Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

iPhone 3Gs Encryption Cracked In Two Minutes 179

An anonymous reader writes "In a Wired news article, iPhone Forensics expert Jonathan Zdziarski explains how the much-touted hardware encryption of the iPhone 3Gs is but a farce, and demonstrates how both the passcode and backup encryption can be bypassed in about two minutes. Zdziarski also goes on to say that all data on the iPhone — including deleted data — is automatically decrypted by the iPhone when it's copied, allowing hackers and law enforcement agencies alike access the device's raw disk as if no encryption were present. A second demonstration features the recovery of the iPhone's entire disk while the device is still passcode-locked. According to a similar article in Ars Technica, Zdziarski describes the iPhone's hardware encryption by saying it's 'like putting privacy glass on half your shower door.' With the iPhone being sold into 20% of Fortune-100s and into the military, just how worried should we be with such shoddy security?"
Mozilla

New Firefox Vulnerability Revealed 250

Not long after Firefox 3.5.1 was released to address a security issue, a new exploit has been found and a proof of concept has been posted. "The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario." It's recommended that Firefox users disable Javascript until the issue is patched, though add-ons like NoScript should do the trick as well (unless a site on your whitelist becomes compromised).

Update: 07/20 00:09 GMT by KD : An anonymous reader informs us that the Mozilla security blog is indicating that this vulnerability is not exploitable; denial of service is as bad as it gets.
Operating Systems

Netbook Return Rates Much Higher For Linux Than Windows 663

ivoras writes "An interview with MSI's director of US Sales, Andy Tung, contains this interesting snippet: "We have done a lot of studies on the return rates and haven't really talked about it much until now. Our internal research has shown that the return of netbooks is higher than regular notebooks, but the main cause of that is Linux. People would love to pay $299 or $399 but they don't know what they get until they open the box. They start playing around with Linux and start realizing that it's not what they are used to. They don't want to spend time to learn it so they bring it back to the store. The return rate is at least four times higher for Linux netbooks than Windows XP netbooks.'"
Security

Apple Clients Still Vulnerable After DNS Patch 94

Glenn Fleishman sends word that SANS Institute testing indicates that, even after installing Apple's latest patch for the DNS vulnerability, Leopard desktops (not servers) are still vulnerable — or at least perpetuate risky behavior that makes exploitation easier. This matters because "With servers rapidly being patched worldwide, it's likely that the low-hanging fruit disappears, and vectors [will be] designed to attack massive numbers of clients on ISP networks."
OS X

Mac OS X Secretly Cripples Non-Apple Software 559

spikedLemur writes "Vladimir Vukicevic of the Firefox team stumbled upon some questionable practices from Apple while trying to improve the performance of Firefox. Apparently, Apple is using some undocumented APIs that give Safari a significant performance advantage over other browsers. Of course, "undocumented" means that non-Apple developers have to try and reverse-engineer these interfaces to get the same level of performance. You really have to wonder what Apple is thinking, considering the kind of retaliation Microsoft has gotten for similar practices.
Bug

Data Loss Bug In OS X 10.5 Leopard 603

An anonymous reader writes "Leopard's Finder has a glaring bug in its directory-moving code, leading to horrendous data loss if a destination volume disappears while a move operation is in progress. This author first came across it when Samba crashed while he was moving a directory from his desktop over to a Samba mount on his FreeBSD server."
Security

Fake Codec is Mac OS X Trojan 473

Kenny A. writes "Multiple news organisations are reporting on an in-the-wild Mac OS X malware attack that uses porn lures to plant phishing Trojans on Mac machines. The attack site attempts to trick users into download a disk image (.dmg) file disguised as a codec that's required for viewing the video. If the Mac machine's browser is set to to open 'Safe' files after downloading, the .dmg gets mounted and the Installer is launched. The target must click through a series of screens to become infected but once the Trojan is installed, it has full control of the machine."
Security

