Since being “green” is all the rage right now, I’ve decided to take the Recycle Bin down a more environmentally pleasing way. Actually, all I did was changed the color scheme, and move. I think I’m going to move from WordPress to Spaces for a little while and try it out. Even though I really like a lot about WordPress, I’m having a couple of issues with it, the biggest one being that the template is too narrow for me to put code into the posts. I know, I could modify the template, but that involves either paying for an upgrade, or buying web space a hosting a WordPress.org site. Neither of those options are appealing to me right now, so I’m going to give Spaces a spin. Here’s the link:
http://the-recycle-bin.spaces.live.com/
I apologize in advance for the advertisements. I never intended to have ads on my blog and if there was a way to remove them (without upgrading my Live account, again, with money) then I would.
I’d like to know which site site you all like better. If you have any problems with the Spaces blog, please let me know.
Categories: General
Tagged: General
I am sure everyone is fully aware of the ongoing battle between hackers and Apple engineers over unlocking the new iPhone and iPod Touch. I don’t plan to take sides on the issue, it is really of little interest to me, but what is grabbed my attention is the complete lack of regard for the users security by both sides.
We are currently on round two of the hack. The first break in was wiped out by the latest firmware update sent out by Apple. The latest version utilizes a bug in the way the phone handles TIFF image files. A specially crafted TIFF file, when supplied to Safari causes a stack based buffer overflow with the possibility of remote code execution. How is this helpful to iPhone users? Well, all applications run as root on the iPhone, meaning that once execution has been hijacked, the injected code is running with the highest permissions possible. By simply browsing to a website and viewing this TIFF file, Safari is giving up complete read/write access to the entire system. From the website http://toc2rta.com/:
So its offical we have released the tiff exploit code. You can navigate in safari to http://jailbreak.toc2rta.com on your Itouch or Iphone 1.1.1. It will crash your Safari but then you will be able to browse the file system with full read/write access.
Well that’s just grand.
The fact that this exploit has been received so well by users and tech writers alike confounds me. Why would anyone be celebrating an exploit like this? Do they not realize that if Niacin and Dre have figured out how to malform the bytes of a TIFF file correctly then someone else probably has too? Someone who might not be so friendly? The thought of mobile malware should be troubling to everyone. Imagine for a minute, a worm that dials 911 on your cell phone on loop, or even one that makes a call to a 900 number when your phone is idle. There are serious ramifications with a bug like this, and everyone, not just iPhone users, is at risk until Apple fixes this.
Apple claims that they are protecting users by not allowing third party applications to run on the iPhone or releasing an SDK. Steve Jobs was quoted in a Newsweek interview saying, “Cingular doesn’t want to see their West Coast network go down because some application messed up.” What he has failed to realize is that his engineers aren’t nearly good enough to keep hackers out of the iPhone (an impossible task). All this has done is put thousands of people at risk because users are forced to find a way to root their phone so they can run the applications they want.
Just like the previous firmware update, version 1.1.2 will undoubtedly fix this bug in Safari and render the unlocking technique useless. Faced with the prospect of losing all of their third-party applications, many users will chose not to update their device. In other words, people will be choosing to run a buggy, exploitable browser in order to use their device the way they want to. That is a scary thought. Apple needs to remedy this situation quickly, and do as much as they can to reverse this notion that hacking is good, and updating is bad. The existence of this exploit should not be celebrated, people should be worried that the security of their phone is so porous. Hopefully this will all be resolved before a serious outbreak of malicious mobile code hits us all.
Categories: Uncategorized
Tagged: Apple, iPhone, Security
After several failed attempts to host my own web blog, and a couple of busy months in which I had completely forgotten about this place, I’ve returned to fill the Recycle Bin with some more scraps of refuse.
In the post queue, I’ve got the following:
- A couple of Homebrew applications I’ve been working on
- Reviews of some new Live Writer plug-ins
- A discussion about privacy, and subsequently, cryptology
- A look into the continued use of Rootkits for DRM enforcement.
So, stick around and enjoy some new content.
Categories: General
Tagged: General
