Tag Archives: News

Lately, we have seen some really bad vulnerabilities in regards to SSL (Heartbleed) and Bash (later dubbed “Shellshock”), along with some slightly “lighter” linux/open source ones.

In September of this year, Google first discovered a fallback attack for SSL v3.0, and they wrote published a paper on it: https://www.openssl.org/~bodo/ssl-poodle.pdf.
Today, it was officially confirmed that SSL version 3.0 is no longer secure, and thus, it is no longer recommended in client software (ex: web browsers, mail clients, etc…) or server software (ex: apache, postfix, etc…).
This was dubbed the “POODLE” vulnerability, and given CVE-2014-3566

A “POODLE attack” can be used against any website or browser that still supports SSLv3.
Browsers and websites need to turn off SSLv3 as soon as possible in order to avoid compromising sensitive/private information. Even though a really small percent of servers/browsers are vulnerable (mozilla estimates 0.3% of the internet), that is quite large in the total number of users.

How can I check if my browser is Vulnerable?
The guys at dshield setup this nice browser check: https://sslv3.dshield.org:444/index.html For checking your browser, use: https://www.poodletest.com

Poodletest was first mentioned to me by Curtis Wilcox.
Continue Reading →OpenSSL – SSL 3.0 Poodle Vulnerability

Apple has always been known for their innovation and technology. I recently read an article about how they don’t believe in a “for the people by the people” model, but instead follow one that’s “for the professionals by the professionals”. This has both positive and negative outcomes. Everything that apple produces is extremely clean, professional, and very well polished. However, it forces them to be selective, limited, and exclusive, which is all negative when it comes to the internet. Freedom of expression simply does not exist within Apple. You might think you are free to express yourself, but only according to how, when, and where Apple tells you to.

With this information in the back of your mind, Apple recently sued Amazon for calling its app store Appstore. It has publicly lectured competitors to “create their own original technology, not steal ours”.

Then Apple turned around and blatantly stole Greg Hughes’, Wi-Fi Sync App — but only after first rejecting it from the Apple App Store. Infact, they not only stole the idea/concept and name, but they also ripped off the icon. Greg has sold his app in the Cydia app store at $9.99 and he has reportedly sold over 50,000 copies in the last year. Can you imagine how many more copies he would have sold in the regular Apple App Store? Greg has also reported that when his app was rejected from the Apple store, a developer from Apple called him to tell him how great his app was and how the entire Apple dev team was extremely impressed with it.

I think that Apple needs to decide where they stand. If they truly believe in copyright and patents, they have to use the same stick when judging themselves. They cannot steal other’s work, and then turn around and preach how you should not steal innovation, designs, and code.

If you want to read the full article, you can find it at: http://www.theregister.co.uk/2011/06/08/apple_copies_rejected_app/

For anyone who has not been following what is going on with WikiLeaks, here is a good place to start:

http://www.guardian.co.uk/media/2010/dec/03/wikileaks-us-censorship-row

https://www.eff.org/deeplinks/2010/12/amazon-and-wikileaks-first-amendment-only-strong

WikiLeaks is a “whistle blowing” website. A quick search about it brings you to:

Wikileaks was a website that published anonymous submissions and leaks of sensitive governmental, corporate, organizational, or religious documents, while attempting to preserve the anonymity and untraceability of its contributors.

This week WikiLeaks released some sensitive US documents:

The classified diplomatic cables released by online whistleblower WikiLeaks and reported on by news organizations in the United States and Europe provided often unflattering assessments of foreign leaders, including those of Germany and Italy.

The cables also contained revelations about long-simmering nuclear trouble spots, detailing U.S., Israeli and Arab fears of Iran’s growing nuclear program; U.S. concerns about Pakistan’s atomic arsenal; and U.S. discussions about a united Korean peninsula as a long-term solution to North Korean aggression.

There are also U.S. memos encouraging U.S. diplomats at the United Nations to collect detailed data about the UN secretary-general, his team and foreign diplomats ― going beyond what is considered the normal run of information-gathering expected in diplomatic circles.

None of the revelations is particularly explosive, but their publication could prove problematic for the officials concerned.

