The iPhone Dev-Team has announced the release of a PDF Patch to fix the iOS vulnerability used by comex’s jailbreak.

On Wednesday, Apple (finally) released firmware 4.0.2, which patches the very large security holes exploited by @comex in the 2nd incarnation of jailbreakme.com. The only problem is they outright abandoned iPhone2G and iPod Touch 1G users! Even though Apple acknowledges in their security update the severity of these holes, they left iPhone2G and ipt1G owners high and dry — completely vulnerable to truly malicious variants of jailbreakme (these variants aren’t out yet, but they’re sure to come!).

Luckily for Apple, the Jailbreak community isn’t so callous. @saurik has been burning the midnight oil coding a Cydia package that will fix the holes for all devices and all firmware versions (even going back to version 2.x!).
Read the full story

Popularity: 2% [?]

Man, one day you have the whole world’s ear to talk about slack network security, and the next you’re in the joint. Andrew Auernheimer, Goatse Security’s hacker-in-chief and a key player in the unearthing of a major security flaw exposing iPads surfing AT&T’s airwaves, is today facing felony charges for possession of a variety of potent drugs. That wouldn’t be such intriguing news by itself, but the discovery was made by local law enforcers who were in the process of executing an FBI Read the full story

Popularity: 1% [?]

Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the cellular-enabled tablet—could be vulnerable to spam marketing and malicious hacking.

The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel’s information was compromised.

It doesn’t stop there. According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it’s possible that confidential Read the full story

Popularity: 1% [?]

If you feel like going through the process of typing in your PIN every time you unlock your iPhone is worth it thanks to the unconquerable security it implies, you might want to read this report from Bernd Marienfeldt about the chosen one’s security model. Yes, a PIN will keep casual users from picking up your phone and making a call with it, or firing off an e-mail to your co-workers saying that you’re quitting and becoming an exotic dancer, but it won’t keep someone from accessing all your data. Bernd and fellow security guru Jim Herbeck have discovered that plugging even a fully up-to-date, non-jailbroken iPhone 3GS into a computer running Ubuntu Lucid Lynx allows nearly full read access to the phone’s storage — even Read the full story

Popularity: 1% [?]

Okay, so we were under the impression that Facebook login credentials were a locally-managed affair, but it looks like almost anything can break when AT&T’s involved — according to CNET, the carrier just fixed “several problems” that had users logging into the wrong Facebook account from their phones. The issue was apparently related to subscriber identification numbers being mistranslated into bad URL session IDs, and AT&T says it’s taken some security measures to prevent it from Read the full story

Popularity: 1% [?]

Did you know that the vast majority of calls carried out on the 3.5 billion GSM connections in the world today are protected by a 21-year old 64-bit encryption algorithm? You should now, given that the A5/1 privacy algorithm, devised in 1988, has been deciphered by German computer engineer Karsten Nohl and published as a torrent for fellow code cracking enthusiasts and less benevolent forces to exploit. Worryingly, Karsten and his crew of merry men obtained the binary codes by simple brute force — they fed enough random strings of numbers in to effectively guess the password. The GSM Association — which has had a 128-bit A5/3 key available since 2007, but found little takeup from operators — has responded by having a Read the full story

Popularity: 1% [?]