Josh Drake, the researcher who discovered the Stagefright vulnerability in Android that lets an attacker hack into an Android device by sending a specially crafted picture or video in a text message, was on the Risky Business security podcast this week to talk about it. What he had to say was interesting.
Patrick Gray, the host, tends to be a pretty outspoken critic of Android and isn’t shy about talking up Apple. He tried to get Drake to say Android is a trainwreck, security-wise, but Drake wouldn’t say it. Drake actually went as far as to say he thinks Android and IOS are fairly close, security wise.
So why do we see so many more Android bugs? Drake had an answer.
Adobe has patched Flash twice in two weeks now. The reason for this was due to Hacking Team, an Italian company that sells hacking tools to government agencies, getting hacked. Hacking Team, it turns out, knew of at least three unpatched vulnerabilities (also known as “zero-days” or “0days”) in Flash, and exploits for these vulnerabilities were among the things that got breached.
Mark Stephens, a.k.a. Robert X. Cringely, wrote last week about his disappointment in Ashton Kutcher’s movie Jobs, about the late Apple co-founder and CEO.
Here’s the most important part of his quasi-review:
[S]omething happened during Steve’s NeXT years (which occupy less than a 60 seconds of this 122 minute film) that turned Jobs from a brat into a leader, but they don’t bother to cover that. In his later years Steve still wasn’t an easy guy to know but he was an easier guy to know. His gut for product was still good but his positions were more considered and thought out. He inspired workers without trying so much to dominate or hypnotize them.
All in all it sounds reasonable to me. His recollection of DOS and some DOS version 8 confused me at first, but that was what the DOS buried in Windows ME was called. But mentioning it is appropriate, because it shows how DOS faded from center stage to being barely visible in the end, to the point where it was difficult to dig it out, and that it took 15 years for it to happen. He’s completely right, that if Microsoft had pulled the plug on DOS in 1985, Windows would have failed. Read more
UEFI is a technology that forces a computer to only load a digitally signed operating system. This has some security benefits, as it makes parts of the operating system unbootable if they become infected, since the viruses won’t be digitally signed by a reputable vendor.
Great idea, right? From a security perspective, absolutely. The more attack vectors for viruses we can eliminate, the better off we’ll be. But Microsoft’s policy on ARM systems shows how it can be abused.
Steve Ballmer announced today that Microsoft has sold 400 million Windows 7 licenses, but anywhere from half to two-thirds of PCs are still running Windows XP and need to get with the program.
He also continues to insist Windows 8 will ship in 2012, which really makes me wonder why those XP users need to switch now. December 2012 is 17 short months away, and XP support runs until 2014. I see little need to rush out now and buy Windows 7, use it for 18-24 months, and then turn around and buy Windows 8. If XP is fulfilling users’ needs, what’s the hurry? Unless Windows 8 is going to be late, as bad as Vista, or both. But none of that can happen, right? (Note: It’s not 2014 anymore, so if you haven’t upgraded from XP, you need to.)
I’m sure the Windows 8 Police will be along to haul me away shortly for insinuating such things. But until that happens, that 400 million figure lets us do some other interesting extrapolation. Read more
Occasionally, a PC’s CD or DVD-ROM drive will stop responding for no known good reason. Sometimes the problem is hardware–a CD-ROM drive, being a mechanical component, can fail–but as often as not, it seems, the problem is software rather than hardware. Here’s what to do with a Windows 95 or Windows 98 CD-ROM drive not working when the same drive works just fine in another OS.
If Windows has both 16- and 32-bit CD-ROM drivers, it can get confused and disable the drive to protect itself. The solution is to remove the 16-bit driver, then delete the obscure NoIDE registry key to re-enable the 32-bit driver.