FBI to investigate AT&T/iPad security breach

Posted by:
Date: Friday, June 11th, 2010, 09:33
Category: iPad, News

When embarrassingly hacked, call the FBI.

Per Reuters, the Federal Bureau of Investigation said Thursday that it has begun a probe into an AT&T security breach that exposed the email address of over 100,000 registered iPad owners.

“The FBI is aware of these possible computer intrusions and has opened an investigation to address the potential cyber threat,” FBI spokesman Jason Pack said.

The move comes one day after AT&T acknowledged that a security flaw on its website made it possible for hackers to query its database and uncover the email addresses of customers who had registered to use its mobile broadband service on their iPhone 3G.

“This issue was escalated to the highest levels of the company and was corrected by Tuesday,” the carrier said. “We are continuing to investigate and will inform all customers whose e-mail addresses may have been obtained.”

The attack on AT&T’s web servers resulted in at least 114,000 iPad 3G users’ emails being leaked to Goatse Security hackers when batches of iPad ICC-IDs were entered via specially formatted HTTP requests.

The group automated requests of the email address information for a wide swath of ICC-ID serial numbers using a script. Although the exploit revealed the addresses of several prominent government and corporate officials, no other information was revealed as part of the breach.

A representative for Goatse Security stated that it ‘hasn’t heard from law enforcement and that it didn’t do anything illegal, so doesn’t see why it would.’

Stay tuned for additional details as they become available.

AT&T reveals customer protection plan for recent iPhone 3GS buyers

Posted by:
Date: Friday, June 11th, 2010, 08:42
Category: iPhone, News

3gs.jpg

For those of you who recently snagged an iPhone 3GS at the old price of US$199 for the 16GB model or US$299 for the 32GB model (the two models having been lowered to US$149 and US$199, respectively with a US$99 8GB model being the last to go), AT&T is said to be offering a “one-time Customer Price Protection” plan, giving credit for the difference.

Per modmyi.com, customers who purchased a 3GS between May 7th and the 14th are said to have until June 14th to visit their AT&T store and claim US$50 off the cost of a 16GB phone, or $100 off of a 32GB model. For those who made a purchase between May 15th and June 7th, a 30-day window should be in effect. Alternately, customers within either timeframe (including buyers of the iPhone 3G) can go without a discount and trade in towards an iPhone 4.

A new flyer reveals that AT&T plans to open its retail locations at 7AM on June 24th iPhone 4 launch. Some restrictions apply, namely that new AT&T customers will only be able to buy one phone and activate one line on that day. Existing subscribers will be able to buy one phone per active number.

Stay tuned for additional details as they become available.

Adobe releases Flash Player 10.1.53.64

Posted by:
Date: Friday, June 11th, 2010, 03:52
Category: News, Software

adobelogo

Late Thursday, Adobe officially released Flash Player 10.1.53.64, the newest version of its multimedia software for Mac OS X. The new version, a 7.4 megabyte download, offers a slew of security fixes detailed here with full (and extensive) release note changes documented here.

The new version is available for free and requires Mac OS X 10.5 or later to install and run.

QuickerTek releases Apple Juicz external battery for iPad

Posted by:
Date: Thursday, June 10th, 2010, 10:31
Category: Accessory, iPad, News

Accessory maker QuickerTek has announced a new line of external batteries via its
Apple Juicz for iPad. The unit, a 9400mAh lithium polymer battery is claimed to be rated for over 2000 charge cycles with the web site claiming that the battery pack adds an additional 20 hours of usage time for the iPad with each charge.

The pack features advanced safety circuitry with failsafe protection, temperature and charge/discharge controls and automatic cell balancing. Per iPodNN, the Apple Juicz can fully recharge an iPad in three hours, while a second USB port can charge a second device such as an iPhone or iPod touch. It can power any USB-chargeable device, but has special circuitry guaranteeing compatibility with Apple’s range of products.

The battery is housed in a machined aluminum case with an anodized finish. The design also integrates a 10-LED gauge that allows users to quickly view the remaining battery power.

