Pages

Thursday, July 31

Lack of Posts

Not that there hasn't been alot to write about recently, I've just been dealing alot with this DNS issue, so by the time I get home a night I'm tired, and don't want to blog.  I have had lots of interesting ideas too, I just am so tired!  Sorry about that, i'll get back on track shortly.

I am going to Defcon next week, so anyone that is going, I'll see you there!

 Subscribe in a reader

Lack of Posts

Not that there hasn't been alot to write about recently, I've just been dealing alot with this DNS issue, so by the time I get home a night I'm tired, and don't want to blog.  I have had lots of interesting ideas too, I just am so tired!  Sorry about that, i'll get back on track shortly.

I am going to Defcon next week, so anyone that is going, I'll see you there!

 Subscribe in a reader

Thursday, July 24

Webinar with Dan Kaminsky

There is a webinar with Dan Kaminsky today to talk about the DNS issue.

Link is here.  Go and register and listen to all the news about the DNS vuln/exploit.

List of people on the panel:
* Dan Kaminsky, Director of Penetration Testing, IOactive
* Jerry Dixon, Former Director of the National Cyber Security Division, DHS
* Rich Mogul, Securosis
* Joao Damas, Sr. Programme Manager, ISC

 Subscribe in a reader

Podcast Last night

The podcast last night (and my speech) went great, we had a great attendance (about 50-70 ish) turn out.

Unfortunately we were not able to broadcast it live since we had no internet, but we did get video and audio recordings of the whole thing.  We'll try and make those available soon!

Thanks for all those that turned out!

UPDATE:  I received word that there were 65 in the speech.  Even more in the podcast!

 Subscribe in a reader

Webinar with Dan Kaminsky

There is a webinar with Dan Kaminsky today to talk about the DNS issue.

Link is here.  Go and register and listen to all the news about the DNS vuln/exploit.

List of people on the panel:
* Dan Kaminsky, Director of Penetration Testing, IOactive
* Jerry Dixon, Former Director of the National Cyber Security Division, DHS
* Rich Mogul, Securosis
* Joao Damas, Sr. Programme Manager, ISC

 Subscribe in a reader

Podcast Last night

The podcast last night (and my speech) went great, we had a great attendance (about 50-70 ish) turn out.

Unfortunately we were not able to broadcast it live since we had no internet, but we did get video and audio recordings of the whole thing.  We'll try and make those available soon!

Thanks for all those that turned out!

UPDATE:  I received word that there were 65 in the speech.  Even more in the podcast!

 Subscribe in a reader

Tuesday, July 22

SANSFIRE 2008

For those of you that are going to SANSFIRE, I'll be there on Wednesday night giving a talk on the "Mistakes made with Snort, How to correct them, and why you should".  It's at 7:00 pm.   The SANS @night stuff does NOT require a fee, so you can come and watch + participate.  Check it out here.

On another note we have the Internet Storm Center Podcast, live at 8:00 pm on Wednesday as well.  Between Johannes, Paul Asadoorian (Pauldotcom Security Weekly), and I (plus some other special guests?) we'll keep you entertained.  Please come by and support us!  If you can't make it in person, please listen live.  I don't know what URL we'll be using yet.  So keep your eyes posted here.

 Subscribe in a reader

SANSFIRE 2008

For those of you that are going to SANSFIRE, I'll be there on Wednesday night giving a talk on the "Mistakes made with Snort, How to correct them, and why you should".  It's at 7:00 pm.   The SANS @night stuff does NOT require a fee, so you can come and watch + participate.  Check it out here.

On another note we have the Internet Storm Center Podcast, live at 8:00 pm on Wednesday as well.  Between Johannes, Paul Asadoorian (Pauldotcom Security Weekly), and I (plus some other special guests?) we'll keep you entertained.  Please come by and support us!  If you can't make it in person, please listen live.  I don't know what URL we'll be using yet.  So keep your eyes posted here.

 Subscribe in a reader

Monday, July 21

DNS Vuln!

Hey, did you guys know there was some sort of DNS vuln?  Imagine that!

(No really.)

BTW -- The cat is out of the bag.  The vulnerability has been published out there, so if you have been holding off on updating.  Hold off no longer.

 Subscribe in a reader

DNS Vuln!

Hey, did you guys know there was some sort of DNS vuln?  Imagine that!

(No really.)

BTW -- The cat is out of the bag.  The vulnerability has been published out there, so if you have been holding off on updating.  Hold off no longer.

