Apple

QuickTime 7 Vulnerability

the Month of Apple Bugs website posted their first vulnerability for this month, and it affects Windows as well, BAM!! KAPOW!! The double whammy. I’m sure the message boards will be heated up, my OS is better than your OS, can’t we all just get along?

The following description of the software is provided by vendor (Apple):

QuickTime 7 makes the future of video crystal clear with new features including user-friendly controls and pristine H.264 video. Upgrade to QuickTime 7 Pro and capture your own movies, then share them with friends and family via email or .Mac.

A vulnerability exists in the handling of the rtsp:// URL handler. By supplying a specially crafted string (rtsp:// [random] + colon + [299 bytes padding + payload]), an attacker could overflow a stack-based buffer, using either HTML, JavaScript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition. Source: the Month of Apple Bugs

From Cnet, QuickTime zero-day bug threatens Macs, PCs,

“The risk is having your system compromised by a remote attacker, who can perform any operation under privileges of your user account,” said LMH, the alias of one of the two security researchers behind the Month of the Apple Bugs. “It can be triggered via JavaScript, Flash, common links, QTL files and any other method that starts QuickTime.”

The vulnerability affects QuickTime 7.1.3, the latest version of the media player software released in September, on both Apple Mac OS X and Microsoft Windows, according to the Month of the Apple Bugs advisory. Previous versions could also be vulnerable, according to the advisory.

Security-monitoring companies Secunia and the French Security Incidence Response Team, or FrSIRT, rate the QuickTime flaw as “highly critical” and “critical,” respectively. Source: News.com

As usual, this will be more dangerous to Windows users, as most users run under administrator accounts, Apple has not released any info on when a patch could be released.

They released the second vulnerability today, they are promising one a day,

A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC.

This issue has been successfully exploited in VLC version 0.8.6 for Mac OS X. Previous versions and other platforms might be affected (thanks to David Maynor for confirming the issue in the Microsoft Windows version). Source: VLC Media Player udp:// Format String Vulnerability

The poster with the handle LMH and independent researcher Kevin Finisterre say a positive side effect will, probably, be a more concerned user base and better practices from Apple management. Makes for interesting reading at least, although this QuickTime vulnerability could affect a large percentage of the internet, especially Windows users.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - January 3, 2007 at 5:00 am

Categories: Apple, Security, Windows XP   Tags: , , , ,

Microsoft and Universal Strike a Deal, Who is Next?

Microsoft and Universal have signed an agreement that says Universal gets over $1 per Zune sold in exchange for licensing its recordings to Microsoft’s new digital music service. This is huge. Apple has no deals with recording companies like this, Apple only pays them for songs sold through iTunes. This will definitely affect any future deals they have with these companies, companies like Universal had no idea that billions would be made from the iPod when they signed their deals with Apple, so they will want a cut of anything going forward, and I can’t imagine Apple not having to pony some more money up, if they loose tracks in iTunes, they may loose customers to Microsoft and their Zune player.

Universal Music, a unit of Vivendi, will receive a royalty on the Zune player in exchange for licensing its recordings for Microsoft?s new digital music service, the companies said.

Universal, which releases recordings from acts like U2 and Jay-Z, said it would pay half of what it receives on the device to its artists. The company is expected to receive more than $1 for each $250 device, according to executives who were briefed on the pact. Source: NY Times

“It’s a major change for the industry,” said David Geffen. “Each of these devices is used to store unpaid-for material. This way, on top of the material people do pay for, the record companies are getting paid on the devices storing the copied music.”

Sounds like he is saying we are all pirates and they deserve a cut. I say, lots of us pay for the cd’s and expect to be able to do with them what we want, they are our property after all. If the music companies didn’t point as many fingers as they did and sue as many people as they did, maybe everyone would feel a little different about them. I don’t remember recording songs from radio stations being frowned upon, but it is a lot easier nowadays for one song or album to make its way around the world.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - November 9, 2006 at 7:36 pm

Categories: Apple, Microsoft News, Piracy   Tags: , , , ,

Apple Wi-Fi Exploit Released

Security researcher HD Moore has released code that shows how attackers can exploit an unpatched flaw present in some Apple wireless drivers. Moore said he tested this on a 1.0Ghz PowerBook running Mac OS X 10.4.8 with the latest updates, and while Apple released updates to fix three other problems with these wireless drivers, this flaw is still unpatched.

