«
Expand/Collapse
174 items tagged "apple"
Related tags:
quicktime [+],
jailbreak [+],
vulnerability [+],
darknet [+],
apple tv [+],
memory corruption [+],
mac os x [+],
google [+],
apple sa [+],
Software [+],
version [+],
software update [+],
multiple [+],
steve jobs [+],
safari [+],
hacking [+],
file [+],
code execution [+],
arbitrary code execution [+],
apple ios [+],
video [+],
pdf [+],
malware [+],
ipad [+],
directory services [+],
directory [+],
charlie miller [+],
chaos communication congress [+],
buffer overflow vulnerability [+],
apple directory [+],
Bugs [+],
x appletv [+],
wol e [+],
wol [+],
wake [+],
vuln [+],
tracking [+],
randy robbins [+],
plugs [+],
movie file [+],
movie [+],
memory [+],
macs [+],
mac address [+],
location [+],
lan hacking [+],
lan [+],
kevin estis [+],
forensic data [+],
corefoundation [+],
colorsync [+],
classic [+],
apple computers [+],
app [+],
zero day [+],
x google [+],
website [+],
vendor [+],
untethered [+],
txt [+],
trojan [+],
time [+],
store [+],
spammers [+],
sophos [+],
site [+],
siri [+],
security vulnerability [+],
security holes [+],
security certificate [+],
scripting [+],
rogue application [+],
retired [+],
privacy [+],
os x [+],
nicolas seriot [+],
new [+],
multiple buffer overflow [+],
moaub [+],
microsoft [+],
mac malware [+],
mac antivirus [+],
laptop [+],
keyboard [+],
java [+],
iphones [+],
iphone 4 [+],
integrity protection [+],
integer overflow vulnerability [+],
holes [+],
haven [+],
handling [+],
hacker [+],
flashback [+],
fix [+],
firmware [+],
felix [+],
exploit [+],
critical [+],
consumers trust [+],
client platforms [+],
client [+],
certificate chain [+],
ceo of apple [+],
black hat [+],
avira [+],
audio [+],
arbitrary [+],
apple usb keyboard [+],
apple quicktime player [+],
apple products [+],
apple plugs [+],
apple issues [+],
apple cross [+],
apple applications [+],
android [+],
iphone [+],
bugtraq [+],
zero [+],
xss [+],
xsan [+],
xprotect [+],
x update [+],
x snow [+],
x lion [+],
windows version [+],
windows os [+],
windows [+],
william james [+],
web habits [+],
web apps [+],
weapon of choice [+],
vulnerable [+],
voip [+],
vintage [+],
vanessa brunet [+],
users [+],
user interface design [+],
user [+],
usb [+],
usability [+],
usa [+],
url data [+],
url [+],
type font [+],
tv video converter [+],
tv software [+],
tv hacking [+],
tv 5 [+],
tv 2 [+],
track [+],
tiny package [+],
time capsule [+],
threshold [+],
text buffer [+],
text [+],
telecom [+],
targets [+],
talk [+],
system [+],
synthesizer [+],
swf [+],
surging [+],
string [+],
station [+],
stanza [+],
standby battery life [+],
ss7 sigtran [+],
squashes [+],
south [+],
source media [+],
software codecs [+],
smartphones [+],
skyhook wireless [+],
siri gets [+],
shown [+],
should [+],
serious [+],
security restrictions [+],
security hole [+],
security flaws [+],
security flaw [+],
security chief [+],
security bug [+],
secret lair [+],
scheme [+],
scams [+],
sandboxed [+],
sandbox [+],
san [+],
samsung [+],
s ii [+],
roundup [+],
rockbox [+],
rim [+],
reverse engineering [+],
retrospective [+],
resistor [+],
resigns [+],
researcher [+],
pwnagetool [+],
pwn [+],
punch [+],
protection [+],
pre [+],
pocket space [+],
platform [+],
plaster [+],
plain [+],
pinhead [+],
ping service [+],
ping [+],
pin [+],
pict [+],
piano [+],
phone [+],
philippe langlois [+],
philip k. dick [+],
philip k dick [+],
pgp users [+],
pgp [+],
patch [+],
passwords [+],
pages [+],
overhaul [+],
officeimport [+],
news [+],
network [+],
neat piece [+],
native apps [+],
native app [+],
mpeg [+],
mozilla [+],
moment [+],
mimic [+],
military [+],
mechanical keyboard [+],
mechanical key [+],
mcafee [+],
max os [+],
mass. [+],
mass hack [+],
mass [+],
malware removal tool [+],
malformed [+],
major [+],
mail [+],
mac osx [+],
mac os x update [+],
mac os x security [+],
mac linux [+],
mac defender [+],
mac bug [+],
mac app [+],
m jpeg [+],
lzw [+],
locked [+],
linux windows [+],
linux [+],
lily allen suing [+],
lily allen [+],
leopard [+],
leaves [+],
launches [+],
laptop batteries [+],
l. aaron kaplan [+],
kills [+],
jpeg data [+],
joseph conrad [+],
java vulnerability [+],
java patch [+],
japan [+],
james joyce [+],
jailbreakme [+],
jailbreaking [+],
jack [+],
iwork [+],
ipod touch [+],
ipod firmware [+],
ipod [+],
iphone 5 [+],
ip geolocation [+],
investigate [+],
interface feature [+],
