Random Thoughts from Joel's World

Apple Store Photos

2008-10-26T20:42:00.003-05:00

I moved my Gallery of Apple Store Photos to MobileMe. I travel to an Apple Store if I am in the city with one. Check out the gallery over there on the right, or click right here.

Thanks.

Subscribe in a reader

ISC Podcast Episode Eleven Posted

2008-10-23T21:19:00.000-05:00

Hey everyone, sorry it has taken so long to get around to recording another podcast episode. Travel schedules have been very crazy between us lately. Anyway, enough excuses, here is episode eleven. Thanks for all the emails asking me where it is! :) It helps to remind me....

All the podcasts
Just this podcast
Podcast through iTunes

Subscribe in a reader

CRCError

2008-10-23T21:11:00.002-05:00

Recorded CRCError podcast last night, I've edited some of it, but I thought I would post something about the website on here. Well.. it's down. So wtf right?

Well something about the hosting company where the server is hosted is retarded or something, I don't know the whole drama or the issue, but we're working to get the server back up, and then punch the hosting provider in the face.

Subscribe in a reader

Mark Wahlberg Talks to Animals

2008-10-21T15:41:00.004-05:00

This has been cracking me up for like the past 3 days. I love it.

Of course it has a sequel as well:

Subscribe in a reader

Google Calendar Syncing, MobileMe, and iCal

2008-10-14T17:11:00.003-05:00

Recently I've had to start keeping my Calendar on Google Calendar. (For a really good reason, and, it's not the free version of Google Calendar either.) However, I didn't know how I was going to get my iCal to publish to Google Calendar, AND sync with MobileMe at the same time.

Well I started trying to connect iCal to Google Calendar via CalDAV, which I wrote about in an earlier post. However, Google's implementation of CalDAV is still kinda broke. You can't really schedule people's time, you can't see their availability, you can't call people up from the address book, and you can't have To-Do's on the calendar that you are syncing, so that breaks a bunch of stuff for me.

So I was going to try and just keep my calendar on iCal, and have it publish to Google Calendar, well, that wasn't going to work either for a couple reasons. I actually can't remember all the reasons right now, but it had to be something really big for me to abandon it right away.

So I started looking into Apps that would sync my calendars for me. So I came up with BusySync.

So I took the following steps, since my calendar was maintained in iCal, YMMV, but good luck:

1. I exported my iCal calendar and put it on my desktop.

2. Logged into Google Calendar and imported my iCal calendar into Google Calendar (took a few seconds, I have a rather large calendar).

3. Deleted my local calendar in iCal.

4. Fired up BusySync and told BusySync to Sync my Google Calendar to local iCal.

5. Viola.

Since BusySync syncs a calendar to a "local" calendar (as opposed to a "subscribed" calendar) everything works fine, in fact, MobileMe will sync your calendar right down to your iPhone.

Problem Solved.

Subscribe in a reader

Okay, so Tim Cook has a mic on.

2008-10-14T16:56:00.005-05:00

UPDATE2: I stand corrected. It's a mic. Sorry Mr. Cook!

UPDATE: Leon in the comments points out that I may be a tard, and this is actually his wireless mic. I think Leon has something here.. There is an antenna sticking out the top, but from the brief look you can get at it in the show video, I can't tell if it's a flexible antenna or a hard antenna. But the more I look at it, the more I think it is a Mic. Mr. Cook, sorry about that. Like I said, I'm not complaining even if it _was_ a blackberry.

I'm just not used to seeing a mic on anyone in an Apple presentation. Steve's is built into his shirt (look for the vertical line in the center of his chest in his shirt), and everyone else tucks it underneath their clothes.

http://www.shure.com/ProAudio/Products/WirelessMicrophones/us_pro_U1_content

Sorry Mr. Cook, just noticed it. No complaint here, not bitching, just noticed it :)

Subscribe in a reader

1001

2008-10-13T19:49:00.002-05:00

Some insight.

So, here I am at 1,001 posts. What do I have to say? Absolutely nothing more than what I said at 900. Do what you do, say what you say, and people will be interested.

