By Michael Santo
Editor-in-Chief, RealTechNews

All right, we can all calm down a little. While the blogosphere (including here) erupted when Jonathan Zdziarski discovered what looked to be a kill switch in the iPhone’s software, more investigation and inside information shows that while it is indeed a kill switch, it’s limited in its application.

It makes sense that Zdziarski would garner so much attention. After all, he’s the author of the upcoming book iPhone Forensics. However, John Gruber says that:

An informed source at Apple confirmed to me that the “clbl” in the URL stands for “Core Location Blacklist”, and that it does just that. It is not a blacklist for disabling apps completely, but rather specifically for preventing any listed apps from accessing Core Location — an API which, for obvious privacy reasons, is covered by very strict rules in the iPhone SDK guidelines.

Aha, this makes sense, because even Zdziarski said that the URL was buried deep inside — Core Location code. Since the Core Location API would allow an app to access GPS functionality, meaning a whole host of privacy concerns, Apple has placed obvious limitations on its use.

It also makes sense because as we know Apple has another way to deactivate “offending” apps — revoking a developer’s security certificate. Of course, that would disable a developer’s entire library of apps.

Obviously, Apple didn’t think people would go poking around in its code … or maybe it did, but didn’t think it would cause such a storm. Still, a little openness might have derailed the whole issue.

On the other hand, just because it’s limited in use now, doesn’t mean it can’t be expanded in use later. More to come … maybe.

By Michael Santo
Editor-in-Chief, RealTechNews

A pair of new policies devised by the Department of Homeland Security (DHS) last month, and noted by the Center for Democracy & Technology (CDT) assert that border agents can now (emphasis mine):

In the course of a border search, and absent individualized suspicion, officers can review and analyze the information transported by any individual attempting to enter, reenter, depart, pass through, or reside in the United States, subject to the requirements and limitations provided herein.

and

To that end, ICE Special Agents may review documents, books, pamphlets, and other printed material, as well as computers, disks, hard drives, and other electronic or digital storage devices.

The policies are outlined in these .PDFs (1, 2)

Now, the worst part of these practices are that, as cited by the CDT, the period of time that the DHS and Immigration and Customs Enforcement (ICE) agents could hold your beloved laptop is indefinite.

Senator Russ Feingold (D-WI) said “The policies . . . are truly alarming.” At the same time he said he was planning to introduce legislation (soon) that would require reasonable suspicion for border searches.

Of course, some will say that if you have nothing to hide, why care? It’s just another step in the direction of no privacy rights at all, that’s why.

As far as encrypting your hard drive, as some have suggested, it is notable that in the case of Sebastien Boucher, a judge has already been ruled that he couldn’t be forced to reveal the password required to provide access to the encrypted hard drive.

Who knows if this will be overturned in the future, however.

Additionally, since they can keep the laptop as long as they want, what’s to prevent DHS from keeping it until they run as many decryption attempts as they want (say, years)?

On the other hand, DHS, what’s to prevent someone from coming up with some sort of electronic means of transporting data across the world, like a series of tubes, perhaps? Oh, wait … that’s been done.

By Alice Hill
RealTechNews

I fly every week and it’s grim business. The last thing you want to do is make getting through security any more drawn out than it already is. But for a vicarious laugh, here’s a tote bag we’d love to see coming off the x-ray belt.

The Xposed grocery bag features the makings of a meal + a handgun. And the tote features a bottle of Jack Daniels and brass knuckles. But the disclaimer says it all: “Note: Not recommended for Airplane Carry-On.”

Xposed Xray Tote
Source: Baronbob.com via Twitter

By Alice Hill
RealTechNews

Not sure how a police detective in Oregon was the one to crack this, but he found a way to retrieve calls, emails, and contacts from a recently purchased refurbished iPhone that had “allegedly” been wiped clean. Not good news to the many businesses eyeing the iPhone, as well as the core users who chat and phone and email on their beloved handset.

The good news is that Apple is prepping a new version of its software that will wipe your iPhone clean. Verdict: Takes about an hour to erase the 8GB version, but that is one hour well spent.

‘According to official statements made by Apple during its developers conference earlier this month, as well as this press release, “iPhone 2.0 software will be available on July 11 as a free software update via iTunes 7.7 or later for all iPhone customers.”‘ Source: AppleInsider

By Michael Santo
Editor-in-Chief, RealTechNews

You’ll recall that Symantec admitted that the SymProtect feature of its security products was at least partially to blame for registry corruption which occurred during both Windows XP SP3 and Windows Vista SP1 upgrades. It promised a standalone utility to remove the corrupted entries, and it’s finally delivered on that promise.

SymProtect, if running when the SP installs were done, would prevent a utility called Fixccs.exe from being able to delete registry entries created during the installations, thus causing the corruption problems. At first Symantec blamed Microsoft, then admitted to the XP SP3 problems, and finally to the additional Vista SP1 problems.

The tool, which can be found on Symantec’s website, removes the erroneous entries from the registry.

SymProtect is advertised as technology designed to protect Symantec’s security software from being hacked by malware, and this is why Fixccs.exe was unable to delete the aforementioned registry entries. Because of that, you can see that it’s quite possible that other security products might have the same effect on Fixccs.exe.

Of course, Symantec’s position as the market leader among security products makes it far more vulnerable to this type of error.

My guess is Microsoft was testing the upgrades only on systems running Windows Live OneCare, its own security product.

By Michael Santo
Editor-in-Chief, RealTechNews

Given time, I suppose many people could come up with a list of questionable “domains,” ones you should probably have some concern about when surfing to them. Particularly country domains, such as .uk, .us, and so on. In a study released Wednesday by security firm McAfee, they gave us their own view of the most dangerous domains to surf to.

