Archive for the ‘Hacking’ Category


Loren W
29 December 2014
Melbourne Australia

 

Jailbreaking – the process of removing limitations on an Apple iOS, allowing users to get otherwise unavailable access to iPhones, iPads, and AppleTV, restoring a device via ITunes removes a jailbreak.
CydiaThe software used after jailbreaking that is the ‘gateway’ that allows users to install jailbroken apps.

It still strikes me as ironic, that if you mention ‘rooting’ an Android phone, to an Android user, it is yes so what. Mention jailbreaking to an iOS user, and you get a very different reaction. This is because traditionally, many Android phones are already unlocked to some extent, and unlocking and rooting them is again not treated with any dismay, just offering a different ‘class’ of user. To an Apple iOS user, jailbreaking is akin to hacking, stealing and other forms of thievery. What is often ignored is that today’s iOS jailbreak is often tomorrow’s iOS enhancement. There are sometimes complications and a slowing down of iOS when a jailbroken app is used, however, it often offers a choice that many iOS users may never get. Not Alone– It is estimate there are millions of users of iOS devices that only buy a device with the anticipation of jail breaking, but for many others the logical question is, there any reason now a days on the cusp of 2015, to actually unlock an iOS device. So without further ado, the top reasons to jailbreak an iOS device in 2015.

The simple things– Often it is the simple things that a user can do with a jailbroken iOS device that adds that extra feature, making the whole activity worthwhile. Hey Siri- A new feature in iOS8 allows you to choose to have Siri listen to you at all times and activate her via an ‘hey siri’ command, unfortunately this only works when plugged in to power. A logical approach for anything other than the newer iPads or iPhones as their battery life is exceptional. UnthetheredHeySiri, over rides this and works when powered or not, this may sound minor but offers a whole different element to this feature. Status HUD 2 – Offers a volume HUD in the status bar. Themes– The amount and feature set you can get with themes I huge. Zeppelin- changes the iPhone carrier MyWi– A fav from those that use their iOS device as a hot spot. Netflix++ – Netflix doesn’t show trailers on an iOS device but this little app allows it. iFile– Offers a better file manager than you can normally get in iOS any other way. SwipeSelection– selecting text in iOS is not great, this app offer a set of additional features via gestures on a keyboard. I would be surprised if this is not used in iOS sometime in the near future. Aeternum– a UI tweaker for iOS that is made to resemble the new AppleWatch UI. Slide2Kill8- One of the nice apps in Android is the ability to kill multiple apps at one time. This is one of those apps that Apple will likely borrow as well. Badgomizer– another feature rich fine tuner allowing custom icon color, shape, position, size, rotation and opacity. No Assault Just DetailedBatteryUsage– As many apps as there are showing battery usage, in iOS the feature richness is often lacking this app gives some of this back. iOS
is lacking and prevented in changing fonts, this app allows some worthwhile tweaking that again I expect Apple to allow one day. FilippoBiga– a Cydia source where you get even more tweaks. BioLockdown – The new fingerprint sensors allow you to make purchases and unlock your device with a finger print. Some developers can lockdown their apps using it as well, but it is hit and miss which ones do, this app allows you to offer this feature on all apps via the iOS device itself. Another app I expect Apple to develop in the next major release of iOS.


Loren Wiener aka mrinternet
Melbourne Australia
10 August 2012 (tomorrow for many of you)

Convenience  vs.  Security You Do not Have to Choose 

We are all grateful for Mat Honan from Wired full story here raising to our attention the ease that we sometimes offer hackers. I was in charge of Business Internet Products and Security in a previous life for a large Telco and I wasn’t even aware of how easy some of this was, for the hacker.  The daisy chain effect where accounts are linked etc. was part of the issue, and not a relatively new event (5 years or less old) the not so tight processes at Amazon and Apple (now changed thanks to Mat ) was another part also not new. But the part where it pretty much all started is the part many take for granted, and the oldest issue, that many is that of the domain name. Mad had linked (daisy chained) various accounts) in the process of identification a home address was needed, and this was freely offered by looking up Mat Honan’s address from his domain name. Public addresses, for all domain is public by default as technical, billing, and domain owner name is required. There are options for all domain names to hide this information, and you can usually just not put in address in this. If we learn nothing else here (besides doing back-ups) is hide, use a PO box, or do not offer your address on your public domain name info.

Note: I hope Mat gets back his data, and I for one would contribute to any costs in helping him do that. We need more Mats’


Someone recently asked me why is it so hard to deal with a DDOS attack. Simple trying to detect the pattern of the attack. But it all comes down to 3 things.

1. Use a product that allows Service Provider XYZ to detect and mitigates a DDoS attack.

2. Service provider XYZ then securely sends the attack “fingerprint” to the relevant upstream providers affected by the attack.

3. After securely receiving the fingerprint, the information is used by the upstream ISP to trace back, analyze and mitigate the attack, thereby identifying and removing the infected hosts as close to the source [the Internet-based ingress point] as possible.

I have only seen one product that could do this and its the Arbor Networks’ Peakflow SP. I used it on one of the largest networks in the world and it works. As do other large carriers. Keep in mind most carriers are not affected by the DDOS attack (we have the bandwdith). Its the tier2 user and the end customers.

So if you want to make sure you never get hit by a DDOS attack make sure your providers tier1 supplier has the right support in place in case you do get hit and the right preventative measures in place to begin with.

Oh What is a DDOS attack?
http://en.wikipedia.org/wiki/Denial_of_service

Who are Arbor?
http://www.arbornetworks.com/


I fine this the most useful site of its type on the net.
What do you think? (oh be sure you support them if you do)
Just updated today BTW.

read more | digg story