Tuesday, April 30, 2013

The Mailbox security failure that wasn?t

The Mailbox security fail that wasn?t

A few days ago it was reported that the popular Mailbox app was falling short on protecting user data. Developer Subhransu Behera published a post on his blog outlining what he considered to be security failures on the part of Mailbox.

Using iExplorer, Subhransu was able to extract the SQLite database out of Mailbox and view its contents, which consisted of all of the contact information and emails from the app. The conclusion to the article was the belief that Mailbox needs to be doing more to secure this user data, specifically by employing methods in the iOS SDK which would prevent being able to access this data with tools like iExplorer. After being posted on Hacker News, a number of people reported trouble reproducing Subhransu?s results.

This isn?t the first time we?ve seen confusion about this sort of thing. Not too long ago there was a lot of fuss about an iOS lock screen bypass bug that exposed the device?s filesystem. It turned out that claim wasn?t at all accurate. The cause of confusion over that lock screen bypass may be the same source of the confusion here.

When you plug your iPhone, iPad or iPod touch into your computer for the first time, the device will exchange keys with the computer that allow the two devices to talk to each other. If you have a passcode on your device the first time you plug it into your computer, iTunes will give you an alert message saying you need to enter your passcode on the device first. This is because the device?s contents are encrypted and iTunes (or any other app for that matter) has no way to read the contents of the device. Once you enter your passcode, your device and computer can exchange keys as mentioned above and only then are they able to start communicating. These keys mean that even if the device is locked in the future, if you plug it into that same computer, iTunes (along with other apps) can still communicate with the device.

This can cause some confusion when somebody plugs a locked device into a computer it has previously been plugged in to. The misconception is that because a locked device is plugged into a computer and the contents of the device are readable, that the contents of that device would be readable on any computer that the device is plugged in to; but this is not reality. If you were to lose your phone on the street, then somebody else picked it up, took it home, plugged it into their computer and fired up iExplorer, they would just see a screen telling them to plug in a device. iExplorer has no way to talk to that device until the device has been unlocked, plugged into the computer, and the keys have been exchanged. You can reproduce this behavior on a computer that the device has already been plugged into by going to the '/private/var/db/lockdown' directory on the computer ('%AllUsersProfile%\Apple\Lockdown\' in Windows) and deleting the plist file in that directory that has your device?s UDID in the filename.

This of course raises the question of what about a device that doesn?t have a passcode? While it?s true that somebody could copy the SQLite database off in that scenario, it?s also true that the person could just launch the Mailbox app and view the same information in the app itself. Mailbox could provide a little extra protection by encrypting the locally stored database. This would provide an extra level of protection for users so that in the event that an attacker momentarily had access to an unlocked device, they could not just copy the database off, allowing them to take their time looking through it later. However, it?s debatable if not having such a protection qualifies as a security fail. And it?s certainly questionable if it warrants deleting the app off of you device as Subhransu did. Especially in a case where you?ve trusted a 3rd party service with accessing your email accounts and storing your email on their servers in the first place.

Not to mention that Gmail?s own iPhone app stores cached email in pretty much the same way.

    


Source: http://feedproxy.google.com/~r/TheIphoneBlog/~3/K87uKoutOT8/story01.htm

NOVELLUS SYSTEMS NOVELL NETWORK APPLIANCE NETGEAR

Contest Winners: Mail Pilot for iPhone and iPad!

Mail Pilot

If there's one thing iMore loves even more than iPhones and iPads (and iPods!), it's giving cool iPhone and iPad accessories and apps to our awesome readers. This week we have codes for Mail Pilot! The winners are:

  • ckillam3
  • Donald Croce
  • LazyMe
  • Mat Banke
  • sanibel
  • traveling2

Congratulations everyone! Winners will be contacted via email in the next few days. Looking for another chance to win? We always have a contest underway for something cool, so keep your eyes on the blogs for those announcements.

