Something Can't Find by Google

You better make sure you are not found.

>>>> Something You Can't Find Using Google:

Google Profiles, the public pages that include information about Google users, continue to add new questions. Some of the recent additions: "where I grew up", "where I live now", "places I've lived", "current company", "companies I've worked for", "current school", "schools I've attended", "my superpower".

There's even a metaphorical field "something I can't find using Google". What would you write if you were to answer that question in your Google profile?

See this for yourself now how many profiles are indexed by Google.

Full Access to Locked iPhone

Recently, there is a security flaw disclosed to allow full access to a locked iPhone (running firmware version 2.0.2). To exploit a locked (vulnerable) iPhone:

• Enter the emergency call menu (of a locked iPhone).
• Double tap the HOME button (to open the Favorites menu).

This will allow anyone in the favorite list to be called. From there, an attacker can access to SMS messages and potentially your email or Safari browser.

The workaround for this flaw while waiting for the next firmware update:

• Simply enter the Settings menu on your iPhone
• Then enter General > Home Button
• Select “Home” or “iPod”.

Now when you double tap your home button, it will navigate to either your home screen. While this fix might be annoying for some, as of right now it seems like the only way to secure your locked iPhone.

BlackHat and Defcon Media Archives are Online

Both Black Hat USA 2008 and Defcon 16 slide presentations and White Papers are online now.

• https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html
• https://www.defcon.org/html/links/defcon-media-archives.html

Security in MSIE8

An upcoming security feature from Microsoft Internet Explorer 8 (IE8). This new IE8 feature intends to make reflected / “Type-1” Cross-Site Scripting (XSS) vulnerabilities much more difficult to exploit.

• IE8 XSS Filter
• IE8 XSS Filter design philosophy
• IE8 XSS Filter Architecture / Implementation
  

RedHat Linux Compromised

Red Hat Inc. announced that their main distribution servers were compromised. Patches were released to fix apparently modified OpenSSH packages.

This is an incredibly interesting vector of attack. Both releases of Red Hat Enterprise Linux v4, v5 and Fedora were modified with hackers essentially including their own key to the front door (ssh) into the operating system. If you have installed RHEL or Fedora from ftp or http sources recently you will certainly need to: "yum update".

• https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
• https://rhn.redhat.com/errata/RHSA-2008-0855.html
• http://www.redhat.com/security/data/openssh-blacklist.html