Apple signals end to OS X Snow Leopard support

Apple has apparently decided to kill support for OS X Snow Leopard, the 2009 operating system that has resisted retirement for more than a year.

On Monday, Apple did not update Safari 5.1 when it patched the later Safari 6 and 7 for newer editions of OS X, including 2011’s Lion, 2012’s Mountain Lion and this year’s Mavericks.

Safari 5.1, which was last updated in September to version 5.1.10, is the most-current Apple browser for Snow Leopard.

Historically, Apple has patched Safari longer than the supporting operating system, so when the Cupertino, Calif. company calls its quits for the browser, it’s already decided to retire the pertinent OS.

In July 2011, for example, Apple patched Safari 5.0 for the final time, updating the browser to version 5.0.6. That edition was the last that ran in OS X Leopard, which was released in October 2007.

Apple provided the final update to Leopard in June 2011.

OS X Share, as of Nov 2013
OS X Share, as of Nov 2013

Continue reading “Apple signals end to OS X Snow Leopard support”

Underwater Cable splicing circa 1939 AT&T – Bell System

Ever wondered how do they do underwater cable splicing?

Many, many layers of protection, including several of jute wrapping. The video centers on splicing a new cable to an existing one in the San Francisco Bay to bring the wonder of telephony to a man-made island created for the Golden Gate International Expo.

The narrator makes these men out to be heroes, and when you see how much lead they came into contact with, you’ll understand what he means. Each of the 1,056 individually insulated wires must be spliced by hand. After that comes a boiling out process in which petrolatum is poured over the splice to remove all moisture. Then, a lead sleeve is pulled over the connections. Molten lead is poured over the sleeve and smoothed out by hand.

At this point, the splice is tested. The sleeve is punctured and nitrogen gas is pumped in at 20psi.  Then comes the most important step: the entire sleeve is painted with soap suds.  Any gas that escapes will make telltale bubbles.

Once they are satisfied with the integrity of the sheath, they wrap the whole thing in what appears to be lead cables and pound them into submission. Surely that would be enough, don’t you think?  Nope.  They weld the cables all around and then apply two coats of tar-treated jute wrapping, which retards saltwater corrosion considerably.

iOS7 untethered jailbreak is out, with hidden chinese software

So, iOS7 untethered jailbreak for iPhone/iPad/iPod Touch users is finally out, however, there’s a twist: Cydia is untested with this version, and Saurik was kept out of the loop the whole time.

iOS 7 logo
iOS 7 logo

The reason that the Cydia store doesn’t work is starting to become clear. A Chinese company paid the evad3rs a rumored 1 million dollars for the jailbreak, forcing their own App Store onto the phone.

If the computer running the jailbreak has Chinese as the main language, then the Chinese 太极 (taiji) market app is install. Cydia is available as an option, but it is deselected by default.

When i0n1c was asked about the Chinese market store,

And,

Continue reading “iOS7 untethered jailbreak is out, with hidden chinese software”

[Tutorial] Web based SSH terminal for the Raspberry Pi

So, the other day, i wrote about Onion Terminal. Despite this is a great Terminal, it relies on Onion lib, and this has a lot of dependencies to it: libcairo-dev, libxml2, libpng++-dev, …

Then, i discovered GateOne – a full featured HTML5 based web terminal for SSH access.

Despite this tutorial is for the Raspberry Pi, this will work without much changes in any Debian based system, such as Ubuntu and others.

GateOne
GateOne in action

 

Continue reading “[Tutorial] Web based SSH terminal for the Raspberry Pi”

Microsoft Security Essentials misses 39% of malware

According to Dennis Publishing Lab’s, Microsoft Security Essentials fail to detect 39% of malware.

Dennis Technology Labs (DTL) tested nine home security products on a Windows 7 PC, including Security Essentials, which is distributed free to Windows users and built into Windows 8 in the form of Windows Defender.

Microsoft Security Essentials
Microsoft Security Essentials

While the other eight packages all achieved protection scores of 87% or higher – with five scoring 98% or 99% – Microsoft’s free antivirus software protected against only 61% of the malware samples used in the test.

Microsoft conceded last year that its security software was intended to offer only “baseline” performance, saying it wanted to “give customers a good reason to pay for their [security] products” because that would create greater diversity in the market and make life harder for malware writers.

Nevertheless, the company insisted that Security Essentials provided “strong, comprehensive defence against malicious code and attacks”.

Norton Internet Security received the strongest protection rating in DTL’s tests, detecting 99% of the malware used. Taking into account false positives against legitimate software, Kaspersky Internet Security 2014 provided the best overall level of protection.

The full results from Dennis Technology Labs can be downloaded here, along with results for small business and enterprise software.

IETF has a NSA insider

The IETF has a dedicated crypto review board, the CFRG, which approves or pokes holes in the cryptography used by other IETF standards.

The chair of the IETF CFRG is an NSA employee (Kevin Igoe, one of the authors of the SHA1 hash standard).

I just learned these things a couple weeks ago. I am not generally a believer in the theory that NSA actively subverts Internet standards. But even I think that it’s crazy for an NSA employee to chair the CFRG.

In case you’re wondering: Trevor Perrin is widely respected professional cryptographer. Most cryptographers work for university math departments. Perrin worked for years as a staffer for Paul Kocher, the godfather of side channel attacks, at Cryptography Research. He’s the designer of the new forward secrecy ratchet for OTR (Axolotl) and the TACK TLS extension, and a behind-the-scenes contributor to other IETF crypto standards. Perrin wrote the pure-Python “tlslite” TLS implementation. If you were to draw a “family tree” of crypto know-how in the software security profession, a surprisingly huge chunk of it would be rooted in Perrin (and Nate Lawson and Kocher); for instance, virtually every modern TLS break came from ideas that Perrin popularized. 64 current Matasano Crypto Challenges, probably 50 of them I can trace to Perrin and Lawson. Trevor Perrin is someone you should pay attention to.

Read about the request here

NSA bought itself an RSA SecureID backdoor

No one is safe.

As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a “back door” in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

You can read more about it at Reuters website.

Zero Day Vulnerability in OpenX Source 2.8.11 and Revive Adserver 3.0.1

The current versions of the popular ad server software OpenX Source (2.8.11) and Revive Adserver (3.0.1) are vulnerable a sql injection attack which allows attackers to gain backend access. The vulnerability is actively being exploited.

Read more about it here.