 Subscribe in a reader

Friday, July 18

iPhone 3G review

Okay, so I have had my iPhone 3G with iPhone 2.0 software for a solid week now.  

BLUF:  I like it.

Now, I live in a 3G area.  Which means I get the full capabilities of the speed, and it's nice.  Browsing the internet is faster, Mail is faster, everything is nice and quick.  Even the apps I use.  The truth is, I was considering not getting one, but the touchscreen stopped working on my old iPhone about a month ago, and therefore, I had to upgrade (oh darn).

iPhone 2.0 software
--
This is the greatest feature about the new iPhone (and the old iPhone too) is the apps.  Now that you can have apps, it's awesome.  I hacked my phone in the past but there were no apps that I was excited about and I really didn't care to do it again.  There were really three apps I wanted on my old iPhones software.  
1) something to manage my to-do's
2) some kind of music buying app
3) Instant messenger.

Well, now I have Omnifocus for the iPhone (and the mac, and it's great, everything syncs up..  awesome.  Although I do have to call Omnigroup out on something.  They say that their databases sync via "MobileMe".  Now, if I said that to you, that would imply you have to-do syncing through the cloud right?  Well, not really.  All that happens is your Omnifocus DB is stored on your iDisk, and your devices have to sync to iDisk, so while technically true, it's ill worded...anyway..  Omnifocus is great, I recommend it, little high in price, but... yeah)  So that takes care of my to-do's.

2)  Some kind of music buying app.  Well iPhone has had the iTunes store for a while, and it has been great.  But there are occasions that you didn't know what the song was that you heard on the radio and you wanted to know.  Well now my iPhone has an app called Shazam, that will listen to the song I am listening to and tell me what the song is.  Awesome.

3)  Instant Messenger, well I got my AOL IM, but it's just not as polished as I think it should be.  It should be iChat'ish.  Come on Apple, do your thing.

Of course I have some other apps on there as well, games, facebook, pownce, twitter..etc..  and I use them, but they are just add ons.  Not must haves.

The GPS is awesome, quick too.  While it doesn't TELL you where to make turns, it WILL follow where you are at on Google Maps, and you can just get your directions through there.  So it works just fine for a GPS phone.  I'd like to replace my Car GPS with the iPhone, which requires two things.  A touch bit better GPS turn-by-turn software, say from Tom-Tom or Garmin, and a Car Charger.  No car charger yet.  Let's go!

All in all..  Excellent phone, I highly recommend it for people who live in a 3G area.  If you don't live in a 3G area, then don't worry about it, because the speed won't help you.  Get your software update.  

However if you live in a 3G area, or you like the 'flush headset jack' idea, or the fact that it fits better in your hand (with the rounded back), then get it.  The iPhone 3G FEELS thinner.  But in fact it's a 0.2 mm thicker in the middle.  But you probably won't notice.



 Subscribe in a reader

iPhone 3G review

Okay, so I have had my iPhone 3G with iPhone 2.0 software for a solid week now.  

BLUF:  I like it.

Now, I live in a 3G area.  Which means I get the full capabilities of the speed, and it's nice.  Browsing the internet is faster, Mail is faster, everything is nice and quick.  Even the apps I use.  The truth is, I was considering not getting one, but the touchscreen stopped working on my old iPhone about a month ago, and therefore, I had to upgrade (oh darn).

iPhone 2.0 software
--
This is the greatest feature about the new iPhone (and the old iPhone too) is the apps.  Now that you can have apps, it's awesome.  I hacked my phone in the past but there were no apps that I was excited about and I really didn't care to do it again.  There were really three apps I wanted on my old iPhones software.  
1) something to manage my to-do's
2) some kind of music buying app
3) Instant messenger.

Well, now I have Omnifocus for the iPhone (and the mac, and it's great, everything syncs up..  awesome.  Although I do have to call Omnigroup out on something.  They say that their databases sync via "MobileMe".  Now, if I said that to you, that would imply you have to-do syncing through the cloud right?  Well, not really.  All that happens is your Omnifocus DB is stored on your iDisk, and your devices have to sync to iDisk, so while technically true, it's ill worded...anyway..  Omnifocus is great, I recommend it, little high in price, but... yeah)  So that takes care of my to-do's.

2)  Some kind of music buying app.  Well iPhone has had the iTunes store for a while, and it has been great.  But there are occasions that you didn't know what the song was that you heard on the radio and you wanted to know.  Well now my iPhone has an app called Shazam, that will listen to the song I am listening to and tell me what the song is.  Awesome.

