SDS

This is Deja Vu of an attack from years ago where RAM was accessed from the firewire buss.  This study published back in Sept 2011 (that i am late to discover) revisits this attack on Lion.  Security researchers from frameloss published the specifics on an attack and how to avoid it.  Learn how your password could be extracted from your computer’s memory via your firewire port.  Even when you thought it was locked!  Even with FileVault!

Mostly you must turn off fast user switching, and activate a feature that dumps the password for added security.   read all about it here. . .

http://www.frameloss.org/2011/09/18/firewire-attacks-against-mac-os-lion-filevault-2-encryption/#more-540

The long wait is finally over.  Due to the diligent efforts of EVERYBODY in the scene,  (@pod2g, @planetbeing, @saurik, @pimskeks, @p0sixninja, @MuscleNerd, and @xvolks) we can finally jailbreak our A5 devices.  iPhone 4s and iPad 2 are now jailbroken and untethered with the latest and most complex jailbreak to date.  Works with iOS 5 or iOS 5.0.1.  Representing hundreds if not thousands of man hours (it even takes forever to run).  Enjoy!  i included a donate link at the bottom if you wish to buy them a beer.

Download Absinthe from Chronic:
http://greenpois0n.com

or Dev-Team Tools here:  (currently CLI only)
http://blog.iphone-dev.org/

Donate to the combined effort. (despite paypal)

Lessons learned activating an unlocked iphone with iOS 5.0.1 and a neat activation workaround.  I have been working with the new iOS hacktivation in preparation of upgrading unlocked phones to 5.0.1.  i finally cracked it.  (not entirely happy with my method, but it works)  Tips for anyone madly googling answers . . .

Short answer is SAM, (don’t hacktivate) but if you want to create a bundle using PwnageTool, you will want to add these repos:

http://files6.thebigboss.org/repofiles/cydia/dists/stable/main/binary-iphoneos-arm/Packages

http://apt.modmyi.com/dists/stable/main/binary-iphoneos-arm/Packages

Lastly, you will want a list of packages required to make it all work (only necessary for building it into custom bundles).  If you are using Cydia to install it, you won’t need this, skip down to the trick about temporarily activating.

Packages:
ACUtil
Core Utilites
Erica Utilities
Mobile Substrate
PreferenceLoader
SAM
SAMPrefs
Stockify
Substrate Safe Mode
UIKit Tools
libhide
libpar2
libsigc++
ultrasn0w (not really required unless you are unlocking)

Dangerous Activation Workaround
If you are caught locked out of your phone and unable to run anything, here is a trick that can get you out for a sec.  (not a long term solution at all).  First off, warning, if you aren’t quick your phone will actually call emergency services (911).  that being said, here goes. . .

First slide the slider to enter the setup wizard.  At any time, you can press the Home button and select Emergency Call.  Upon the dialpad dial 112 Send.  As soon as you press send, hold the sleep (top) button until the power slider appears.  Touch cancel, then tap the green bar to return to the call in progress and end it as soon as possible.  At this time, it should exit the wizard and return you to the home screen.  Quickly install SAM with cydia, because as soon as you power down, or even sleep the phone, you will be locked out all over again.

He passed his double exploit untether to both the chronic Dev team and the iPhone Dev team and today we receive the bounty. this untether relies on the linera1n exploited published by Geohot and therefore is only available on devices previously tethered. In other words no iPad 2 or iPhone 4s yet.

how my supposed to blog while driving if Siri isn’t reliable. honestly, the most frustrating part is that the purple bullets that represent the processing of a voice command request just disappear and there’s nothing! no sorry I couldn’t make that work for you, no sorry I’m having trouble connecting to the network right now. nothing. I feel that Siri was far too popular and utilized for the piddly servers that Apple has devoted to the project. in my opinion Apple needs to do two things to resolve this problem. First, they need you reintroduce the voice commands that were available without the network like they have in the iPhone 4 and 3GS. Second, they need to provide more capacity to the Siri network. this way if they got the Siri equivalent of the fail whale, they’d at least be able to handle some of the audio processing that previous phones have been capable of.

The battery problems fixed in apple’s latest iOS update (5.0.1) are a very strong temptation. However, I fear it may delay my inevitable jailbreak. I also imagine that this example of a delta update might even aid the dev team and others working to free our phones of tyranny. Ideally I would like to see a jailbreak able to download and patch the update before installing. Thus maintaining the jailbreak through the update. am I dreaming?

I am already disappointed with apple’s latest change to it’s web service.   Apple has never known what it was doing with it’s web services, but people were actually paying for it.  Now they switched to a free service that does only half of what many were already relying on.

