Unlocking the Iphone

Apple’s iPhone is a marvel of modern technology, but getting it to work in Thailand can be equally impressive

An American business associate who frequents Thailand gave me an Apple iPhone as a gift. I should be pleased to have one of the first iPhones in Thailand, but there is a problem. The iPhone has a built-in dual locking system that prohibits unauthorized activation of its internal programs, while it “locks” the phone to AT&T, a US mobile operator.

Locked in a box

Only AT&T is authorized to activate and unlock iPhones. But since AT&T does not operate in Thailand, I have a very expensive, iconoclastic icon of advanced technology that can only be used as a fancy and lifeless paperweight, a sort of snow globe without the snow.

Solution: I’ll ask Apple Thailand for help. After all, Apple has its money and I have an iPhone. I just need to activate and unlock the phone so I can subscribe to a local phone service, and everyone will be happy. Right? Wrong! Surely, the famed mobile phone hackers at MBK can unlock it. Right? Maybe.

[ View ]

No iPhone unlock for you

One of the groups that claims it has developed an unlock hack for Apple Inc.’s iPhone is now saying it will only offer the software to resellers, not to individuals, a popular technology blog reported Monday.

According to an e-mail message sent to interested volume sellers — and posted by Engadget yesterday — iPhoneSIMFree said it would not sell the unlock directly to iPhone owners. “iphonesimfree.com is a wholesale only company,” read the e-mail. “Although we could, we do not and will not sell directly to end users, because we want to work together with our valuable resellers as a team and not interfere in their business.”

Late last month, iPhoneSIMFree said it had created software which would let iPhone owners make calls on mobile networks other than AT&T, the smart phone’s official, and exclusive, carrier in the U.S. Unlocking the iPhone is contrary to Apple’s intent; according to the company, iPhones must be activated only with AT&T, and buyers must subscribe to a two-year AT&T calling plan. Even so, Apple has made no public announcement about iPhoneSIMFree or any other of several unlocking schemes that have been publicized.

[ View ]

Firefox still vulnerable to attacks from protocol-handling bugs

Firefox remains vulnerable to attacks exploiting protocol-handling bugs, even though it was patched twice in July, a pair of security researchers said this weekend.

Billy Rios and Nate McFeters, who spelled out design and functionality vulnerabilities in Windows’ Uniform Resource Identifier (URI) protocol handling as recently as mid-August, said Saturday that they have uncovered another way hackers could send malicious code to users via browsers.

“Once again, these URI payloads can be passed by the mailto, nntp, news, and snews URIs, allowing us to pass the payload without any user interaction,” claimed Rios in a posting to his blog. “Although the conditions which allowed for remote command execution in Firefox 2.0.0.5 have been addressed with a security patch, the underlying file type handling issues which are truly the heart of the issue have NOT been addressed,” he added.

URI bugs were a hot topic throughout July, when Norwegian researcher Thor Larholm showed how a browser could be tricked into sending malformed data from other applications. Although Larholm initially blamed Internet Explorer for the flaw, others quickly pointed out that Firefox suffered from the same bug. A finger-pointing debate ensued.

[ View ]

F-Secure Internet Security 2008

The beta period is complete. The official release of F-Secure Internet Security 2008 was launched on September 3rd! You can download and try it now.

F-Secure® Internet Security 2008^TM provides a complete and easy-to-use protection against all Internet threats, whether they are known or previously unidentified. It includes an award-winning antivirus, an easy-to-use personal firewall, an improved antispyware and a new technology, F-Secure DeepGuard^TM, that constantly monitors the very heart of your computer, ensuring that no malicious programs can take over your computer even if you do not have all the latest updates. In addition, the product filters unwanted spam and so-called phishing attempts from your e-mail, and with the parental control, you can block access to websites with questionable content.

Key Features

• Protects your computer against viruses, worms and unknown attacks
• Detects and removes spyware from your computer
• Protects your computer against hackers
• Helps you stay free from spam e-mail and phishing attempts
• Protects your children against unwanted Internet content.

Botnet Steals eBay Accounts

Identity thieves armed with a brute-force botnet are uncovering valid eBay account data, a security firm says.

Online auction site eBay has been targeted by identity thieves, who are wielding a botnet that uses brute force to uncover valid account log-in information, a Tel Aviv-based security company said Monday.

The attacks against eBay Inc. may have started as long ago as early August, said Ofer Elzam. He said that he and other researchers at Aladdin Knowledge Systems Ltd. have not been successful in notifying eBay of their weekend findings.

