iPhone 5 Recall

Apple has setup a replacement program for issues customers are having with their sleep/wake button only working sometimes, or not at all.

Apple told The Loop:

Apple today launched a program to replace the sleep/wake button on a small percentage of iPhone 5 models where the button may stop working or work intermittently. Apple will offer the service free of charge to iPhone 5 customers with models that exhibit this issue and have a qualifying serial number.

The company has created a special support website for the recall where customers can enter their iPhone serial number and see if their phone is one of the “small percentage” of iPhone 5 models that are affected.

From the Apple Support site:

Apple has determined that the sleep/wake button mechanism on a small percentage of iPhone 5 models may stop working or work intermittently.  iPhone 5 models manufactured through March 2013 may be affected by this issue. Continue reading iPhone 5 Recall

Advertisements

New iOS malware highlights threat to Apple mobile devices

A newly-discovered malware dubbed  Unflod Baby Panda is stealing Apple ID credentials from jailbroken iPhones and iPads, warn security researchers.

Unflod hooks into the SSLWrite function of an infected device’s security framework, according to a blog post by German security firm SektionEins.

The malware is designed to listen for outgoing connections. Once it recognises an Apple ID and password, it sends these unencrypted IDs and passwords to the cyber criminals behind the malware.

The Unflod malware also highlights the risks of installing unknown apps on jailbroken iPhones.

Reports of the malware targeting Apple iOS emerged in posts on reddit by iOS users hit by repeated system crashes after installing iOS customisations that were not part of the official Cydia market.

A developer for the Cydia market, an alternative to the Apple App Store, has responded to news by in a reddit comment, saying that the probability of Unflod coming from a default Cydia repository is fairly low.

However, he added: “I don’t recommend people go adding random URLs to Cydia and downloading random software from untrusted people any more than I recommend opening the .exe files you receive by email on your desktop computer”. Continue reading New iOS malware highlights threat to Apple mobile devices

Tests prove Heartbleed bug exposes OpenVPN private keys

The Heartbleed bug exposes the private encryption keys of virtual private network (VPN) servers running the OpenVPN application with a vulnerable version of OpenSSL, a Swedish VPN service warns. Last week, developers who maintain the open-source OpenVPN software warned of the vulnerability, which has now been confirmed by VPN service provider Mulvad.

“We have successfully extracted private key material multiple times from an OpenVPN server by exploiting the Heartbleed bug,”

–  Mulvad co-founder Fredrik Strömberg in a Hacker News blog post.

The test server was running Ubuntu 12.04 that was virtualised using the KVM application, OpenVPN 2.2.1, and OpenSSL 1.0.1-4ubuntu5.11.

“The material we found was sufficient for us to recreate the private key and impersonate the server,” wrote Strömberg, warning that users of OpenVPN should assume others have created exploits for “nefarious purposes”.

Mulvad’s confirmation means that organisations using an OpenVPN server or servers that rely on OpenSSL should take immediate steps to remove the vulnerability.

According to the community wiki, OpenVPN is affected if it is linked against OpenSSL versions 1.0.1 to 1.0.1f and anyone running those versions of OpenSSL should:

  1. Update the OpenSSL library
  2. Revoke the old private keys
  3. Generate new private keys
  4. Create certificates for the new private keys

Google ramps up Android security, scans all apps now

Google is quick to replace the 2013 “Verify Apps” security feature with mandatory app scan for all apps. The flaw in Verify Apps is that it provides the user the ability to scan third-party apps using Google’s security engine after it has been installed on to the local device. Instead, Google is taking a more proactive approach with its Verify Apps security feature. It will now host a dual-layer security system. First, the Verify Apps will scan apps locally on Android devices to look for malicious activities such as SMS abuse. There will also be a server side scan on Google Play store to scan all apps in the Play Store.

Complete Story

List of Direct IPs in the Event of a DNS Takedown

IPs to Websites

Here is a list of IPs to use in the event of a DNS takedown. We will be adding more as time rolls by. If you have others to share, please leave a comment.