When i originally signed up for my @mac.com email address it was upon installing a brand new Mac OS 9 on my Performa 6400.  Then free service was branded with the tagline “Free eMail for Life!”  Just two years later, apple rebranded it dotmac (.Mac), a pay service with all newly designed web hosting and design services so that anyone could create a polished site in minutes.  I was cynical of this new pay service, there were cheaper hosting services and seemly nothing more valuable then the continued use of my email.  i vowed never to use it.  That only lasted about a year or so before apple gifted it to me for free with my APP certificate.  If memory serves, i just got one free year and another half price, but by then i was hooked.  i was hooked on iSync/iDisk.  it kept all my devices and computers in sync.  it allowed me to work on my desktop, laptop, or work machine with all the latest and most current data and documents. it was amazing.  I used it, loved it, and sold the hell out of it.  I setup so many different installs configurations.  From the Granny with a bridge club to a Travel Photographer with his portfolio.  it was a great system.  (this was years before drop box).

iTools -> .mac -> MobileMe -> iCloud

A few years ago with introduction of the iPhone, Apple rebranded the service MobileMe!  This time forcing users to migrate their websites and design tools away from the older web based system to the newer iweb.  Forcing the people who needed template sites and automated publishing tools to manually move their websites to the new system and to abandon any hope of future updates.  Basically saying “Adopt or Cancel.”  They were discontinuing the very publishing tools that they had sold these customers on only a few years ago.  Outages, lost or duplicated data was a Sword of Damocles looming over any user for over a month.  The migration was so bad that apple ended up giving everyone who remained a few months of free service.

Now it comes full circle and returns to being a free service with iOS 5 or Lion.  No more syncing keychains, mail settings, smart folders.  No more iDisk, so no more Document syncing in ANY application.  Its’s as if Apple wants to do away with any user control over the location if their files.  Some of us like to be able to browse their files if they want to.  It’s great if the application knows where the file is stored.  It can be updated to utilize iCloud, but what if i want to save whatever the hell i want in there.  What if (heaven forbid) the internet is down!??  Can i copy it to a thumb drive?  At least contact and calendar sync reamins uninterrupted.  Location services and tracking have been expanded to include computers.  iMessages to allow rapid decimation of location data (some privacy issues remain).  With any luck, many of these concerns may very will be solved in future updates or by the developers that make this platform so great.

Well, at least we can all quit ponying up $99 to apple each year.  We’ll have to wait and see where we go from here.  See how it evolves.  Photo Stream is pretty cool.  gets my pictures from my iPhone to my iPad , and all my computers without any syncing, though i am still unsure if i need all my vacation picts on my office machine.  I am generally disappointed with iWork for iPad (but of course mine is still the original iPad).  All my custom templates must be updated to look good.  Many of my apps are still waiting for iCloud integration before i can take advantage of the new document syncing.  Wish they could integrate keychain syncing.  What are they if not documents?  Lucky for me i have already migrated much of my file sync services away from Apple to cheaper storage with Dreamhost, Dropbox, Box.net, etc.  For many of my friends, colleagues, and customers this task lies ahead.  Apple certainly didn’t make it easy.

When I got my new iPhone, Siri didn’t work at first but now it does. I think that some limit was reached with the number of people trying to use this awesome new feature at the same time. Apple servers must been overloaded. all in all I’m quite impressed with the new phone, however I do miss all my hacks and tweaks. it is my hope that a new jailbreak comes out soon. I hope the dev team is just waiting for everyone to get their devices so they can publish jailbreaks there are you sitting on. this phone has the same boot ROM as the iPad 2.

Despite numerous problems and unrelenting deadlines @comex has come through yet again with another fantastic jailbreak! When an unfinished beta of the latest iPad2 jailbreak was leaked, we all new that the window for this exploit was rapidly closing. Apple simply cannot allow userland exploits to exist (for obvious reasons). I am delighted that all the iPhone-dev guys got their act together and released. What are you waiting for JailbreakMe.com.

A bit of ransom-ware by the name of Mac Defender is exploiting a default setting in safari that will automatically launch any installer package that you download. It still requires the user to go through the steps of installing the software including entering their administrator password. Apparently this hasn’t prevented hundreds of users from installing the bogus software. It seems to do nothing but pop up ads and messages to lure the user to pay $79.99 to remove the infection. Easy, free removal instructions are available here. But let this be a lesson. Don’t type your password if you don’t know why it is asking for it. Don’t install things you didn’t know you downloaded.