Between my 900 and my 1000 posts, I've picked up about 200% more readers (rss subscribers) and average about 500% more hits a day.

Recently I've picked up a bunch more readers through subscriptions, it's basically like a heartbeat diagram that keeps going up. When my name is mentioned somewhere, or I do a post on the ISC or something, I get a huge influx of readers, then it dies off a little bit, but a few stick around to see what nonsense I have to ramble about. It hasn't been much lately as I've been pretty busy with work and what not.

I'll try and get more active in the future. I promise. I've just got alot going on right now, I'm lucky if I can get through my email.

Speaking of which, I need to do another "processing" email post, as I've changed alot about that.

Subscribe in a reader

Apple Security Update 2008-007

2008-10-10T08:35:00.002-05:00

I wish my 1000th post on the blog was way more insightful than this, but it's not going to be. I'll have to write something that really reflects a 1000th post. But it will be 1001.

Introducing Apple Security Update 2008-007. Just released last night:

Security Update 2008-007

Apache

CVE-ID: CVE-2007-6420, CVE-2008-1678, CVE-2008-2364

Available for: Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Multiple vulnerabilities in Apache 2.2.8

Description: Apache is updated to version 2.2.9 to address several vulnerabilities, the most serious of which may lead to cross site request forgery. Apache version 2 is not bundled with Mac OS X Client systems prior to version 10.5. Apache version 2 is bundled with Mac OS X Server v10.4.x systems, but is not active by default. Further information is available via the Apache web site at http://httpd.apache.org/

Certificates

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Root certificates have been updated

Description: Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application.

ClamAV

CVE-ID: CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914

Available for: Mac OS X Server v10.4.11, Mac OS X Server v10.5.5

Impact: Multiple vulnerabilities in ClamAV 0.93.3

Description: Multiple vulnerabilities exist in ClamAV 0.93.3, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating to ClamAV 0.94. ClamAV is not bundled on Mac OS X Client systems. Further information is available via the ClamAV website at http://www.clamav.net/

ColorSync

CVE-ID: CVE-2008-3642

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow exists in the handling of images with an embedded ICC profile. Opening a maliciously crafted image with an embedded ICC profile may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of ICC profiles in images. Credit: Apple.

CUPS

CVE-ID: CVE-2008-3641

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: A remote attacker may be able to cause arbitrary code execution with the privileges of the 'lp' user

Description: A range checking issue exists in the Hewlett-Packard Graphics Language (HPGL) filter, which may cause arbitrary memory to be overwritten with controlled data. If Printer Sharing is enabled, a remote attacker may be able to cause arbitrary code execution with the privileges of the 'lp' user. If Printer Sharing is not enabled, a local user may be able to obtain elevated privileges. This update addresses the issue by performing additional bounds checking. Credit to regenrecht working with TippingPoint's Zero Day Initiative for reporting this issue.

Finder

CVE-ID: CVE-2008-3643

Available for: Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: A file on the Desktop may lead to a denial of service

Description: An error recovery issue exists in Finder. A maliciously crafted file on the Desktop which causes Finder to unexpectedly terminate when generating its icon will cause Finder to continually terminate and restart. Until the file is removed, the user account is not accessible via Finder's user interface. This update addresses the issue by generating icons in a separate process. This issue does not affect systems prior to Mac OS X v10.5. Credit to Sergio 'shadown' Alvarez of n.runs AG for reporting this issue.

launchd

Available for: Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Applications may fail to enter a sandbox when requested

Description: This update addresses an issue introduced in Mac OS X v10.5.5. An implementation issue in launchd may cause an application's request to enter a sandbox to fail. This issue does not affect programs that use the documented sandbox_init API. This update addresses the issue by providing an updated version of launchd. This issue does not affect systems prior to Mac OS X v10.5.5.

libxslt

CVE-ID: CVE-2008-1767

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Processing an XML document may lead to an unexpected application termination or arbitrary code execution

Description: A heap buffer overflow issue exists in the libxslt library. Viewing a maliciously crafted HTML page may lead to an unexpected application termination or arbitrary code execution. Further information on the patch applied is available via http://xmlsoft.org/XSLT/ Credit to Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans of Google Security Team for reporting this issue.