    


Source: http://feedproxy.google.com/~r/TheIphoneBlog/~3/fVB9vdZ3w28/story01.htm

LIBERTY GLOBAL LM ERICSSON LOGITECH INTERNATIONAL MEMC ELECTRONIC MATERIALS

Microsoft's Switch to Windows Phone app for Android attempts to prove you're not missing out

STUB Microsoft's Switch to Windows Phone app for Android attempts to prove your not missing out

Ever since its launch, Windows Phone has faced criticism for lacking a broad app selection compared with its main mobile OS competitors. Microsoft is out to convince users otherwise, and in a rather cheeky move, has launched the Switch to Windows Phone app for Android. Available now on the Google Play store, the app takes note of all the software currently on your Android handset and sends those details to SkyDrive. Add that SkyDrive account on a WP8 device, and you'll be offered official WP8 apps which correspond to the ones found on your Android phone, or apps that match up best if official versions aren't available. Microsoft has also taken this opportunity to launch a new ad campaign (embedded after the break) pumping itself up as a sensible alternative to the Android / iOS battles, timed perfectly to arrive with this app. Assuming you have the requisite devices handy, hit the source links to install the software and let us know how good it is at finding a match.

Filed under: , , ,

Comments

Via: AVForums, WinBeta

Source: Google Play, Windows Phone Store

Source: http://feeds.engadget.com/~r/weblogsinc/engadget/~3/BuYdjckoWJo/

MOTOROLA MOODY’S MISCROSOFT OFFICE MICROSOFT

OneNote update for Windows 8 and RT relives our childhood with finger drawing

OneNote update for Windows 8 and RT relives our childhood with finger drawing

Although Microsoft's OneNote is virtually tailor-made for pen input, we doubt most Windows fans would splurge on the likes of a Surface Pro just for the sake of a quick doodle or two. With the latest update to OneNote for Windows 8 and RT, they won't have to. The app refresh lets touchscreen PC users draw with their fingers using the same color and thickness options as their stylus-toting counterparts. The new input method won't be as precise as a pen, but it should do the job for simple diagrams or dusting off those kindergarten-era fingerpainting skills. Whether or not you're on a nostalgia kick, you can swing by the Windows Store today for the upgrade.

Filed under: , ,

Comments

Via: OneNote Blog

Source: Windows Store

Source: http://www.engadget.com/2013/04/30/onenote-update-for-windows-8-adds-finger-drawing/?utm_medium=feed&utm_source=Feed_Classic&utm_campaign=Engadget

DIEBOLD DELL CYPRESS SEMICONDUCTOR ACCENTURE

Redact offers �10,000 if you crack its messaging app, bets UK government you can't

Redact offers 10,000 if you crack its messaging app, bets UK government you can't

Software developers looking to kickstart (or simply brag about) their security have a common trick up their sleeve: give away prizes to successful crackers. Redact is trying just such a strategy with its Secure Messenger app for iOS. It's offering £10,000 ($15,482) to anyone who can visit London and successfully intercept an encrypted message delivered through the company's peer-based, PIN-to-PIN communication system. Entrants have until June 1st to prove that they're worthy of making an attempt. Redact has more reason to hope we lose beyond its pride and a big fat check, however -- it wants approval for handling the UK government's secure data, and it wouldn't hurt to have proof that the app design is airtight. If you're convinced that it's all just bluster, you can challenge the company yourself at the source link.

Filed under: ,

Comments

Via: The Guardian

Source: Redact

Source: http://feeds.engadget.com/~r/weblogsinc/engadget/~3/Nxn8WWMZHWw/

IMS HEALTH IMATION . IKON OFFICE SOLUTIONS IDT

Judge Throws Out Craigslist's Copyright Lawsuit, But It Can Still Sue 3Taps Over Data Use

craigslist-logoA California federal judge has ruled that Craigslist can't sue real estate listings platforms 3Taps, PadMapper, and Discover Home Network for copyright infringement. But the judgement isn't a complete victory for the developers of 3Taps because Craigslist is still allowed to sue the startup for gaining unauthorized access to data on its Web site. Critics of Craiglist's actions have said that they stifle innovation and competition.

Source: http://feedproxy.google.com/~r/Techcrunch/~3/OcxI7pEaGWE/

UNISYS TRIQUINT SEMICONDUCTOR TRIMBLE NAVIGATION LIMITED TRIDENT MICROSYSTEMS

Rovio's Angry Birds Friends slingshots onto iOS on May 2

It's tough to imagine a mobile life without Angry Birds in it anymore. Does that mean we're done with them, though? Rovio clearly doesn't think so, and has announced that the latest in the series of Angry Birds games will be coming to iOS on May 2.

Angry Birds Friends is the mobile version of the Facebook version of Angry Birds. As you might imagine, being a Facebook game, there's a sizeable social element to proceedings. And, it's been as successful as anything else Rovio has turned their hands to. So, if you're ready for some more, keep your eyes on the App Store on May 2.

