

Leak on Bittorrent

Bruce Schneier on the scope of the problem.

Reuters Description of Barnes and Noble Security

British Tabloid on the search for a worker at the publisher who revealed book details.

Description of contracts booksellers and libraries have to sign as well as penalties suffered by those who leaked other books in the series.

Picture of security guard with the books.

The iPhone / Harry Potter virus. Designed to attract Google juice?

The New York Times reviewed the book, and Rowling is peeved they even got a copy.

Posted by Abner at 12:40 PM

July 15, 2007

iPhone Hacking & Fustrations

Additional sites to check out attempts to turn the iPhone into what users want instead of what Apple thinks users want include:

Wired iPhone hack round-up

The Hackint0sh iPhone forum

iPhone Hacks

Hackszine lists a couple of early efforts

There is also a wiki of people attempting to port Linux to the iPhone and other such projects. They don't want direct links to the site, but they aren't hard to find if you are looking that way. Their IRC: #iphone @ irc.osx86.hu (reverse engineers only, eh?)

Finally, the iPhoneDevCamp landed all sorts of press coverage, some of it interesting.

Incidentally, I wonder what the return rates are on these phones as customers find out that the iPhone isn't perfect for them.
(I already know of one return. While he's probably not the exact target market and my sample is abysmally small, email on a smart phone should be flawless)

Posted by Abner at 03:34 PM

July 01, 2007

Let the iPhone Hacking Begin

You heard it here first Someone will be running unapproved apps on the iPhone by the end of July. Wired posted a call to arms and this guy is looking for help with USB drivers. Good fun. Unless of course Apple actually went out and hired some real security gurus to render the hardware tamper proof and harden the OS. Doubtful. No tamper resistant hardware here...nice teardown.

Side note - I only saw one example of a marketing ploy by a security vendor to cash in on iPhone hype: ISS stating the obvious [iPhone hype] "will make the iPhone a definite target"

Posted by Abner at 12:12 AM