This week it was announced that one of the core protocols that holds the internet together is fundamentally flawed. The problem is not with someone’s implementation of the protocol, but with the actual protocol itself. It’s hard to over-state just how big a deal this is. At the moment the details of the vulnerability are being kept secret to give the world time to patch, but you can get some technical information from the advisory issued by the US Cert. On Tuesday all the major DNS server vendors released patches at the same time. This is un-heard of, nothing like this has ever happened before in the history of the internet. That alone should bring home just how big this is.
Although the good-guys have successfully kept the details of the flaw secret to date, despite the large numbers of organisations involved, the reality is that the bad guys are frantically trying to figure this out as I type. It’s not a matter of if they’ll figure it out, but when. The security community have bought us time. That time should not be squandered, but used to protect the internet as a whole, and to protect ourselves.
(more…)
Everything went wrong for O2 today. With the iPhone 3G launch being the biggest day in the little phone companies life, well almost, and for most customers everything went wrong. Claiming unprecedented amount of customers wishing to purchase an iPhone, most Carphone Warehouse and most O2 Stores had limited supply of iPhones with some Carphone warehouse stores stocking one lonely 16GB model.
(more…)
Hi all, hope you’re all excited about the iPhone 3G launch on Friday 11th July (tomorow as I write this). I just wanted to write a quick post to let you know what’s happening with live coverage from an IMP point of view.
I personally will try to stream from about 6am GMT from the o2 store in Leeds, if I can get wifi etc, but I’d also like to mention our friend from the Apple Review Cast, John Meyer, who is in New York and will be streaming from 2am EST over at www.mogulus.com/applereviewcast he and his cohorts will also be doing a giveaway of 20 iPhone 3G invisible shields, so definately worth a look.
I’ve asked the rest of the team to update this post if they are going to be doing any streaming, so watch this spot!
Just a short note to let everyone know that email via me.com is up and running! I wish I had screen shots or something original to show but I don’t. I clicked over to this post on Gizmodo and setup my me.com mail on my Ipod Touch.
Try it out!!
Subscribe to IMP Live ! : iTunes / RSS / BTPodShow Profile Page
This week’s panel, Stu Helm, Chris Wall, Lewis King, Bart Busschots and John Soliman, discuss the latest news from the world of Apple, give you some reviews of new products and services and take calls from you, our listeners!
Podcast: Download (0.0KB)
Show Notes & Links (more…)
Although it is true that some Trojans use vulnerabilities like the current ARDAgent vulnerability to gain root access, they do not need to. The core message about Trojans is getting lost amidst all the talk about plugging this vulnerability. Even if there was not a single vulnerability in OS X we would be at the mercy of Trojans. That’s the whole point of Trojans. Any program you run can do anything you can do. Let’s think about that for a moment, what can you do on your system without needing a password? Here’s a short list for starters:
- You can run programs.
- You can read, edit, and delete files
- You can use the network
- You can set programs to auto-start each time you log in
Remember, a Trojan is just an ordinary program that pretends to do something you want, but actually does something else. It could delete all your files. It could run a key logger and phone home with your credit card number, user names and passwords, bank details etc.. It could use your machine to send spam. It can set itself to automatically run each time you log in and continue with it’s nefarious actions. It can do all this WITHOUT the need to exploit a single vulnerability in your OS or your software. If you can do it, a Trojan can. Think about that for a second, it’s not a comforting thought!
(more…)
The next update to OS X Leopard hit Software Update today as well as a security update for OS X Tiger. As well as a few bug fixes and some under the hood stuff 10.5.4 also contains all the same security fixes which were released separately for Tiger. You can get the full list from Apple here. The executive summary boils down to the usual array of potential crashes and arbitrary code execution. However, two bugs stand out as being particularly nasty, one in SAMBA (Windows File Sharing) which leaves you computer open to exploitation over the network if you’re sharing out folder over SAMBA, and one in Safari which leaves you vulnerable to being exploited by simply visiting a web page. Notably absent from this list of fixes is the issue with ARDAgent which is currently being exploited by an OS X Trojan (more in my previous post).
Bottom line, even if you don’t use Safari or Windows file sharing you should update soon, but if you do you should probably update ASAP.