Source: Rovio (Twitter)

    


Source: http://feedproxy.google.com/~r/TheIphoneBlog/~3/7hPlXu9PAhk/story01.htm

PRICELINE.COM QIMONDA QUALCOMM QUANTA COMPUTER

The Daily Roundup for 04.30.2013

DNP The Daily RoundUp

You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.

Comments

Source: http://feeds.engadget.com/~r/weblogsinc/engadget/~3/-DIn9evFxSk/

HEWLETT PACKARD CO HEARTLAND PAYMENT SYSTEMS GOOGLE GOOGLE

Windows 8 welcome screen revealed, looks very Metro

windows 8 welcome screen
It's not really a secret the Microsoft had planned on bringing bits of Windows Phone 7's Metro UI to Windows 8, but we haven't seen a lot of really telling evidence. However, with the Windows 8 milestone 3 build now available to Microsoft Connect partners, it was really just a matter of time before we started to get a peek.

Thanks to Rafael Rivera and Paul Thurrott, we've now had a glimpse at what the Windows 8 welcome screen will look like. As you can see, the typography is very Metro indeed. Within Windows also mentions that the background image is customizable, and we're wondering if it might not pull from your current Windows 8 theme. This particular shot shows the CTRL + ALT + DELETE login option, but we imagine you'll still be able to log in by clicking your account picture tile as well.

Rivera and Thurrott also mention that the tablet version of the welcome screen will allow you to log in by swiping a pattern on the screen -- as you can on current Android devices.

Windows 8 welcome screen revealed, looks very Metro originally appeared on Download Squad on Fri, 01 Apr 2011 16:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Source: http://downloadsquad.switched.com/2011/04/01/windows-8-welcome-screen-revealed-looks-very-metro/

OPENWAVE SYSTEMS ON SEMICONDUCTOR NVIDIA NUANCE COMMUNICATIONS

Wayback Machine | Top 10 Punishments for Geeks

Wayback Machine | Top 10 Punishments for Geeks
Evil overlords have a tough time when it comes to punishing geeks. Here, then, are ten strategies for doing just that, for all those evil overlords -- or those who'd like to become one -- who could use a little ...

Source: http://www.wired.com/geekdad/2013/03/top-10-punishments-for-geeks/

IMS HEALTH IMATION . IKON OFFICE SOLUTIONS IDT

How eBay CEO John Donahoe Keeps Founders From Leaving After Acquisitions

TechCrunch Disrupt NY 2013 - Day 2At TechCrunch Disrupt 2013 NY, eBay’s CEO John Donahoe talked to Bloomberg’s chief content editor Norm Pearlstine about how the company screens its acquisitions and how he keeps founders from leaving after the acquisition. Since becoming eBay’s CEO, Donahoe said, the company has made about 20 acquisitions. Currently, fifteen of the founders that joined eBay and PayPal after their companies were acquired are still at eBay and most of them are in executive positions. After the company acquired Zong in 2011, for example, Zong’s founder David Marcus became PayPal’s vice president for mobile. After essentially getting tested in that position, he became the President of PayPal last year. Similarly, when eBay acquired Hunch (also in 2011), its team of co-founders, including Chris Dixon, Tom Pinckney and Matt Gattis joined the company (with Dixon leaving after about a year). Today, this team is in charge of eBay’s homepage. Donahoe believes that in order to keep founders from leaving, eBay needs to give them the opportunity to grow inside the company. Because of this, he is also most interested in acquiring companies where the management team believes that they can execute their vision inside eBay. “We are always looking for companies that have a strong vision,” Donahoe said. “And then we allow them to innovate at a higher level.” The kind of founders he likes, he said, are “founders come to us and say we founded our company to do x and would like to take it to the next level.” In his view, this strategy has been a key ingredient to eBay’s and PayPal’s success. Acquisitions, in his view, drive innovation inside a large company like eBay and bringing in founders as executives – and giving them monetary incentives to stay as well, of course – is a key part of this strategy. As for the details of these incentives, Donahoe noted that “most of the founders make money in the acquisition In some cases the acquisition price is tied to staying for a two-three year period. But yes – we provide incentives to stay. We provide good compensation, but at the end of the day, we need to create a culture where they can realize their visions.” He does, for example, regularly meet with founders to discuss the state of the company. These discussions have, for example, lead to the redesign of the eBay’s homepage. It’s that kind of impact,

Source: http://feedproxy.google.com/~r/Techcrunch/~3/1z-OedfswSw/

MOTOROLA MOODY’S MISCROSOFT OFFICE MICROSOFT