The Juicz for iPad is now shipping for US$250 and includes a year’s warranty with parts and labor.

AT&T web site hacked, iPad 3G user emails leaked

Posted by:
Date: Thursday, June 10th, 2010, 04:23
Category: Hack, iPad, iPhone, News

attlogo

A good hack can be seen in one of two ways:

1. It keeps a company on its toes and aware of what might come at it.

2. It’s less-than-wonderful news that makes you wonder how your information was exploited and makes a lot of people slam their heads against their desks in frustration.

Per Gawker, a group of black hat hackers have exploited a security flaw on AT&T’s web servers which enabled them to obtain email addresses from the SIM card addresses of iPad 3G users.

The breach described the event as “another embarrassment” for Apple and outlined a variety of high profile individuals whose email addresses were obtained by automated script attacks on AT&T’s web server based on their iPad 3G SIM addresses (ICC ID).

The publication claimed that the identifying information meant that thousands of iPad 3G users “could be vulnerable to spam marketing and malicious hacking,” while also pointing out that many users have actually already published their iPad ICC ID numbers in Flickr photos. Presumably, many of them also have public email addresses and therefore already receive spam like the rest of us.

The attack on AT&T’s web servers resulted in at least 114,000 iPad 3G users’ emails being leaked to the hackers, who were coy as to whether they were planning to enable others to access the data. The security leak, which returned a user’s email address when their ICC-ID was entered via a specially formatted HTTP request, has since been patched.

The group automated requests of the email address information for a wide swath of ICC-ID serial numbers using a script. No other information was discovered.

The report suggested that having known ICC IDs would leave iPad 3G users vulnerable to remote attacks, citing the attackers involved in the security breach as claiming that “recent holes discovered in the GSM cell phone standard mean that it might be possible to spoof a device on the network or even intercept traffic using the ICC ID.”

In its report, Gawker cited telephony security experts who disputed that the ICC ID email breach was a serious issue. “Vulnerabilities in GSM crypto discovered over the years, none of them involve the ICC ID […] as far as I know, there are no vulnerability or exploit methods involving the ICC ID, ” said Emmanuel Gadaix, a mobile security consultant.

The report also noted that Karsten Nohl, a “white hat GSM hacker and University of Virginia computer science PhD,” informed them “that while text-message and voice security in mobile phones is weak,” the “data connections are typically well encrypted […] the disclosure of the ICC-ID has no direct security consequences.”

At the same time, Nohl described AT&T’s lapse in publishing the email information as grossly incompetent, saying, “it’s horrendous how customer data, specifically e-mail addresses, are negligently leaked by a large telco provider.”

On Wednesday, AT&T issued the following statement regarding the breach:
“This issue was escalated to the highest levels of the company and was corrected by Tuesday. We are continuing to investigate and will inform all customers whose e-mail addresses… may have been obtained.”

Either way, be careful out there, beware the spam and the phishing efforts that never seem to let up and if an e-mail is offering something that seems too good to be true, it probably is.

Google Chrome 5.0.375.70 out the door

Posted by:
Date: Thursday, June 10th, 2010, 04:50
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 5.0.375.70 for the Mac. The new version, an 25.2 megabyte download, offers the following the following changes:

- Medium: Cross-origin keystroke redirection. Credit to Michal Zalewski of Google Security Team.

- High Cross-origin bypass in DOM methods. Credit to Sergey Glazunov.

- High: Memory error in table layout. Credit to wushi of team509.

- High: Linux sandbox escape. Credit to Mark Dowd under contract to Google Chrome Security Team.

- High: Bitmap stale pointer. Credit to Mark Dowd under contract to Google Chrome Security Team.

- High: Memory corruption in DOM node normalization. Credit to Mark Dowd under contract to Google Chrome Security Team.

- High: Memory corruption in text transforms. Credit to wushi of team509.

- Medium: XSS in inner HTML property of text area. Credit to sirdarckcat of Google Security Team.

- High: Memory corruption in font handling. Credit: Apple.

