Someone sent me a copy of this MacWorld article in which Charlie Miller makes the claim that jailbreaking is a threat to ecurity (I left off the ‘s’ because apparently they stole it for the new iPhone). Does Charlie really believe that DRM is healthy for a computer system? It seems that having disclosed the SMS vulnerability, he should know more than most that application signing provides more copyright control than it does actual security. Ironically, most exploits such as SMS and Safari exploits have the potential to affect every single iPhone user with a vulnerable version of firmware – whether it’s jailbroken or not.
Archive for the ‘Security’ Category
Jailbreaking a Security Threat? Really?
Wednesday, July 1st, 2009iErase: Zero Free Space
Monday, March 23rd, 2009After a ridiculously long three long months of waiting, iErase: Zero Free Space is finally available in the App Store. Buy it now in the iTunes App Store.
The first and only app for the 99.9% of us law abiding citizens who deserve better privacy.
Want to make sure a deleted confidential email or embarrassing photo is purged forever from your iPhone, but don’t want to go through the inconvenience of wiping the entire device? Simply deleting a file doesn’t guarantee it’s gone for good. Protect your deleted data from being recovered by hacking tools and prying eyes, or in the event your iPhone is stolen.
iErase is a simple utility for zeroing out the free space on your iPhone without performing a full reset of your content and settings. The tool does not delete any live files, but uses the same method that Mac OS X uses to zero free space: it creates a large temporary file, which writes zeroes over the free space where deleted files can still reside. On the iPhone, this occurs within the application’s sandbox, but because all applications share the same free space, the entire iPhone user partition is cleansed, forever purging deleted photos, email, voicemail, and other deleted files – without having to reset all your content and settings.
iPhone Passcode Crack Tip of the Iceberg
Wednesday, August 27th, 2008With all the hubbub going on about a cracking the iPhone’s passcode easily through a bug in v2.0.2 of the device’s firmware, I thought I’d speak a little about the methods surrounding passcode cracking, especially in light of the fact that passcode cracking for the iPhone has been around for much longer than the most recent firmware version. The method that’s been gaining a lot of press lately seems to have only been doing so because it’s much easier for your kid brother to do, but passcodes can actually be cracked in every version of iPhone software to-date. I’ve documented the method for cracking both v1.x and v2.x passcodes in my latest book, iPhone Forensics, which will be on store shelves 9/12, and can be read online as well.
Microsoft Release Cycle Demystified
Wednesday, June 1st, 2005Examining the unique quality of each new major release of a Microsoft product, I’ve come to ask wonder just how Microsoft manages to organize and keep up with their product release schedule. After much thought and reflection into their products, I believe I’ve finally been able to crack the methodology used in planning and Q/A. The strategy appears to be a four-step hybrid process which I have outlined below.
Something Old
The core of most major releases from Microsoft appear to contain mostly older code from previous releases. This is evidenced by the continuity of many well known bugs reported over the years, which help to ensure a sense of friendly familiarity with their customers. Product continuity is important, so you can’t just go releasing new software unless it is primarily made up of old software.
Something New
A shiny new splash screen, set of buttons, or a new menu option can usually be found to distinguish the old version from the new version. Naturally, something has to be updated in order to warrant a new major release. Since none of the codebase has effectively changed, the skin is crucial to passing off the illusion of a new major software version.
Something Borrowed
As we see by the large number of lawsuits against Microsoft, no new major release would be complete without “borrowing” a concept (or even source code) from another piece of software. Sprinkling the new distribution with one or two stolen ideas from a competing product helps to make it appear innovative and cutting-edge. In fact, in many cases, the borrowing of technology can even lead others to believe that it is the competing company doing the borrowing.
Something Blue
What major Microsoft release would be complete without a blue screen of death upon running the software. So much work has gone into the new release that you can expect there will be a limmited number of bugs that need to be ironed out. Usually, a service pack will be released to fix these blue screens within the first 24 months of the new version’s release, thanks to Microsoft’s speedy update schedule.
There you have it! That wasn’t so hard to figure out, was it?
Symantec and Censorship
Friday, February 6th, 2004| According to this report in the Sydney Morning Herald, Chief Operating Officer of Symantec, John Schwarz, was quoted as “calling for laws to make it a criminal offense to share information and tools online which could be used by malicious hackers and virus writers”. If this is the official stance from Symantec, then I must say I am convinced John Schwarz is smoking crack. Our country has a history of censorship blunders and what I call “censorship legislation” that has mucked up our legal system long enough and crippled the responsible citizens with little-to-no effect on actual crime. What’s even scarier is that a VP from Symantec was recently named the Dept. of Homeland Defense’s Cybersecurity director, putting friends of Symantec in high places where this legislation could actually become a reality. This short article will take a look at the negative effects of the censorship legislation backed by the COO of Symantec and also a couple of recent examples of “censorship legislation” … and what little effect it has had on criminals, while having a substantial effect on responsible citizens. I can only draw one of two conclusions about Mr. Schwarz based on this stance. In my opinion, he is either completely ignorant of the effects of this type of legislation, or he is an avid supporter of weakening American infrastructure, American jobs, and the US Constitution. |
Chrooting Daemons and System Processes HOWTO
Wednesday, March 12th, 2003Table of Contents
Part I: Introduction to Chrooting
- 1.1 What is chrooting?
- 1.2 When is it appropriate to chroot?
- 1.3 Can all daemons be chrooted?
- 1.4 Will chrooting affect my users?
- 1.5 What is entailed in chrooting?
Part II: Requirements gathering
- 2.1 Can we chroot this daemon?
- 2.2 An Introduction to truss, lsof, and ldd
- 2.3 Determining datafile dependencies
- 2.4 Creating a datafile strategy
- 2.5 Determining library dependencies
- 2.6 Finding a good home for the jail
Part III: Setting up a chrooted environment
- 3.1 Creating an empty jail
- 3.2 Copying program and datafiles, configuring cron
- 3.3 Copying libraries
- 3.4 Creating devices
- 3.5 Altering startup scripts
- 3.6 The Final Product
- 3.7 Logging through syslog
Part IV: Advanced Topics
- 4.1 How to tell if you’re chrooted
- 4.2 Breaking out of a chroot()ed cell
- 4.3 Frequent chroot() mistakes
Creating a Root-Kit Proof Saferoom
Monday, October 1st, 2001If you’re going to allow someone to come in and hack your system, at least make them work for it.