3)  Instant Messenger, well I got my AOL IM, but it's just not as polished as I think it should be.  It should be iChat'ish.  Come on Apple, do your thing.

Of course I have some other apps on there as well, games, facebook, pownce, twitter..etc..  and I use them, but they are just add ons.  Not must haves.

The GPS is awesome, quick too.  While it doesn't TELL you where to make turns, it WILL follow where you are at on Google Maps, and you can just get your directions through there.  So it works just fine for a GPS phone.  I'd like to replace my Car GPS with the iPhone, which requires two things.  A touch bit better GPS turn-by-turn software, say from Tom-Tom or Garmin, and a Car Charger.  No car charger yet.  Let's go!

All in all..  Excellent phone, I highly recommend it for people who live in a 3G area.  If you don't live in a 3G area, then don't worry about it, because the speed won't help you.  Get your software update.  

However if you live in a 3G area, or you like the 'flush headset jack' idea, or the fact that it fits better in your hand (with the rounded back), then get it.  The iPhone 3G FEELS thinner.  But in fact it's a 0.2 mm thicker in the middle.  But you probably won't notice.



 Subscribe in a reader

Saturday, July 12

iPhone 3G

Yes, I have an iPhone 3G.  (Yes I live in a 3G accessible area.)

So far I think it's absolutely great.  But I'll post a longer review after I've used it for a couple days.  I think I am more excited about iPhone 2.0 more than the 3G phone itself.  MobileMe ftw.

I posted a picture of me taking a picture of my old iPhone with my new iPhone 3G, and using the new pownce app to upload it to the internet.


 Subscribe in a reader

iPhone 3G

Yes, I have an iPhone 3G.  (Yes I live in a 3G accessible area.)

So far I think it's absolutely great.  But I'll post a longer review after I've used it for a couple days.  I think I am more excited about iPhone 2.0 more than the 3G phone itself.  MobileMe ftw.

I posted a picture of me taking a picture of my old iPhone with my new iPhone 3G, and using the new pownce app to upload it to the internet.


 Subscribe in a reader

iPhone 2.0 had more than I thought in it.

APPLE-SA-2008-07-11 iPhone 2.0 and iPod touch 2.0

iPhone 2.0 and iPod touch 2.0 are now available and address the
following issues:

CFNetwork
CVE-ID: CVE-2008-0050
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: A malicious proxy server may spoof secure websites
Description: A malicious HTTPS proxy server may return arbitrary
data to CFNetwork in a 502 Bad Gateway error, which could allow a
secure website to be spoofed. This update addresses the issue by not
returning the proxy-supplied data on an error condition.

Kernel
CVE-ID: CVE-2008-0177
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: A remote attacker may be able to cause an unexpected device
reset
Description: An undetected failure condition exists in the handling
of packets with an IPComp header. Sending a maliciously crafted
packet to a system configured to use IPSec or IPv6 may cause an
unexpected device reset. This update addresses the issue by properly
detecting the failure condition.

Safari
CVE-ID: CVE-2008-1588
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: Unicode ideographic spaces may be used to spoof a website
Description: When Safari displays the current URL in the address
bar, Unicode ideographic spaces are rendered. This allows a
maliciously crafted website to direct the user to a spoofed site that
visually appears to be a legitimate domain. This update addresses the
issue by not rendering Unicode ideographic spaces in the address bar.

Safari
CVE-ID: CVE-2008-1589
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: When Safari accesses a website that uses a self-signed
or invalid certificate, it prompts the user to accept or reject the
certificate. If the user presses the menu button while at the prompt,
then on the next visit to the site, the certificate is accepted with
no prompt. This may lead to the disclosure of sensitive information.
This update addresses the issue through improved handling of
certificates. Credit to Hiromitsu Takagi for reporting this issue.

Safari
CVE-ID: CVE-2008-2303
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue in Safari's handling of JavaScript
array indices may result in an out-of-bounds memory access. Visiting
a maliciously crafted website may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue by performing additional validation of JavaScript array
indices. Credit to SkyLined of Google for reporting this issue.