According to Elzam, the product manager of Aladdin’s eSafe threat-protection line, the brute-force attacks are launched by a large botnet that the identity thieves have built using a sophisticated, multistage campaign that begins with compromised legitimate Web sites.

[ View ]

‘Hackers’ to share secret for iPhone free of AT&T

A group of hackers said they will soon sell software allowing Apple’s iPhone to be used with any cellphone carrier, skirting AT&T’s exclusive deal in the United States.

The consumer frenzy over Apple’s sensational phone was, for some, dampened by the fact that AT&T was the device’s only service provider in the country.

But a group of anonymous hackers promised on a website, iPhoneSIMfree.com, that they would sell software that can opens the iPhone to other carriers in the next few days. They did not indicate a price.

On the weekend, they presented their program to an expert working for CNN television, who announced the iPhone was freed from AT&T’s monopoly in “two minutes.”

“A core group of six people on three continents worked to unlock the iPhone as a hobby,” according to the group.

They said they are fans of Apple products who thought the iPhone should be made accessible to people who cannot use AT&T.

Their website also brags that the 500 to 600-dollar device — which works as a cellphone, music and video player, and web browser — can be tweaked without prying it open or soldering.

Hackers around the world have set about unlocking iPhone codes since it was launched in the United States this year.

Last week a 17-year-old unblocked an iPhone, but did so by opening the unit. The new method apparently takes advantage of the iPhone’s ability to connect to iTunes and receive downloads and updates from Apple.

Cyber crime tool kits go on sale

Malicious hackers are producing easy to use tools that automate attacks to cash in on a boom in hi-tech crime.

On sale, say security experts, are everything from individual viruses to comprehensive kits that let budding cyber thieves craft their own attacks.

The top hacking tools are being offered for prices ranging up to £500. Some of the most expensive tools are sold with 12 months of technical support that ensures they stay armed with the latest vulnerabilities.

[ View ]

‘Stupid’ Holes Reported in Oracle 11g

A security expert has found programming errors in Oracle 11g that left security vulnerabilities.

The latest version of Oracle Corp.’s flagship database offers better security than earlier versions, but development errors have left vulnerabilities that attackers can use to steal data, an expert warned Monday.

“Oracle made big progress with 11g, but some of the vulnerabilities I’ve found so far in 11g are stupid programming errors,” said Alexander Kornbrust, managing director of Red Database Security GmbH, during an interview at the Hack In The Box (HITB) Security Conference 2007 in Kuala Lumpur, Malaysia.

“Oracle must educate their own development team because they should normally avoid these simple security vulnerabilities,” Kornbrust said.Oracle executives were not immediately available for comment.

[ View ]

A Program that Unlocks the iPhone?

According to reports, an anonymous group of software developers claims to have developed a program that unlocks Apple’s iPhone, thus making it operational on any GSM network across the globe.

As of now, the iPhone is available only in the US, and is operational only on the AT&T network, under an exclusive two-year agreement between Apple and AT&T.

The iPhone unlocking program was demonstrated by Los Angeles-based software consultant named Brett Schulte, who replaced AT&T with a T-Mobile SIM card, and within a few seconds, the iPhone became operational.

Schulte said the procedure doesn’t require opening or disassembling of the device, and unlocking can be done in just about two minutes.

Apparently, the anonymous group includes six people from three different continents, who claim to have unlocked the device just as a hobby.

The developers plan to put the software on sale, though no price has been finalized yet. They have also created a Web site called iPhoneSIMfree.com, which has some information on the program but does not give a way to purchase it yet.

Meanwhile, an AT&T spokesman said that though they could not hypothesize on the authenticity of hacking the iPhone, they hurried to remind users that by buying the iPhone, they become contractually indebted to AT&T.

A similar incident took place about a week back, where a teenager claimed to have found the way to unlock the iPhone, though by disassembling the device.

Sony confirms security problem

Electronics giant Sony has confirmed a recently discovered security flaw in some of its products that could leave PCs vulnerable to attack by hackers.

The firm said that the fault, which affected software packaged with memory sticks, was developed by a third-party.

Sony said it was conducting an internal investigation into the problem and would offer a fix “by mid-September”. The vulnerability, found by security firm F-secure, was similar to one found on CDs sold by Sony BMG in 2005.

That led to the discs being recalled and several lawsuits against the record label.

A Sony spokesperson said of the latest vulnerability: “While relatively small numbers of these models were sold, we are taking the matter seriously and conducting an internal investigation. No customers have reported problems related to situation to date.”

[ View ]