Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - I'm Done With Twitter 1

PainMeds writes: Forensic scientist and author Jonathan Zdziarski has abandoned Twitter, citing intentional ignoring of repeated and widespread abuse complaints involving criminal threatening, death threats, and a myriad of other abuses of the service to harass users. "Twitter’s response was not only insufficient, but downright disgusting." ... "I even managed to find a couple still-live tweets containing death threats. Twitter will make excuses until there are no more to make, and then they will just stop talking to you altogether." Zdziarski also provides a number of tips for responding to such threats, having been through it himself, including contacting the police to alert them of possible SWAT attempts, and planning for good disaster recovery. "If I get hacked some day, I just don’t care You should be this confident – not in your security, but in your disaster recovery. "

Submission + - Apple Glosses Over Vulnerabilities Patched in iOS 8, Snubs Security Researcher (zdziarski.com) 1

PainMeds writes: At this year's HOPE conference, security researcher Jonathan Zdziarski discussed his findings (slides) of a number of iOS vulnerabilities which made national news. Apple quickly addressed the issues in iOS 8 Beta 5, and Zdziarski explained the fixes in detail. Now that iOS 8 has been officially released, the security release notes appear to avoid mentioning the vulnerabilities that were addressed altogether, except for an out-of-place mention of some "diagnostics changes" in a note at the very bottom, and fail to give any credit to the researcher for finding the problems. Zdziarski has published an open letter to Tim Cook and Apple's Security Team highlighting this:
"I am very glad to see that Apple has taken security seriously enough lately to address vulnerabilities quickly, and – from what I’ve seen – elegantly. I’ve even written up a paper praising Apple for their quick and thorough response to these issues. ... What I’m not glad about at all is that Apple has seemingly swept these issues under the rug, to the degree that they’re not even acknowledged in your security notes. Apple’s code fixes can be clearly observed right in the iOS 8 firmware, and yet there is not a single mention of them in the release notes, nor any acknowledgments for the researcher. If there is any ethical practice to be expected in information security – or science of any kind for that matter – it is to properly acknowledge those who’s research you’ve consumed. In many settings, failure to do so is considered plagiarism." ... "there has been no mention of the more serious issues being fixed, or ever existing." ... "Not one mention of file relay, wireless lockdown vulnerabilities, packet sniffer access control vulnerabilities, or backup encryption bypass vulnerabilities."

Submission + - Why You Should Uninstall Firefox and do Some Soul Searching (zdziarski.com)

PainMeds writes: Author Jonathan Zdziarski takes a look at recent happenings with Mozilla and highlights the bigger pandemic problem in industry today of corporate neutrality in politics. Zdziarski cites the "radicalization of corporate America" as the partial result of campaign finance reform over the past ten years, and notes a number of corporate CEOs who he claims have abused their position to tender a political view, unethically speaking for the entire company.

Submission + - Open Source Brings High-End Canon Camera Dynamic Range Closer to Nikon's (zdziarski.com)

PainMeds writes: Magic Lantern is an open source "free software add-on" that "adds a host of new features to Canon EOS cameras that weren't included from the factory by Canon". One of ML's newest features is a module named Dual ISO, which takes advantage of the sensor in some of Canon's high-end cameras (such as the 5D MK II and MK III) to allow the camera to capture an image in two different ISOs, greatly expanding the dynamic range of the camera, and bringing its dynamic range closer to Nikon's popular D800 and D4.

Submission + - Waterboard: An Open Source iOS Forensic Acquisition Tool (zdziarski.com)

PainMeds writes: Waterboard is an open source iOS forensic imaging tool, capable of performing an advanced logical acquisition of iOS devices by utilizing extended services and back doors in Apple’s built-in lockdown services. These service can bypass Apple’s mobile backup encryption and other encryption to deliver a clear text copy of much of the file system to any machine that can or has previously paired with the device. Acquisition can be performed via usb, or across any wireless network where the device can be reached. Additionally, if you’re a federal law enforcement agency, you may also have the technical ability
to skirt around a mobile carrier’s firewall, and acquire your target over cellular, possibly without their knowledge. (NOTE: device pairing must still first be performed via usb, so there is not a widespread security risk, however could be used for ill through malicious juice jacking and such).

