Apple credits Pangu team for discovering vulnerabilities patched in iOS 8.1.1

Apple has posted a support page on the security content of the just-released iOS 8.1.1, reaffirming previous reports that the firmware breaks the Pangu jailbreak tool. In the page, the company credits the Pangu team for discovering three vulnerabilities patched in 8.1.1.

Among those vulnerabilities was a state management issue in the dyld directory, which has to do with app launches. There was also a validation issue in the handling of metadata fields with the kernel, and a sandbox profile bug that allowed apps to launch arbitrary binaries.

Here are the full entries from the support page:

dyld

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A local user may be able to execute unsigned code

Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed

through improved validation of segment sizes.

CVE-ID

CVE-2014-4455 : @PanguTeam

Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed

through relocation of the metadata.

CVE-ID

CVE-2014-4461 : @PanguTeam

Sandbox Profiles

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious application may be able to launch arbitrary binaries on a trusted device

Description: A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged. This was addressed by changes to debugserver’s sandbox.

CVE-ID

CVE-2014-4457 : @PanguTeam

Apple has in the past credited the evad3rs, and other hackers responsible for jailbreaks, for finding vulnerabilities in its mobile operating system that it patches. It’s essentially the only time the company openly admits it’s aware of the jailbreak, and the people behind it.

The Pangu jailbreak for iOS 8 debuted on October 22, just a few days after iOS 8.1. The initial release was very rough around the edges, but the tool received several updates during the following weeks. The jailbreak’s reign officially ended on November 17, with iOS 8.1.1.

MoStack – No Buddy (Music Video) [@realmostack] | Link Up TV

WhatsApp updated with support for iPhone 6 and 6 Plus

The Facebook-owned cross-platform messaging service WhatsApp has updated its iOS client today, bringing the app to version 2.11.14. The team says the new version fixes bugs and crashes, as well as adds support for the new iPhones.

The app now looks great on the larger display of the iPhone 6, and the larger, higher resolution display of the iPhone 6 Plus. WhatsApp, which Apple labels as an App Store “Essential,” was one of the few remaining top tier apps to update.

Today’s release follows a backend update earlier this month, which enabled a new feature that indicates when your message has been sent, delivered and read. Not everyone loved the addition, though, so we made a tutorial on disabling it.

WhatsApp has over 600 million users, and is available in a number of countries on several platforms. If you don’t already have the app, you can check out the latest version in the App Store for free. Unfortunately, it’s still exclusive to iPhone.

Snapchat and Square launch Snapcash money transfer service

Snapchat, the popular ephemeral photo messaging application, on Monday said it’s partnered with Square, Twitter co-founder Jack Dorsey’s mobile payments startup, on a new service allowing Snapchat users to send and receive money.

Dubbed Snapcash and billed as the first Snapchat product created in partnership with another company, it’s simple and easy to use just like Square’s SquareCash service.

Upon entering your debit card detail which gets securely stored by Square, you just swipe into chat, type the dollar sign, a desired amount and hit the green button.

The Square cloud will process the payment and transfer your money directly to your recipient’s bank account. In my personal view, Snapchat is going to need to tighten up their app access in general because I don’t want someone to take my iPhone, open up the Snapchat app and send a few hundred bucks to themselves.

Here’s Snapchat’s a little cheesy promotional video.

The team said they’d created the first Snapcash prototype after seeing Square Cash in action. They liked it so much that they wanted to create a similar product with Square “that felt Snapchat-y.”

“Luckily for us, they were just as excited as we were and wanted to build it together,” said Snapchat. For those unaware of SquareCash, the services lets users send money via text messages for free. And their recently refreshed iPhone application now permits owners of Bluetooth-powered iPhones to send and receive money over short distances using a new feature aptly named “Nearby Payments.”

As for Snapcash, keep in mind that the service is available to Snapchatters in the United States who have a debit card and are 18 or older. The update to the Snapchat app will land on Android later today, while the iOS version is expected to be available shortly after.

The mobile payments arena has been seeing lots of action following the advent of smartphones outfitted with NFC chips. In addition to such heavy-weights as PayPal, smartphone users today can choose between Google Wallet, Apple Pay and a whole bunch of payment startups like Square and many others.

Each time you do a transaction through one of these services, companies that operate them earn a small commission fee. The more transactions, the higher the revenues from fees.

Even Apple itself is understood to have held talks with Square regarding a possible acquisition prior to Square’s recent $100 million funding round.