The short version of what happened is that WikiLeaks was the target of many DDoS attacks. Eventually, the website was shut down. They decided to change their hosting provider and use Amazon’s AWS (Public Cloud Service). After a few days, Amazon shut down their website claiming that it violated their terms of service. They brought the site in another location, and then their DNS provider decided to shut them down.

The reality is that WikiLeaks is exercising their right of freedom of speech. The problem is that they have some very sensitive information, and this makes political high profile figures nervous. However, when you move past the details of what happened, you come to the realization and real concern — Public Cloud Censorship.

This is the perfect example of why companies are afraid of using Public Clouds (outsourcing your infrastructure to someone else). As you can see from this example, your entire business can be shut down in a matter of minutes, just because someone has a different opinion than yours. This brings massive concern and rightfully so. I really think that the long term solution is private clouds. Take this great technology and deploy it within your own datacenter. When you look at this from the top, it looks a lot like web hosting — you can either outsource your web hosting to a company like DreamHost and BlueHost, or you can do it yourself. There are benefits to both, but at the end, it comes down to your concern for privacy and freedom.

Along with many other people, I personally think that Amazon had the chance to do something great, and as the Guardian and EFF pointed out: “Instead, Amazon ran away with its tail between its legs.”

There have been many interesting things happening in technology lately, but I’ve been really busy lately, and I just haven’t had time to post interesting articles. That said, there was an article about ATT and the iPhone that really caught my attention. The article started with:

“As the carrier with the highest number of dropped calls, lowest customer satisfaction rating, and smallest 3G coverage area, AT&Ts lifeblood over the last few years has been its iPhone exclusivity.”

This is the first thing that caught my attention. Everyone praises how reliable ATT is. They say that the dropped calls are really minimum and that the 3G coverage is very large. Finally, they say that customers are perfectly satisfied. From my opinion, first of all, I’ve never ever had as many dropped calls on all the carriers combined, as I’ve had with ATT. Second of all, the customer service is terrible. Now that said, I had the business customer service, from which only 30% of the people are incompetent. The last thing is about the 3G — I personally do believe that they have a “relatively large” 3G coverage, but the 3G coverage is extremely poor in quality, very unreliable, and 5bars could mean a 2MB/s download or a 200KB/s download.

The next part in the article said:

“AT&T CEO Randall Stephenson spoke about the issue at an investor conference in New York, saying it’s unlikely the customer base will drop AT&T just because the iPhone goes to another carrier. He said that 2/3 of all iPhone owners were previous AT&T customers. So somehow this Stephenson guy thinks 1/3 is a small number, and if 1/3 of all iPhone owners dropped AT&T it wouldn’t be a problem. Umm, most people would disagree with that.”

Are you crazy? First of all, you think losing 1/3 of your customers is OK? This should tell you once again how much ATT cares about their customers. Second of all — I think ATT will lose a lot more than 1/3 of their customers. What Randall is assuming is that the other 2/3 will stay because they are “happy”. The main problem here is that nothing better existed at the time. This has drastically changed. The reality is that 2/3 or more of the people would’ve already left, if it wasn’t for the iPhone.

“Now, of course, no one is expecting that the moment a Verizon iPhone arrives, there will be a mass exodus of AT&T customers.”

From Verizon alone? – no. From Verizon, T-Mobile, and others — Yes. The point is, when there are alternatives, especially cheaper ones (T-Mobile), people will gladly make the switch.

And at last, my favorite part:

“By all metrics it is the worst of the four major carriers in the US. And Stephenson just doesn’t get it. Of the millions of people who now have an iPhone in the US, 33% of them were not AT&T customers before. That’s a big number.”

What’s interesting about that is that it’s 33% of one million! Yes, ATT just said it’s OK to lose 330,000 customers. The second part, and my personal favorite because I’ve been saying this for a long time — ATT is the worst carrier by all metrics!

All this said, something you should know about me: I’ve used all 4 major carriers in the US, at least twice each. I’ve also owned 3 iPhones (1 on Tmobile), 3 blackberries, 3 treos, >5 other smart phones, and a few other regular phones. I personally HATE ATT. And yes, I own an iPad too.

If you want to read the article, you can find it at:

http://www.tgdaily.com/mobility-brief/51659-att-not-worried-about-loss-of-iphone-exclusivity