Submission + - OnStar Begins Spying on Customers' GPS For Profit (zdziarski.com)

PainMeds writes: This article by author Jonathan Zdziarski reveals that OnStar has recently updated their terms and conditions to allow the company to sell customer GPS coordinates (the whereabouts of your vehicle), vehicle speed, and other information to third party marketers and analytics companies, where it could be used for a number of nefarious purposes.

Submission + - Microsoft Sync Will Kill You (zdziarski.com)

PainMeds writes: Author Jonathan Zdziarski posted an article about his experience with Microsoft Sync, and a recording demonstrating what appears to be a grueling process to set a simple destination using a vehicle Navigation system. From the article, "I was forced to take my eyes off the road several times to read numerous lists of possible voice matches for city, street name, and more. Every time you hear, “Please say a line number” in the recording, I’m actually reading through a list instead of watching where I’m driving." Zdziarski then compares this experience with that of a Motorola Droid. You can hear the difference for yourself.
Security

Submission + - Rejected by Apple, iPhone Developers Go Undergroun

PainMeds writes: Apple's stepped up rejections are helping to foster competition in the app store marketplace. According to an article by Wired, developers aren't taking AppStore rejection lying down, but are turning to the hacking community's repository system for the iPhone to launch an app store of their own. The Cydia store is yielding notably higher sales for some application developers than Apple's AppStore, and is reportedly running on over 4 million Apple iPhone devices. In this store, developers are distributing applications they've written that push the limits of Apple's normal AppStore policies, with software to add file downloads to Safari, trick applications into thinking they're on WiFi (for VoIP), and enhance other types functionality. You'll also find the popular Google Voice application, which was recently rejected by Apple. Third party application development has been around since 2007, when the iPhone was originally introduced, and became so popular that a book was published by O'Reilly Media specifically geared toward writing applications before an SDK was available. The Cydia store acts as both a free package repository and commercial store front to third party developers.
Security

Submission + - UK national ID card cloned in 12 minutes (computerweekly.com) 1

Death Metal writes: "The prospective national ID card was broken and cloned in 12 minutes, the Daily Mail revealed this morning.

The newspaper hired computer expert Adam Laurie to test the security that protects the information embedded in the chip on the card.

Using a Nokia mobile phone and a laptop computer, Laurie was able to copy the data on a card that is being issued to foreign nationals in minutes."

It's funny.  Laugh.

Submission + - Latest iPhone Beta Adds Butt Scanning Security 1

PainMeds writes: According to data forensics expert Jonathan Zdziarski, the latest beta of iPhoneOS 3.0 includes a new security mechanism. Building on top of Apple's "swipe to unlock" feature, the new beta includes a toplogical scanning mechanism using the proximity sensor's firmware to perform geometric scans of the owner's buttocks. From the article, "The early betas don't require the device to actually need to come into contact with the owner's buttocks to be unlocked; this would become problematic in everyday public. Instead, the owner will only need to use their actual buttocks during the initial training phase." Butt scanning is not a new technology, per se, and it has been widely speculated among the technology world that one day it would become the norm in security. The author has posted alleged patent photos of the new technology.
Technology (Apple)

Submission + - iPhone App Helps Find Missing Kids

PainMeds writes: Want to put that iPhone to better use than scheduling farts and lighting up your room in the dark? The National Center for Missing and Exploited Children has released AMBER Alert for iPhone. Available as a free download, this application not only provides data to the user, but "has the potential to revolutionize how missing children sightings are reported. The iPhone's GPS is used to include your current GPS position with your sighting report, allowing NCMEC to directly interface your report with geographical information systems (GIS). This can be used to build an accurate collaborative picture of sightings and, based on various patterns in locations, quickly notify law enforcement personnel. You'll also be able to include your iPhone's phone number in the information you send to the National Center so they can call you to follow up." This comes after nearly a month of waiting by the application's author, and an Open Letter to Apple, Inc. over the matter. Within a 48 hours of many news articles, the application was suddenly approved by Apple. Definitely worth having around on your phone in the event of an alert in your area.
Software

Submission + - Is Apple Abandoning the Consumer?