MySQL Server

CVE-ID: CVE-2007-2691, CVE-2007-5969, CVE-2008-0226, CVE-2008-0227, CVE-2008-2079

Available for: Mac OS X Server v10.5.5

Impact: Multiple vulnerabilities in MySQL 5.0.45

Description: MySQL is updated to version 5.0.67 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. These issues only affect Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-67.html

Networking

CVE-ID: CVE-2008-3645

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: A local user may obtain system privileges

Description: A heap buffer overflow exists in the local IPC component of configd's EAPOLController plugin, which may allow a local user to obtain system privileges. This update addresses the issue through improved bounds checking. Credit: Apple.

CVE-ID: CVE-2007-4850, CVE-2008-0674, CVE-2008-2371

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X Server v10.5.5

Impact: Multiple vulnerabilities in PHP 4.4.8

Description: PHP is updated to version 4.4.9 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/ These issues only affect systems running Mac OS X v10.4.x, Mac OS X Server v10.4.x, or Mac OS X Server v10.5.x.

Postfix

CVE-ID: CVE-2008-3646

Available for: Mac OS X v10.5.5

Impact: A remote attacker may be able to send mail directly to local users

Description: An issue exists in the Postfix configuration files. For a period of one minute after a local command-line tool sends mail, postfix is accessible from the network. During this time, a remote entity who could connect to the SMTP port may send mail to local users and otherwise use the SMTP protocol. This issue does not cause the system to be an open mail relay. This issue is addressed by modifying the Postfix configuration to prevent SMTP connections from remote machines. This issue does not affect systems prior to Mac OS X v10.5 and does not affect Mac OS X Server. Credit to Pelle Johansson for reporting this issue.

PSNormalizer

CVE-ID: CVE-2008-3647

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Viewing a maliciously crafted PostScript file may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow exists in PSNormalizer's handling of the bounding box comment in PostScript files. Viewing a maliciously crafted PostScript file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PostScript files. Credit: Apple.

QuickLook

CVE-ID: CVE-2008-4211

Available for: Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Downloading or viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution

Description: A signedness issue exists in QuickLook's handling of columns in Microsoft Excel files may result in an out-of-bounds memory access. Downloading or viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Microsoft Excel files. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.

rlogin

CVE-ID: CVE-2008-4212

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Systems that have been manually configured to use rlogin and host.equiv may unexpectedly permit root login

Description: The manpage for the configuration file hosts.equiv indicates that entries do not apply to root. However, an implementation issue in rlogind causes these entries to also apply to root. This update addresses the issue by properly disallowing rlogin from the root user if the remote system is in hosts.equiv. The rlogin service is not enabled by default in Mac OS X, and must be manually configured in order to be enabled. Credit to Ralf Meyer for reporting this issue.

Script Editor

CVE-ID: CVE-2008-4214

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: A local user may gain the privileges of another user that is using Script Editor

Description: An insecure file operation issue exists in the Script Editor application when opening application scripting dictionaries. A local user can cause the scripting dictionary to be written to an arbitrary path accessible by the user that is running the application. This update addresses the issue by creating the temporary file in a secure location. Credit: Apple.

Single Sign-On

Available for: Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: The sso_util command now accepts passwords from a file

Description: The sso_util command now accepts passwords from a file named in the SSO_PASSWD_PATH environment variable. This enables automated scripts to use sso_util more securely.

