Apple Laptop Security Flaw Found In Computer Batteries

A security researcher claims to have found a new security flaw in Apple laptops that could allow hackers to ruin laptop batteries, infect them with malware or potentially cause them to overheat and catch fire. Charlie Miller, principal research consultant at Accuvant Labs, said he has found a way to manipulate chips embedded inside Apple laptop batteries.

The chip monitors the battery’s temperature and level of charge, among other things. Those chips can be remotely controlled by hackers using a default password that Miller found on a website of the chip’s creator, Texas Instruments. Apple never changed the default password.

This is the latest potential security flaw found in Apple’s product line. Earlier this month, security experts disclosed a bug in Apple’s iOS operating system that could allow criminal hackers to gain remote access to iPhones, iPads and iPod Touch devices, Reuters reported. Apple said it is fixing that issue in an upcoming software update.

At the very least, Miller found he could ruin laptop batteries by altering the chip’s code. Not wanting to set his home on fire, Miller stopped there. But he imagines darker possibilities for hackers if Apple does not fix the security flaw.

Miller claimed he has full access to the battery and can make any changes he wants to. For example, hackers could install malware on the battery that would not be detected by anti-virus software because it would not appear on the hard drive. The malware could attack the laptop’s operating system again and again, even after the user installed a new hard drive. The battery would keep attacking it.

Miller, a former security researcher for the National Security Agency, said it’s possible that Apple has taken extra security measures to prevent that from happening, or worse, causing a battery to overheat and catch fire. He said he reported his findings to Apple but did not hear back.

Miller wrote a paper on the security flaw that he plans to present at the Black Hat security conference in August in Las Vegas, where he also plans to unveil a solution called a “Caulkgun” that changes the battery’s default password.

While the security flaw presents a potential danger, most users should not be overly concerned about a hacker taking over their laptop battery.

Advertisements

Moving Your Database to the Cloud

Moving a database management system to the cloud, in whole or in part, necessarily alters the way you approach security, but you’ll quickly find out that securing a SQL Azure cloud database is similar to securing access and applications for SQL Server.

Josh Hoffman’s Securing SQL Azure in TechNet Magazine is great place to start. He takes you through the prerequisite process of
setting up a Windows Azure account, which provides access to Azure services such as SQL Azure.

Hoffman also discusses network access control with the SQL Azure Firewall, the authentication method in SQL Azure and the connection encryption via TDS over an SSL connection.

The SQL Azure team goes into detail on all these topics, and to make it easy to find and move among topics, they have published their SQL Azure Security content to the TechNet Wiki. Starting out, you’ll find that SQL Azure only supports encrypted connections and has two types of access control. As with any implementation of SQL Server, accounts are managed with SQL
Authentication
. And the SQL Azure Firewall restricts access by IP address. For more on these security methods, see the Overview
of Security in SQL Azure
and the Security Guidelines for SQL Azure.

When managing logins and users in a SQL Azure database, there are some restrictions. In his video demonstration How Do
I: Configure SQL Azure Security?
, Max Adams walks through the creation of logins, databases and users, and how to view logins and databases from the master database.

Finally, some common sense best practices can make your SQL Azure database applications less vulnerable to threats:

  • Always use the latest updates and the most current version of tools and libraries.
  • Block inbound connections on TCP port 1433. Only outbound connections on TCP port 1433 are needed for applications to communicate with SQL Azure Database.
  • Use parameterized queries where possible to prevent SQL injection vulnerabilities.

Google+: 20 million users in less than a month

Google+ may still have some way to go to equal Facebook’s 700 million users and Twitter’s 200 million, but 20 million unique visitors to the new social networking site in the space of just three weeks isn’t a bad way to start. Of the 20 million, five million were inside the US. The Google+ iPhone app released on Tuesday is sure to boost numbers further.

The new service allows members to create a variety of groups, called “circles,” enabling them to share information and content with only the people they choose. One circle could be made up of co-workers, while another might consist entirely of family members.

What makes the figures all the more remarkable is that the new social networking service is currently open only to those who receive invites.

