Apple Finally Fixes DNS Bug

September 15, 2008 by Eliot 4 Comments

With today’s release of Security Update 2008-006 Apple has finally addressed this summer’s DNS bug. In their previous update they fixed BIND, but that only affects people running servers. Now, they’ve updated mDNSResponder. Clients are no longer susceptible to DNS cache poisoning attacks thanks to the inclusion of source port randomization.

The Security Update addresses some other interesting bugs. Time Machine was saving sensitive logs without using the proper permissions, so any user could view them.

[photo: edans]

Apple Tries To Stop Sneaker Hackers

September 14, 2008 by Caleb Kraft 19 Comments

Apparently, Apple has decided that extending DRM to your Nike accessories will keep hackers at bay. Sick of people cutting the sensors out of their Nike shoes for use on other apparell, they have applied for a patent. Ever noticed the warning that it’s illegal to pull the tag off of a mattress? Did that stop you?

[via Slashdot]

IPhone Screengrab Issues

September 13, 2008 by Eliot 8 Comments

This is unfortunately another story we missed out on while we were trying to keep things from burning down. We told you that [Jonathan Zdziarski] was going to demonstrate iPhone lock code bypassing in a webcast. The real surprise came when he pointed out that the iPhone takes a screenshot every time you use the home button. It does this so it can do the scaling animation. The image files are presumably deleted immediately, but as we’ve seen before it’s nearly impossible to guarantee deletion on a solid state device. There’s currently no way to disable this behavior. So, even privacy conscious people have no way to prevent their iPhone from filling up storage with screenshots of all their text message, email, and browsing activities. Hopefully Apple will address this problem just like they did with the previous secure erase issue. O’Reilly promises to publish the full webcast soon.

[via Gizmodo]

IPhone 2.1 Firmware Jailbroken

September 13, 2008 by Eliot 11 Comments

The iphone-dev team seems to still be on top of their game. Only a day after the iPhone 2.1 firmware update was released, they’ve updated both the PwnageTool and QuickPwn to deal with the release. They haven’t begun work on the iPod Touch 2G yet, since no one on the team has one yet.

We tend to agree with Engadget; jailbreaking is becoming less and less important to casual users. Now average users can buy an iPhone in their own country and run apps from the official store. A much different place than we were only a year ago. We know most of our audience are power users though and definitely want out of Apple’s walled garden, but that’s only a small percentage of iPhone users.

EFiX USB Dongle Off To A Rocky Start

September 12, 2008 by Joey Celis 2 Comments

According to InsanelyMac forum member [qbattersby] the EFiX USB dongle he just received doesn’t seem to live up to expectations. We covered the EFiX when it was announced back in June. It’s designed to let you install OSX unmodified on commodity hardware. While using a MSI G965M motherboard, instead of installing OSX [qbattersby] was greeted with a flashing cursor with no option to continue onward.

A quick glance at the EFiX hardware compatibility chart does not list the MSI G965M as a board verified to work with the dongle and could explain [qbattersby] results. To his defense, he does explain that he will be testing it on a supported motherboard along with a retail copy of Leopard in the future. Hopefully, he will be able to post back that it works and his experience with the installation of Leopard.

While the EFiX seems to be shipping in some countries, enthusiasts in the US will have to wait a bit longer till distribution channels can be worked out.

One thing is for sure, if you do plan on going the EFiX route, make sure that the hardware you plan on using is listed on their site.

[via Engadget]

Mac Tablets Made By Fans

July 14, 2008 by Caleb Kraft 17 Comments

Macintosh makes a lot of wonderful pieces of technology, but they do not make a tablet. Pictured above is the Modbook, the closest you can currently get to a Mac tablet. Though not officially built by Apple, they are an Apple Premier Developer and that isn’t too shabby.

Several people have taken it upon themselves to fashion Mac tablets of their own, varying from extremely professional looking finishes down to duct tape and wire. Lets take a look at some of the more popular ones out there.

Continue reading “Mac Tablets Made By Fans” →

ARDAgent.app Still Vulnerable

July 5, 2008 by Eliot 1 Comment

When Apple pushed their most recent security update, the first thing we checked was whether the ARDAgent issue was fixed. It’s not. This vulnerability lets anyone execute code as a privileged user and versions of this attack have already been found in the wild. While several Ruby, SMB, and WebKit issues were addressed it, ARDAgent is still unpatched. [Dino Dai Zovi] has published the method by which ARDAgent actually becomes vulnerable: when it starts, it installs its own Apple Event handlers and calls AESetInteractionAllowed() with kAEInteractWithSelf. This should restrict it only to its own events, but for some reason that’s not the resulting behavior. He also pointed out that SecurityAgent has displayed similar weirdness; it is vulnerable to Apple Events even though it doesn’t calls an Apple Events function. We can see how this unexpected behavior could make patch development take much longer and may end up uncovering an even bigger problem. Check out [Dino]’s post for more information.