On September 11th, Data-forensics expert Jonathan Zdziarski will guide law enforcement personnel "and anyone else who has a need to access the not-so-readily available data on an iPhone" through the process of bypassing the passcode lock security using a custom firmware bundle during a 45-minute webcast on O'Reilly.com. This will enable users to "recover, process, and remove sensitive data stored on the iPhone, iPhone 3G, and iPod Touch."

Read More »

If you needed another reason to keep your sysadmins happy: Out of 300 IT pros polled by security company Cyber Ark, 88% said they would steal sensitive data or futz with master login passwords if they happened to be fired. Granted, this is a study publicised by a company that offers services to protect networks against internal rogue operators, but the more data like this that comes out, the nicer our brave IT managers are likely to be treated. Or, the more ridiculous security barriers will be put in place to keep the good ones from easily doing their jobs--one or the other. So perhaps we should have our own informal comment survey--IT dudes: Would you go 21st century postal on your employers if you were let go? [Ars Technica, Image: shearforce]

Read More »

Apple has acknowledged the huge iPhone security flaw we tested and reported on two days ago, promising an update for September that will fix the hole that can expose all your private emails, text messages, and contacts. But instead of calling a spade a spade and acting as soon as possible, they have decided to minimise the problem:

Read More »

Knowing that the government can keep us safe against evil dildos and penis pumpers, I don't really give much importance to the fact that a guy got into the U.S. Homeland Security Department phone system to make more than 400 calls to his buddies in friendly countries like Afghanistan, Saudi Arabia, and Yemen. According to security consultant John Jackson, the hacking was very low-tech and old school, which probably would make Steve "Blue Box" Wozniak proud, but it was an embarrassment for the agency:

Read More »

Mexico has a pretty serious kidnapping problem--so serious that there is now a market for a US$4,000 RFID implant procedure (plus a US$2,200 annual fee) that promises to help track victims down. The system uses an implanted capsule under the skin that talks to an external GPS transmitter that you'll need to be kidnapped with in order to beam your location to the folks at Xega, who are selling the service. Anyone else see a gigantic hole in this setup?

Read More »

First it was liquid bottles. Then laptops. And now they are seizing our penis extensors, penis pumpers, and other sexual gadgets. The FDA is saying that they represent a real risk and federal border agents have now a guideline to confiscate them at US territory entry points. The list would be hilarious if it weren't so surreal and stupid:

Read More »

When the Dutch High Tech Crime unit raided the 150,000-machine strong Shadow botnet, they didn't simply bust its 19- and 16-year-old basement-dwelling operators. Oh no. Instead of simply decapitating it from the top, the police enlisted the help of Kaspersky Labs to actually take full control, driving the cold dagger of the law even deeper into Shadow's own soulless guts.

Read More »

According to German news site Nachrichten, a passenger at the Linz airport set off alarms when his suitcase full of bacon was mistaken for a bomb. The story was translated with Google, so it's high on hilarity and low on verifiable detail.

Read More »

Network access at conferences sucks, pretty much without exception. That is, unless it's built by the badge-wearing network ops volunteers of the Defcon hacker convention, who are affectionately referred to as the "Goons" (read: IT badasses). Wired's Threat Level got a chance to look behind the scenes and snap some great photos of the network gear (and chain link fences, and padlocks, and German Shepherds) that make the Defcon network the fortress that it needs to be to keep a network full of hackers from tearing each other apart.

Read More »

"Want free subway rides for life?" teased the description of the talk "Anatomy of a Subway Hack" by three MIT students at DefCon this past weekend, where they planned to explain security flaws in the payment system for Boston's T subway. Live! They were going to demo how they cracked the system's CharlieCard smartcards and the mag-stripe on its paper CharlieTickets and offer up open source tools they made while conducting their research, among other gaping holes. Apparently, however, that "constitutes a threat to public health or safety," and "affects a computer system used by a government agency for national security purposes."

Read More »