WEBSITE IP ADDRESS
1channel.com 208.87.33.151
amazon.com 72.21.211.176
aljazeera.com 198.78.201.252
bbc.co.uk 212.58.241.131
bing.com 65.55.175.254
blogtv.com 84.22.170.149
btjunkie.com 93.158.65.211
cracked.com 98.124.248.77
demonoid.com 62.149.24.66
demonoid.me 62.149.24.67
digg.com 64.191.203.30
dreamwidth.org 69.174.244.50
dropbox.com 199.47.217.179
facebook.com 69.171.224.11
fileshare.com 208.87.33.151
frys.com 209.31.22.39
gamespot.com 216.239.113.172
gamespy.com 69.10.25.46
github.com 207.97.227.239
google.com 74.125.157.99
gorillavid.com 178.17.165.74
hotfile.com 199.7.177.218
hotmail.com 65.55.72.135
hush.com 65.39.178.43
ign.com 69.10.25.46
imgur.com 173.231.140.219
justin.tv 199.9.249.21
livejournal.com 209.200.154.225
mediafire.com 205.196.120.13
megaupload.com 174.140.154.20
megavideo.com 174.140.154.32
mininova.com 80.94.76.5
multiupload.com 95.211.149.7
newegg.com 216.52.208.187
novamov.com 91.220.176.248
own3d.tv 208.94.146.80
pastebin.com 69.65.13.216
putlocker.com 89.238.130.247
reddit.com 72.247.244.88
sidereel.com 144.198.29.112
stickam.com 67.201.54.151
theonion.com 97.107.137.164
thepiratebay.org 194.71.107.15
twitter.com 199.59.149.230
tumblr.com 174.121.194.34
tvlinks.com 208.223.219.206
uploaded.to 95.211.143.200
uploading.com 195.191.207.40
videoweed.com 91.220.176.248
warez.ag 178.162.238.136
warez-bb.org 31.7.57.13
what.cd 67.21.232.223
wikipedia.org 208.80.152.201
youtube.com 74.125.65.91
yahoo.com 98.137.149.56

Tips

  • Here’s a tip for the do-it-yourself crowd: Go to your computer’s Start menu, and either go to “run” or just search for “cmd.” Open it up, and type in “ping [website address],”
  • Once you have the IP for a website, all you really need to do is enter it like you would a normal URL and hit enter/press go. Typing in “208.85.240.231” should bring you to the front page of AO3, for example, just as typing “174.121.194.34/dashboard” should bring you straight to your Tumblr dashboard. Since we’re obviously bracing for the worst case scenario which would involve you not being able to access the internet regularly, you should, save this list.

Customizing Firefox

What are Extensions?

Extensions or plug-ins add extra functionality to Firefox. Simply put, they are extra apps that give Firefox some extra bells and whistles to make it yours. You can get add-ons that do just about anything like check the weather, listen to music, update your social accounts.

There are three types of extensions:

Extensions

Extensions add new features to Firefox or modify existing ones. There are extensions that allow you to block advertisements, download videos from websites, integrate Firefox with websites like Facebook or Twitter, and even add features from other browsers.

Appearance

There are two types of appearance add-ons:

  1. complete themes, which changes the look of buttons & menus,
  2. background themes, which decorate the menu bar and tab strip with a background image.

Plug-ins

Plug-ins let you add support for all kinds of Internet content. These usually include patented formats like Flash, QuickTime, and Silverlight that are used for video, audio, on-line games, presentations, and more. Plug-ins are created and distributed by other companies. Continue reading Customizing Firefox

ZorinOS – For those migrating from WindowsXP

While discussing the Edn-of-Life of WindowsXP and how best to move forward, I was made aware of ZorinOS. I have downloaded it and am currently testing it out. I will post up a report on it once I have enough time into it.

Here is a screenshot to tease you…


ZorinOS