Safari
CVE-ID: CVE-2006-2783
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: Visiting a maliciously crafted website may lead to cross-
site scripting
Description: Safari ignores Unicode byte order mark sequences when
parsing web pages. Certain websites and web content filters attempt
to sanitize input by blocking specific HTML tags. This approach to
filtering may be bypassed and lead to cross-site scripting when
encountering maliciously-crafted HTML tags containing byte order mark
sequences. This update addresses the issue through improved handling
of byte order mark sequences. Credit to Chris Weber of Casaba
Security, LLC for reporting this issue.

Safari
CVE-ID: CVE-2008-2307
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling
of JavaScript arrays. Visiting a maliciously crafted website may lead
to an unexpected application termination or arbitrary code execution.
This update addresses the issue through improved bounds checking.
Credit to James Urquhart for reporting this issue.

Safari
CVE-ID: CVE-2008-2317
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebCore's handling
of style sheet elements. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved garbage
collection. Credit to Peter Vreudegnhil working with the TippingPoint
Zero Day Initiative for reporting this issue.

Safari
CVE-ID: CVE-2007-6284
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: Processing an XML document may lead to a denial of service
Description: A memory consumption issue exists in the handling of
XML documents containing invalid UTF-8 sequences, which may lead to a
denial of service. This update addresses the issue by updating the
libxml2 system library to version 2.6.16.

Safari
CVE-ID: CVE-2008-1767
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: Processing an XML document may lead to an unexpected
application termination or arbitrary code execution
Description: A memory corruption issue exists in the libxslt
library. Viewing a maliciously crafted HTML page may lead to an
unexpected application termination or arbitrary code execution.
Further information on the patch applied is available via the
xmlsoft.org website http://xmlsoft.org/XSLT/ Credit to Anthony de
Almeida Lopes of Outpost24 AB, and Chris Evans of Google Security
Team for reporting this issue.

WebKit
CVE-ID: CVE-2008-1590
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in JavaScriptCore's
handling of runtime garbage collection. Visiting a maliciously
crafted website may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue through
improved garbage collection. Credit to Itzik Kotler and Jonathan Rom
of Radware for reporting this issue.

WebKit
CVE-ID: CVE-2008-1025
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: Accessing a maliciously crafted URL may result in cross-site
scripting
Description: An issue exists in WebKit's handling of URLs containing
a colon character in the host name. Accessing a maliciously crafted
URL may lead to a cross-site scripting attack. This update addresses
the issue through improved handling of URLs. Credit to Robert Swiecki
of the Google Security Team, and David Bloom for reporting this
issue.

WebKit
CVE-ID: CVE-2008-1026
Available for: iPhone v1.0 through v1.1.4,
iPod touch v1.1 through v1.1.4
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit's handling of
JavaScript regular expressions. The issue may be triggered via
JavaScript when processing regular expressions with large, nested
repetition counts. This may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue by performing additional validation of JavaScript regular
expressions. Credit to Charlie Miller of Independent Security
Evaluators for reporting this issue.

 Subscribe in a reader

Friday, July 11

Line


This is picture I took yesterday when I was standing in the iPhone 3G line.

Line


This is picture I took yesterday when I was standing in the iPhone 3G line.

Wednesday, July 9

.mac phishing? Say it ain't so


Check this guy out!  Phishing attempt specifically targeted at mac.com users.  Be aware for this one!  

 Subscribe in a reader

.mac phishing? Say it ain't so


Check this guy out!  Phishing attempt specifically targeted at mac.com users.  Be aware for this one!  

 Subscribe in a reader

Tuesday, July 8

Podcast Episode 8 Record Notice

Hey everyone, we're going to have a live Podcast record tomorrow at 6 pm EDT.  (That's Eastern Daylight Savings Time)

We'll be streaming it live via Stickam, and as always we welcome your feedback.  The link we'll be stream from is: http://www.stickam.com/joelesler

Please feel free to join us, we look forward to hearing your live feedback either in the Stickam Chat room, or in #dshield on irc.freenode.net.

 Subscribe in a reader

MobileMe Launch is Wednesday




Today, at the bottom left of the status window of the mac.com webpage read the attached screenshot.  Seems like MobileMe is going live tomorrow at 6pm PT.  Now, one would assume, since this will change how things work, that the iPhone 2.0 software will come out at the same time?  Or is Apple not going to turn on the push functionality until Friday?

 Subscribe in a reader

MobileMe Launch is Wednesday




Today, at the bottom left of the status window of the mac.com webpage read the attached screenshot.  Seems like MobileMe is going live tomorrow at 6pm PT.  Now, one would assume, since this will change how things work, that the iPhone 2.0 software will come out at the same time?  Or is Apple not going to turn on the push functionality until Friday?