infosec world [+],
information disclosure vulnerability [+],
infections [+],
image [+],
hushing [+],
house [+],
hole [+],
hires [+],
heart [+],
hackers [+],
hacked [+],
hackaday [+],
hack contest [+],
hack attack [+],
hack [+],
gps [+],
gif [+],
ghost [+],
gatekeeper [+],
gaping [+],
g users [+],
fundamental precepts [+],
functionality [+],
ftc [+],
fring [+],
french company [+],
free anti virus software [+],
free anti virus [+],
framework [+],
forum user [+],
forensic [+],
flic [+],
flaws [+],
flash [+],
firefox [+],
finding [+],
filer [+],
feature [+],
facebook [+],
exploits [+],
existence thanks [+],
excel [+],
evo [+],
engineering [+],
encryption features [+],
embedded [+],
eat [+],
east coast [+],
earthquake [+],
e reader [+],
disgraced [+],
dino dai zovi [+],
digital synthesizer [+],
diginotar [+],
developer program [+],
detection [+],
deskthority [+],
desk clock [+],
deadbolt [+],
day [+],
dallas [+],
curse [+],
crowd [+],
crash [+],
converter [+],
containing [+],
compromise [+],
comments section [+],
comex [+],
com [+],
code tools [+],
code [+],
click [+],
clamps [+],
chief architect [+],
charles edge [+],
certificates [+],
ceo of [+],
cell [+],
catarina [+],
capsule [+],
candidates [+],
bug count [+],
bug [+],
buffer overflow vulnerabilities [+],
brings [+],
box [+],
boston [+],
boss [+],
book [+],
boaz zilberman [+],
boaz [+],
big brother [+],
bidirectional [+],
begin [+],
becoming [+],
bans [+],
bandwidth constraints [+],
b trojan [+],
attacking [+],
apps [+],
apple xss [+],
apple users [+],
apple to [+],
apple timer [+],
apple sued [+],
apple squashes [+],
apple safari [+],
apple requires [+],
apple removes [+],
apple releases [+],
apple ranks [+],
apple pushes [+],
apple purges [+],
apple platform [+],
apple plans [+],
apple pays [+],
apple opens [+],
apple newton [+],
apple mobile [+],
apple microsoft [+],
apple mac os x [+],
apple mac os [+],
apple logging [+],
apple laptop [+],
apple kills [+],
apple java [+],
apple iphone [+],
apple ipad [+],
apple hires [+],
apple flaws [+],
apple flavor [+],
apple fails [+],
apple clamps [+],
apple boss [+],
apple bans [+],
apple appkit [+],
apple app [+],
apple adds [+],
apple accused [+],
anti virus software [+],
andrew filer [+],
andrew [+],
and [+],
alert feature [+],
alert [+],
airport base [+],
Tools [+],
Public [+],
Hackerspaces [+],
HackIt [+],
ExploitsVulnerabilities [+],
ATT [+],
ARM [+],
3gs [+],
read [+],
apple security [+],
apple quicktime [+],
update [+],
security advisory [+],
security [+],
ios [+],
advisory [+],
vulnerabilities [+],
mac [+],
hacks [+],
mac os [+]
-
-
15:14
»
Packet Storm Security Advisories
Apple Security Advisory 2012-05-14-1 - This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.
-
-
11:01
»
Hack a Day
We love the look of this papercraft piano which [Catarina] built along with some friends at NYC Resistor, a hackerspace in the big apple. It starts off as a cubic black box with a white top. But just lift that top as [Catarina] does in the video after the break and three of the sides [...]
-
-
22:36
»
SecDocs
Authors:
Felix 'FX' Lindner Tags:
Mac OS X Google iPhone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: We will discuss the two different approaches Apple and Google take for the client platforms iPad and Chromebook, how they are similar and how they are not. From the security architecture and integrity protection details to your account and identity that links you firmly back to the respective vendor, we will provide the big picture with occasional close-up shots. Here is what powers the vendor has over you, or what powers he gives to arbitrary unwashed attackers at conferences through fails in logic, binary or HTML.
-
22:36
»
SecDocs
Authors:
Felix 'FX' Lindner Tags:
Mac OS X Google iPhone Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: We will discuss the two different approaches Apple and Google take for the client platforms iPad and Chromebook, how they are similar and how they are not. From the security architecture and integrity protection details to your account and identity that links you firmly back to the respective vendor, we will provide the big picture with occasional close-up shots. Here is what powers the vendor has over you, or what powers he gives to arbitrary unwashed attackers at conferences through fails in logic, binary or HTML.