“With all the hype and buzz about the now infamous Apple wireless device driver bugs (brought to attention at Black Hat, by Johnny Cache and David Maynor, covered up and FUD’ed by others), hopefully this will bring some light (better said, proof) about the existence of such flaws in the Airport device drivers,” said LMH (the alias of the hacker who runs the Kernelfun blog) — referring to an Apple wireless driver issue covered by Security Fix earlier this year (the links in the quote are his). Source: Security Fix

To see the exploit code and the release, click here Apple Airport 802.11 Probe Response Kernel Memory Corruption,

The Apple Airport driver provided with Orinoco-based Airport cards (1999-2003 PowerBooks, iMacs) is vulnerable to a remote memory corruption flaw. When the driver is placed into active scanning mode, a malformed probe response frame can be used to corrupt internal kernel structures, leading to arbitrary code execution. This vulnerability is triggered when a probe response frame is received that does not contain valid information element (IE) fields after the fixed-length header. The data following the fixed-length header is copied over internal kernel structures, resulting in memory operations being performed on attacker-controlled pointer values.

A spokesman from Apple had this to say,

We were recently made aware of this security issue in our first generation AirPort card, which has not shipped since October 2003. This issue affects a small percentage of previous generation AirPort enabled Macs and does not affect currently shipping or AirPort Extreme enabled Macs. We are currently investigating the issue.” Source: Security Fix

Fun, fun, fun.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - November 2, 2006 at 4:43 pm

Categories: Apple, Drivers, Security   Tags: , , ,

DVD Jon Cracks iPod Playback Restrictions

Jon Lech Johansen, also known as “DVD Jon,” says he has cracked the playback restrictions put in place by Apple on their iPod mp3 players, and says an unnamed client will soon use his technology so that it’s copy-protected content will be playable on iPods. He says his lawyers have given him the green light to go ahead and that while Apple can give them some trouble, they cannot stop this.

A hacker known for cracking the copy-protection technology in DVDs claims to have unlocked the playback restrictions of Apple Computer Inc.’s iPod and iTunes music products and plans to license his code to others.

Today, songs purchased from Apple’s online iTunes Music Store can’t be played on portable devices made by other companies. Songs purchased from many other online music stores also won’t work on iPods because they similarly use a form of copy-protection that Apple doesn’t support.

Johansen said he has developed a way to get around those restrictions. But unlike his previous work, which he usually posts for free, the Norway native plans to capitalize on his efforts through his Redwood Shores-based DoubleTwist Ventures, said the company’s only other employee, managing director Monique Farantzos. Source: CNN

While his lawyers are giving him the green light, he will surely be sued by Apple in an attempt to block it. Fred von Lohmann, a staff attorney at the privacy-advocacy group, Electronic Frontier Foundation, said Johansen is treading carefully this time, but isn’t necessarily cleared from a legal fight over copy-protection laws. Saying, “There is a lot of untested legal ground surrounding reverse engineering.” Which is an understatement, I’m sure.

Johansen first rose to fame when he wrote DeCSS, to unlock the content scrambling system used by the film industry to prevent copying, he was charged with data break-in but was soon acquitted. He has been a hacker folk hero ever since.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - October 25, 2006 at 12:28 pm

Categories: Apple, Copy DVDs, Piracy   Tags: , ,

Share a Song with Zune and Get Credit Back

Saw this interesting post on Techcrunch talking about rumor they posted on Crunchgear, that says, if you share a song with your Zune, and that person buys it, you get credit back, which you can then use on the Zune Marketplace. So, if you and all of your friends get a Zune, why not be the first to share the songs and get some credit for spreading the love.