 Subscribe in a reader

Saturday, July 5

New Blog Part Deux

Right, so I started this new blog.  Things were going great.  Then, out of nowhere...  I get put on Gizmodo.  Which, I'm not going to complain about, don't get me wrong.  But I went from 5 hits to 6000 hits in less than 24 hours.  

I wanted people to write in with suggestions.  So what do I get?  100's of emails.  

Of course I had the site over on .mac's servers, and my monthly download stats went from about 60 Mb/s a month (on .mac's servers) to well over 3 Gig's in less than 24 hours.  So I had to do something quick.

I moved the whole blog over to blogspot, where I don't have to pay for bandwidth --thank you Google-- and now everything is fine.  Oh wait, I have to get everyone over here from .mac's servers.  

So I had to play url redirection and dns games for the past hour until I got it right.

Anyway -- http://blog.dearcupertino.com is where it's at.

 Subscribe in a reader

New Blog Part Deux

Right, so I started this new blog.  Things were going great.  Then, out of nowhere...  I get put on Gizmodo.  Which, I'm not going to complain about, don't get me wrong.  But I went from 5 hits to 6000 hits in less than 24 hours.  

I wanted people to write in with suggestions.  So what do I get?  100's of emails.  

Of course I had the site over on .mac's servers, and my monthly download stats went from about 60 Mb/s a month (on .mac's servers) to well over 3 Gig's in less than 24 hours.  So I had to do something quick.

I moved the whole blog over to blogspot, where I don't have to pay for bandwidth --thank you Google-- and now everything is fine.  Oh wait, I have to get everyone over here from .mac's servers.  

So I had to play url redirection and dns games for the past hour until I got it right.

Anyway -- http://blog.dearcupertino.com is where it's at.

 Subscribe in a reader

Friday, July 4

Math

Apparently, this person thinks that they will never get a date, and actually did all the statistical analysis to figure it out.

I don't think the problem is that you won't find a date, I think the reason that you can't find a date is because you spend all your time doing complex math about why you can't find a date ;)  Now THAT'S probably the reason.

 Subscribe in a reader

New Blog

I've started a new blog.  Don't worry, I am still keeping this one, and will dedicate the same amount of time to this one, however, I've started a new one over at DearCupertino.com.  As much as I enjoy Apple Products, I really wanted a place to throw some ideas that I've had for Apple.  Suggestions as it were.

New Projects, Products.
Suggestions or ideas, feature enhancements as it were.

Also, a place to write gripes.  Hopefully someone from Apple, who has influence, will see it and read it.  But, I'm a realist.  I doubt that will happen.

In other words, I'm just having fun.  Subscribe to the RSS feed here.

 Subscribe in a reader

Math

Apparently, this person thinks that they will never get a date, and actually did all the statistical analysis to figure it out.

I don't think the problem is that you won't find a date, I think the reason that you can't find a date is because you spend all your time doing complex math about why you can't find a date ;)  Now THAT'S probably the reason.

 Subscribe in a reader

New Blog

I've started a new blog.  Don't worry, I am still keeping this one, and will dedicate the same amount of time to this one, however, I've started a new one over at DearCupertino.com.  As much as I enjoy Apple Products, I really wanted a place to throw some ideas that I've had for Apple.  Suggestions as it were.

New Projects, Products.
Suggestions or ideas, feature enhancements as it were.

Also, a place to write gripes.  Hopefully someone from Apple, who has influence, will see it and read it.  But, I'm a realist.  I doubt that will happen.

In other words, I'm just having fun.  Subscribe to the RSS feed here.

 Subscribe in a reader

Tuesday, July 1

AT&T iPhone 3G rate plans

For those of you that haven't seen them yet..  Here they are.  

I'd like to know one thing AT&T, so if anyone from AT&T is reading this, or someone who is reading this knows someone that can give me a really good damn answer.  Can I give my old iPhone to my wife, and we can be on the family talk unlimited plan for 129 a month?  That's a good deal!

 Subscribe in a reader

AT&T iPhone 3G rate plans

For those of you that haven't seen them yet..  Here they are.  

I'd like to know one thing AT&T, so if anyone from AT&T is reading this, or someone who is reading this knows someone that can give me a really good damn answer.  Can I give my old iPhone to my wife, and we can be on the family talk unlimited plan for 129 a month?  That's a good deal!

 Subscribe in a reader