-
-
17:58
»
Packet Storm Security Advisories
Apple Security Advisory 2012-03-12-1 - Safari version 5.1.4 is now available and addresses 84 different vulnerabilities. This includes many fixes for WebKit related issues.
-
17:58
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-03-12-1 - Safari version 5.1.4 is now available and addresses 84 different vulnerabilities. This includes many fixes for WebKit related issues.
-
17:58
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-03-12-1 - Safari version 5.1.4 is now available and addresses 84 different vulnerabilities. This includes many fixes for WebKit related issues.
-
-
15:24
»
Packet Storm Security Recent Files
WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include bruteforcing the MAC address to wake up clients, sniffing WOL attempts and passwords, scanning for Apple devices and more.
-
15:24
»
Packet Storm Security Tools
WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include bruteforcing the MAC address to wake up clients, sniffing WOL attempts and passwords, scanning for Apple devices and more.
-
15:24
»
Packet Storm Security Misc. Files
WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include bruteforcing the MAC address to wake up clients, sniffing WOL attempts and passwords, scanning for Apple devices and more.
-
-
13:45
»
Hack a Day
We haven’t really covered many hacks having to do with Apple’s newest iPhone feature Siri. We’d bet you’ve already heard a bunch about the voice-activated AI assistant and here’s your chance to give it the keys to your house. This project uses Siri to actuate the deadbolt on an entry door in a roundabout sort [...]
-
-
19:45
»
Packet Storm Security Advisories
Apple Security Advisory 2011-10-12-6 - Numbers for iOS version 1.5 is now available and addresses multiple arbitrary code execution vulnerabilities.
-
19:45
»
Packet Storm Security Recent Files
Apple Security Advisory 2011-10-12-6 - Numbers for iOS version 1.5 is now available and addresses multiple arbitrary code execution vulnerabilities.
-
19:45
»
Packet Storm Security Misc. Files
Apple Security Advisory 2011-10-12-6 - Numbers for iOS version 1.5 is now available and addresses multiple arbitrary code execution vulnerabilities.
-
-
19:01
»
Packet Storm Security Advisories
Apple Security Advisory 2011-10-11-1 - iTunes 10.5 has been released and addresses CoreFoundation, ColorSync, CoreAudio, CoreMedia, ImageIO, WebKit, and various other vulnerabilities.
-
19:01
»
Packet Storm Security Recent Files
Apple Security Advisory 2011-10-11-1 - iTunes 10.5 has been released and addresses CoreFoundation, ColorSync, CoreAudio, CoreMedia, ImageIO, WebKit, and various other vulnerabilities.
-
19:01
»
Packet Storm Security Misc. Files
Apple Security Advisory 2011-10-11-1 - iTunes 10.5 has been released and addresses CoreFoundation, ColorSync, CoreAudio, CoreMedia, ImageIO, WebKit, and various other vulnerabilities.
-
-
11:26
»
Wirevolution
Technically the iPhone 4S doesn’t really pull ahead of the competition: Android-based phones like the Samsung Galaxy S II.
The iPhone 4S even has some worse specifications than the iPhone 4. It is 3 grams heavier and its standby battery life is 30% less. The screen is no larger – it remains smaller than the standard set by the competition. On the other hand the user experience is improved in several ways: the phone is more responsive thanks to a faster processor; it takes better photographs; and Apple has taken yet another whack at the so-far intractable problem of usable voice control. A great benefit to Apple, though not so much to its users, is that the new Qualcomm baseband chip works for all carriers worldwide, so Apple no longer needs different innards for AT&T and Verizon (though Verizon was presumably disappointed that Apple didn’t add a chip for LTE support).
Since its revolutionary debut, the history of the iPhone has been one of evolutionary improvements, and the improvements of the iPhone 4S over the iPhone 4 are in proportion to the improvements in each of the previous generations. The 4S seems to be about consolidation, creating a phone that will work on more networks around the world, and that will remain reliably manufacturable in vast volumes. It’s a risk-averse, revenue-hungry version, as is appropriate for an incumbent leader.
The technical improvements in the iPhone 4S would have been underwhelming if it had been called the iPhone 5, but for a half-generation they are adequate. By mid-2012 several technologies will have ripened sufficiently to make a big jump.
First, Apple will have had time to move their CPU manufacturing to TSMC’s 28 nm process, yielding a major improvement in battery life from the 45 nm process of the current A5, which will be partially negated by the monstrous power of the rumored 4-core A6 design, though the Linley report cautions that it may not be all plain sailing.
Also by mid-2012 Qualcomm may have delivered a world-compatible single-chip baseband that includes LTE (aka ‘real 4G’).