And in the run-up to Apple Pay announcement in September, a rumor even had it that the two companies were working together on a new mobile payments service.

iOS 8.1.1 is out with bug fixes and performance improvements for iPad 2 and iPhone 4s

Apple on Monday started rolling out the latest iOS 8.1.1 software update for the iPhone, iPad and iPod touch devices. If you’re jailbroken, stay away from this update as it plugs the Pangu8 jailbreak.

iOS 8.1.1 build 12B435 contains a whole bunch of bug fixes and general performance enhancements aimed at improving the mobile operating system’s stability. You can apply the update over the air by going to Settings > General > Software Update.

Alternatively, connect your iPhone, iPod touch or iPad to your Mac or Windows desktop via a USB cable and open iTunes: a prompt should pop up asking you to upgrade.

“This release includes bug fixes, increased stability and performance improvements for iPad 2 and iPhone 4s,” notes the firm in a support document. For information on the security content of this update, go here.

A watching update for the Apple TV is also available in the form of the Apple TV Software 7.0.2 update with a build number of 12B435.

Again, jailbreakers should stay away from this update if they want to keep their jailbreak.

iOS 8.0 has marked the end of the road for the iPhone 4, making the iPhone 4s the oldest iPhone supported by the latest software. iOS releases tend to run well on older hardware so it’s nice that Apple cares about supporting three-year-old hardware and continues to give love to its iPad 2 and iPhone 4s owners.

Facebook@Work being worked on

Using Facebook in the workplace could soon become the new normal thanks to a new business product Facebook is said to be currently developing.

Dubbed Facebook@Work, the forthcoming service should permit users to collaborate on projects and connect with professional contacts through group chats and document collaboration with co-workers, three people familiar with the matter told The New York Times newspaper Monday.

As first mentioned by The Financial Times on Monday, Facebook began working on the project years ago, lead by a team based in the firm’s London offices. They’re currently testing Facebook@Work externally with a handful of outside companies and expect to roll it out “within the coming months.”

Facebook employees have long used Facebook@Work in their daily work, the report notes. Expanding this to other companies has reportedly been discussed internally “for some time” now, especially as its launch approaches.

Facebook wouldn’t say whether its business product will be available through a web browser like its main service, if a software download will be required or whether it plans on charging corporate users wishing to take advantage of Facebook@Work.

For what it’s worth, Facebook@Work reportedly looks “very much” like the regular Facebook site, The Financial Times wrote, including a newsfeed and groups. The service should let folks keep their personal profile separate from their work identity.

“Toughest of all will be the Internet technology managers and chief security officers who allow the deployment of this type of software or service,” writer Mike Isaac noted.

He’s right: I myself can’t help but wonder how on Earth does Facebook expect to work around the many restrictions corporate IT managers have put in place in order to restrict access to Facebook in the workplace.

There’s no question that the new product is going to have to win the trust of companies and organizations. Earlier this month, the company rolled out a new Privacy Checkup tool on the web (seen below) to help users understand who can see their posts and other information they share on Facebook.

Should Facebook decided to go down the paid route, Facebook@Work might create another revenue stream for the company, which now has more than 1.3 billion regular users. It will be interesting seeing whether Facebook@Work contains any advertising.

With collaboration software startups such as Slack, Hipchat and Asana aggressively seeking funding, Facebook can’t afford to sit on the sidelines and watch its mind share get eroded in the workplace, especially with Google, Microsoft and Dropbox slugging it out for market dominance in enterprise.

Slack, for example, is now valued at more than a cool $1 billion and that’s less than one year after launching publicly.

Does Facebook@Work sounds like something that would improve your productivity in the workplace, do you think?

How iPhone 6 with only 1GB RAM Outperforms 2GB Android

One of the biggest disappointments with the new iPhone 6 and 6 Plus is that it still only has 1 GB RAM, especially when the likes of Samsung put 2 GB or more in their Android smartphones. The thing is, as users have found out, the lack of RAM does not impede on performance in any way. In fact, it’s safe to say that the iPhone 6/6 Plus perform as well, if not better than those with 2 or 3 times as much memory. The question is, why ?

Image : Why iPhone 6 with Only 2 GB RAM Performs Better

That question was posed to a popular social website called Quora. This is a site that allows experts to answer questions and, from the results of this one, there are clear reasons why Android phones need more memory than the Phone and don’t perform so well. It’s all about garbage collection.

