Now shorter, but more often...

Due to a change by my hosting provider, this site is officially broken for the time being. If you are interested in following what I have to say, I'm semi-active on Twitter. So come on over and join the fun. Hopefully I'll be able to get this site back up and running sometime soon as it has been a fun, if inconsistent 6 years.

posted by Abner | August 6, 2008 | Twitter

When Technology Fails, Try Process: iPhone instore activation

Since the iPhone OS wasn't up to the task of thwarting the haxor community, Apple is taking (being forced by AT&T?) the step of forcing customers to activate AT&T service at purchase.

Given the length of time it took to unlock the iPhone I (3 months) it appears Apple did a decent job attempting to secure the iPhone SIM. Despite that, someone at either Apple or AT&T is convinced they lost out on revenue from iPhones that were purchased and then unlocked and used on other carriers or even as wifi only devices.

posted by Abner | June 12, 2008 | link

Revision3 vs. MediaDefender

As entire businesses migrate online, what happens if they start attacking each other?

Here is Jim Louderback's postmortem on the attack that took his company down over Memorial Day weekend. And more from Arstechnica

I think we'll need some more lawyers who can understand tcpdump packet data.

posted by Abner | May 30, 2008 | link

Counterfeit Goods: The latest threat?

Product security now extends beyond the technology and into the supply chain. The NY Times on counterfeit networking gear. IDC's take is here.

posted by Abner | May 09, 2008 | link

LCD TV Prank at CES

Here's a good reason to stick a little piece of black tape over the IR port of your screens in trade show booths.

posted by Abner | January 11, 2008 | link

Wikipedia and Marketing

Funny and true. If you have the word marketing in your title, please follow the man's instructions.

posted by Abner | January 02, 2008 | link

Marketing Vulnerability Fixes

How do you claim your product is more secure than an open source option? Counting vulnerabilities alone might not work as Window Synder aptly explains in this retort against a Microsoft IE vs. Firefox report.

via Slashdot

posted by Abner | December 03, 2007 | link

NBC's Peacock Crows and Ohio's Voting Machines

Lunch blogging:

NBC lawyers managed to stop a story from being aired where their own site was broken into. Smart move, at least it gives them sometime to fix it before the vulnerability and exploit were made available to every teen geek in the country. (Assuming a few could find their way in anyway)

Meanwhile, in Ohio efforts to test the integrity of the voting system were apparently blocked by republicans who mysteriously also oversee the state's elections. Again, I lament why are slot machines so much more secure than voting machines?

posted by Abner | September 18, 2007 | link

Irrational Apples

Dated, but a great take on the economically irrational behavior of city dwellers picking apples.

posted by Abner | September 12, 2007 | link

iPhone's SIM Locks: Hardware vs. Software vs. Lawyers

If you care, you already know the iPhone's SIM has been successfully unlocked to work with carriers other than AT&T. GMSV has a good round up.

The blog "Finding JTAG on the iPhone" is a cool read into what it took to unchain the iPhone in hardware. The site's author, a soon to be college freshman, says each unlock takes about 2 hours of time, making it a fairly labor intensive process and thus a pretty solid hurdle to breaking the phone's SIM locks. If only there was a way to do it in software....

Which brings us to this Engaget post that verifies a software hack created by a group that reportedly had 6 people working full time since the launch to develop a way to free the iPhone from AT&T.

6 cheap consultants for 2 months = $800 per day x 6 people x 40 to 50 days = as little as $190k and more likely around $400k for leet folks sounds like a lot for a flakey device with unrealistic expectations. However, even at those cost levels and assuming a $100 charge per device, the breakeven is around 2 to 5 thousand devices. Assuming iPhoneSIMfree has a monopoly for even a month or two, they will probably do fairly well. The site is currently looking for people interested in buying 500+ unlocks which is a pretty smart way to get others to sell 3000 unlocked iPhones to internationally based Apple fanboys as fast as possible.

Finally, if you can't lock them out in software or hardware, call the lawyers, professional unlocking businesses like Unique Phones (who claim 2.9 million unlocks since 2002) are claiming they too have a software based method of unlocking the iPhone, but they had a tough weekend with calls from AT&T's lawyers.

Involving lawyers begs the question of whether or not the Carterfone decision applies to mobile networks (it should.) The DCMA legislation has already been rejected as an avenue for many things, including keeping phones locked to networks. Hush-a-phone v. FCC set another similar precedent.

Conspiracy theory: Apple wants Carterfone to apply to wireless networks and knew that this would force the issue?

Legal Update: Selling unlocked phones for fun and profit might not be kosher.

Update 2: iUnlock has gone open source - see full story at Engaget

posted by Abner | August 29, 2007 | link

Even (or especially) contests could use a security review

From the "Add to blog bookmark folder..."

Business week has a series on a CNBC sponsored online stock picking contest where many cried foul when contestants figured out how to game the web app running the contest.

posted by Abner | August 20, 2007 | link

Vendors Responses: Voting Machines and the Pwnie Awards

Avi Rubin comments on "the "laboratory" defense employed by voting machine vendors.

And in other news of Lame responses to security vulnerabilities, here are the 2007 Pwnie Award Nominees.
Of interest to marketeers: Lamest Vendor Response, Most Over-hyped Bug, and Best Song.

posted by Abner | August 01, 2007 | link

Dude "Security Rocks"

What do you get when you attempt to combine rock music, IT security, and corporate (Intel) sponsorship?

via Schneier

posted by Abner | July 30, 2007 | link
This is a personal weblog. The opinions expressed here represent my own and not those of my employer.