But the 2012 iPhone faces a serious problem. It will continue to suffer a power, weight and thin-ness disadvantage relative to Samsung smartphones until Apple stops using LCD displays. Because they don’t require back-lighting, Super AMOLED display panels are thinner, lighter and consume less power than LCDs. Unfortunately for Apple, Samsung is the leading supplier of AMOLED displays, and Apple’s relationship with Samsung continues to deteriorate. Other LCD alternatives like Qualcomm’s Mirasol are unlikely to be mature enough to rely on by mid-2012. The mid-2012 iPhone will need a larger display, but it looks as though it will continue to be a thick, power hungry LCD.
-
-
7:19
»
Wirevolution
Today Rethink Wireless reported that Facebook is moving towards HTML 5 in preference to native apps on phones.
When the iPhone in arrived 2007, this was Steve Jobs’ preferred way to do third party applications:
We have been trying to come up with a solution to expand the capabilities of the iPhone so developers can write great apps for it, but keep the iPhone secure. And we’ve come up with a very. Sweet. Solution. Let me tell you about it. An innovative new way to create applications for mobile devices… it’s all based on the fact that we have the full Safari engine in the iPhone. And so you can write amazing Web 2.0 and AJAX apps that look and behave exactly like apps on the iPhone, and these apps can integrate perfectly with iPhone services. They can make a call, check email, look up a location on Gmaps… don’t worry about distribution, just put ‘em on an internet server. They’re easy to update, just update it on your server. They’re secure, and they run securely sandboxed on the iPhone. And guess what, there’s no SDK you need! You’ve got everything you need if you can write modern web apps…
But the platform and the developer community weren’t ready for it, so Apple was quickly forced to come up with an SDK for native apps, and the app store was born.
So it seems that Apple was four years early on its iPhone developer solution, and that in bowing to public pressure in 2007 to deliver an SDK, it made a ton of money that it otherwise wouldn’t have:
A web service which mirrors or enhances the experience of a downloaded app significantly weakens the control that a platform company like Apple has over its user base. This has already been seen in examples like the Financial Times newspaper’s HTML5 app, which has already outsold its former iOS native app, with no revenue cut going to Apple.
-
14:45
»
Hack a Day
Provided you haven’t been toiling away in a secret lair somewhere (we’re looking at you [Jack]), odds are you may have seen the news that [Steve Jobs] stepped down as CEO of Apple this past Wednesday. This earth-shattering news even eclipsed that of the East Coast Megaquakeapocalypse. It sent the blogosphere into a tizzy, [...]
-
-
10:01
»
Hack a Day
Deskthority forum user [lowpoly] recently posted a writeup on his complete overhaul of an Apple M0110 mechanical keyboard. Any one familiar with the satisfying clack of a good mechanical key under their fingers can appreciate the effort put into this project. [lowpoly] removed the keyboard’s PCB, rewired the key matrix adding diodes, built in a [...]
-
-
5:58
»
Hack a Day
When you think about hacking laptops, it’s highly unlikely that you would ever consider the battery as a viable attack vector. Security researcher [Charlie Miller] however, has been hard at work showing just how big a vulnerability they can be. As we have been discussing recently, the care and feeding of many batteries, big and [...]
-
-
5:06
»
Hack a Day
A few days ago, we featured an Apple ][ USB keyboard mod, and several readers chimed in sharing their own retro conversions in the comments section. We had no idea that many of you had made similar modifications of your own, so here’s a quick roundup of what your fellow Hackaday readers have put together. [...]
-
-
16:01
»
Hack a Day
Sometimes it’s apparent that there is no practical use for something featured on Hack a Day, but we don’t know if [Andrew Filer]‘s Apple ][ USB keyboard qualifies for this. After reading through the very thorough documentation available in electronic and dead tree formats, [Andrew] decided that Apple ][ would make a great USB keyboard. [...]
-
-
15:30
»
Wirevolution
I have some deep seated opinions about user interfaces and usability. It normally only takes me a few seconds to get irritated by a new application or device, since they almost always contravene one or more of my fundamental precepts of usability. So when I see a product that gets it righter than I could have done myself, I have to say it warms my heart.
I just noticed a few minutes ago, using Chrome, that the tabs behave in a better way than on any other browser that I have checked (Safari, Firefox, IE8). If you have a lot of tabs open, and you click on an X to close one of them, the tabs rearrange themselves so that the X of the next tab is right under the mouse, ready to get clicked to close that one too. Then after closing all the tabs that you are no longer interested in, when you click on a remaining one, the tabs rearrange themselves to a right size. This is a very subtle user interface feature. Chrome has another that is a monster, not subtle at all, and so nice that only stubborn sour grapes (or maybe patents) stop the others from emulating it. That is the single input field for URLs and searches. I’m going to talk about how that fits with my ideas about user interface design in just a moment, but first let’s go back to the tab sizing on closing with the mouse.