- High: Geolocation events fire after document deletion. Credit to Google Chrome Security Team (Justin Schuh).

- High: Memory corruption in rendering of list markers. Credit: Apple.

Google Chrome requires Mac OS X 10.5 or later and an Intel-based Mac to install and run.

If you’ve played with it and have an opinion, let us know what you think in the comments.

How-To: Work around Safari 5.0 launch crashes

Posted by:
Date: Wednesday, June 9th, 2010, 05:39
Category: How-To, News

safarilogo.jpg

Since installing Safari 5.0 on Monday, my Macs have yet to catch fire and the basset hound has yet to start waltzing across the living room carpet with my cat.

This may not be the case for everyone.

Per CNET, after installing version 5.0 of the Safari browser, a few users are reporting the program crashes whenever they try to open it. Even after trying some general troubleshooting steps the browser still crashes, which could mean something small has been overlooked, but also could mean there was a problem with the installation.

The cool cats over there have offered the following advice:

“To start the troubleshooting, first determine if the problem is account-specific by either going to another existing account, but also by creating a fresh user account to try. Even if other existing accounts have similar problems, using a fresh one will ensure no modifications have been made.

If the problem only happens in one or a few accounts, then it is likely the problem is because of a faulty setting or plug-in that resides in the local account. As a first step, try removing Safari’s preferences, which are located in the /username/Library/Utilities/ folder and are called “com.apple.Safari.plist.” Remove that file from its folder and try relaunching Safari.

You might also try clearing your Web caches, which can be done with Safari using the “Reset Safari” feature if you manage to get it open; however, if not then you can use a cache cleaning program like OnyX or Snow Leopard Cache Cleaner to remove the browser caches.

If this does not clear the problem, next try launching Safari without plugins enabled. To do this, go to the Safari preference file mentioned above and open it with a text editor. Locate the “WebKitPluginsEnabled” key and change it from “true” to “false” so it looks like the following:
WebKitPluginsEnabled

This should prevent Safari from loading plugins, so save the file and relaunch Safari to test it out. This setting can be set in the “Security” section of the Safari preferences; however, if the program will not launch then this is an alternative way to disable the plugins.

While disabling the plugins should keep Safari launching in a bare state, you can also try removing plugins manually. These are located in the following folders, so move all of them from these folders to another location and try relaunching the program.

/Library/Internet Plug-Ins/
/username/Library/Internet Plug-Ins/

If the program launches after doing this, then test each plugin (or small groups of plugins) by moving them back one by one and relaunching the browser each time.

Lastly, with plugins removed from the global library, try booting into Safe Mode and launching Safari from a fresh user account. If this still does not work, then download and reinstall Safari again, especially if you used Software Update to apply the previous update. A faulty installation can sometimes be remedied by reinstalling the program without using updaters (similar to reapplying a system “Combo” updater when OS updates cause bizarre problems. Before doing this you might consider running general maintenance procedures on your system and install it when booted into Safe Mode to ensure minimal interference from other system processes.”

If you’ve seen this issue on your end or have found a fix or workaround of your own, please let us know.

Adobe releases Photoshop Lightroom 3 for Mac OS X, Windows

Posted by:
Date: Wednesday, June 9th, 2010, 05:34
Category: News, Software

lightroomicon.jpg

On Tuesday, software giant Adobe announce the release of Photoshop Lightroom 3 for Mac OS X and Windows. Per AppleInsider, the new version includes bells and whistles such as support for DSLR video files and tethering shooting on selected cameras.

Adobe Photoshop Lightroom 3 boasts a performance architecture that Adobe said better handles growing image libraries and provides a superior raw processing engine with noise reduction and sharpening tools. The new 64-bit capable software also has new features to optimize workflows.

Adobe said Lightroom 3 was rebuilt to be fast and responsive, and the new application provides a fluid experience for photographers. Images are said to load almost instantaneously, and importing of images has been redesigned to be more intuitive, with added previews and default selections that give users quick access to sort through and find images.