The Hong Kong (.hk) domain jumped 28 spots and is now the #1 most dangerous place to surf and search on the web according a new report called “Mapping the Mal Web Revisited.” This is the second annual such report.

According to the report, 19.2% of all Web sites ending in the .hk domain pose a security threat to Web users. Meanwhile China (.cn) is second at over 11%. The most popular domain, .com ranks at #11 overall.

How did McAfee get this data? Using their SiteAdvisor technology, of course. The study compared the ratings of sites found in each of the 265 country and generic domains (such as .com) and ranked them by the number of risky Web sites found in each domain. Risky sites, according to the report, were ones that contained “adware, spyware, viruses, spam, excessive pop-ups, browser exploits or links to other red-rated sites.”

In terms of safety, Finland (.fi) replaced Ireland (.is) as the safest online destination with 0.05%, followed by Japan (.jp).

Other key findings from McAfee “Mapping the Mal Web Revisited” report 2008 include:

• The chance of downloading spyware, adware, viruses or other unwanted software from surfing the Web increased 41.5% over 2007
• Sites which offer downloads such as ringtones and screen savers that are also loaded with viruses, spyware and adware increased over the last year from 3.3% to 4.7%
• The Philippines (.ph) experienced a 270% increase in overall riskiness
• Tokelau (.tk) and Samoa (.ws) were notably safer in 2008 dropping to 28th and 12th
• In Europe, Spain (.es) experienced a 91% increase in overall risk

What does all this mean? Well, obviously, for McAfee it means, you consumers need to buy our security products and use our SiteAdvisor tech (free). For consumers it means, make sure you have some sort of up-to-date virus scanner on your system, don’t accept unwanted pop-up offers on sites you go to, and “be careful out there.”

The full report can be downloaded from McAfee’s site … when they get around to posting it, that is.

By Michael Santo
Editor-in-Chief, RealTechNews

Yesterday the Comcast site was hacked, or to be more precise, Comcast’s complete portfolio of over 200 domain names was hijacked, enabling the perpetrators to redirect visitors to Comcast.net to a site they controlled.

In an interview allegedly with the pair involved, the two admitted not just their guilt, but also the reasons behind the attack and the means with which they did it.

According to the interview with Threat Level, the pair, the hackers known as “Defiant” and “EBK”:

used a combination of social engineering and a technical hack to get into Comcast’s domain management console at Network Solutions. They declined to detail their technique, but said it relied on a flaw at the Virginia-based domain registrar.

Network Solutions spokeswoman Susan Wade disputes the hackers’ account. “We now know that it was nothing on our end,” she says. “There was no breach in our system or social engineering situation on our end.”

For those not in the know, social engineering means they talked their way past a Network Solutions rep, and into the account. It’s basically the same method that HP used to gain access to board members’ private telephone records in their “pretexting scandal.”

In the interview, Defiant, who’s now 19 and whose first name is James, said “I wish I was a minor right now because this is going to be really bad.”

Come on, you knew you would eventually be caught and that it would have to be bad. So a) why are you making it easier on authorities by having a MySpace page (pics reportedly from Defiant’s MySpace profile) and doing interviews, b) why do it in the first place?

According to Defiant, it wasn’t Comcast’s P2P throttling that was at the heart of the attack. Rather, he just hates Comcast. Defiant said:

“I’m sure they hate us too. Comcast is just a huge corporation, and we wanted to take them out, and we did.”

One other point: apparently the pair called a Comcast manager - the one who had been the original technical contact on Comcast’s domain - and told him what they had done, but he scoffed at them. Until then they had just taken control of the domain. It was then they got royally ticked off and pulled the redirection stunt.

Lesson: don’t scoff at hackers without checking things out first.

By Michael Santo
Editor-in-Chief, RealTechNews

Depending on how you spin this information, it’s either good news or bad. A study by a decidedly partial observer, security vendor PC Tools Software, showed that Windows Vista, while much improved over Windows XP, is still far too vulnerable.

Not that we needed a study to tell us that …

The study was developed by using data from PC Tools’ ThreatFire program. According to the data, Vista allowed 639 threats per thousand computers through its built-in security, compared with 586 for Windows 2000, 478 for Windows Server 2003, and 1,021 for Windows XP.

So, rather than Windows Vista being Microsoft’s most secure OS, as it’s advertised, it’s really Windows Server 2003?

Simon Clausen, CEO of PC Tools, said in a statement:

“Ironically, the new operating system has been hailed by Microsoft as the most secure version of Windows to date. However, recent research conducted with statistics from over 1.4 million computers within the ThreatFire community has shown that Windows Vista is more susceptible to malware than the eight year old Windows 2000 operating system, and only 37% more secure than Windows XP.”

PC Tools’ flagship product, ThreatFire, is designed to work in concert with standard antivirus programs to protect your PC. ThreatFire uses behavioral analysis to detect malware rather than a signature database. PC Tools says on their ThreatFire site:

Traditional antivirus solutions cannot protect you until after they’ve discovered a new threat and produced a signature to counter it.

ThreatFire is different. It does not rely on signatures, but instead constantly analyzes your computer’s behavior to detect and block any malicious activity. ThreatFire protects immediately so you know your PC and your valuable data is always secure.

While this is the type of protection that I’ve always stressed is important, of the type that might have prevented the recent malware “shipment” in a Firefox language pack, it also means that PC Tools has a vested interest in this type of study.

While ThreatFire is free, PC Tools also sells a anti-spyware product as well as an antivirus product.