A new security flaw was found in iPhones that have password protection turned on.  This is not a problem if you do not have password enabled, after all, it is already wide open.

This is the flaw:  When asked for a password, click on the emergency call button then double tap the home button.  If you have your home button setup to go to your favorites you will see a list of your favorites.

From the favorites screen you can click on the blue arrow and see all of the personal information for that favorite contact.

And there is more…  If you click on the email address for the contact you can compose and email, click on cancel and you are back at your email account selection screen and you can then read all of the emails in all accounts.

If in the favorite contact details screen you click on send text message then you can click cancel and you then have access to all of the text messages in your phone.

If you have the home button set to bring up the iPod application, you can click on emergency dial then double click the home button and have full access to your iPod.  No real security issue there that I can see.

The temporary quick fix for this Security Flaw is to go to settings -> General -> Home button and set it to Home.  With this setting there is no more security flaw.

So the question is, was this a “feature”.  I can see where some people would like access to the favorites in an emergency situation.  However, there should be no access allowed to the personal information and definitely no access to the actual email application.

Lets say you are out with your kids and you fall and break your leg and you need the kids to call for help.  But that password on the phone is so they cannot use the phone.  They can at least call home, spouse, etc. without the password.

It appears that the next release of the iPhone will solve this problem.  For now it can solved by changing the options.  But, more than likely you do not have the password turned on anyways so it does not matter.

There has been large concern about the security of the iPhone, should you be worried?  I don’t think so.  This is the first major security flaw so far since the release of iPhone 2.0.  If you compare that to the large number of security flaws that are found in windows mobile, they are not doing too bad.

Sorry Windows Mobile, I really like you too……

Tweet This Post

Have you heard about the web / Internet attacks from China? No joke, and they really have not been talked about much. But China has created a virus like program that infects machines. It is estimated that 80% of the computers in China have been infected. What does this virus like program do? Well it forms a large BOT network.

Ok, so lets first explain what a BOT network is. A BOT network is a network of infected computers that are being controlled by one central person or organization. So lets say for example that you get infected with a BOT. You more than likely would never even know it. They hide on your machine and use your machine to carry out work assigned by the controller.

You ask, what kind of work? Well, normally not good things otherwise they would not hide themselves right?  Some BOT perform web attacks, some send out junk email and other do other nasty things too.

For example, this BOT network in China has been attacking computers in India. Imagine what hundreds of thousands and even millions of computers could do if they were all sending attacks at one time?

These BOT networks also listen and capture passwords and other personal information.

What is to stop them from attacking other people?  Nothing, in fact they do attack others and try to spread themselves around.  So it is only a matter of time until some BOT network starts to attack at least some part of the United States.

What would happen if the Internet really went “DOWN”.  Besides some very anxious people that could not surf the web, order something online, Instant Message, etc.  There are many businesses that rely heavily on the Internet to operate.

It would probably cause pandemonium in the streets if the internet truly went down. If you are reading this log then you are probably some type of tech person or are now saying to yourself, what is this and ready to find the next page in your surfing experience.  What would happen if you have no internet?  Are you a VOIP user (Vonage, etc).  Your phone would not work.

So, the next question is what can be done?  Well, at this point it seems the biggest BOT networks are located in China.  Do we just block all traffic from China?  That does not really seem fair, but then again it is not fair that they can just attack us willy nilly either.

I am not going to give you any answers, just thoughts to think about.

The best thing you can do to protect yourself is have an up to date virus scanning program and a decent personal firewall (Not the windows built in one) installed.  If you get a BOT installed somehow, a personal firewall will make sure the application is allowed to communicate out before letting it out.

But you say, I have a router, I am safe, right?  Well, a router setup with NAT like just about every home router is keeps you safe from the internet getting into you (there are a few exceptions, but we will not get into those here).  But you can still be surfing the internet and get infected when you visit a web page, you could open an email and get infected.  There are many ways to get infected when you go somewhere or do something, it does not have to come from the outside in, you unknowingly invite them in.

But, with all of this….  This can be some scary stuff.

Tweet This Post