OS X Leopard Firewall Flawed 300

cycoj writes with a report in the German IT magazine Heise, taking a look at the new OS X Leopard firewall. They find it flawed. When setting access to specific services and programs to only allow SSH access, for example, they found that a manually started service was still accessible. From the article: "So the first step after starting Leopard should be to activate the firewall. The obvious choice to do so is the option to 'Set access to specific services and programs,' which promises more control over network traffic. Mac OS X automatically enters all shared resources set up by the user, such as 'Remote login' for SSH servers, into the list of accessible resources... However, initial functional testing quickly dispels any feeling of improved security. A service started for testing purposes was able to be addressed from outside without any difficulty. The firewall records this occurrence... Even with the firewall set to 'Block all incoming connections' ports to netbios, ntp and other services were still open... Specifically these results mean that users can't rely on the firewall."
OS X

Leopard Already Hacked To Run On PC Hardware 568

PoliTech passed us a PC World link, noting that the newest version of OS X, Leopard, has already been adapted to run on a PC. "The OSx86 Scene forum has released details of how Windows users can migrate to Apple's new OS, without investing in new hardware -- even though installing Leopard on an PC may be counter to Apple's terms and conditions. The forum is offering full instructions on how to install the system, including screenshots of the installation process. Not all the features of Leopard function with the patch -- Wi-Fi support, for example, is reportedly inoperable. Historically, Apple's likely next move will be to track down and act against those behind the hack."
Businesses

iPhone Business Model Hits a Snag in France 332

Serhei writes "It seems like the iPhone might not be released in France by this holiday season, since French requires by law that all cell phones sold there must be obtainable in an unlocked version. Apple will not be able to do so, since it has launched with a 5-year exclusivity agreement with AT&T. That deal will probably require exclusivity worldwide to avoid grey-market imports. (In return for this agreement Apple receives a large share of AT&T's monthly revenues from iPhone subscribers.) If the iPhone falls through in France, the country can join Belgium and a potentially long list of other countries with unlocking laws, whose Apple fans will have to make do with other, less Apple-y phones. Note that there is currently no mention of the iPhone on the Apple France page."
Communications

Apple Sued Over iPhone Bricking 418

An anonymous reader writes "The week's debate over the iPhone 1.1.1 has finally resulted in legal action. InfoWeek reports that on Friday, California resident Timothy Smith sued Apple in a class-action case in Santa Clara County Superior court. The suit was filed by Damian Fernandez, the lawyer who's been soliciting plaintiffs all week for a case against Apple. The suit doesn't ask for a specific dollar amount, but seeks an injunction against Apple, which prevents it from selling the iPhone with any software lock. It also asks that Apple be enjoined from denying warranty service to users of unlocked iPhone, and from requiring iPhone users to get their phone service through AT&T."
Operating Systems

Apple's Leopard Will Exclude 800MHz G4 Processors 371

goombah99 writes "According to AppleInsider, Apple is about to announce that Leopard will not support 800 MHz G4 PowerPC processors. Previously developers had been told that it would require at least an 800 MHz G4. But AppleInsider alleges only 867 MHz G4s and higher will now be supported because of speed issues, and testers have been told that the new OS 'cannot be installed' on lesser machines. This cutoff in minimum requirements means that all those original iMac flat screens and Titanium PowerBooks are now forked to the Tiger (10.4) Update Path."
Media (Apple)

NBC Universal Drops iTunes 691

An anonymous reader writes "NBC Universal has cancelled its iTunes contract and will withdraw the television shows it currently offers through the service in December, when the current contract expires. This is a huge blow for the service, as NBC is the controlling interest in Apple customer-friendly intellectual properties like The Office, Battlestar Galactica, My Name is Earl and Heroes. From the article: 'The decision to withdraw the content follows disagreements between the two firms. Apple is thought to have rejected NBC's demands for more restrictive DRM and the introduction of flexible pricing. Apple was informed of NBC Universal's decision late last night. The report states that neither Apple nor NBC Universal would comment on the matter, but said they continue to talk, "free of acrimony".'" Hey NBC: I have chosen not to have cable, but want to pay you for Heroes. Guess what my only alternative will be if you pull it from iTunes?

Slashdot Top Deals

Quark! Quark! Beware the quantum duck!

Working...