The long-term plan for Google+ is to integrate it with other Google services such as YouTube and Gmail. When that happens, it’ll become a service to be reckoned with and will likely begin to make big gains on competitors such as Facebook and Twitter.

Adobe lists bugs in Apple’s Mac OS X Lion

The downloadable Mac OS X 10.7 Lion upgrade is littered with bugs according to the firm, causing us to wonder whether we should just carry the office Mac over to the window and encourage it to defenestrate itself. Of course it is worth remembering that Apple and Adobe don’t get on particularly well.

A blog post published by the firm is headed, “Lion tamers” and paints a rather unfortunate picture of IT administrators struggling with the upgrade.

“The cat is out of the bag! Mac OS X 10.7 aka Lion is roaming the streets and you brave Mac IT admins have been deemed Lion Tamers by the public at large. Or at least by me. I’ve managed a few OS compatibility assessments in my past and it is no easy task to gather up all the necessary info from the software publishers that are used in your environment, run/coordinate testing, etc,” wrote the firm’s Jody Rodgers.

“You are seeking the cold hard facts while a percentage of your users are barging down the door to upgrade due to justifiable work reasoning such as ‘shininess’.”

So, Adobe has published a long list of problems that include issues with scrolling, crashing, and application quitting, none of which look particularly good on paper.

Over at the security firm Sophos, Paul Ducklin is concerned that a just released Safari update makes no mention of the new Lion OS and therefore means that new users could be concerned about whether it applies to them and whether they should install it.

Apple’s new version of Safari patches 58 significant flaws

Favorite Cloud Services

I’ve been compiling a list of favorite cloud services from various clients. While I have not had the opportunity to check them all out, I have had the opportunity to check out a couple of them and just had to share them with you. Please note I may not have tested them out but I am just passing on others’ recommendations. I’ve added some descriptions to the items when appropriate. They are not in any order.

“I just found out about LucidChart and will be using it a lot to collaborate on flowcharts and processes (http://www.lucidchart.com). I also like SlideShare (http://www.slideshare.net) for sharing presentations and WhenIsGood (http://whenisgood.net) for setting up meeting times.”

“My favorite new web 2.0 discovery is Doodlehttp://www.doodle.com – lets you easily schedule meetings, integrates with google calendar and handheld apps. I heart this tool. Much slicker than meetingwizard.”

Dropbox – online file sharing. Dropbx might make you want to get rid of your USB!  It is the easiest way to store, sync, and, share files online. It makes online storage and sharing of files dead simple — as simple as dragging files into specially market local folders.”

Soapbox (PICNet) – affordable, quality nonprofit websites”

Salesforce – full-featured and flexbile for the right price for nonprofits, plus they now support B Corps!”

Surveymonkey – easy online surveys”

Skype – can I count the ways you keep me connected? Skype Screen Sharing – Many people are not aware of this… Skype has a screen sharing feature. Once you are logged in to your Skype account, you simply click the share screen button and then will be able to see either the whole screen of the person with whom you are talking or the portion of the screen that they select. An incredibly simple yet highly effective tool that cuts down on messy feedback. It makes you far more efficient especially if your business is online.”

Mozy Home – unlimited (when I paid for it) and easy home backup $120/yr. All the important information in your life/business is now stored on a computer. Whether it is photos and music or business documents and financial records, everything is digital – Mozy offers a great backup to the cloud service that will help you sleep at night knowing that your digital life will always be there when you need it.”

Office 365 – MS apps I love now in the cloud”

Postini – spam filtering that really works”

Rapportive – Check it out if you haven’t done so already. Rapportive is a little browser plugin that provides you with information about the people you talk to via email. Rapportive shows you everything about your contacts right inside your inbox. It combines what you know, what your organization knows and what the web knows.”

Tungle.me – The hardest part of making meetings happen is knowing when is the best time. Tungle.me makes it simple for everyone to know when is best for you! You control your availability and remove all the guessing games. Check it out.”

MyStickies – This is simple but brilliant little app that essentially lets you place little stickies all over the web to remind you of stuff when you get back there at a later date. You can write messages for yourself and they’ll appear next time you navigate back to that page.”

