mobile-review

Hackers have struck back against an iPhone software update from Apple that disabled unlocked phones. The iPhone Development Project has developed a method to install third-party apps and use upgraded iPhones on GSM networks other than AT&Ts, The Unofficial Apple Weblog reports.

The latest hack allows users who’ve already applied the 1.1.1 firmware upgrade to revert to the previous 1.0.2 update, “jailbreak” the device, and update to the 1.1.1 software while leaving the mobile phone functions still operational.

iPhone Atlas has successfully applied the hack, which it warns is not for novice users since it requires familiarity with the iPhone’s command line interface.

Help is also on hand for those left with expensive paperweights after upgrading to firmware version 1.1.1 on unlocked devices. A commercially available unlocking tool offers a chance to unlock the iPhone and restore it to working order.

The iPhoneSIMFree utility makes use of a TIFF image buffer overflow flaw in Safari to run code on the device, a bug Apple is sure to address in future software upgrades.
iBrick

Apple upgraded the firmware for iPhone to version 1.1.1, a process that disabled unlocked phones and blocked third-party applications. The update followed a warning of the perils of applying unauthorised unlocking programs from Apple days earlier.

the consumer electronics giant faces a class-action lawsuit over this update. Hackers have now worked out ways to undo the technical changes made by this update, something Apple probably expected to happen sooner rather than later.

So the ball is once again back in Apple’s court. It will almost undoubtedly release additional firmware upgrades that lock down the device - mobile phone operators who’ve agreed to hand over sizable percentages of their revenues from iPhone users in exchange for exclusive rights in particular countries will expect nothing less.

However, the smart money is on a softer line on third-party applications. Informed sources reckon Apple will soon start selling authorised applications from its closest development partners, who’ll be offered access to software development kits.

South Africa authorities are investigating how nine soldiers were killed and 15 injured during a training exercise when an anti-aircraft gun went haywire.

An artillery officer who reportedly risked her life was unable to curtail the fatal firing spree involving a 35mm Oerlikon cannon at the army’s Lohatla training base in Northern Cape province last Friday (10 October). The weapon discharged a burst of shells lasting one-eighth of a second before it ran out of ammo and fell silent.

The reason why the gun malfunctioned has become the focus of a South African army inquiry, and a separate police investigation.

Earlier theories suggest either a software glitch or small explosion might have caused the gun to malfunction, causing it to begin “wildly swinging” as it sprayed 15-20 high-explosive 0.5kg 35mm cannon shells. The incident followed running repairs on the gun, a part of normal procedures when the weapon jams.

In normal use the gun is designed to automatically target aircraft, helicopters, and cruise missiles and fire when they come into range. The weapon is capable of operating, and even reloading, without human intervention. Defence Minister Mosiuoa Lekota told the National Assembly on Tuesday that all the guns were set on “manual” at the time of the exercise.

The weapons were sighted on a target some 2km away and clamped into position “so that the barrel should not move from side to side,” he explained.

Miscreants have unleashed a new strain of a sophisticated Trojan that targets eBay users by feeding them spoofed web pages containing fraudulent information about high-ticket purchases, we have learned. It has already contributed to an $8,600 loss by one eBay member.

The Trojan installs a webserver on an infected machine that masquerades as eBay and several third-party destinations frequently used to sniff out fraudulent offerings, including Carfax.com, Autocheck.com and Escrow.com.

When a victim browses to one of these sites, the webserver creates a parallel universe of sorts, in which the victim sees counterfeit pages designed to counter fraud protection mechanisms offered by eBay and third-party sites.

“To think that somehow they got software on their system that managed to spoof all the validation sites - that’s a shit-scary story,” said Roger Thompson, a researcher at Exploit Prevention Labs who specializes in web-based attacks. “It’s very clever.”

The malware was found on the machine of one eBay Motors user who recently lost $8,650 after trying to buy a 2005 Jeep Liberty advertised for 10 days on the site. Customer representatives have refused to cover the theft because, they said, the transaction was made outside of eBay.

