OS X Lion security flaw allows anyone to change your password

By on September 19, 2011 at 3:25 PM.

OS X Lion security flaw allows anyone to change your password

Security blog Defense in Depth has found a glaring security flaw in OS X Lion that enables hackers to change the password of any user on a machine running Lion. “[While] non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Patrick Dunstan from Defense in Depth explained in a recent blog post. The result is that anyone could use a simple Python script, created by Dunstan himself, to discover a user’s password. It gets worse. Reportedly, OS X Lion does not require its users to enter a password to change the login credentials of the current user. That means typing the command: “dscl localhost -passwd /Search/Users/Roger” will actually prompt you to set a new password for Roger. As CNET points out, a hacker could only take advantage of the known bug if he or she has local access to the computer and Directory Service access. CNET suggests disabling automatic log-in, enabling sleep and screensaver passwords and disabling guest accounts as some preventative measures to keep your Mac secure. More →

68 Comments

HTC Sensation and EVO 3D revealed to be spying on users [updated]

By on September 1, 2011 at 4:20 PM.

HTC Sensation and EVO 3D revealed to be spying on users [updated]

First Apple, Google and Microsoft were accused of tracking user locations and now it appears HTC’s Sensation and EVO 3D smartphones are spying on their owners. According to user TrevE from InfectedROM, a recent Android 2.3.4 Gingerbread update from HTC added a little something special to the source code of Carrier IQ (CIQ), an Android component. CIQ is not new; it is part of Android and used on most devices to send data back to carriers about your smartphone. However, the source code on the EVO 3D and Sensation reportedly now has a “User Behavior Logging” function that is capable of tracking how Sensation and EVO 3D owners use their smartphones in greater detail. Read on for more.

Updated with official comment from Sprint below. More →

35 Comments

Motorola DROID X2 user guide hits the web

By on May 17, 2011 at 9:06 PM.

Motorola DROID X2 user guide hits the web

The Motorola DROID X2 is definitely taking a page from the DROID Incredible 2’s playbook. That is: we know almost everything about this phone although Verizon Wireless has yet to officially announce it. Bearing that in mind, it should come as no surprise that the DROID X2’s user guide has hit Motorola’s official website. The guide confirms that the X2 will be a dual-core, 1GHz device with a 4.3-inch display and qHD resolution. It also confirms that the handset’s form will be nearly identical to that of the original DROID X; released just one year ago. The DROID X2 has a rumored go-live date of May 26th, although the guide does little to confirm that. Hit the jump to check out the PDF. More →

7 Comments

HTC Merge gets rubber-stamped by FCC

By on March 3, 2011 at 7:33 AM.

HTC Merge gets rubber-stamped by FCC

It looks like the recently announced HTC Merge has been given the U.S. government’s stamp of approval. Spotted at the FCC, the HTC handset has been long rumored to hit Verizon Wireless’ lineup. The extended lag time between the device’s discovery and unveiling — along with the deafening silence in between — led many to believe that the handset had either been scrapped or was being retooled with an LTE radio. Now, thanks to the FCC, we know neither of those things are true. The handset will be hitting “multiple North American carriers” in the near future, sans LTE (bummer). The FCC filing does include the device’s user guide, so if you want to know a little bit more about the Merge, hit the read link and have yourself a look.  More →

9 Comments

Facebook Connect: 250 million monthly users, adding 10,000 sites every day

By on December 8, 2010 at 7:15 AM.

Facebook Connect: 250 million monthly users, adding 10,000 sites every day

At the Le Web conference in Paris France, Facebook’s platform chief, Ethan Beard, told technology blog TechCrunch that his company’s Facebook Connect service now has 250 million users making monthly connections via third-party sites. Mr. Beard went on to note that 100 million of those users began using the Connect service within the past year and that Facebook is adding nearly 10,000 sites per day.

Do any of you utilize Facebook connect to authenticate to sites other than FB? Login with your Facebook account below to drop us a comment. More →

6 Comments

User guide for Sprint's Samsung Transform leaks, stock Android coming to Sprint?

By on October 5, 2010 at 2:31 PM.

User guide for Sprint's Samsung Transform leaks, stock Android coming to Sprint?