PainMeds writes: Author and longtime iPhone hacker Jon Zdziarski has written an article predicting that Apple will soon abandon the consumer. He cites the recent loss of AppStore developers for more open platforms, such as Android, and Apple's abandonment of Macworld as the beginnings of a cycle that will eventually end in a "big box" retail strategy for Apple. From the article, "I predict that Apple is headed in the direction of distancing themselves from both consumers and developers in exchange for the benefits that come from the volume sales generated by cheap equipment sold into cookie-cutter markets.". Towards the end of the article, Zdziarski suggests that Apple has lost its sense of innovation and has stagnated, re-selling the same products in different cases. His final prediction suggests that competitors will eventually overtake the company's mobile dominance and that Apple might lose the edge that make their hardware more "appealing" to the consumer.
Media (Apple)

Submission + - How AppStore Authors Are Faking Reviews

PainMeds writes: iPhone hacker and author Jonathan Zdziarski brings us a blog entry explaining how AppStore authors are using promo codes to fake as many as 50 iTunes reviews per release. From the article, "Isn't it strange how dozens of customers can report serious bugs in an application, only to be met with a sudden burst of reviews praising a product's eternal greatness? ... A small loophole allows [reviews] to be exploited as people who have downloaded software with a promo code can also leave a review. All the author needs to do is sign up 50 new iTunes accounts, and boom..." With recent articles showing the music industry's dependence on iTunes' popularity ratings, how much of an affect will fake reviews have on AppStore software? Zdziarski is asking for Apple to limit reviews only to people who have paid for an application.
Technology (Apple)

Submission + - Is Apple Abandoning Their Consumer/Developer Base?

PainMeds writes: After struggling for months to get an application approved in the AppStore, I was referred to this brief essay by long time iPhone hacker Jonathan Zdziarski. It seems that, even after several books on the iPhone, even he is suspicious of Apple's motives and makes the bold prediction that Apple is moving in the direction of distancing themselves from their consumer and developer bases. The article hit on all cylinders in describing the frustration I (and likely other) developers are going through with the AppStore, and gives a brief parallel of what's in store. From the Article, " In spite of Jobs' recent claims that Macworld was all about his health, Apple's initial reasons for withdrawing from Macworld spoke volumes as to their attitude toward the many avid Apple fans who are also the foundation of their consumer market. Apple appears to be headed in the direction of selling out this following, or is at least tired of entertaining them, and might be going after the larger audience that Apple fans (and deep down, likely much of Apple) always thought were mindless consumer cattle." Definitely worth a read, and it may help explain what's been going on lately.

Comment Re:Bad US Army Intel. (Score 1) 320

The reasoning behind this is that otherwise semi-private communication, such as email and encryption, reveals the existence of a conversation, and hence a relationship. The idea of using a social networking tool like Twitter is to hide both the conversation as well as proof of the relationship. Using something like lexical steganography, two malicious parties can communicate with each other in plain sight, without any connection linking them together. This is paramount when you're talking about building isolated terrorist cells; if one cell goes down, the bad guys don't want the government being able to connect it to other cells. Something like Twitter, which is mostly anonymous, is ideal for this kind of operation.

Slashdot Top Deals

In seeking the unattainable, simplicity only gets in the way. -- Epigrams in Programming, ACM SIGPLAN Sept. 1982

Working...