Skip to content

iOS 4.0.2 Update, strongly recommended

support.apple.com/kb/HT4291

Apple has released iOS 4.0.2 update for iPhone and 3.2.2 for iPad.

These updates fix the gaping security hole identified by the JailBreakMe tools, which may frustrate people who want to “Jailbreak” their phones, but the security patch is crucial; the odds are very good that someone more malicious would abuse the same holes soon (if they have not already).

Recommend upgrade as soon as possible, and refrain from using mobile Safari until the upgrade is accomplished.iOS 4.0.2 Update, strongly recommended

Tagged , ,
2010 08 11 snolan Computer Security Comments (0) Permalink

2010 Election, less than 3 months away

On November 2nd every U.S. Voter will get a chance to vote for their representation in the United States Congress. Many locations will also have other offices open, including U.S. Senate seats, and often local or state offices.

Virginia State Board of Elections information for Prince William County

It is time to start researching your choices folks.

2010 08 11 snolan Politics Comments (0) Permalink

Serious iPhone/AT&T problem

Important Revision: Improper use of iPhone 4 and iPhone 3GS multitasking in iOS 4 appears to be the cause of dramatic increase in data plan usage for many people, and faster battery drain for many people. The important take away, is that so long as you have enough memory, when you switch applications on the multi-tasking iPhones, you actually leave the old application running.

If that application has location services enabled, or periodically reloads it’s data from the internet, or trickles in new advertising because it’s a free ad-supported application – you will continue consuming battery power and network usage.

If your screen is locked, your WiFi connection becomes unavailable, which means that the increased network usage is carried by the 3G network and consumes your data plan even though you are powering up next to your WiFi base station.

The temporary fix is to take the time to learn how iPhone multi-tasking works and shut down any unneeded applications that are running:

  • double tap the home button to bring up the task bar
  • press and hold any application that is running but you no longer want to be running
  • then press the minus sign on that application to actually stop it from running
  • target any streaming, location aware, and advertising supported applications first

Frankly, I am annoyed with Apple & AT&T that WiFi is shutdown when the iPhone screen locks. That needs to be fixed, but at least we can reduce consumption by closing down noisy apps and additional Safari web pages (we should block Safari anyway until the serious remote exploit security hole is fixed). I am also annoyed with Apple for not making it very clear that behavior had dramatically changed from older iPhones to newer ones. I had no idea I was still running all those applications (and am a little amazed that I had over 60 running simultaneously with no noticeable lag).

Links:
MacWorld Article on MultiTasking

Apple Sales Pitch (I wish this came with a warning about additional resources being used)

Original post and attempted solutions below the fold…
Continue reading ›

2010 08 03 snolan Computer Security
Personal Comments (7) Permalink

Just in case….

If you really want to link to this website/blog, feel free.

If you want this website to link to your own site, send me an email or comment indicating so and I’ll review the request, but I won’t respond.

I am pretty sure that 99% of the link requests I get are spammers, but just in case… I wanted to cover it.

This is my personal site and I will only link to other sites if I really feel it’s necessary or pertinent…. otherwise… too bad.

2010 08 02 snolan Personal
Web Hosting
WordPress Comments (0) Permalink

Malicious Javascripts Prevalent on Facebook

A recent trend in computer insecurity has been the growing prevalence of malicious javascripts with cross-site scripting hacks that exploit web browsers that are already logged into Facebook to do things to the user’s Facebook account they had no intention of doing.

Cross-site scripting hacks are potentially dangerous because they take advantage of your being still logged into a site (like Facebook, or your GMail account, or your bank) when you have closed or back-grounded that window and are visiting another site where the mal-ware lives… and the mal-ware knows how to manipulate the account you are still logged in on to do things you did not agree to.

Most commonly this is relatively harmless spam creation (the malicious javascript at MyLike.com checks to see if you are still logged into Facebook, and if you are it posts to Facebook as if you were doing it yourself, a bunch of “Likes” that you never really know about unless your friends comment about it), but it can also be used to pull information you did not with to share from your other accounts and even move money from your online banking account if you are still logged into it.

It is very important that you log out of sites when you are done with whatever transaction.