Shortly after making the offer, the victim received a notification in the My Messages section of her eBay account telling her she had won the auction. eBay has long cautioned users not to rely on notifications unless they appear in this official section.

The malware installed on the victim’s machine caused her browser to display a counterfeit version of just such a message. Had she used a non-infected computer to access her account, no such message would have appeared.

“There’s no reason to suspect it’s fraud until its too late,” said the Ohio-based user, who agreed to tell her story on the condition her identity was not revealed.

Reader Poll voip telephony solutions have been in the market for quite a while and our research indicates continued and growing activity in this area. However, the issue of service and call quality is still frequently mentioned in the press, with references to small businesses in particular ripping out their VoIP solutions and going back to analogue telephony. Sounds a bit drastic, so we thought we would check this out further.

With this in mind, we would like some feedback, good or bad, from our readers who have used or are using VoIP. So, if you have some experience of this stuff, we’d be grateful if you could spend a couple of minutes telling us if you voip and what you use it for below

Fasthosts, “the UK’s number 1 web host”, has fired off emergency emails telling customers to change all their passwords after police were called in to investigate a major data breach.

The Gloucester-based firm released a statement. It said: “As the breach could relate to Fasthosts customer data… Fasthosts has subsequently reviewed and updated its security and worked with external security experts to ensure that all data held by Fasthosts is secure.

“As a precautionary measure, Fasthosts has asked its customers to update their passwords. This includes their control panel, email, FTP, and database passwords, all of which can be changed via the customer control panel. Fasthosts has now implemented customer password encryption to further protect customer data.”

We’ve asked Fasthosts why the passwords were not encrypted in the first place. It said: “Historically, Internet companies have rarely encrypted passwords to aid customer service.”

Fasthosts said that the attack affected one server at its headquarters, and added that a system-wide audit had identified and closed the hole where the intruder gained access.

It apologised for any “concern or inconvenience” caused by the intrusion. The statement said: “Fasthosts considers that its practices and procedures are up to date, and represent good practice in continually protecting the security of its customer data, and the company remains fully confident in its ability to do so.”

The security flap comes directly after Fasthosts angered its email customers by permanently deleting mail and not immediately telling them.

update:

We asked Fasthosts for more detail about the chain of events. It says it can’t reveal more details of the timings because of the ongoing police inquiry, but sent us a further statement:

Detection systems revealed that an unauthorized third party gained access to some of our internal systems via network connections. This security breach was only possible because of a security vulnerability which was forced illegally.

As we are currently working with the police and other relevant industry bodies to apprehend the intruder, we regret that we are unable to comment on any details that might prejudice the ongoing investigation.

Fasthosts has been working with the police and other relevant authorities since we became aware of the intrusion.

New tests have confirmed that Comcast is throttling file-sharing traffic.

Citing tests run on machines across the US, The Associated Press reported today that the big-name internet service provider “actively interferes” with attempts to swap files over P2P networks like BitTorrent, eDonkey, and Gnutella.

But claims of Comcast P2P throttling go all the way back to the late spring, when a independent tester named Robb Topolski told readers on DSLReports that the ISP was using a networking management tool called Sandvine to prevent BitTorrent users from “seeding” files - i.e. making them available to other users.

This afternoon, Comcast told us the much same thing it told us in August. “Comcast does not block access to any Websites or online applications, including peer-to-peer services like BitTorrent,” reads the company’s canned statement.

But no one is accusing the ISP of “blocking” access to web sites or applications. At issue is whether it’s interfering with traffic. Later in the statement, Comcast does cop to “managing” traffic, but it says this is simply part of an effort to provide it’s users with a really good time.

“Our customers use the Internet for downloading and uploading files, watching movies and videos, streaming music, sharing digital photos, accessing numerous peer-to-peer sites and thousands of applications online,” the statement continues. “We have a responsibility to provide all of our customers with a good Internet experience and we use the latest technologies to manage our network so that they can continue to enjoy these applications.

hi  we are currently working on this blog and making a few changes to the sites layout

we will start posting content later today so stick around and watch the site take shape