Tomcat

CVE-ID: CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2007-5333, CVE-2007-5342, CVE-2007-5461

Available for: Mac OS X Server v10.5.5

Impact: Multiple vulnerabilities in Tomcat 6.0.14

Description: Tomcat on Mac OS X v10.5 systems is updated to version 6.0.18 to address several vulnerabilities, the most serious of which may lead to a cross site scripting attack. These issues only affect Mac OS X Server systems. Further information is available via the Tomcat site at http://tomcat.apache.org/

CVE-ID: CVE-2008-2712, CVE-2008-4101, CVE-2008-2712, CVE-2008-3432, CVE-2008-3294

Available for: Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Multiple vulnerabilities in vim 7.0

Description: Multiple vulnerabilities exist in vim 7.0, the most serious of which may lead to arbitrary code execution when working with maliciously crafted files. This update addresses the issues by updating to vim 7.2.0.22. Further information is available via the vim website at http://www.vim.org/

Weblog

CVE-ID: CVE-2008-4215

Available for: Mac OS X Server v10.4.11

Impact: Access control on weblog postings may not be enforced

Description: An unchecked error condition exists in the weblog server. Adding a user with multiple short names to the access control list for a weblog posting may cause the Weblog server to not enforce the access control. This issue is addressed by improving the way access control lists are saved. This issue only affects systems running Mac OS X Server v10.4. Credit: Apple.

Subscribe in a reader

ROFL

2008-10-05T15:49:00.003-05:00

Saw this today, had to post it. Man that's awesome.

BTW -- Star Wars.

Subscribe in a reader

An actual meeting held via iChat

2008-10-02T14:31:00.003-05:00

Earlier this week, me and three of my coworkers held a 4-way iChat Video Conference as a meeting. It worked great.

Of course, as bandwidth decreases, the video codec is dynamically reduced, however, the 4 of us had a face to face video/audio chat for over an hour about some code testing. It worked great. I've been using iChat to do one-on-one meetings with one person for a couple years now, however, never had the opportunity to have a call with 4 people. (Never had the bandwidth to sustain it before), and now that I have FiOS... awesome.

Subscribe in a reader

Physical Fitness #2

2008-09-29T21:04:00.002-05:00

Oh yeah, I ran again. Except this time I got to mile 1, didn't hurt. So I decided to keep going.

Got to mile 2, still didn't feel it. Got to Mile 3, still not tired, but I decided not to kill my legs, just in case, and cut it short at 3.25 miles. Felt pretty good, wasn't sore or anything, so good stuff. I'll just keep ramping it up just a little bit every time until I get back up to my comfortable distance.

Subscribe in a reader

A tale of Physical Fitness

2008-09-21T07:33:00.003-05:00

Quick background -- I used to be in the Army. I joined the Army in 1997, and got out in 2003. In the Army we used to have this thing called a PFT, or Physical Fitness Test.

One of the events in the PFT was a 2 mile run. I was always pretty good at this event, as I am not a huge guy. My best time in the 2 mile run was 10 minutes 26 seconds. A pretty respectable time. But, that was about 8 years ago. I was pretty good at running and ran several 10k's, 5k's and even a marathon. (Honolulu Marathon 2000)

I recently had a friend of mine, who is NOTORIOUS for making outrageous claims, say he could beat me at a marathon. Well, seeing as how this dude weighs about 100 more lbs than me, and is almost a foot taller than me, I KNOW I can beat him. 100 bucks says I can.

So I went out yesterday, got me a new pair of running sneakers (which I haven't had in about 5 years -- not even a new pair, but a pair period) and a Nike+ module for my shoe. (You know, one of those things that goes in your shoe and connects to your iPod Nano and tracks your progress)

I have to say, that's a pretty cool little thing. Now, please keep in mind that I haven't ran AT ALL in about 5 years. Not even to the mailbox. So this morning I woke up, and ran my first two miles.

I'm happy to report that I am still alive. I am also happy to report that I can still pass the 2 mile run on the Army PT test. But I have a long way to go to build up to 26 miles again. (Seeing as how, before the Marathon I ran in 2000, I as 8 years younger and trained by running 10 miles every morning).

Subscribe in a reader

Quicktime/iTunes DoS

2008-09-19T11:57:00.003-05:00

I've received several emails from readers and reporters asking me if I am going to post anything about this QT/iTunes DoS vulnerability, and my opinion..etc.