I like this feature because it took a programmer some effort to get it right, yet it only saves a user a fraction of a second each time it is used, and only some users close tabs with the mouse (I normally use Cmd-W), and only some users open large numbers of tabs simultaneously. So why did the programmer take the trouble? There are at least two good reasons: first, let’s suppose that 100 million people use the Chrome browser, and that they each use the mouse to close 12 tabs a day, and that in 3 of these closings, this feature saved the user from moving the mouse, and the time saved for each of these three mouse movements was a third of a second. The aggregate time saved per day across 100 million users is 100 million seconds. At 2,000 working hours per year, that’s more than 10 work-years saved per day. The altruistic programmer sacrificed an hour or a day or whatever of his valuable time, to give the world far more. But does anybody apart from me notice? As I have remarked before, at some level the answer is yes.
The second reason it was a good idea for the programmer to take this trouble is to do with the nature of usability and choice of products. There is plenty of competition in the browser market, and it is trivial for a user to switch browsers. Usability of a program is an accretion of lots of little ingredients. So in the solution space addressed by a particular application, the potential gradation of usability is very fine-grained, each tiny design decision moving the needle a tiny increment in the direction of greater or lesser usability. But although ease of use of an application is an infinitely variable property, whether a product is actually used or not is effectively a binary property. It is a very unusual consumer (guilty!) who continues to use multiple browsers on a daily basis. Even if you start out that way you will eventually fall into the habit of using just one. For each user of a product, there is a threshold on that infinite gradation of usability, that balances against the benefit of using the product. If the product falls below that effort/benefit threshold it gradually falls into disuse. Above that threshold the user forms the habit of using it regularly. Many years ago I bought a Palm Pilot. For me, that user interface was right on my threshold. It teetered there for several weeks as I tried to get into the habit of depending on it, but after I missed a couple of important appointments because I had neglected to put them into the device, I went back to my trusty pocket Day-Timer. For other people, the Palm Pilot was above their threshold of usability, and they loved it, used it and depended on it. Not all products are so close to the threshold of usability. Some fall way below it. You have never heard of them – or maybe you have: how about the Apple Newton? And some land way above it; before the iPhone nobody browsed the Internet on their phones – the experience was too painful. In one leap the iPhone landed so far above that threshold that it routed the entire industry.
The point here is that the ‘actual use’ threshold is a a razor-thin line on the smooth scale of usability, so if a product lies close to that line, the tiniest, most subtle change to usability can move it from one side of the line to the other. And in a competitive market where the cost of switching is low, that line isn’t static; the competition is continuously moving the threshold up. This is consistent with “natural selection by variation and survival of the fittest.” So product managers who believe their usability is “good enough,” and that they need to focus on new features to beat the competition are often misplacing their efforts – they may be moving their product further to the right on the diagram above than they are moving it up.
Now let’s go on to Chrome’s single field for URLs and searches. Computer applications address complicated problem spaces. In the diagram below, each circle represents the aggregate complexity of an activity performed with the help of a computer. The horizontal red line represents the division between the complexity handled by the user, and that handled by the computer. In the left circle most of the complexity is dealt with by the user, in the right circle most is dealt with by the computer. For a given problem space, an application will fall somewhere on this line. For searching databases HAL 9000 has the circle almost entirely above this line, SQL is way further down. The classic example of this is the graphical user interface. It is vastly more programming work to create a GUI system like Windows than a command-line system like MS-DOS, and a GUI is correspondingly vastly easier on the user.
Its single field for typing queries and URLs clearly makes Chrome sit higher on this line than the browsers that use two fields. With Chrome the user has less work to do: he just gives the browser an instruction. With the others the user has to both give the instruction and tell the computer what kind of instruction it is. On the other hand, the programmer has to do more work, because he has to write code to determine whether the user is typing a URL or a search. But this is always going to be the case when you make a task of a given complexity easier on the user. In order to relieve the user, the computer has to handle more complexity. That means more work for the programmer. Hard-to-use applications are the result of lazy programmers.
The programming required to implement the single field for URLs and searches is actually trivial. All browsers have code to try to form a URL out of what’s typed into the address field; the programmer just has to assume it’s a search when that code can’t generate a URL. So now, having checked my four browsers, I have to partially eat my words. Both Firefox and IE8, even though they have separate fields for web addresses and searches, do exactly what I just said: address field input that can’t be made into a URL is treated as a search query. Safari, on the other hand, falls into the lazy programmer hall of shame.
This may be a result of a common “ease of use” fallacy: that what is easier for the programmer to conceive is easier for the user to use. The programmer has to imagine the entire solution space, while the user only has to deal with what he comes across. I can imagine a Safari programmer saying “We have to meet user expectations consistently – it will be confusing if the address field behaves in an unexpected way by doing a search when the user was simply mistyping a URL.” The fallacy of this argument is that while the premise is true (“it is confusing to behave in an unexpected way,”) you can safely assume that an error message is always unexpected, so rather than deliver one of those, the kind programmer will look at what is provoking the error message, and try to guess what the user might have been trying to achieve, and deliver that instead.
