QuickerTek releases Apple Juicz external battery for iPad

Posted by:
Date: Thursday, June 10th, 2010, 10:31
Category: Accessory, iPad, News

Accessory maker QuickerTek has announced a new line of external batteries via its
Apple Juicz for iPad. The unit, a 9400mAh lithium polymer battery is claimed to be rated for over 2000 charge cycles with the web site claiming that the battery pack adds an additional 20 hours of usage time for the iPad with each charge.

The pack features advanced safety circuitry with failsafe protection, temperature and charge/discharge controls and automatic cell balancing. Per iPodNN, the Apple Juicz can fully recharge an iPad in three hours, while a second USB port can charge a second device such as an iPhone or iPod touch. It can power any USB-chargeable device, but has special circuitry guaranteeing compatibility with Apple’s range of products.

The battery is housed in a machined aluminum case with an anodized finish. The design also integrates a 10-LED gauge that allows users to quickly view the remaining battery power.

The Juicz for iPad is now shipping for US$250 and includes a year’s warranty with parts and labor.

AT&T web site hacked, iPad 3G user emails leaked

Posted by:
Date: Thursday, June 10th, 2010, 04:23
Category: Hack, iPad, iPhone, News

attlogo

A good hack can be seen in one of two ways:

1. It keeps a company on its toes and aware of what might come at it.

2. It’s less-than-wonderful news that makes you wonder how your information was exploited and makes a lot of people slam their heads against their desks in frustration.

Per Gawker, a group of black hat hackers have exploited a security flaw on AT&T’s web servers which enabled them to obtain email addresses from the SIM card addresses of iPad 3G users.

The breach described the event as “another embarrassment” for Apple and outlined a variety of high profile individuals whose email addresses were obtained by automated script attacks on AT&T’s web server based on their iPad 3G SIM addresses (ICC ID).

The publication claimed that the identifying information meant that thousands of iPad 3G users “could be vulnerable to spam marketing and malicious hacking,” while also pointing out that many users have actually already published their iPad ICC ID numbers in Flickr photos. Presumably, many of them also have public email addresses and therefore already receive spam like the rest of us.

The attack on AT&T’s web servers resulted in at least 114,000 iPad 3G users’ emails being leaked to the hackers, who were coy as to whether they were planning to enable others to access the data. The security leak, which returned a user’s email address when their ICC-ID was entered via a specially formatted HTTP request, has since been patched.

The group automated requests of the email address information for a wide swath of ICC-ID serial numbers using a script. No other information was discovered.

The report suggested that having known ICC IDs would leave iPad 3G users vulnerable to remote attacks, citing the attackers involved in the security breach as claiming that “recent holes discovered in the GSM cell phone standard mean that it might be possible to spoof a device on the network or even intercept traffic using the ICC ID.”

In its report, Gawker cited telephony security experts who disputed that the ICC ID email breach was a serious issue. “Vulnerabilities in GSM crypto discovered over the years, none of them involve the ICC ID […] as far as I know, there are no vulnerability or exploit methods involving the ICC ID, ” said Emmanuel Gadaix, a mobile security consultant.

The report also noted that Karsten Nohl, a “white hat GSM hacker and University of Virginia computer science PhD,” informed them “that while text-message and voice security in mobile phones is weak,” the “data connections are typically well encrypted […] the disclosure of the ICC-ID has no direct security consequences.”

At the same time, Nohl described AT&T’s lapse in publishing the email information as grossly incompetent, saying, “it’s horrendous how customer data, specifically e-mail addresses, are negligently leaked by a large telco provider.”

On Wednesday, AT&T issued the following statement regarding the breach:
“This issue was escalated to the highest levels of the company and was corrected by Tuesday. We are continuing to investigate and will inform all customers whose e-mail addresses… may have been obtained.”

Either way, be careful out there, beware the spam and the phishing efforts that never seem to let up and if an e-mail is offering something that seems too good to be true, it probably is.

Google Chrome 5.0.375.70 out the door

Posted by:
Date: Thursday, June 10th, 2010, 04:50
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 5.0.375.70 for the Mac. The new version, an 25.2 megabyte download, offers the following the following changes:

- Medium: Cross-origin keystroke redirection. Credit to Michal Zalewski of Google Security Team.

- High Cross-origin bypass in DOM methods. Credit to Sergey Glazunov.

- High: Memory error in table layout. Credit to wushi of team509.

- High: Linux sandbox escape. Credit to Mark Dowd under contract to Google Chrome Security Team.

- High: Bitmap stale pointer. Credit to Mark Dowd under contract to Google Chrome Security Team.

- High: Memory corruption in DOM node normalization. Credit to Mark Dowd under contract to Google Chrome Security Team.

- High: Memory corruption in text transforms. Credit to wushi of team509.

- Medium: XSS in inner HTML property of text area. Credit to sirdarckcat of Google Security Team.

- High: Memory corruption in font handling. Credit: Apple.

- High: Geolocation events fire after document deletion. Credit to Google Chrome Security Team (Justin Schuh).

- High: Memory corruption in rendering of list markers. Credit: Apple.

Google Chrome requires Mac OS X 10.5 or later and an Intel-based Mac to install and run.

If you’ve played with it and have an opinion, let us know what you think in the comments.