Remember the Milk is a great task manager. It allows you to create “to-do” lists in the easiest manner possible as well as being able to access those lists from pretty much anywhere.”  (Note: I’ve started using this one and so far find it perfect for the job!)

PDF Unlock – PDF files can have restrictions that prevent you from being able to do many things with them, such as copying text from them or editing, printing or merging them. PDFUnlock! can remove these restrictions. PDF files can be secured with restrictions that prevent you from for example copying text from them or editing, printing, merging or splitting them. PDFUnlock! can remove these restrictions (a.k.a “owner password”). If a password is required to open the uploaded file, you will be asked to enter it (a.k.a “user password”). PDFUnlock! cannot, however, recover lost or unknown user passwords. A PDF file can also be subject to non-standard encryption, such as DRM. PDFUnlock! does not remove such.”

” –Mailchimp easy mass email system. Powerful email marketing – instantly see your members’ ratings, opens and clicks.”

Meetingwizard – easy group scheduling”

Brightpearl – great for consulting firms – combine a website, CRM and accounting into one comprehensive system.”

Mozilla and the Enterprises Environment

After alienating corporate IT departments with its rapid release policy for Firefox, Mozilla wants to patch things up by re-establishing a group to handle enterprise concerns.

Having adopted a rapid release cycle for Firefox that left businesses in the dust and argued through its executives that enterprises ought to “change how they think about software rollout” if they want to keep up with modern browser development, Mozilla left many corporate IT departments with the impression that the open source browser company didn’t care about their concerns.

Statements like “Enterprise has never been (and I’ll argue, shouldn’t be) a focus of ours,” offered by Firefox community coordinator Asa Dotzler, did little to alter that impression, much to the delight of Microsoft, which saw in Mozilla’s full-speed ahead strategy an opportunity to win back the loyalty of organizations that had defected from Internet Explorer to Firefox in recent years.

Things were never as dire for enterprises as they might have seemed. Mike Shaver, VP of technical strategy at Mozilla–the one urging enterprises to rethink their commitment to glacial software deployment–made it clear Mozilla was open to discussing enterprise concerns, even if past efforts to accommodate enterprises hadn’t been entirely successful.

On Tuesday, Mozilla made its commitment more explicit. Acknowledging the controversy that has swirled around its adoption of a rapid release cycle, Mozilla on its blog reiterated its need for speed–lest it be left to eat the dust kicked up by competitors Apple, Google, and Microsoft–and simultaneously asserted that it cares about Firefox users wherever they are.

7th version of Mac OS X goes on sale today

OS X Lion, the seventh version of Mac’s operating system will go on sale today for $29.99. Lion will be the first in the OS X family to be available exclusively as a digital download via Apple’s Itunes App Store.

This will also be the first Apple product that will play down the relevance of the Apple Stores, and will definitely not generate lines of faithful trying to score copies of the OS upgrade.

In the real world, though, some fundamental changes to OS X 10.7 Lion will sever the ties with its software and hardware legacy. Rosetta says goodbye and so does 32-bit processor support. This means that no more PowerPC apps will run on the new OS and neither will it support any 32-bit Intel processors such as the Core Duo and Core Solo.

Most changes to this version of OS X reflect advances in the user interaction with hardware, as well as chipset and CPU features. These include things such as Ipad-like touch interfaces, improved virtualization, direct file sharing and hardware disk encryption, amongst others. Like in some PC notebooks, the OS X Lion installation will create a recovery partition from which you can restore your operating system in case of a critical error. Apple has also discovered the wonders of “auto-save”, and has tweaked Aqua GUI refinements and general interaction, but to a lesser extent.

Lion also adds TRIM support, vital for SSDs, which, considering the popularity of that storage technology and its increasing relevance in Apple’s product portfolio, becomes absolutely necessary to avoid performance degradation over time.

Together with the OS launch, a product refresh is expected as newer computers and accessories are launched to match and take advantage of the new OS X features. Amongst these are the Thunderbolt driven Apple displays and a refresh of Macbook Air products, which stand to make the most out of the OS.