We know that the zinger for the Zune is the social networking/music sharing features. Briefly, it works thusly: if we have a song on my Zune we like, we can send it to your Zune via WiFi. You can listen to the song three times for free within a 3 day window, then it will prompt you to pay for it ($1), lest it disables itself. If you do pay for the song we shared with you, then we would get a credit for turning you onto the song. Once we have enough credits, we can cash them in for free songs or other items from the Zune Marketplace. So it suits us to share, share, share. It?s sort of a backwards pyramid marketing scheme.

No information on how many credits you need to buy a song, but this will surely help Microsoft grab some market share from Apple, these are some features users definitely want, being able to share files on your wireless connection sounds great, to bad it only allows you to play them for three days. I expect some enterprising young individual to crack it and allow you to be able to share all your files for as long as you want, but I have been wrong before.

From TechCrunch,

Clearly the goal here is to create a bit of viral marketing for music and, as an added bonus, drive sales on the IZMS. As we look into the Zune more closely, it seems the MS team might have just hit on the iPod killing factors that most MP3 players have been missing thus far, although we’re still fairly excited about the touch screen iPod rumored for this year. Perhaps a Zune/TouchPod Thunder Dome is in order, with the Zune flinging DRMed pig waste at the iPod while Steve Jobs and Bill Gates act as Master and Blaster, respectively. Melinda can be Aunt Entity.

Nah, I would expect Jobs to be The Road Warrior, Mel Gibson, with Gates hiring Big Sexy Kevin Nash to ride on. Probably wouldn’t end the same as the movie…

3 comments - What do you think?  Posted by Jimmy Daniels - October 24, 2006 at 5:56 pm

Categories: Apple, Gadgets, Microsoft News   Tags: , ,

Loose Your iPod?

If you have lost your well maintained, black, 30gb, iPod, then David Berlind is looking for you.

If this isn’t a test for how the blogosphere can get things done, I’m not sure what is. As a part of this test, if you happen to read this blog entry and you have a blog, please spread the word and let’s see if the viral nature of the blogosphere can help this iPod find its owner. Source: Between the Lines

Be the first to comment - What do you think?  Posted by Jimmy Daniels - October 23, 2006 at 1:25 pm

Categories: Apple   Tags:

New Apple Video iPods Carrying Windows Virus

I’ve held off commenting on this news story, Small Number of Video iPods Shipped With Windows Virus, from apple computers, mainly because I didn’t want it to become or be part of the usual Apple and Microsoft bashings that seem to take place whenever an Apple or Microsoft story like this one pops up. But, Apple recently discovered and 1% of the Video iPods that were made available after September 12, 2006 were infected with the RavMonE.exe virus, a virus that only affects Windows and some of it’s side effects are: Allows others to access the computer, Reduces system security, Leaves non-infected files on computer and Opens links to websites. Apple took their mistake and turned it into an attack on Microsoft saying,

As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it. Source: Apple.com

Now, this has nothing to do with how secure Windows is, this is on Apple all of the way, saying it’s Microsoft’s fault that they don’t do better quality checks is simply crazy. An expert in such situations is Jonathan Poon, the man in charge of scanning Microsoft products for viruses before they ship. Here’s what he has to say about it,

“It’s not a matter of which platform the virus originated [on]. The fact that it’s found on the portable player means that there’s an issue with how the quality checks, specifically the content check, was done,” Poon wrote in a blog entry.

“That Apple would blame Microsoft demonstrates a lack of understanding of remedial security and manufacturing processes. Virus was only a symptom of the problem. Apple didn’t know what they were shipping,” Abrams said. Source: Yahoo

An apple representative, Greg Joswiak, vice president of iPod product marketing at Apple, defended the companies processes, it’s quality control and manufacturing process,

“It was an exception to our process,” he said. “We believe we have a good process and we’re going forward.”

Joswiak also stood by the company’s statement regarding Windows.

“Isn’t that true?” he responded when asked about the company’s statement about Windows not being robust in the face of viruses.

Sure it’s true, but that doesn’t have anything to do with how apple checks its hardware. This is similar to the recent story where McDonald’s admitted that 10,000 MP3 players that were given away in a promotion in Japan also contained a worm, identified as WORM-QQPASS.ADH. They offered to replace all of the infected MP3 players, something the experts say helped McDonalds handle the situation better than Apple.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - October 19, 2006 at 11:36 am

Categories: Apple   Tags: , , , ,

Who is the “Father” of the iPod?