There are two classes of user mistake here: one is typing into the “wrong” field, the other is mistyping a URL. On all these browsers, if you mistype a URL you get an unwanted result. On Safari it’s an error page, on the others it’s an error page or a search, depending on what you typed. So Safari isn’t better, it just responds differently to your mistake. But if you make the other kind of “mistake,” typing a search into the “wrong” field, Safari gives an error, while the others give you what you actually wanted. So in this respect, they are twice as good, because the computer has gracefully relieved the user of some work by figuring out what they really wanted. But Chrome goes one step further, making it impossible to type into the “wrong” field, because there is only one field. That’s a better design in my opinion, though I’m open to changing my mind: the designers at Firefox and Microsoft may argue that they are giving the best of both worlds, since users accustomed to separate fields for search and addresses might be confused if they can’t find a separate search field.
-
-
10:00
»
Hack a Day
You’ve probably already heard about the Apple TV 2. It retails for $99 and packs a punch with HD video, optical audio, and WiFi in that tiny package. But as always, we like it for its hackability. Even though it’s just starting to ship, the hacks are already rolling in. The firmware is available from [...]
-
-
7:06
»
Hack a Day
The newest member of the PS3 jailbreaking tool crowd is the iPod family. More specifically, iPods running the open source media firmware Rockbox. Even better news, theoretically it should be possible to use this same method on any MP3 player running the Rockbox software. Right now the exploit package only works on select generations of [...]
-
-
9:52
»
Hack a Day
has been hard at work reverse engineering the charging method used by Apple products. This saga takes us through the years as new devices were released and subsequently broke Minty Boost’s charging capabilities. It seems the data lines were gradually adopted as a means for iPhones and iPods to identify the charger that had been [...]
-
-
7:00
»
Hack a Day
It’s finally here, after being declared completely legal to jailbreak your iPhone, JailbreakMe 2.0 is released. Now, any and all iDevices can be jailbroken by simply visiting the URL above; however, before you start your devious adventure in the land of apps not approved by big brother Apple, there are a few issues. The webpage [...]
-
-
12:50
»
Wirevolution
When the iPhone came out it redefined what a smartphone is. The others scrambled to catch up, and now with Android they pretty much have. The iPhone 4 is not in a different league from its competitors the way the original iPhone was. So I have been trying to decide between the iPhone 4 and the EVO for a while. I didn’t look at the Droid X or the Samsung Galaxy S, either of which may be better in some ways than the EVO.
Each hardware and software has stronger and weaker points. The Apple wins on the subtle user interface ingredients that add up to delight. It is a more polished user experience. Lots of little things. For example I was looking at the clock applications. The Apple stopwatch has a lap feature and the Android doesn’t. I use the timer a lot; the Android timer copied the Apple look and feel almost exactly, but a little worse. It added a seconds display, which is good, but the spin-wheel to set the timer doesn’t wrap. To get from 59 seconds to 0 seconds you have to spin the display all the way back through. The whole idea of a clock is that it wraps, so this indicates that the Android clock programmer didn’t really understand time. Plus when the timer is actually running, the Android cutely just animates the time-set display, while the Apple timer clears the screen and shows a count-down. This is debatable, but I think the Apple way is better. The countdown display is less cluttered, more readable, and more clearly in a “timer running” state. The Android clock has a wonderful “desk clock” mode, which the iPhone lacks, I was delighted with the idea, especially the night mode which dims the screen and lets you use it as a bedside clock. Unfortunately when I came to actually use it the hardware let the software down. Even in night mode the screen is uncomfortably bright, so I had to turn the phone face down on the bedside table.
The EVO wins on screen size. Its 4.3 inch screen is way better than the iPhone’s 3.5 inch screen. The “retina” definition on the iPhone may look like a better specification but the difference in image quality is indistinguishable to my eye, and the greater size of the EVO screen is a compelling advantage.
The iPhone has far more apps, but there are some good ones on the Android that are missing on the iPhone, for example the amazing Wi-Fi Analyzer. On the other hand, this is also an example of the immaturity of the Android platform, since there is a bug in Android’s Wi-Fi support that makes the Wi-Fi Analyzer report out-of-date results. Other nice Android features are the voice search feature and the universal “back” button. Of course you can get the same voice search with the iPhone Google app, but the iPhone lacks a universal “back” button.
The GPS on the EVO blows away the GPS on the iPhone for accuracy and responsiveness. I experimented with the Google Maps app on each phone, walking up and down my street. Apple changed the GPS chip in this rev of the iPhone, going from an Infineon/GlobalLocate to a Broadcom/GlobalLocate. The EVO’s GPS is built-in to the Qualcomm transceiver chip. The superior performance may be a side effect of assistance from the CDMA radio network.
Incidentally, the GPS test revealed that the screens are equally horrible under bright sunshine.
The iPhone is smaller and thinner, though the smallness is partly a function of the smaller screen size.
The EVO has better WAN speed, thanks to the Clearwire WiMax network, but my data-heavy usage is mainly over Wi-Fi in my home, so that’s not a huge concern for me.
