Thursday, September 11, 2008

Over at Wired's Gadget Labs blog, Brian Chen writes about information discovered during a webcast presentation on Thursday covering the recently discussed iPhone security weaknesses having to do with bypassing the password-protected lock screen.

Jonathan Zdziarski, a data forensics expert and author of the forthcoming book "iPhone Forensics," did the presentation for law enforcement personnel and anyone else who might have a need to access an iPhone to discover information. During the presentation, in which he outlines a method for breaking into the phone with modified firmware and some hairy manipulation, he also showed how the iPhone takes a screenshot of every application the iPhone's user closes by pressing the "home" button. The saved image is used to "draw" the collapsing screen animation you see when your application closes and you're returned to the home screen. The image file is then deleted from the iPhone's storage.

But, nothing is ever really completely "deleted." And in this case, apparently when the temporary image file is killed from storage, the data "on-disk" is not overwritten or otherwise cleaned, so anyone with some basic forensics knowledge can search the iPhone storage space for the old files and recover them easily. You can do the same thing on pretty much any computer.

Depending on your point of view, this is either a potential privacy issue or a great forensics feature. Having worked as both a police officer and as a business security professional responsible for privacy and data integrity issues, I can understand both arguments. Certainly as a cop, being able to dig into someone's iPhone (with a proper warrant of course) to find evidence of crimes where the phone was used in some manner is of real value, and screen shots are potentially pretty useful evidence. But as a person who also values privacy as a matter of basic principle, it's a little disconcerting, especially since I didn't realize until today screen shots are being made.

The webcast recording is not yet available as of the time of this writing, but it should be posted to http://www.youtube.com/OreillyMedia in the next few days. If you're interested in learning something about electronic data forensics, it will be worth the time to check it out. Here's the O'Reilly abstract from the session:

In this free, live webcast, iPhone hacker and data forensics expert Jonathan Zdziarski guides you through the steps used by law enforcement agencies to bypass the iPhone 3G's passcode lock by creating a custom firmware bundle. Author of the upcoming book, iPhone Forensics, Jonathan has devoted much of his talent supporting law enforcement personnel with his development of a forensics toolkit that allows them to recover, process, and remove sensitive data stored on the iPhone, iPhone 3G, and iPod Touch. This live presentation is aimed towards law enforcement and anyone else who has a need to access the not-so-readily available data on an iPhone.



Add/Read: Comments [4]
IT Security | Tech
Thursday, September 11, 2008 8:58:55 PM (Pacific Standard Time, UTC-08:00)
#  
Seinfeld and Gates are back at it again, somehow advertising Microsoft Windows. It's starting to make at least a little sense. Kind of.

If nothing else, it's getting funnier. I know most people said they didn't like the first commercial much. I liked it, though. This second one pretty long. Enjoy:


(via Brier Dudley at the Seattle Times)

Add/Read: Comments [2]
Humor | Random Stuff
Thursday, September 11, 2008 7:06:10 PM (Pacific Standard Time, UTC-08:00)
#  

Each year on September 11th, an organization I am proud to be a part of called Cops On Top undertakes memorial expeditions to the highest points of the 50 United States. The purpose of the expeditions is to remember those law enforcement officers and public safety personnel who have lost their lives protecting ours.

Today teams from many states are again on the way to their respective summits. Those teams that are able will be calling in to the Cops on Top web site publishing systems with audio updates, which are published on the home page there. While not all locations will be covered due to conditions, many states' teams are underway. Once the teams have returned the site will be updated with photos of the events.

My friend Keith McPheeters, with whom I used to work as a police officer many years ago, wrote a thoughtful and poignant post recently about his experiences on September 11 Cops on Top expeditions. It sums up a lot.

We will never forget our colleagues, family members and friends who have been taken from us and from among us.



Add/Read: Comments [1]
Helping Others
Thursday, September 11, 2008 6:11:19 AM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, September 04, 2008

The first commercial in Microsoft's new ad campaign with Jerry Seinfeld and Bill Gates is out. I thought it was pretty funny and smart. Subtle, very subtle.

This made me laugh out loud: Gates' "Shoe Circus Clown Club Platinum Card" picture is actually his mug shot from an arrest for traffic violations in New Mexico, way back in 1977. Classic, and funny.


Here's the new commercial. I like the idea of starting out really vague and (we have to assume) building from there. Very Seinfeld-ish.




Add/Read: Comments [0]
Humor | Random Stuff
Thursday, September 04, 2008 9:39:51 PM (Pacific Standard Time, UTC-08:00)
#  
 Wednesday, September 03, 2008
As is the case with more and more technology in the modern age, it's when you start to combine the power of two or more technologies that you realize the full potential of each. Such is the case with Microsoft's Unified Communications products. Sure, Exchange and Office Communication Server are both great on their own, but when you use them together (and potentially integrate with your VoIP phone system), you realize the greater value of your investments.

Jeff Goodwin works at The VIA Group, where he specializes in Microsoft Exchange and Microsoft Unified Communications in his position as Senior Technologist and Microsoft Practice Lead. He's executed a large number of UC projects for businesses, so we were fortunate to have the opportunity to speak with Jeff recently on RunAs Radio. He does a fine job of explaining what unified communications is all about.
Jeff Goodwin Rings Us Into Unified Communications
RunAs Radio Show #73 - 9/3/2008 (35 minutes)


Richard and I talked to Jeff Goodwin about Microsoft Unified Communications in this week's RunAs Radio show. Jeff lays out the relationship between Exchange, Office Communicator and Unified Messaging Server to combine email, telephone and instant messaging. Check out Jeff's TechNet articles at http://www.shrinkster.com/11mj and http://www.shrinkster.com/11mk.

RunAs Radio is a weekly Internet-audio talk show for IT Professionals presented in a high-quality podcast format. Since April 2007 RunAs Radio has brought experts in the field of IT to its 10,000+ listeners, to inform and entertain. Professionally produced interviews are about 30 minutes in length and pack a substantial amount of information for maximum benefit. For more information about RunAs Radio, visit http://www.runasradio.com. RunAs Radio is available on iTunes and the Zune Marketplace, as well as directly from the RunAs Radio web site.



Add/Read: Comments [0]
RunAs Radio | Tech
Wednesday, September 03, 2008 4:32:36 PM (Pacific Standard Time, UTC-08:00)
#  
 Tuesday, September 02, 2008
Chrome has been available for about 12 hours. What's your point of view and experience with Google's new browser?

A bit of a simplistic poll, I know - But covers the bases as far as hot-to-cold opinions. Choose the one that's closest to yours, and feel free to comment as always.


Add/Read: Comments [10]
Tech
Tuesday, September 02, 2008 8:57:05 PM (Pacific Standard Time, UTC-08:00)
#