According to an article at Wired, its not Steve Jobs, it was a bunch of people, inlcuding Steve jobs.

One of these myths is that the iPod has a father — one man who conceived and nurtured the iconic device. Steve Jobs, of course, is one candidate; but engineer Tony Fadell has also been named the father of the iPod, as has Jon Rubinstein, the former head of Apple’s hardware division. While they all played key roles in the iPod’s development, the iPod was truly a team effort.

Here’s the story:

In 2000, Steve Jobs’ candy-colored iMac was leading the charge for Apple’s comeback, but to further spur sales, the company started asking, “What can we do to make more people buy Macintoshes?” Source: Wired

It’s a good read, a must for Apple fans.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - October 17, 2006 at 4:02 pm

Categories: Apple   Tags: , ,

Make an iPod Screensaver

Here is a quick and easy way to change what your iPod video displays while it is charging. From web.mac.com, they have some good screenshots there as well.

Create a folder named Demo Mode.
In iTunes, rename the video you want the iPod to play.
After the iPod is on the charger two minutes, the video will start playing.
This only works on fifth generation Video iPods.
The iPod must be on pause and charging.
You must have enable disk use enabled.
the iPod video must have up to date firmware.

You could probably do this without updating the firmware, if that sort of stuff scares you. Try it first, if it works, why update it?

Apple Store

Be the first to comment - What do you think?  Posted by Jimmy Daniels - October 9, 2006 at 2:05 am

Categories: Apple   Tags: , ,

Five Reasons Zune Scares Apple

When Microsoft releases a new product, there is almost always hundreds of articles telling why it will be a hit or why it will fail, especially if they are going up against Apple. Apple practically owns the mp3 player market, and most of its fans believe Microsoft doesn’t have a chance because the iPod is so popular and is so cool. We have two in my family right now, a Nano and one of the orginal, 20 gig iPods without the color screen, dangit. But, when you take on Microsoft, you usually take on the whole outfit, with the release of the Zune, Microsoft has already announced that you will be able to buy songs through their service with Microsoft Points, which had only been usable on the Xbox live site, I believe. So you know there will be more cross promotion, and probably increased interoperability, there will probably be hooks so you can connect to Windows XP Media Center pcs to play music, and, if they are smart, free songs with everything they sell. The Zune will be able to plug into the Xbox through the USB port, a fact they will no doubt advertise on the Xbox Live site.

Mike Elgan at Computerworld says Apple is scared os the Zune and give five reasons why they should be.

1. Microsoft is hatching a consumer media “perfect storm.”
Apple fans assume iPod will face Zune in the market, mano a mano, like other media players. But that’s not the case. Zune will be supported and promoted and will leverage the collective power of Windows XP, Windows Vista, Soapbox (Microsoft’s new “YouTube killer”) and the Xbox 360.

Microsoft will make the movement of media between Windows, Soapbox and the Zune natural and seamless. The Zune interface is just like a miniature version of the Windows Media Center user interface and is very similar to some elements of Vista.

Apple fans are overconfident in the iPod because Apple once commanded 92% of music player market share, a number that has since fallen to around 70%. About 30 million people own iPods.

But Microsoft owns more than 90% of the worldwide operating systems market (compared with Apple’s roughly 5%), representing some 300 million people. The company expects to have 200 million Vista users within two years.

The Zune will plug directly into the Xbox via a standard Universal Serial Bus cable — a fact Microsoft will drill into the heads of Xbox users on the Xbox Live online gaming service. The Zune Marketplace will be integrated with, and promoted by, the Xbox Live Marketplace.

Apple faces the prospect of competing not with the Zune alone, but with a mighty Windows-Soapbox-Xbox-Zune industrial complex.

He has four more reasons in the article, available here.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - September 30, 2006 at 7:22 pm

Categories: Apple, Gadgets, Xbox   Tags: , , , , ,

« Previous PageNext Page »