I think it's a much ado about nothing. Okay, so QT or iTunes stops working. Uh. So? Really. So what. The programs stops. That's it. It's a media app.

Call me when this vulnerability is remotely exploitable. THEN i'll be interested.

Subscribe in a reader

OSX Update 10.5.5 and Security Update 2008-006

2008-09-15T16:50:00.002-05:00

Just hitting the streets, as we speak, Apple released OSX update 10.5.5. Built into 10.5.5 is Security Update 2008-006, marking the 6th major security update of the year. So aside from the ton of updates in 10.5.5 for OSX Leopard, check out the below updates included with it.

Keep in mind that Security Update is not just for 10.5 (OSX Leopard), being that it is also available for 10.4, Desktop and Server releases.

This update releases updates to the following items:

ATS -- Apple Type Services -- CVE-2008-2305

BIND --

10.5 -- Updated to 9.4.2-P2

10.4.11 -- Updated to 9.3.5-P2

ClamAV -- Antivirus included with OSX Server

Updated to version 0.93.3.

CVE-2008-1100, CVE-2008-1387, CVE-2008-0314, CVE-2008-1833, CVE-2008-1835, CVE-2008-1836, CVE-2008-1837, CVE-2008-2713, CVE-2008-3215

Directory Services x2 -- (Something I found interesting -- Vulnerability reported by the "IT Department of the West Seneca Central School District". Not your usual reporter. Very nice) -- CVE-2008-2329

Finder x2 -- CVE-2008-2331, CVE-2008-3613

ImageIO x4 -- CVE-2008-2327, CVE-2008-2332, CVE-2008-3608, CVE-2008-1382

Kernel -- CVE-2008-3609

libresolv -- CVE-2008-1447

Login Windows x2 -- CVE-2008-3610, CVE-2008-3611

mDNSResolver -- CVE-2008-1447

OpenSSH -- CVE-2008-1483, CVE-2008-1657

QuickDraw Manager -- CVE-2008-3614

Ruby -- CVE-2008-2376

SearchKit -- CVE-2008-3616

System Configuration -- CVE-2008-2312 (For 10.4.11)

System Preferences x2 -- CVE-2008-3617, CVE-2008-3618

Time Machine -- CVE-2008-3619

VideoConference -- CVE-2008-3621

Wiki Server -- CVE-2008-3622

So, all in all, quite a few updates here in this one.

Subscribe in a reader

iPhone 2.1 actually lists its updates?!

2008-09-12T08:45:00.002-05:00

Very uncharacteristic for Apple, but the update screen for 2.1 actually lists its updates.

Wow.

Decrease in call set-up failures and call drops
Significantly improved battery life for most useres
Dramatically reduced time to backup to iTunes
Improved email reliability, notably fetching email from POP and exchange accounts.
Faster installation of 3rd party applications.
Fixed bugs causing hangs and crashed if you have lots of 3rd party applications
Improved performance in text messaging
Faster loading and searching of contacts
Improved accuracy of the 3G signal strength display
Repeat alert up to two additional time for incoming text messages
Option to wipe data after ten failed passcode attempts
Genius playlist creation.

Thanks for letting us know all these things Apple, please keep up the straightforwardness in updates!

Subscribe in a reader

iPhone 2.1 is out, and here it is

2008-09-12T08:44:00.000-05:00

iPhone v2.1

Application Sandbox

CVE-ID: CVE-2008-3631

Available for: iPhone v2.0 through v2.0.2

Impact: An application may be able to read another application's files

Description: The Application Sandbox does not properly enforce access restrictions between third-party applications. This may allow a third-party application to read files in another third-party application's sandbox, and lead to the disclosure of sensitive information. This update addresses the issue by enforcing the proper access restrictions between application sandboxes. Credit to Nicolas Seriot of Sen:te and Bryce Cogswell for reporting this issue. This issue does not affect iPhone versions prior to v2.0.