Battery life is an issue. I haven’t done proper tests, but I have noticed that the EVO seems to need charging more often than the iPhone.
Shutter lag is a major concern for me. On almost all digital cameras and phones I end up taking many photos of my shoes as I put the camera back in my pocket after pressing the shutter button and assuming the photo got taken at that time rather than half a second later. I just can’t get into the habit of standing still and waiting for a while after pressing the shutter button. The iPhone and the EVO are about even on this score, both sometimes taking an inordinately long time to respond to the shutter – presumably auto-focusing. The pictures taken with the iPhone and the EVO look very different; the iPhone camera has a wider angle, but the picture quality of each is adequate for snapshots. On balance the iPhone photos appeal to my eye more than the EVO ones.
For me the antenna issue is significant. After dropping several calls I stuck some black electrical tape over the corner of the phone which seems to have somewhat fixed it. Coverage inside my home in the middle of Dallas is horrible for both AT&T and Sprint.
The iPhone’s FM radio chip isn’t enabled, so I was pleased when I saw FM radio as a built-in app on the EVO, but disappointed when I fired it up and discovered that it needed a headset to be plugged in to act as an antenna. Modern FM chips should work with internal antennas. In any case, the killer app for FM radio is on the transmit side, so you can play music from your phone through your car stereo. Neither phone supports that yet.
So on the plus side, the EVO’s compelling advantage is the screen size. On the negative side, it is bulkier, the battery life is less, the software experience isn’t quite so polished.
The bottom line is that the iPhone is no longer in a class of its own. The Android iClones are respectable alternatives.
It was a tough decision, but I ended up sticking with the iPhone.
-
-
6:22
»
SecDocs
Authors:
Nicolas Seriot Tags:
malware iPhone Event:
Black Hat DC 2010 Abstract: The iPhone business model relies on consumers’ trust in a closed ecosystem. According to Apple: "Applications on the device are sandboxed so they cannot access data stored by other applications. In addition, system files, resources, and the kernel are shielded from the user's application space." This presentation will discuss iPhone privacy issues and challenge Apple's stance and assertions regarding iPhone security. The presentation will also show how a rogue application can access substantial quantities of personal data on an unmodified device and expose how it could go unnoticed in spite of AppStore tight reviews.
-
6:22
»
SecDocs
Authors:
Nicolas Seriot Tags:
malware iPhone Event:
Black Hat DC 2010 Abstract: The iPhone business model relies on consumers’ trust in a closed ecosystem. According to Apple: "Applications on the device are sandboxed so they cannot access data stored by other applications. In addition, system files, resources, and the kernel are shielded from the user's application space." This presentation will discuss iPhone privacy issues and challenge Apple's stance and assertions regarding iPhone security. The presentation will also show how a rogue application can access substantial quantities of personal data on an unmodified device and expose how it could go unnoticed in spite of AppStore tight reviews.
-
-
12:04
»
Wirevolution
On a recent extended trip to England, I discovered Stanza, an e-reader application for the iPhone. Not only did it demonstrate for me that the iPad will obsolete the Kindle, but that the iPhone can do a pretty good job of it already.
Surprisingly, the iPhone surpasses a threshold of usability that makes it more of a pleasure than a pain to use as an e-reader. This is due to the beautiful design and execution of Stanza. The obvious handicap of the iPhone as an e-reader is the small screen size, but Stanza does a great job of getting around this. It turns out that reading on the iPhone is quite doable, and better than a real book in several ways:
-
It is an entire library in your pocket – you can have dozens of books in your iPhone, and since you have your iPhone with you in any case, they don’t take any pocket space at all.
-
You can read it in low-light conditions without any additional light source.
-
You can read it even when you are without your spectacles, since you can easily resize the text as big as you like.
-
It doesn’t cost anything. If you enjoy fiction, there is really no need to buy a book again, since there are tens of thousands of good books in the public domain downloadable free from sites like Gutenberg.org and feedbooks.com. Almost all the best books ever written are on these sites, including all the Harvard Classics and numerous more recent works by great authors like William James, James Joyce, Joseph Conrad and Philip K. Dick.
-
You can search the text in a book and instantly find the reference you are looking for.
-
It has a built-in dictionary, so any word you don’t know you can look up instantly.
-
It keeps your place – every time you open the app it takes you to the page you were reading.
-
You can make annotations. This isn’t really better than a paper book, since you can easily write marginal notes in one of those, but with Stanza you don’t have to hunt around for a pencil in order to make a note.
-
You don’t have to go to a bookstore or library to get a book. This is a mixed benefit, since it is always so enjoyable to hang out in bookstores and libraries, but when you suddenly get a hankering to take another look at a book you read a long time ago, you can just download it immediately.
All these benefits will apply equally to the iPad and the others in the 2010 crop of tablet PCs, which will also have the benefit of larger screens. But Stanza on the iPhone has showed me that good user interface design can compensate for major form factor handicaps.
