Apple Botched iTunes

It looks as though apple kinda botched iTunes to get it to support the iPhone. So far, iTunes refuses to start. Maybe it’s a ploy to get me to buy an iPhone. I’m in Europe, for crying out loud.
Sigh. Now I’ll just watch dvds…
[Update] apparently it was due to a bug in the shapeshifter theme. That took some time to figure out…


Fly at Your Own Risk

Via the ISN mailinglist: a shocking review of the lax security over at Chicago O’Hare International Airport. You just have to score a badge and away you go, without being searched. Although I doubt that it will be that easy to get to the international parts of the airport (but I may be mistaken, I haven’t been at O’Hare for two years).

Quicken backdoor opened

The Russion data recovery company Elcomsoft has reverse engineered the Quicken financial software to uncover the content of the files. There appears to be a hidden 512bit RSA key in the software, which enables Quicken to offer a lost passwords service. Very neat, but it also opens up all the conspiracy theorists to think that the backdoor is there to offer unlimited service to the Internal Revenue Service and other government agencies (FBI, police interested in the content of the finances.

Technorati Tags: ,

Belgium Biometric Passports…

… well, how does one say that, without going into rude language? They are very trivial to read. Even from a distance, even if someone still has his/her passport in the pocket. Yaiks. The report is quite detailed and a nice read.

According to a very knowledgeable source (if he doesn’t mind, I’ll state his name, but unless I get permission I won’t) the method in the report is a rehash of the method demonstrated at What the Hack by the Rotterdam based Riscure.

Technorati Tags: , , ,

Google Safe Browsing API

The Google Safe Browsing API is a very neat instrument to incorporate into your firewall and/or proxy software. I can imagine someone creating a plugin for squid or snort.

Also, keeping a running tab on the updates to the list of suspected phishing sites, you can verify if the user of a PC under (forensic) analysis visited any of them. I see this as a general check that could be done, just like the check for viruses and malware.

Technorati Tags: ,

“Slideuments” and bad presentations

I’ve found this article by Garr Reynolds very informative. The article makes a point that the current policies for conferences are putting the audience to sleep, because on the one hand you have to present your presentations for inclusion in the handouts, but on the other hand you have to hold a entertaining and thought-provoking talk that does not put your audience into a coma.

The point he makes are valid, but the effort in making two versions of you presentation can be quite high (I’m not referring to the simple case where an article or thesis is the subject of the presentation). In my humble opinion, it’s quiet unlikely that anyone in the corporate world will allow you to spend twice the time to prepare two versions. However, it’s worth a try…

Technorati Tags: ,

On Wiretaps Delivering More than Was Asked For.

This article on Demystifying Lawful Intercept blog has something to say on the subject of recent turmoil over an audit at the FBI where it was found that in over 1000 cases the FBI received more information than it was entitled to.

What I gather from all this is that you cannot have a good Lawful Interception solution without a proper procedure surrounding it. Proper procedures that need to be followed by the Service provider and the LEA. Technology should help the auditors establishing whether the procedures are followed to the letter.
It is for this reason I do not like the ATIS or PacketCable standards. They are very specific on what data should be encapsulated in what fields of what structure, but there are no handles whatsoever to establish basic CIA properties in the handover itself. The ETSI LI standard has a better solution. If the proper options are chosen, everybody will be able to establish at any point in time after the data has been handed over that the data was not tampered with.

More on that another time.

Technorati Tags: , ,