CoreGraphics

CVE-ID: CVE-2008-1806, CVE-2008-1807, CVE-2008-1808

Available for: iPhone v1.0 through v2.0.2

Impact: Multiple vulnerabilities in FreeType v2.3.5

Description: Multiple vulnerabilities exist in FreeType v2.3.5, the most serious of which may lead to arbitrary code execution when accessing maliciously crafted font data. This update addresses the issue by incorporating the security fixes from version 2.3.6 of FreeType. Further information is available via the FreeType site at http://www.freetype.org/

mDNSResponder

CVE-ID: CVE-2008-1447

Available for: iPhone v1.0 through v2.0.2

Impact: mDNSResponder is susceptible to DNS cache poisoning and may return forged information

Description: mDNSResponder provides translation between host names and IP addresses for applications that use its unicast DNS resolution API. A weakness in the DNS protocol may allow a remote attacker to perform DNS cache poisoning attacks. As a result, applications that rely on mDNSResponder for DNS may receive forged information. This update addresses the issue by implementing source port and transaction ID randomization to improve resilience against cache poisoning attacks. Credit to Dan Kaminsky of IOActive for reporting this issue.

Networking

CVE-ID: CVE-2008-3612

Available for: iPhone v2.0 through v2.0.2

Impact: Predictable TCP initial sequence numbers generation may lead to TCP spoofing or session hijacking

Description: TCP initial sequence numbers are sequentially generated. Predictable initial sequence numbers may allow a remote attacker to create a spoofed TCP connection or insert data into an existing TCP connection. This update addresses the issue by generating random TCP initial sequence numbers. This issue does not affect iPhone versions prior to v2.0.

Passcode Lock

CVE-ID: CVE-2008-3633

Available for: iPhone v2.0 through v2.0.2

Impact: An unauthorized user may bypass the Passcode Lock and launch iPhone applications

Description: The Passcode Lock feature is designed to prevent applications from being launched unless the correct passcode is entered. An implementation issue in the handling of emergency calls allows users with physical access to an iPhone to launch an application without the passcode by double clicking the home button in emergency call. This update addresses the issue through improved handling of emergency calls. Credit to Matthew Yohe of The University of Iowa's Department of Electrical and Computer Engineering for reporting this issue. This issue does not affect iPhone versions prior to v2.0.

WebKit

CVE-ID: CVE-2008-3632

Available for: iPhone v1.0 through v2.0.2

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A use-after-free issue exists in WebKit's handling of CSS import statements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of document references.

Subscribe in a reader

Wow, Um, So hey, how you doing?

2008-09-12T07:57:00.003-05:00

Haven't Blogged in awhile, I've been working on some other stuff as well over at dearcupertino.com.

For those of you that haven't seen, here's a bit of mac news, Apple released iTunes 8, a new set of iPod Nano's (going back to the more vertical shape), updated and dropped the price on the iPod Touch, as well as refreshing the iPod Classic line.

Basically, for the holiday shopping season. Good stuff.

They also released an update to the iPod Touch software (2.1), and it has some nifty features in it (like the Genius feature from iTunes 8.0). Reports are also, that it is faster. The iPhone update 2.1 is supposed to hit today, so I might blog again with some updates about that.

Otherwise, for those who know me, and know that i have been on a single customer site for the past year+, I have 12 days left (including weekends.)

Subscribe in a reader

CRC Error Episode 2 Posted

2008-08-29T12:47:00.003-05:00

Right after we got done recording the serious podcast (ISC Podcast from my previous post), I switched gears and Podcasters to do Episode 2 of the CRCError Podcast.

As before, this podcast is not for the feint of heart, it is Not safe for work, or children, or pretty much anyone else. Don't listen to it if you get offended, don't like swear words, or pretty much anything that may damage your psyche.

The podcast is meant to be funny. And it is!

iTunes subscribers, please go here to subscribe.

Non iTunes users, go here.

Subscribe in a reader

Internet Storm Center Podcast Episode 10 posted

2008-08-29T12:43:00.002-05:00

Just a quick note to let everyone know that we put out Podcast Episode 10.

iTunes users, go here to subscribe.
Non-iTunes users, go here to download.

As always we are looking for listener feedback, be sure and write in!