Lightroom 3 also allows users to import and manage DSLR video files, as well as take advantage of tethered shooting for select Nikon and Canon cameras. It also has a new set of photographic tools for features like Luminance and Color Noise Reduction, which are said to help produce a clearer picture from high ISO or underexposed images while still preserving details.

The latest version also adds the highly requested Automatic Lens Correction feature, which improves results by allowing users to apply profiles that correct for undesirable geometric distortions, chromatic aberrations and lens vignette effects that most lenses introduce to the image.

There’s also a new straighten tool, allowing users to perfect vertical vertical and horizontal perspective, additional presets for applying more photographic adjustment styles, three new contemporary vignette styles, and a grain effect to add a more natural look with images.

Output options in Lightroom 3 have also been expanded, with new capabilities to publish collections to online sharing sites (for example, Flickr users can sync accounts to Lightroom with one click, and integration with other websites can be added through third-party plugins).

Lightroom 3 also has customizable print layouts which provide more refined control over how photographers present final images, and new watermarking features with options to modify text, size, location and style. Users can also export polished slideshows as video files with the option to add audio and title screens.

Photoshop Lightroom 3 is now for both Windows and Mac on the Adobe store and retails for US$299 for new users, and US$99 to upgrade. The app requires Mac OS X 10.5 or later and an Intel-based processor to run on the Mac end or Windows XP with Service Pack 3 or later on the PC end.

Microsoft releases Office 2004 11.5.9, Office 2008 12.2.5

Posted by:
Date: Wednesday, June 9th, 2010, 04:09
Category: News, Software

microsoftlogo.jpg

Late Tuesday, Microsoft released version 11.5.9 of its Microsoft Office 2004 suite and version 12.2.5 of its Microsoft Office 2008 suite. The updates, which weigh in at 9.7 and 332 megabytes, respectively, focus on improving security for both suites, fixing vulnerabilities that could allow malicious code to overwrite portions of your Mac’s memory and run arbitrary commands.

The updates are free and available through the AutoUpdate programs and require Mac OS X 10.2 or later to run Office 2004 and Mac OS X 10.4 or later to run Office 2008.

If you’ve installed the updates and have any feedback to offer, let us know.

Additional details surface about iPhone 4′s Retina display

Posted by:
Date: Tuesday, June 8th, 2010, 07:35
Category: iPhone, News

Perhaps one of the most impressive features of the iPhone 4, the Retina display, was introduced at yesterday’s Apple Worldwide Developer Conference yesterday.

To answer the question of what a Retina display is, Chris Branderick of PC World offered the following tidbits:

“To put it simply, Apple’s figurative Retina display is an LCD that boasts a super high pixel density by squeezing a 960-by-640-pixel resolution into 3.5 inches—a pixel density of 326 pixels per inch (ppi).

The Retina display has four times the number of pixels as previous iPhones; its screen size is unchanged, resulting in double the pixel density. When compared to the now US$99 iPhone 3GS, which has a 163ppi screen with a 480-by-320 resolution, it’s easy to imagine just how this new screen will shine.

While talking about the new display, Steve Jobs went on to detail that after a certain point the human eye fails to distinguish individual pixels. According to the Apple CEO this “magic number,” when visible pixelation is no more, is around 300ppi. Therefore, with the iPhone 4’s screen coming in at more than 300 pixels per inch (326ppi), the display will supposedly always looks smooth and crisp, with no jaggies in sight.

Apple’s retina display also promises an improved contrast ratio. The company claims that the upcoming iPhone 4 will have a contrast ratio four times higher than that of previous models. Beyond the use of more compact pixels the screen, which is a backlit LED, will also adopt In-Plane Switching (IPS) technology to improve viewing angles and enhance color display.

Apple isn’t the first to put a super-high-resolution screen in a smartphone. Google’s Nexus One, for example, features an OLED screen with a resolution of 800-by-480 pixels, but its subpixel arrangement has some issues.”

Stay tuned for additional details as they become available and if you’re attending the WWDC and can offer any hands-on feedback of the iPhone 4, please let us know in the comments.