- Using the cloud to deliver security, ReadWriteWeb
- Facebook private pages still accessible, The Register
- New programming language with security baked right in, Slashdot
- Flaw allows bypassing of iPhone lock code, Wired
- Security and privacy app for Facebook debuts, ReadWriteWeb
- Rise of the small botnet, Slashdot
- Firefox zero day under attack at Noble Prize site, Zero Day
- Mozilla patches critical Firefox zero day flaw, The Register
- Critical vulnerabilities in Firefox 3.5, 3.6, Mozilla Security Blog
- Facebook worm ported to OS X, Zero Day
- New credit card flash attack may be responsible for up to $500K stolen a month, The Register
- Adobe Reader drive-by zero day flaw actively under attack, The Register
- Inside Google’s anti-malware operation, Slashdot
- Hiding back doors in hardware, Slashdot
- Cracking complex 14 character passwords in 5 seconds, CIO Zone, via Hacker News
I saw the scoop first via Nat’s Four Short Links on O’Reilly Radar. The original source is a blog post from one of the Linux on iPhone developers, planetbeing. Apparently he has been working on this for a bit, substantiated by the lengthy video demonstrating the considerable results of his efforts. Watching the video it looks like most of the work went into the bootloader and chaining that to what I am pretty sure is an ARM build of the Linux kernel which hands off to Android.
This demo, as impressive as it is, is rough. Some of that planetbeing and his team will be able to address, mostly in terms of optimizing to improve responsiveness. I am surprised and impressed that the GSM functions work at this early stage. The biggest hurdle, a solution for which is unclear, is the smaller number of buttons on the iPhone. For now, they’ve taken over the volume switch to help make up the difference though that is clearly counter intuitive. Some other solution would be preferable in the long run.
What has me really jazzed about this is the possibilities for older hardware. I was irritated by the unavailability of the forthcoming iPhone OS 4 for my 1G iPod Touch. It is only 2 years old, it is ridiculous that Apple already considers it obsolete. If I am patient, I expect I may be able to run Android on my iPod. The button problem will be even worse as the original Touch doesn’t have an external volume control. Despite that I’d be happy with anything that let’s me move away from Apple’s closed platform without having to spend a huge chunk of change for a new Android tablet.
planetbeing’s efforts, as primitive as they may be right now, make me feel better about the overwhelming urge towards control Apple has been exhibiting with its peripheral devices. The harder they squeeze, the more they exclude, the greater the desire for hackers to breach the walls, climb over them, or simply do something great all on their own. I should have never doubted by warranty voiding brethren in their desire and ability to disregard closed systems and create such Lamarckian beauties.
- Remote malware injection via network controller
- Security holes find in smart meters
- Apple fixes dozens of security holes
- Emergency MSIE patch
- Hacker finds a way to exploit PDF even without a vulnerability
- Adobe, Foxit looking at PDEF executable hack
- Trivial iPhone flaw leads to privacy leak
- The chilling effects of malware
- Researchers pick apart search engine poisoning
- Privacy glitch exposes Facebook users’ emails briefly
- Mozilla close to fixing info leak with CSS history
- Java patch closes 27 holes
- Facebook phishing campaign also serving malware
- Mozilla first to patch pwn2own flaw
- Chuck Norris botnet
- US inadvertently enable Chinese attack on Google, others
- Google to re-confirm opt-in details for Google buzz
- iPhone OS rootkit demonstrated
- Comcast launches first public DNSSEC trial
- Adobe fixes critical flaw in download manager
- Latest Twitter phishing scam
- GoDaddy wants your root password
- Microsoft uses legal means to stop botnet
- FB glitch sends private messages to wrong people
- Femtocells found vulnerable to attack
- Botnets attacks using junk SSL connections
- Code execution holes in iPhone, iPod Touch
- Security fixes for iPhone OS
- Security flaw exposes iPhone to phishing attack
- Is Chinese root CA in Mozilla a risk?
- Details on latest Twitter exploit
- Trojan that hides itself in help files
- New IE data leak vulnerability
- iPhone backup password cracker released
- Trojans found in a couple of Firefox add-ons
- Recent ruling shores up DMCA safe harbor
David Kravets at Wired explains the ruling in the UMG v. Veoh suit, the second suit labeled against the video sharing site for the same issue. For its flaws, this is good evidence that at least the DMCA safe harbors can work as an acceptable compromise. Even better, it affirms that as long as the safe harbors are operated, services are not required to actively filter copyrighted content, an activity that has repeatedly squashed fair use where it has been undertaken.
- More on advanced usage tracking techniques
The EFF has a pretty good survey of the state of the art, going beyond traditional browser cookies. There are links to research specifically within the last year, especially on Flash cookies which are resistant to user control. This is the first time I’ve seen a Firefox plugin recommended, though, to try to help users wrest some control back from advertisers. This is the first of several parts, given how well linked and cited this is, I am looking forward to the future parts.
- A broadcast flag may be coming for the UK
The EFF explains about a consultation held at the request of the BBC that seeks to consider the question of content protection. The EFF reminds us of the risks of such a protection scheme, seen here in the US as a broadcast flag, in terms of stifling innovation. The proposed scheme here is a bit backhanded, an obscured compression of channel listing metadata, but the intent is obviously the same.
- Novell launches MonoTouch to bring .NET to the iPhone
At Ars, Ryan Paul explains how Novell got around the constraints on alternate runtimes and JIT compilers. I am actually a bit conflicted by this story. On the one hand, it is opening up the iPhone to alternate technologies and development environments making it more accessible. But on the other, it is .NET of which I am no fan mostly because of my concern that Microsoft will yank the rug from under Mono eventually.
- Explaining Microsoft’s, Google’s open tactics as self interest
I initially balked at this piece from Matt Asay as I think he was starting to give too much credit to Microsoft. He then took it in an interesting direction, though, proposing a theory for why both Google and Microsoft would make moves seemingly counter to their core business. There is a certain poetry to the notion that by explicitly giving customers support for the choice to leave, they are less likely to actually do so.