Briefly: iPhone web exploit, German iPhone retailer; more
A new web exploit could force the iPhone to divulge private info to hackers. Also, Apple has redesigned its professional notebook power adapter, one German store claims it will carry the iPhone, and Duke no longer blames the Apple cellphone for network woes.
iPhone Safari exploit revealed
Consultants at Independent Security Evaluators warned iPhone users on Monday that critical holes in the mobile version of Safari would let a malicious web page feed code to the device that forced it to do "anything that the iPhone can do," including its phone services.
In a proof of concept demo given to the public by the security team, users tricked into visiting one of the sites through a link or a poisoned Wi-Fi point could have their call lists, contacts, past SMS texts, and voicemail relayed to an intruder. But this example is just a portion of what could be done, the security firm said: the worst cases could send encrypted passwords, text messages that subscribe to expensive services, and capture phone calls.
Apple has already been made aware of the exploit, which will be more fully explained by ISE when it presents at the BlackHat expo on August 2nd. In the interim, however, the company says that iPhone owners should be just as skeptical of spam links and unknown wireless hotspots as they would with an ordinary computer, as the iPhone shares many of the same features.
"The iPhone is an internet connected device running a relatively full featured software suite: this research shows that it is vulnerable just like many other similarly capable devices, both PCs and embedded systems," the consultants said.
German store claims iPhone sales rights
Despite no announcements from Apple, the German national retail chain Karstadt has directly claimed that it will sell the iPhone in time for the holidays, according to an impending article in the weekly paper WirtschaftsWoche.
"We will offer the iPhone," a Karstadt spokeswoman said in the report while estimating a release before Christmas. European Apple representatives chose not to comment on the claim.
Third-party Apple reseller Gravis has also said it was virtually certain to stock iPhones in the absence of any official stores.
Duke backtracks on iPhone network troubles
Closer looks at Duke University's wireless network have shown that the network structure, and not the iPhone itself, were to blame for the widespread outages in wireless LAN access on campus last week, the school's chief information officer Tracy Futhey said in an online statement.
Claims that the iPhone flooded the network with requests that knocked service offline were "inaccurate," Futhey wrote. Instead, the drops were said to be the result of an unusual mix of standards on the large, campus-wide network. Consulting Apple and network experts at Cisco is said to have solved the problem entirely.
"Cisco has provided a fix that has been applied to Duke?s network and there have been no recurrences of the problem since," the Duke officer said. An explanation of what had triggered the glitch was reportedly coming soon as of press time.
MacBook Pro adapter shrinks
Careful observers of Apple's online store noticed on Friday that the MacBook Pro's power adapter has quietly been reduced in size.
New MacBook Pro adapter on right.
Where the old adapter (MA357LL) was one of the Mac maker's largest portable adapters yet upon its release in early 2006, the new 85-watt model -- MA938LL/A -- is no bigger than the 65W unit that charges the smaller 13.3-inch system. New shipping MacBook Pros also include the revamped AC adapter.
The new power brick lists for $79 and will ship in the next three to four weeks.
iPhone Safari exploit revealed
Consultants at Independent Security Evaluators warned iPhone users on Monday that critical holes in the mobile version of Safari would let a malicious web page feed code to the device that forced it to do "anything that the iPhone can do," including its phone services.
In a proof of concept demo given to the public by the security team, users tricked into visiting one of the sites through a link or a poisoned Wi-Fi point could have their call lists, contacts, past SMS texts, and voicemail relayed to an intruder. But this example is just a portion of what could be done, the security firm said: the worst cases could send encrypted passwords, text messages that subscribe to expensive services, and capture phone calls.
Apple has already been made aware of the exploit, which will be more fully explained by ISE when it presents at the BlackHat expo on August 2nd. In the interim, however, the company says that iPhone owners should be just as skeptical of spam links and unknown wireless hotspots as they would with an ordinary computer, as the iPhone shares many of the same features.
"The iPhone is an internet connected device running a relatively full featured software suite: this research shows that it is vulnerable just like many other similarly capable devices, both PCs and embedded systems," the consultants said.
German store claims iPhone sales rights
Despite no announcements from Apple, the German national retail chain Karstadt has directly claimed that it will sell the iPhone in time for the holidays, according to an impending article in the weekly paper WirtschaftsWoche.
"We will offer the iPhone," a Karstadt spokeswoman said in the report while estimating a release before Christmas. European Apple representatives chose not to comment on the claim.
