IPhone Screengrab Issues

September 13, 2008 by Eliot 8 Comments

This is unfortunately another story we missed out on while we were trying to keep things from burning down. We told you that [Jonathan Zdziarski] was going to demonstrate iPhone lock code bypassing in a webcast. The real surprise came when he pointed out that the iPhone takes a screenshot every time you use the home button. It does this so it can do the scaling animation. The image files are presumably deleted immediately, but as we’ve seen before it’s nearly impossible to guarantee deletion on a solid state device. There’s currently no way to disable this behavior. So, even privacy conscious people have no way to prevent their iPhone from filling up storage with screenshots of all their text message, email, and browsing activities. Hopefully Apple will address this problem just like they did with the previous secure erase issue. O’Reilly promises to publish the full webcast soon.

[via Gizmodo]

Israeli Hacker “the Analyzer” Arrested

September 6, 2008 by Kimberly Lau 4 Comments

The Israeli hacker [Ehud Tenenbaum], known as “the Analyzer”, was arrested along with 3 Canadians for allegedly hacking into a Calgary-based financial services company and withdrawing almost CDN $2 million. The arrests were the results of a months-long investigation by both the Canadian police and the U.S. Secret Service. In 1998, [Tenenbaum] was accused of hacking into unclassified computer systems owned by NASA, and the Pentagon, among others. He is in custody without bail, although the three other suspects have been released on bond.

[thanks vor]

Security Flaw Allows Full Access To Locked IPhones

August 28, 2008 by Nick Caiello 2 Comments

[greenmymac] on the MacRumors forums recently exposed a security flaw that allows anyone full access to a locked iPhone running firmware version 2.0.2. The flaw works by entering the emergency call menu of a locked iPhone, and double tapping the home button. This opens the iPhone’s Favorites menu, allowing anyone in your Favorites to be called. From here, an attacker has access to your SMS messages and potentially your email or Safari browser. While we are sure that Apple has a patch for this flaw on the way in the next firmware update, there is a temporary way to secure your locked iPhone. Simply enter the Settings menu on your iPhone and enter General > Home Button and select “Home” or “iPod”. Now when you double tap your home button, it will navigate to either your home screen or the iPod screen. While this fix might be annoying for some, as of right now it seems like the only way to secure your locked iPhone.

[photo: Refracted Moments™]

[via Gizmodo]

Testing IR Camera Blocking

August 27, 2008 by Kimberly Lau 37 Comments

[youtube=http://www.youtube.com/watch?v=0u5hAfnq2-4&hl=en&fs=1&rel=0][randy] from F.A.T. tested the theory that infrared LEDs can actually hide you from the prying eyes of surveillance cameras. We’ve previously covered camouflage, IR, and other suggestions for eluding the cameras, but haven’t taken to sewing stuff onto our clothes yet. [randy] lined his hoodie with high-intensity infrared LEDs, hoping to create a halo effect that would hide his head, and tested his results. Unfortunately, his efforts were unsuccessful. He tested many many different combinations and we’re confident in his conclusion that it would be very hard to make this work.

IBM Sees Influx In Zero-day Exploits

August 26, 2008 by Benjamin Eckel 7 Comments

IBM’s X-Force security team has released a mid-year report(PDF) stating that the number of zero-day exploits is growing at an alarming rate. For those of you unfamiliar with the term, a zero-day exploit is a program that is created and implemented within 24 hours of the disclosure of a security flaw. These exploits usually affect users before they even know the vulnerability exists and long before a patch is made available. The researchers also found that many of these exploits were targeted at browser plug-ins, which most users utilize on a daily basis.

[Kris Lamb], X-Force operations manager, is blaming the problem on a lack of a unified process for disclosing vulnerabilities. He also claims that the long-held practice of publishing example code of vulnerabilities should be frowned upon.

[via Liquidmatrix]

Dan Kaminsky’s DNS Black Hat Video

August 25, 2008 by Eliot 3 Comments

Black Hat has published the media from Dan Kaminsky’s infamous DNS vulnerability talk. You can get the full video (101MB) or just the audio.

The full archive of slides and white papers from this year has been posted too.

Ruckingenur II: Reverse Engineering Video Game

August 25, 2008 by Caleb Kraft 31 Comments

[Zach Barth] has released Ruckingenur II, the game of reverse engineering. The latest in his Games for Engineers series, it is a full game with multiple levels and live action cut scenes. Set with a military theme, the goal is to reverse engineer enemy items. Pictured above is a lock to a weapons cache.

The pixelized style is consistent throughout. Even the cut scenes have the effect. The reverse engineering is fun enough to keep you interested while you learn. There is an in game help system that keeps you on track as well. Our only suggestion is that he get some better costumes next time!