It looks like Sprint will be releasing another full-QWERTY Android handset from Samsung. Courtesy of a leaked user guide, we see the Samsung Transform, a mid-range Android 2.2 device with Wi-Fi, Bluetooth, micro-SD card slot, 3 megapixel camera, and — perhaps most notably — stock Android. The handset gets its name from a dedicated “Sprint ID” softkey which allows users to customize their device. Sprint ID-packs contain “features and functions ranging from icons, wallpapers, menus, and applications. More than a new User Interface skin for your device, this package of features and functions are each customized for different uses. These IDs can be downloaded directly from the device and purchased via the online Sprint Store.” Hit the read link to grab the full users manual, and let us know what you find!

Thanks, Dave & Jaggrey! More →

59 Comments

Sprint Samsung Epic 4G user guide live

By on August 27, 2010 at 2:09 PM.

Sprint Samsung Epic 4G user guide live

If you’re thinking about picking up an Epic 4G from Sprint on the 31st, and want to know exactly what you’re getting into, Samsung has got you covered. The company was kind enough to post the user guide for the unreleased handset on its website late yesterday. There aren’t really any surprises in the document, but it does go over — ad nauseum — how the devices software will behave. The read link takes you right to the 264 page PDF if you’re interested. Enjoy!

More →

36 Comments

Sony Ericsson Xperia X8 user manual outed by FCC

By on August 25, 2010 at 5:10 PM.

Sony Ericsson Xperia X8 user manual outed by FCC

Thanks to the FCC, the user manual for the Sony Ericsson Xperia X8 has hit the interwebs. The device, which was first announced back in June, packs a 3″ HVGA display, 3.2 megapixel camera, A-GPS, Wi-Fi, 128 MB of internal memory, 600 MHz processor, and Android 1.6 with SE’s UX UI. The device has the 850 MHz and 1900 MHz 3G HSPA bands, which makes AT&T a likely landing spot for this little number. However, we’re starting to wonder how many mid-level Android devices can fit into AT&T’s smartphone portfolio. The PDF is live on the FCC’s website and can be downloaded directly using this link. Thoughts? More →

22 Comments

User reviews go live on Verizon's website

By on April 21, 2009 at 3:17 PM.

User reviews go live on Verizon's website

It seems that Big Red has finally opened up the user handset review feature we scooped about a month ago. This new feature gives users the ability to rate handsets on a five star scale based on ease of use, display, design, features and battery life. In addition, there is space to list some pros, cons and general comments. The only caveat is that in order to review a handset you must be an existing Verizon customer and logged into your Verizon account — that and actual Verizon employees vet each and every review which pretty much guarantees that fanboys will see their reviews slide right on through while crackpot/troll reviews will never see the light of day.

[Via Phone Arena]

Read

23 Comments

Apple patent application includes mock-up of a jailbroken iPhone

By on March 28, 2009 at 12:49 PM.

Apple patent application includes mock-up of a jailbroken iPhone

Apple’s recent patent application covering biometric and other embedded authentication systems has caused quite a stir as one of the included images is a mock-up of a jailbroken phone. Considering that Apple is trying to use copyright infringement and the DMCA to hinder jailbreaking, it is unusual to see such an image in an official Apple document.  The image of the jailbroken iPhone appears in a section of the patent that describes how authentication can be used to display different options and applications to different users:

[0048]Once the user has been properly authenticated, the electronic device may display options associated with the authenticated user (e.g., options for applications purchased by particular users). In some embodiments, the electronic device may provide access to resources or content that was previously not available (e.g., contact lists or previous messages in a telephone or mail application). FIGS. 5A-C are schematic views of illustrative display screens associated with different users provided in response to authenticating the user in accordance with one embodiment of the invention.

United States Patent Application: 0090083850 PRE { font-family: “Times New Roman”; font-size: 12pt; } [0050]Display screen 500C may include options 510C for resources or applications available to the users. In some embodiments, options 510C for the same resources as other display screens may have different appearances (e.g., different icons). For example, in FIG. 5C, the options displayed for the Mail, Clock, Photos, YouTube, and Calculator applications may be different than those displayed in display screen 500A of FIG. 5A. Display screen 500C may in addition include a custom or personal background 512C (e.g., different background image). In some embodiments, display screen 500C may not include a dock or other feature for maintaining some options 510C in a fixed position (e.g., unlike options 510B located in dock 512B).

Presumably under this authentication scheme, some users will be allowed access to the jailbroken screen while other users will be blocked and shown another screen. Was the selection of a jailbroken screen to represent a modified home screen a major faux pas or was its inclusion deliberate? Either way, Installer is sooooo 2008. It’s all about Cydia now, Apple — get with the program.

[Via Engadget]

Read

11 Comments