Why iPhone Performs Better :

1. Android apps require Java to work, meaning Android has to recycle memory once an app has finished using it
2. All good if the system has sufficient memory to work with but, as the research showed, garbage collection systems work at their best when they have memory footprint of at least 4 or 8.
3. That means that Android systems require at least 4 or 8 times the memory it is using to collect garbage
4. If the memory is reduced, things start to go a bit stuttery.
5. iOS does not use that garbage collection system which means it can work with less available memory
6. iOS doesn’t need to have vast stores of memory set to one side which means they don’t need that extra RAM
7. The reason for this is because Apple designed their software to work by only needing the actual amount of memory it is using at the time, thus meaning their iPhones don’t need to stuffed full of memory chips.

Image : iPhone RAM vs Android RAM

This goes some way to explaining why some of the top of the range Android phones cough and splutter when they have several apps open and you try to open another, or open a menu, something simple like that.

Quite simply, the memory that those open apps is taking up is near to the limits of the system and there is none spare to do anything else.

Do you use Android ? Do you find it sticks when you want to use more than one app ?

Russia to BAN iPhone & iPad Use Countrywide from 2015

An interesting report out today claims that, from 1^st January 2015, Russia will be banning anyone in the country from owning any Apple iPad or iPhone. Before Apple fans storm the country demanding a backdown by the government, it may be worth bearing in mind why they want to do it.

Image : Russia Bans use of iPhone and iPad

It has nothing to do with Russia reacting to all the sanctions that have been imposed on the country. It also has nothing to do with the dismantling of a statue of Steve Job in St. Petersburg by a business group either. What it does have to do with is iCloud, something that is causing great concern amongst the authorities in Russia.

A recent law that was passed in Russia set out that all online services that operates within the boundaries of the country must retain all data inside of Russia. As the iCloud servers are based in the US, they do not fall inside the parameters set out in the new law. As such, when the new law goes live on January 1^st, any device that uses iCloud, namely any iOS device, will be banned from use.

However, the ban does not just cover Apple devices. It relates to any online service that operates within Russia and it covers social networking. This means that Russian users of Facebook and Twitter could also find themselves falling foul of the law.

There is an easy way to get around the ban. The companies that are affected can set up their own servers inside of Russia and use those to store the data from the users in the country but most of them are not like to get involved in such selective behavior.

If you live in Russia and use an iOS device, your device may well be restricted from contacting the Apple servers after January 1^st. Apple has not yet commented on whether they will negotiate with the authorities or have plans to build a server farm there.

What do you think of this ?

http://www.jailbreakmodo.com/russia-to-ban-iphone-ipad-use-countrywide-from-2015.html

BlackBerry Classic

The smartphone you trust, with the power you couldn’t imagine.

It takes more than fast thumbs and a stone cold focus to stay on top of your inbox and the day’s priorities. BlackBerry^® Classic is the ultimate communications tool.

• Keyboard and navigation keys designed for optimal speed and accuracy
• Large square touch screen
• Amazingly fast and astoundingly beautiful web browsing
• A battery that powers through
• Ability to install Android™ and BlackBerry apps

We heard you, and we built it.

Pre-order today

Register for updates

Sign up to be notified by email of availability and to receive information on BlackBerry products and services

Trojan horse defense

From Wikipedia, the free encyclopedia

The Trojan horse defense started receiving attention through several different computer crime cases. This defense attributes the commission of a cybercrime on a malware, whether a Trojan horse, virus, worm or other program.^[1] The phrase is used due to the fact that most of the successful Trojan horse defenses have been based on the operation of alleged Trojan horses.^[2] Although this defense is still in its infancy stage, various cases have proven the effectiveness of the Trojan horse defense. Due to the increasing use of Trojan programs by hackers, this defense is likely to become more widespread.^[3]

Contents

• 1 Legal Issues
• 2 Cases Involving Trojan Horse Defense
• 3 Controversies
• 4 See also
• 5 References

Legal Issues

Law enforcement agencies must combat the increasing challenges posed by viruses and Trojan horses as they introduce an element of doubt in legal cases.^[4] Therefore, it is important to consider how a Trojan Horse Defense can be invoked and rebutted.

How the Trojan horse defense is used:^[5]

• Raise Reasonable Doubt: Deny any involvement in the crime charged and claim that it was committed by someone else.
• Negate Mens Rea: A useful alternative for those who cannot deny their conduct that could constitute as the actus reus of the crime.
• Establishing the Defense: Present evidence establishing that a Trojan horse program (or a malware) was installed on the computer by someone else without any knowledge.

