Now shorter, but more often...
Due to a change by my hosting provider, this site is officially broken for the time being. If you are interested in following what I have to say, I'm semi-active on Twitter. So come on over and join the fun. Hopefully I'll be able to get this site back up and running sometime soon as it has been a fun, if inconsistent 6 years.
When Technology Fails, Try Process: iPhone instore activation
Since the iPhone OS wasn't up to the task of thwarting the haxor community, Apple is taking (being forced by AT&T?) the step of forcing customers to activate AT&T service at purchase.
Given the length of time it took to unlock the iPhone I (3 months) it appears Apple did a decent job attempting to secure the iPhone SIM. Despite that, someone at either Apple or AT&T is convinced they lost out on revenue from iPhones that were purchased and then unlocked and used on other carriers or even as wifi only devices.
Revision3 vs. MediaDefender
As entire businesses migrate online, what happens if they start attacking each other?
I think we'll need some more lawyers who can understand tcpdump packet data.
Counterfeit Goods: The latest threat?
LCD TV Prank at CES
Here's a good reason to stick a little piece of black tape over the IR port of your screens in trade show booths.
Wikipedia and Marketing
Funny and true. If you have the word marketing in your title, please follow the man's instructions.
Marketing Vulnerability Fixes
How do you claim your product is more secure than an open source option? Counting vulnerabilities alone might not work as Window Synder aptly explains in this retort against a Microsoft IE vs. Firefox report.
NBC's Peacock Crows and Ohio's Voting Machines
NBC lawyers managed to stop a story from being aired where their own site was broken into. Smart move, at least it gives them sometime to fix it before the vulnerability and exploit were made available to every teen geek in the country. (Assuming a few could find their way in anyway)
Meanwhile, in Ohio efforts to test the integrity of the voting system were apparently blocked by republicans who mysteriously also oversee the state's elections. Again, I lament why are slot machines so much more secure than voting machines?
Dated, but a great take on the economically irrational behavior of city dwellers picking apples.
iPhone's SIM Locks: Hardware vs. Software vs. Lawyers
If you care, you already know the iPhone's SIM has been successfully unlocked to work with carriers other than AT&T. GMSV has a good round up.
The blog "Finding JTAG on the iPhone" is a cool read into what it took to unchain the iPhone in hardware. The site's author, a soon to be college freshman, says each unlock takes about 2 hours of time, making it a fairly labor intensive process and thus a pretty solid hurdle to breaking the phone's SIM locks. If only there was a way to do it in software....
Which brings us to this Engaget post that verifies a software hack created by a group that reportedly had 6 people working full time since the launch to develop a way to free the iPhone from AT&T.
6 cheap consultants for 2 months = $800 per day x 6 people x 40 to 50 days = as little as $190k and more likely around $400k for leet folks sounds like a lot for a flakey device with unrealistic expectations. However, even at those cost levels and assuming a $100 charge per device, the breakeven is around 2 to 5 thousand devices. Assuming iPhoneSIMfree has a monopoly for even a month or two, they will probably do fairly well. The site is currently looking for people interested in buying 500+ unlocks which is a pretty smart way to get others to sell 3000 unlocked iPhones to internationally based Apple fanboys as fast as possible.
Finally, if you can't lock them out in software or hardware, call the lawyers, professional unlocking businesses like Unique Phones (who claim 2.9 million unlocks since 2002) are claiming they too have a software based method of unlocking the iPhone, but they had a tough weekend with calls from AT&T's lawyers.
Involving lawyers begs the question of whether or not the Carterfone decision applies to mobile networks (it should.) The DCMA legislation has already been rejected as an avenue for many things, including keeping phones locked to networks. Hush-a-phone v. FCC set another similar precedent.
Conspiracy theory: Apple wants Carterfone to apply to wireless networks and knew that this would force the issue?
Legal Update: Selling unlocked phones for fun and profit might not be kosher.
Update 2: iUnlock has gone open source - see full story at Engaget
Even (or especially) contests could use a security review
From the "Add to blog bookmark folder..."
Business week has a series on a CNBC sponsored online stock picking contest where many cried foul when contestants figured out how to game the web app running the contest.
Vendors Responses: Voting Machines and the Pwnie Awards
Avi Rubin comments on "the "laboratory" defense employed by voting machine vendors.
And in other news of Lame responses to security vulnerabilities, here are the 2007 Pwnie Award Nominees.
Of interest to marketeers: Lamest Vendor Response, Most Over-hyped Bug, and Best Song.
Dude "Security Rocks"
What do you get when you attempt to combine rock music, IT security, and corporate (Intel) sponsorship?