Subscribe in a reader

Mac Tablet Patents surface -- i want.

2008-08-28T09:38:00.001-05:00

Appleinsider has a great post today about some interface patents that have been uncovered from Apple detailing how a tablet Mac would work. Very short blog post from me, cause I want you to go read theirs.

I could think of about 30 uses I would have for something like this.

Subscribe in a reader

Google Calendar goes CalDAV

2008-08-25T22:19:00.002-05:00

Okay, so in Apple fashion (read: Not Google fashion) Google Calendar rolled out a new feature of it's product. The ability to use your iCal (or other CalDAV supported Calendar) to use Google Calendar.

Finally, two way sync for Google Calendar with iCal! And it's not really even a "sync". When you put events on Google Calendar in your iCal, you are actually putting the events on the Google Calendar ITSELF.

It's syncs instantly. Anyway, for more information hit up this link, and let's all give a hand for Google for helping us out!

Subscribe in a reader

Podcast Episode X Record Notice

2008-08-25T22:05:00.001-05:00

Tomorrow night at 7:30 EDT (Eastern Daylight Savings Time) Johannes, John, and I will be recording Episode X of the Internet Storm Center Podcast.

We'll be broadcasting live at http://www.stickam.com/joelesler

Please come and join! We love live feedback, talk with us in the stickam interface or via IRC in #dshield on irc.freenode.net.

Thanks!

Subscribe in a reader

This just in, someone steals another Apple idea

2008-08-24T13:51:00.003-05:00

Okay, so could someone please rip Apple off? I mean, it hasn't been done in a couple days. Watch this video. Blackberry Bold unboxing. Tell me that's not almost the exact design of how the iPhone unboxing is? Please.

Subscribe in a reader

Spam fun

2008-08-24T13:28:00.004-05:00

My name is Sgt Jeff Frawley I am an American soldier in peace keeping force in Iraq,

No you're not.

I am serving in the military of the 1st Armored Division in Iraq, as you know insurgents everyday and car bombs are attacking us.

You mean insurgents and car bombs are attacking us everyday? Do they teach grammar anymore?

We managed to move funds belonging to Saddam Hussein's family.

No, you didn't.

The total amount is US$ 12 Million dollars in cash. We want to move this money to you, so that you may keep our share for us till when we will come over to meet you.

No, you don't. You didn't find the money, you wouldn't just email someone out of the blue, you'd try and smuggle that stuff in your pants. Besides, sew it into the spaces in your ruck sack. Come on, get inventive.

We will take 60%, my partner and I.You take 40%.

Actually, if I am moving your money, I'll take 90, you take 10. How about that? Since I am pretty much taking all the risk, I'll take the majority of the money. And since you pretty much have no alternatives because you are apparently stupid and just email me out of the blue on the Internet, you have no alternatives!

No strings attached, just help us move it out of Iraq, Iraq is a war zone.

No kidding? I thought it was the McDonald's Play area.

We plan on using diplomatic courier and shipping the money out in two large boxes, using diplomatic immunity.

So what do you need me for?

If you are interested I will send you the full details, my job is to find a good partner that we can trust and that will assist us. Can I trust you?

Sure, if your terms are in line with mine, above. 90-10.

If you are capable of handling this with me, kindly send me an e-mail signifying your interest including your most confidential telephone/fax numbers for quick communication also your contact details. This business is risk free the boxes can be shipped out in 48hrs.

My "Most" confidential telephone and fax numbers? Really? Is there such a thing? (oh yeah, because the NSA isn't monitoring communications...

BTW -- don't believe scams like this. Come on! You KNOW this is false, and I know you probably are reading my website because you Googled this same email if you got it. Don't fall victim to this kind of thing, of course it's fake!

Subscribe in a reader

VRT challenge

2008-08-23T08:29:00.002-05:00

The guys and girls over in the VRT (Vulnerability Research Team) at Sourcefire want to give you a challenge. Read this post over here, and get your reverse engineering skills up to par. Have fun!

Subscribe in a reader