IT Security Blog

46 Security Flaws Fixed By iPhone 3.0

By

iphone-appsYup, 46! That is one heck of a lot of security flaws, don’t you think? Considering that the iPhone is being used by a lot of people to go online, it seems quite irresponsible of Apple to release a product that has so many flaws. Still, that has not stopped people from buying the iPhone. Indeed, the major reason people do not get one is the price and not the existence of security flaws. In any case, the recent iPhone 3.0 update has fixed those flaws.

Of the 46, six of the security flaws involve CoreGraphics. Without the update, if a user views a maliciously coded image, the application he is using may terminate suddenly. Alternatively, it can lead to arbitrary code execution. What that can lead to, who knows? Another flaw involves opening and viewing PDF files. Apple provides the same result: either application termination or arbitrary code execution.

There is also a flaw with regard to the mail client. Without the update, remote images in HTML messages are automatically fetched and loaded. There is no option to turn off this feature. With the update, this potential security flaw has been fixed.

Meanwhile, Safari can now be totally wiped clean – history of visited web pages and searches together – by accessing the option in the Setting menu. Previously, only the history of web sites was removed, and the searches remained. Now, iPhone users can rest easy knowing that they’ve left no traces behind.

Of course, there are other features to the updates, many of them not solely related to security.

Safari Hacked In Seconds

By

safariAnd I thought Apple was unhackable. That goes to show that there seems to be no such thing these days. After all, most everything has a “hole,” and it is only a matter of finding that hole and exploiting it, right?

Security expert Charlie Miller will surely agree with you, and unlike me, he can back up his statements too! Charlie Miller is known for hacking a MacBook Air last year. He did this feat in less than two minutes, and won $10,000 for it. He did not stop there, though. About two weeks ago, Miller joined another contest; this time to hack Safari.

He said that he discovered a hole in the security last year. This hole, when exploited, can give a remote user control of the machine. Miller was able to demonstrate how this is possible in about 10 seconds! This is how he did it: he got the computer user to click on a link (a “malicious URL”) and voila, in one click, he had control.

Naturally, the contest rules stipulate that Miller cannot disclose exactly how he got it done. He said, however, that he told the people at Apple the details of what he was planning to do. At the end of the day, everyone walks away happy. Miller gets his cash prize and the MacBook he used to boot. Apple, on the other hand, gets to discover a bug AND fix it as well.

As for us mere mortals, it just goes to show that we should be careful in clicking. 😉

Photo from http://www.flickr.com/photos/colinzhu/542471747/sizes/s/

Cellphone Deals Here…and there…. What’s the catch?

By

phishingSeems everybody is out for cheap deals on just about everything and who wouldn’t be in this recession where cash is hard to come by and jobs are being shed by the thousands. Now, there are truly some honest cell phone deals out there but you have to be sure you’re getting the right stuff. Having the latest phone gadget might be one thing but keeping that new phone secure from hacks is another. Sure you can get it cheap from the internet but how sure are you you’re getting the real stuff.
Criminals are becoming craftier than ever and they have even managed to copy branded products complete with all the security stickers and holographic security seals with them. They can also be pre-loaded with malware for the amount of computing power they pack is enough to emulate an ultraportable, in function that is. Just how dangerous are these hacking attempts, for mobile devices using Windows very dangerous for there is a group bent on exacting damage on the software giant.
ensuring you have the latest updates to your operating system is vital to maintaining your ability to fend off attacks. Having intrusion prevention systems installed is also a good thing for like your PC, they also need protection. Given the power of these gadgets and their ability to connect to the internet, they are not immune to attack. Let’s set this as an example, an unprotected PC connected to the internet for the first time will last an average of 15 minutes before it is hacked and compromised. Now you do the math for your mobile!

Improved Security With IE 8

By

Microsoft Announces 5,000 Job Cuts Amid Weak 2nd Quarter Earnings

Ever since Mozilla came into the picture, I have not been using Internet Explorer. I am sure that I am not alone in this – I have heard so many IE to Mozilla stories in the past years. With the release of Internet Explorer 8, however, some people might start to reconsider. Indeed, Microsoft is touting IE 8 to be its most secure web browser ever. (That’s not saying much, is it?)

Anyway, why should anyone want to use IE8? PC World has a write up on it and this is what they have to say about the security features:

Microsoft touts IE 8 as its most secure browser to date, and Microsoft has indeed added a good number of security features to the mix, ranging from phishing detection to private browsing, plus a new feature to prevent clickjacking, an emerging data theft threat.

IE 8 RC1 includes two security features under the ‘InPrivate’ label: InPrivate Browsing and InPrivate Filtering. Both existed in earlier prerelease versions of IE 8, but IE 8 RC1 lets you use the two features separately, whereas before each relied on the other.

That’s sounding good to me but is that all there is? Apparently not. Another feature that looks interesting is the Private Browsing feature, which is already being enjoyed by Safari users. IE8 also has InPrivate Filtering, which will prevent web sites from gathering data about other web sites that you got to. There seems to be more to it, though. Maybe we should give it a try and see what Microsoft has to offer this time?