Third-party Apple reseller Gravis has also said it was virtually certain to stock iPhones in the absence of any official stores.
Duke backtracks on iPhone network troubles
Closer looks at Duke University's wireless network have shown that the network structure, and not the iPhone itself, were to blame for the widespread outages in wireless LAN access on campus last week, the school's chief information officer Tracy Futhey said in an online statement.
Claims that the iPhone flooded the network with requests that knocked service offline were "inaccurate," Futhey wrote. Instead, the drops were said to be the result of an unusual mix of standards on the large, campus-wide network. Consulting Apple and network experts at Cisco is said to have solved the problem entirely.
"Cisco has provided a fix that has been applied to Duke?s network and there have been no recurrences of the problem since," the Duke officer said. An explanation of what had triggered the glitch was reportedly coming soon as of press time.
MacBook Pro adapter shrinks
Careful observers of Apple's online store noticed on Friday that the MacBook Pro's power adapter has quietly been reduced in size.
New MacBook Pro adapter on right.
Where the old adapter (MA357LL) was one of the Mac maker's largest portable adapters yet upon its release in early 2006, the new 85-watt model -- MA938LL/A -- is no bigger than the 65W unit that charges the smaller 13.3-inch system. New shipping MacBook Pros also include the revamped AC adapter.
The new power brick lists for $79 and will ship in the next three to four weeks.
Comments
I think our fine analysts here on AI first mentioned that Duke's network was poorly set up. Congratulations, AI-ers!
I recall plenty of posters saying it must be Apple's fault. I believe a bad IP stack and incessant ARP requests were common among the anti-Apple finger pointing.
Despite no announcements from Apple, the German national retail chain Karstadt has directly claimed that it will sell the iPhone in time for the holidays, according to an impending article in the weekly paper WirtschaftsWoche.
Ouch, ouch,
If this should ever turn out to be true - the person at Apple Germany who supported that move should start cleaning up his table immediately.
Did I say - ouch!
I recall plenty of posters saying it must be Apple's fault. I believe a bad IP stack and incessant ARP requests were common among the anti-Apple finger pointing.
Some people said that it probably was a problem with both the iPhone and the network. I thought that sounded like the most plausible explanation given the descriptions of what was going on.
I heard that there are job openings for network admins at Duke now
Doubt it, one word...
Tenure!
Doubt it, one word...
Tenure!
Is the IT department considered an academic department anywhere? I would think that they would qualify for tenure as much as the janitorial staff does. I thought tenure is only for academic staff and not support staff.
Doubt it, one word...
Tenure!
Do you know what words mean?
It must be part of the great liberal conspiracy!
Ouch, ouch,
If this should ever turn out to be true - the person at Apple Germany who supported that move should start cleaning up his table immediately.
Did I say - ouch!
You're thinking of KAUFHOF; KARSTADT is a bit more upscale than you describe. Their electronics section sucks, though.
Probably AppleInsider edited that...
That would be pretty funny if that was how it appeared on the Apple web page.
The power adapter on the right bears an Apple logo that is... flipped horizontally.
Someone is confusing left and right here, but has quite a good eye. Probably AI only had a picture of the old power adapter with the pins to the left and flipped it so it would compare better to the new one.
I think our fine analysts here on AI first mentioned that Duke's network was poorly set up. Congratulations, AI-ers!
Yes we were and we didn't even see the network setup and we were able to conclude they had something screwed up in their network, and I said they might up with egg on their faces over this one.
Then again there were the few who were convinced that apple screwed up and we would be hearing about problems all over the place.
So if you interesting in an IT career do not go to Duke, becuase their solution to problems is, "Hey the network is crashing, oh an iphone walked onto campus it must be that since I designed the perfect network." "hey lets call everyone including the media and tell them how bad this Iphone must be"
They talk about "Apple Fan Boys," I think this was the case of a Microsoft, Cisco or maybe a Verizon Fan Boys.
Further proof that IT runs more on folk wisdom than it'd like to admit.
Most like deeply ingrained prejudices against the long bygone days of AppleTalk. "Apple device? must be chatty!"
Further proof that IT runs more on folk wisdom than it'd like to admit.
Anecdotes are hardly proof of a systemic problem in the profession.
Anecdotes are hardly proof of a systemic problem in the profession.
My sys admin told me AppleTalk screwed with the network and still manually sets all the Mac IP addresses in a range so he can easily monitor their activity.