It is also important that you do not blindly trust all Javascripts and Flash executions that are coming in from random websites…. for this problem will be endemic as long as people allow javascript and flash execution by default on their web browsers.

HTML5 has great promise in eliminating the need for so much Javascript and Flash; but it is taking a while to catch on because web site designers are busy or simply too lazy.

For the interim, it is absolutely necessary to get a Javascript white-listing extension for your web browser; one that blocks all javascripts except those you specifically want to trust and run. It is also recommended you treat Flash content the same way and only allow Flash that you specifically trust; not as many Flash exploits have been discovered, yet… but they will show up as soon as everyone has blocked their Javascript security holes.

Sadly, there are not Javascript white-listing extensions available for all browsers, yet….

The one I know of is NoScript for Firefox, and it works much like Zone-Alarm (firewall) used to work for Windows (white listing applications that tried to get internet access, or black-listing them).

I’d love to know of other Javascript white listing extensions for other browsers.
So far, Safari has none. Firefox and all the Mozilla browsers can use NoScript. I have never tried Chrome, so I don’t know yet.

Running any white-lister requires a little patience, because using it properly means the default is to trust no one, and only allow those domains you know you both need and trust. That means that most websites will NOT work when you first install your white listing agent… and you’ll have to accept that the site is broken, or trust it’s javascripts explicitly… it requires a lot of patience at first and awareness.

It is, however, the only way to stop these crappy click-jacking cross-site script hacks.

2010 08 02 snolan Computer Security
Web Hosting Comments (0) Permalink

Pretty Sky Last Night

Sunset Sky Gallery

2010 07 31 snolan Local
Nature
Personal Comments (0) Permalink

Restart to upgrade Safari, really!?

Given all the stability problems I’ve had with Safari recently I was glad Apple announced a new, more stable version today (v5.0.1).

I ran Software Update and two installs were suggested:

  • Magic Trackpad and Multi-Touch Update 1.0
  • Safari 5.0.1

I agreed to both and Software Update downloaded them, then told me it needed to restart my computer.

Really? A system restart for a web browser update and driver updates to devices I don’t use yet?

Come on Apple, this sort of thing will make you the subject of ridicule… Sigh.

I did the restart, but am annoyed. I’ve effectively switched to Firefox anyway. Wish the update did NOT require a restart, and for the rare one that actually does, wish it warned the user before starting the update (a little flag to the right saying “restart required” would be sufficient).

At least Safari 5.0.1 is dramatically more stable than Safari 5.0 on 10.6 – huge improvement in stability. Opening a dozen sites in tabs no longer reliably crashes the browser…

Update: it turns out that the “Safari” update is really a WebKit Framework update, potentially impacting dozens of applications – that makes more sense to require a restart, though now I wonder why Apple did not label it as a WebKit Framework update and indicate in the details of the download that a restart would be required.

Tagged
2010 07 28 snolan Computers Comments (10) Permalink

iOS 4 on iPhone 3G tips

If you are running iOS 4 on older iPhone 3G hardware, this may help your phone go faster:

How to speed up your iPhone 3G running iOS4

Be sure to read the comments as well.

Update: an easier to read version of the same information is at OSX Daily

2010 07 28 snolan Personal Comments (0) Permalink

Renting Hybrid Cars

This is an interesting article about how to avoid the high surcharges car rental companies charge if you want to rent a hybrid car:

How to Get Cheaper Hybrid Rentals (Bucks column at NY Times)

It’s sad that market economics are preventing the right thing from happening in the rental market right now.

2010 07 26 snolan Cars
Travel Comments (0) Permalink

Backup Regularly

Work laptop suffered catastrophic hard drive crash last night, and like a fool I had not backed up in a few weeks. Moral of the story: back up regularly.

Usually I can recover data from a failed drive, but so far this one is not surrendering any bits I care about…

All my own machines get both Carbon Copy Cloner image backups regularly and Time Machine incremental file backups automatically… but I had done neither to my work laptop for weeks… my own fault.

Update: DiskWarrior recovered most of my data, DiskWarrior rocks!

2010 07 22 snolan Computers
Personal Comments (0) Permalink