Posted on March 11, 2011 by buu
I’ve been attending CanSecWest for the last two days. I’m lucky for two reasons: Not only is this internationally renowned security conference held right here in Vancouver, but this isn’t normally a conference I am sent to and we happened to score me a free pass this year.
You may not have heard of CanSecWest but a bit more people will have heard of Pwn2own, the contest where over $100,000CAD and the target hardware is given out as prizes for compromising browsers and smart phones.
So far, IE, Firefox, Safari, iOS and Blackberry OS have been compromised. Windows Phone 7, Chrome and Android have so far survived.
What I found interesting was Blackberry OS, touted to be very secure was compromised due to a webkit vulnerability. Now before the attempt was made, I watched a battle begin at the pwn2own area, where a representative from RIM Security was trying to make certain that the Blackberry Torch that was targeted would be patched with a recent OS patch, which it had not been yet. The patch was released with Canadian carriers recently but not other countries. RIM works with carriers on their OS updates as they each get OS’s flavored to their liking.
Well the Blackberry got pwned. RIM didn’t get to apply that latest patch. But, it wouldn’t have mattered. The webkit patch hadn’t yet been implemented in the latest Blackberry OS anyways!
Google on the other hand, is fairly quick with patches to Chrome. You barely even know they’ve done it. It hasn’t fallen over so far at the contest. That webkit bug Blackberry fell to was patched by Google long ago.
But I don’t really like what I see. RIM has to maintain so many flavors of OS, across so many of their platforms and then multiply that by all the carriers they work with. This is obviously slowling down the patching process. As if it wasn’t already slow enough considering they have to encourage users to take the time to update their firmware in the first place.
iOS has its faults but at least they’re pretty quick with their updates. And while many are critical of iTunes, it is pretty nice that it tells you right away if there is a software update available and encourages you to upgrade – even making the process super easy with a simply backup and then restoring your settings after the update. And yes, Apple’s security folks were on site today as well and said they’ll be implementing patches in order to plug the holes found by the famous Charlie Miller, who pwned the iPhone 4.
Perhaps now that Blackberry has to be even more aware of vulnerabilities of their phones now that they’ve added a webkit browser, they should re-evaluate the efficiency of their patching.
UPDATE: Well, looks like Google may be eating their words. The bug that pwned Blackberry OS might be in Chrome. I’ll try to find a valid link with info.
UPDATE2: Ok, here is a link http://www.zdnet.com/blog/security/google-first-to-patch-pwn2own-webkit-vulnerability/8427
Posted on June 1, 2010 by buu
I’ve used an iPhone for the past couple years in a corporate environment, taking over from my long time BlackBerry use. It’s market share growth, combined with the growth of smart phone use has put a target on the iPhone’s back.
This gentleman has compiled a lot of info about the iPhone Security Framework and reviews some vulnerabilities. Worth a read if you’re assessing the technology from a security prospective for use in your environment.
Bernd Marienfeldt – iPhone Business Security Framework
Posted on May 3, 2010 by buu
What a cool device.
I picked it up last week after they pushed back the Canadian release due to such high demand in the US. Which by the way, if you haven’t seen, they’ve hit the 1 million sold mark in 28 days.
You’ll find yourself lots of detailed reviews if you hit youtube or favorite consumer electronics site but here are my personal impressions in really quick form.
- the screen size is perfect, you can view web pages without having to zoom into anything. I’m a big fan of insanely high screen resolutions that give you a headache for drawing my network diagrams but 1024×768 seems good for my use on here
- the weight is decent. Some say it’s too heavy but I think it really comes down to the fact that you’re holding the thing up using your thumb as leverage so it can make your hand sore. A good case with a strap on the back should remedy this
- the screen is very reflective and is a pain when you’re under florescent lights
- battery life is as advertised. Charging it a pain and you have to keep the screen off if you want to charge it via USB unless you have a higher powered USB port which my work laptop does not seem to have. I wish Apple included one of those “two-headed” USB cables that portable hard drives usually come with for this very reason.
- it is very fast. I am impressed with application load times and general responsiveness
- I wish the WIFI model had a GPS. I guess they figure you won’t be bringing the WIFI model out and about as much as the 3G model but I don’t think that is necessarily the case.
- I think putting the speakers on the bottom edge of the case was a bad design idea. It gets muffled when it’s on my lap. Maybe the speakers should point out the top corners.
Here are the apps I am using:
Evernote – they re-sized the app for iPad and it works great. Evernote started off as my alternative for when I found iPhone doesn’t sync my notes from Microsoft Exchange and has now because a big part of how I work.
Dropbox – I keep a lot of documents like product manuals and datasheets, or personal documents stashed in Dropbox. Evernote has this feature but you have to pay. Dropbox is free for 2GB of online storage. However, as of yet, this app has not been resized to iPad resolution.
UPDATE – shortly after writing this, the iPad version of Dropbox was released. Looks great from what I can see and actually let’s you save local copies now.
GoodReader – this is a fancy PDF reader. I can open PDF’s through Dropbox but like I said, they haven’t resized the resolution. GoodReader has a nice auto scroll and it even connects to various sources like Dropbox, to pull your info down. It also copies files locally so you can take it offline. I’m reading magazines in PDF format through this.
Citrix Receiver – my company is a Citrix partner and if you know XenApp, you know what this is. If you don’t, you won’t care about this at all. For those of you who do use XenApp, this client is awesome. You can even pair your iPhone to use as a trackpad for the pointing device. It works with a direct connection to your XenApp web interface server or through a Citrix Access Gateway Standard, Advanced or Enterprise (with a bit of setup different from what you’d normally setup).
NewsStand – this is my RSS reader and they have updated it to fit the iPad screen resolution
So far I’m finding this device to fit my needs perfectly which is my personal internet device. It could never replace my work laptop and cannot replace a full fledged desktop at home for editing photos and movies but it’s bigger than my iPhone and I found I was doing 95% of my personal web use on my iPhone. This gives my eyes a break. It also saves me from buying a netbook to meet these needs.
I’m sure I’ll write more about what I do with this device but that is all for now!