-
-
10:04
»
Hack a Day
We don’t remember where we read it, but our favorite criticism of the iPad is that is does the same things a lot of other Apple devices do. So why wait until April to get your hands on that functionality? [Alexbates] built his own iPad clone using existing hardware and software. This started with an [...]
-
20:59
»
SecDocs
-
20:59
»
SecDocs
-
20:59
»
SecDocs
-
-
21:13
»
SecDocs
Authors:
L. Aaron Kaplan Tags:
GPS locating Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: For a long time we warned of the perils of full scale, permanent tracking of persons by the state or corporations. Cell phones, data retention laws and other surveillance techniques close the freedoms of the net. But none can be as pervasive as the permanent location updates sent to Apple and Google via your Smartphone and laptop. With a precision of 10 m to 20 m, BSSID based location tracking has become the ultimative and global tracking of persons. This talk will describe weaknesses and trends in current location tracking methods. The internet learned to locate you in 2009! Skyhook Wireless is a small company focusing on providing high quality location based services to the world. To quote from their webpage: "Skyhook Wireless' XPS is the world's first true hybrid positioning system. Combining the unique benefits of GPS, Cell Tower triangulation and Wi-Fi Positioning, mobile consumers no longer have to wait minutes for a response or cope with inaccurate location." Customers include Apple (iPhone, Snow Leopard uses Skyhook Wireless) and Google. While most people don't realize it, the BSSIDs that their Smartphone "hears" gets transmitted to a single company in Boston, Mass. The cell phone tower identifier gets transmitted and if anything fails, they will revert to simple IP Geolocation DBs. The talk will focus on a few techniques for assigning GPS positions to you and tries to estimate trends and implications for society, law and law enforcement issues.
-
-
21:05
»
SecDocs
Authors:
Philippe Langlois Vanessa Brunet Tags:
network VoIP phone Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: SS7 is like TCP/IP in the 1990s. It used to be quite a secure network because nobody outside the organizations (here, the mobile operators and telecom companies) were connected to it. Now it's getting interconnected to new actors which are not that trustworthy. Somehow, hackerdom made SS7 come into existence thanks to the massive use of Blue Boxes. Now, hackerdom is getting its toy back! SS7 is nowaday more and more accessible, and as such increasingly vulnerable. So we're getting exposed to a totally new set of protocols, as secure as TCP/IP in the 1980s. This looks like the Blue Box is coming back to life, in a very different form. Attacking the SS7 network is fun, but there's a world beyond pure SS7: the phone system applications themselves, and most notably what transforms phone numbers into telecom addresses (also known as Point Codes, DPCs and OPCs; Subsystem Numbers, SSNs and other various fun.), and that's called Global Title Translation. Few people actually realize that the numbers they are punching on their phone are actually the same digits that are used for this critical translation function, and translate these into the mythical DPCs, SSNs and IMSIs. More and more data is now going through the phone network, creating more entry point for regular attacks to happen: injections, overflow, DoS by overloading capacities. And we have an ally: the mobile part is opening up, thanks to involuntary support from Motorola, Apple and Android. We'll study all the entry points and the recent progresses in the Telecom security attacks.
-
8:34
»
Wirevolution
I discussed last September how AT&T was considering opening up the 3G data channel to third party voice applications like Skype. According to Rethink Wireless, Steve Jobs mentioned in passing at this week’s iPad extravaganza that it is now a done deal.
Rethink mentions iCall and Skype as beneficiaries. Another notable one is Fring. Google Voice is not yet in this category, since it uses the cellular voice channel rather than the data channel, so it is not strictly speaking VoIP; the same applies to Skype for the iPhone.
According to Boaz Zilberman, Chief Architect at Fring, the Fring iPhone client needed no changes to implement VoIP on the 3G data channel. It was simply a matter of reprogramming the Fring servers to not block it. Apple also required a change to Fring’s customer license agreements, requiring the customer to use this feature only if permitted by his service provider. AT&T now allows it, but non-US carriers may have different policies.
Boaz also mentioned some interesting points about VoIP on the 3G data channel compared with EDGE/GPRS and Wi-Fi. He said that Fring only uses the codecs built in to handsets to avoid the battery drain of software codecs. He said that his preferred codec is AMR-NB; he feels the bandwidth constraints and packet loss inherent in wireless communications negate the audio quality benefits of wideband codecs. 3G data calls often sound better than Wi-Fi calls – the increased latency (100 ms additional round-trip according to Boaz) is balanced by reduced packet loss. 20% of Fring’s calls run on GPRS/EDGE, where the latency is even greater than on 3G; total round trip latency on a GPRS VoIP call is 400-500ms according to Boaz.
As for handsets, Boaz says that Symbian phones are best suited for VoIP, the Nokia N97 being the current champion. Windows Mobile has poor audio path support in its APIs. The iPhone’s greatest advantage is its user interface, it’s disadvantages are lack of background execution and lack of camera APIs. Android is fragmented: each Android device requires different programming to implement VoIP.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