Response of Prosecution:^[6]

• Establish Computer Expertise: The defense is likely to argue that they have very limited knowledge on computer technology and therefore vulnerable to exploitation by an unknown hacker. To rebut such claim, it needs to be shown that the defendant has enough knowledge about computers to protect them. Those with computer expertise are less likely to become a victim to such an attack.
• Negate the Factual Foundation of the Defense: Conduct a technical analysis of the defendant’s computer to determine the presence or absence of malware that could support the defense. If malware is found, there would be a thorough analysis of the computer in an attempt to show that the malware did not contribute to the criminal act. If malware is not found, prosecutors can use this to rebut the defendant’s claim that a Trojan horse is responsible.

Procedures followed by computer forensics experts to establish innocence or guilt:^[7]

• Make a copy of the computer in question as early as possible to prevent contamination
• Mount as a second disk onto another machine for experts to run a standard anti-virus program
• If a Trojan is found, it is necessary to examine the totality of the circumstances and the quantity of incriminating materials
• Determine the vulnerability
• Consider the time and date stamps of offending materials to identify if materials has been uploaded on a regular basis or over a limited number of sessions

Cases Involving Trojan Horse Defense

There are different cases where the Trojan horse defense has been used successfully. Typically, it involves computer manipulation where the computing device is under the control of an unknown third party. The assertion is that the computer has been infected by a virus or a malware that allows the execution of programs or running of services without the owner’s knowledge or consent.^[8]

Julian Green:

A United Kingdom-based case, where Julian Green was arrested after 172 indecent pictures of children was found on his hard drive.^[9] The defendant also relied on the Trojan horse defense by blaming the charges on a computer malware. The defense argued that Green had no knowledge of the images on his computer and that someone else could have planted the pictures. This was supported by a computer forensics consultant, acting as an expert witness who identified 11 Trojan horses on Green’s computer, capable of carrying out actions without the user’s knowledge or permission.^[10] He was acquitted of all charges after the prosecution offered no evidence at Exeter Crown Court, by failing to show that Green downloaded the images onto the computer.^[11]

Karl Schofield:

Karl Schofield was also acquitted by using the Trojan horse defense. He was accused of creating 14 indecent images of children on his computer but testimony was given by a defense witness that a Trojan horse had been found on his computer.^[12] Prosecutors accepted the witness testimony and dismissed the charges, concluding they could not establish beyond a reasonable doubt that he was responsible for downloading the images.^[13]

Eugene Pitts:

A US-based case involving an Alabama accountant who was found innocent of nine counts of tax evasion and filing fraudulent personal and business state income tax returns with the Alabama state revenue department.^[14] The prosecution claimed he knowingly underreported more than $630,000 in income over a three-year period and was facing a fine of $900,000 and up to 33 years in prison.^[15] Pitt argued that a computer virus was to blame for under-reporting the income of his firm, although state prosecutors noted that the alleged virus did not affect the tax returns of customers, which were prepared on the same machine.^[16] Pitt was acquitted of all charges.

Controversies

This defense particularly requires an accurate assessment since it determines the guilt or innocence of a person. It would be troubling if an individual guilty of disturbing crimes, such as possessing child pornography were set free, but even more troubling if an innocent person were convicted of a crime they did not commit.^[17]

It is problematic that criminals can use this defense strategy to camouflage their crimes. For example, criminals can potentially plant Trojans on their own computers and later use the Trojan horse defense to escape prosecution of their crime. Furthermore, the availability of the defense raises concerns that the defendant can use a jury’s ignorance, and likely suspicion, of technology to obtain an acquittal even when the evidence overwhelmingly supports a conviction.^[18] It is possible that some cases are being acquitted since juror are not technologically knowledgeable. For a layman juror, the sheer volume and complexity of expert testimonies relating to computer technology, such as Trojan horse, could make it difficult for them to separate facts from fallacy.^[19]

On the other hand, it is crucial to prevent wrongful prosecution of an innocent person. Unfortunately, it is difficult to prevent the problematic matters that arise during the term of the investigation. For example, in the case of Julian Green, before his acquittal, he spent one night in the cells, nine days in prison, three months in a bail hostel and lost custody of his daughter and possession of his house.^[20] In the following case of Karl Schofield, he was attacked by vigilantes following reports of his arrest, lost his employment and the case took two years to come to trial.^[21] While an acquittal of an innocent person is crucial, such distressing experience a person has to go through is one of the few controversial matters.