Irregular Expressions


June 26, 2010  9:41 PM

HTML5

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Is HTML 5 the future?

It does seem like it is, but if that is the case the future is definitively now not.

Surfing the web is really great on an iPad, except for the 25%-30% of the sites that I want to go to that are flash only and give you the nice message to go install it. Also the closing is getting old, the iPad OS will shut down applications to conserve resources, which is great except when the application it closes is Safari and the reason it’s low on resources is the site I am on that just closed.

Some of the other news that I have seen says that the xxx industry is now backing HTML 5 and re-encoding their video to target mobile users.

I like that Apple and MS are backing the new standard, but it’s ironic that you cannot get into the Apple demo with out Safari and the MS demo runs like maple syrup.

The video that runs great on my iPad at Apples demo, hardly works at all on the MS site.

You can see both below.

http://www.apple.com/html5/

http://ie.microsoft.com/testdrive/

June 26, 2010  9:06 PM

TLD and XXX

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

While I really don’t know if this is the best thing, at least if some of the XXX rated sites are hosted on a .xxx domain name it will make filtering them a whole lot more strait forward.

http://www.msnbc.msn.com/id/37918009/ns/business/

I can see this being a real cash flow for the company that gets the rights to manage the .xxx domains.

Even with the addition of a .xxx domain name I can’t see a flood of current sites leaving behind their .com or other domain to make the switch unless there was some incentive to get them going.  That is not a half bad idea, it would be great to get those sites off .com and others and get them in their own setup.


June 26, 2010  8:54 PM

World Cup Spam

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Messaging labs June report there has been an increase in football or soccer related spam being seen.  I always find these reports a good read.

The full report is available here http://www.messagelabs.com/resources/mlireports, it should be the top link.

I have not seen an increase of this kind of spam in my environment, the report mentions that countries in South America that are a little more football focused are being targeted.

The trend of spammers following their targeted audiences news and interests over the last decade has been very interesting to watch.  The spelling, grammar and overall feel of the spam is getting better every year.  I still remember when the image based spam started making it’s rounds and the addition of the OCR functionality to spam assassin to start filtering the messages.

Over the next few years I can see spam continuing it’s evolution and becoming harder to detect and more targeted for specific audiences.  It also makes me think about how much more the current spam environment can grow, I don’t mean about the volume of spam but the percentage of spam to legitimate messages.  I can see these types messages migrating into other infrastructures like the mobile device market.


June 16, 2010  11:15 AM

iPad data breach arrest

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

A person was arrest in connection with the massive information breach, a warrant was carried out by the FBI.

The article is not exactly clear on what the warrant was for but it does mention the finding of drugs at his place.

If you had not seen previously there was a problem with one of the system used by AT&T in the process of registering a 3G iPad in the US.  The group was able to send the unique ID of a iPad and the server would return the associated email address, this lead to the disclosure of multiple email addresses of some pretty high level individuals.

Although I am not sure I would call that a disclosure, it’s an email address they are there for public disclosure.  I am sure you could come up with some targeted attacks knowing that they have iPads and they are a CEO or CFO, it just seems to me that this is getting a lot more attention that it should for an email address.

http://news.cnet.com/8301-27080_3-20007827-245.html

cnet also has an interview posted with the guy.

http://news.cnet.com/8301-27080_3-20007407-245.html


June 15, 2010  6:52 PM

iPhone 4 update data breach

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

This sounds really bad, when you are logging into a site with your username and password and get greeted with someone elses account you have a really really big problem.

I saw this link on sic.sans.org pointing to a gizmodo article http://gizmodo.com/5564262/apple-iphone-4-order-security-breach-exposes-private-information.

Apple users are report that when they log into the portal to order an upgrade they are getting into someone elses account! As interesting as it is to get into someone elses account, makes you wonder who is looking at your account.

The article qoutes say that the probles are connected to a rushed upgrade that was put in place over the weekend. If this a programming error, it’s going to an expensive one.
When I think of the worst thing that could happen to a secure portal, this is worse.


June 15, 2010  6:34 PM

iPhone access vulnerability – Part 2

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I have tried multiple times with Ubuntu, OpenSuSE and Windows XP, and I have not been able to replicate any of the reported issues and I have not updated my iPad since I got it. The most I have been able to do was mount the photos folder and gain access to the images I had saved on it.

I have not been able to locate any more information on this, but I am disappointed that I have not been able to replicate the issue.


June 4, 2010  11:47 PM

iPhone access vulnerability

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

You may have seen some stories talking about the recently discovered vulnerability in the iPhone OS that allows someone to gain access to the device even with a pin on it.

I have seen a couple different reports on what actually happens and how, ( I wish I had one at this point to mess around with ).

But the two stories are like this,

1) You connect a iPhone that you have presumably beat from someone with a rubber hose that is locked.  Connect it to a Ubuntu  Lucid Lynx install, and like magic the file system is mounted.  It’s reported that you will have access to some but not all of the users files.

2) Same as before you have physical access to a iPhone, but in this senario you power off the phone and connect it to the Lucid Lynx install then power it up.  The phone is mounted on the way up before the lock can kick in to stop it.

One to me seems more realistic, but I am going to try and replicate this with my iPad before I get any deeper.


June 4, 2010  11:35 PM

Building a FreeBSD MAC Kernel – Part 3

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

The last command we ran with this was the

make installkernel KERNCONF=MAC

before I got completely off topic talking about the Biba integrity model.

For the installation of the kernel that basically wraps it up, the installkernel command copied the new kernel to /boot/kernel and made a backup of your old one /boot/kernel.old/kernel.

Now it’s time to reboot, all should go well but if it does not boot up into single user mode and swap back the kernels.

mv /boot/kernel /boot/kernel.broken
mv /boot/kernel.old /boot/kernel
reboot

Now if all has gone well, your system should boot up and you are now running your new kernel!

And on a related note, I hope you are not using that system to read this because you will have noticed that you cannot seem to get on the network.

We will fix that in part 4.


May 31, 2010  2:03 PM

iPad JailBreaking

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

There is a app for that.

There is a untethered jailbreak application for the iPad, it’s called spirit and you can get it here.

http://spiritjb.com/

It’s a simple process, download it.  Open it with iTunes open, make sure it detects it, then close iTunes. Then click the button!

Done.

Once installed it will reboot your iPad and a new app will appear on the desktop called Cydia, you can then use that to access almost anything you could need ( this also works on the iPhone ).  One of the best apps I have been told on there is the Backgrounder, it will allow you to have all or some of your applications to continue running in the background.  There is a limit on how much memory you can consume when you do this, once that is hit the OS will start shutting them down.


May 29, 2010  11:17 PM

More Biba

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Here is a little more information regarding the biba integrity model, wikipeda has a basic explanation about it.

http://en.wikipedia.org/wiki/Biba_Integrity_Model

I prefer the CISSP cbk, It has a good write up of it and other models. If you can borrow that book or pickup your own it’s worth it.

http://www.amazon.ca/Official-ISC-Guide-CISSP-Second/dp/1439809593/ref=sr_1_2?ie=UTF8&s=books&qid=1275192790&sr=1-2


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: