John Lamansky

According to a “Today @ PC World” blog post:

In an article published in today’s New York Times researchers using WiFi connection say they can gain access to an iPhone ceding control of the device. Researchers also say the hack can be achieved by tricking iPhone users into visiting a Web site with malicious code. The hack, ISE researchers say, can give intruders access to “any file” on the iPhone and allow a remote user to “make calls… or even turning it into a portable bugging device.”

A bugging device! Yikes!

I guess this is what happens when any technology product becomes popular, be it the Apple iPhone or Microsoft Windows.

I wonder if this is due to a flaw in the iPhone’s Mac OS X version, the Safari browser, or some iPhone-specific hardware or software issue.

Ouch. According to a CNet article:

For people who use Microsoft’s Internet Explorer to browse the Web, the picture wasn’t good. In 2004, IE was “unsafe” a total of 358 days of the year, meaning that the browser contained a publicly known, remotely exploitable hole for which there was no patch available. That means IE was “safe” only seven days, or 2 percent of the year, according to David Wagner, an assistant professor and well-known cryptography researcher. Wagner’s team compiled the data from Scanit and Secunia.

Quite surprisingly, Opera and Firefox didn’t score much better: Opera and Firefox scored much better:

In contrast, Opera was “safe” 300 days, or 82 percent of 2004. None of the bugs for Opera’s browser went without a patch and it would take 93 days total to fix them.

Firefox scored best. It was “safe” 339 days, or 93 percent of the year. Only two of its bugs went without a patch and it would take 43 days to install its fixes, according to the data summary.

I found this quite amusing: according to the Washington Post, a definitions update to Microsoft AntiSpyware has reportedly caused the program to identify Norton AntiVirus as a keylogger and password stealer and to suggest making component removals that will cripple the Norton installation.

Yep, sure looks like Microsoft is getting ready to launch Windows OneCare.

[Update: Hmm… according to CNet, Norton products aren’t affected, but rather only Symantec AntiVirus and Symantec Client Security. Who do we believe: Washington Post or CNet?]

Microsoft has announced the pricing details for Windows OneCare, the company’s forthcoming security software featuring functionality such as spyware and virus protection. Microsoft also announced the release date to be this June. Windows OneCare will cost $49.99 annually and will include licenses for 3 computers running Windows XP Service Pack 2.

From a News.com article:

Buyers can install OneCare on up to three PCs that run Windows XP with Service Pack 2. This is a discount over rival products from Symantec and McAfee, which charge $119.99 and $139.99, respectively, before rebates, for three-user editions of their security suites. The Symantec and McAfee products are often heavily rebated.

Microsoft will also be providing support that is much better than what is offered today by companies like Symantec:

OneCare also includes support at no additional charge via e-mail, online chat or phone, Microsoft said. This compares to oft-criticized, mostly paid-support options from Symantec and McAfee.

The article also says that OneCare will be subscription-based. Being a rather-unhappy Symantec user, I know all too well that there are two components of security protection that Symantec and many other security companies sell: the software and the subscription.

Normally, upgrading your security software (for example, upgrading from Norton AntiVirus 2004 to Norton AntiVirus 2006) provides you with new features, while buying a new subscription gives you updated virus definitions for a set period of time. Typically however, security software includes a “free” subscription period. OneCare will be different because it will offer both virus definition and feature updates in one subscription.

Hmm… Three computers? Simplified subscription? A whole security package rather than just anti-virus? For only $50? This is sounding much better than what I’m used to hearing from Symantec offers. However, we’ll almost certainly soon begin to see some equally good offerings by currently-dominant security software manufacturers. Symantec is already starting to show signs of “getting ready” with hints about new product, codenamed “Genesis.”

Who knew it would come so soon? Only about a week after Windows Vista Beta 1 was released, a virus appeared that exploited the Monad command shell included in the Windows Vista beta. Monad is similar to MS-DOS and allows powerful text-based commands to be executed. The virus doesn’t appear to be disruptive, but rather seems to be a proof-of-concept virus (viruses that allow the writer to test new methods of exploitation). For more information on the Danom virus family (”Danom” being “Monad” in reverse), check out this PCWorld article.

According to this article from PCWorld, Google can be used to provide information for hacking attacks.

An example the article mentioned is the ability to use Google to determine the server structure of a large network. If you type in site:nasa, apparantly you get a list of the servers on NASA’s internal network, which could possibly be used to discover entry points for attacking the server systems. The same goes for site:google, site:yahoo, and similar queries.

This wasn’t mentioned directly in the article, but the article gave me the idea: typing something like “warning mysql site:nasa.gov” into Google can allow a searcher to find MySQL error messages on the NASA website. This could allow a hacker to obtain information about the database structure.

Windows is finally getting antivirus protection from Microsoft.

That’s what Microsoft says at the Windows OneCare Beta website. Backup, antivirus, antispyware, two-way firewall (finally!), automatic PC tune-ups, and more are scheduled to be included in the final release. However, I’ve heard that OneCare will have a paid subscription program and won’t be included with Windows Vista. Darn.