Apple iOS Hacker Banned

You’d think computer companies would learn wouldn’t you, when you see someone who points out a problem with your code, hardware or processes then you should thank them, embrace them – heck employ them if you can.   Apple however have failed dismally in their response to Charlie Miller’s assistance on highlighting the problems in the App Store security process.

Photo Charlie Miller – Twitter@0xcharlie

I means there’s two types of people out there who do this sort of hacking – white hat guys like Charlie Miller who will demonstrate the vulnerabilities, publish proof of concepts and let the company know. Of course it can be slightly embarrasing sometimes when you’ve dropped a bit of a clanger but there is an upside.

The upside is that the other type of people don’t get chance to figure it out – the Bulgarian uber hacker working underground for a Russian or Brazilian cyber criminal gang who exploit the hole after they’ve found it.

So what did Charlie Miller actually do?

Well it’s probably best to let the author demonstrate – make sure you watch it until the end to see the full extent of what this hack is capable of !

Pretty incredible heh!! The potential of this in the hands of the bad guys is probably what scared Apple and made them act like a spoilt brat by kicking Charlie Miller off the iOS developer program. White hat hackers as talented as this guy should be treated a bit better even if he did perhaps break a few little terms and conditions to illustrate the vulnerability.

I haven’t thought about the criminal possibilities of this but I am sure there are many beyond downloading everyone’s address book. I confess I’m still stuck on the prank possibilities of having every iPhone on the planet vibrate at exactly the same time. Pointless but fun and pandering to my inner megalomania without causing any real harm! If only I was as clever as Charlie Miller !!

Hopefully the kicking Apple is currently getting in the online media for their reaction will make them think again. Perhaps in some high up meeting somewhere in Apple Towers it will occur to someone that they should be actually thanking this guy. Otherwise they should get worried if he starts taking long holidays in Moscow next year.

Internet Filtering, Censorship, Surveillance and Stuff Like That

One of the many justifications used across the world by agencies, governments, regimes etc for spying on us and filtering internet feeds is that it actually protects us.    By that they generally mean by employing these tactics they are able to catch more terrorists, paedophiles and various nasty people using the internet for their naughtiness.  In fact in many sectors of society if you argue that the internet shouldn’t be monitored or filtered then you will often find yourself grouped with these unsavory characters. Now just to clarify I’m not talking about carefully targeted surveillance and filtering on suspects (fair enough on that) but the general broad monitoring and filtering on an entire population on the off chance of picking up something interesting !

The problem is that it’s utter rubbish for one very good reason – it simply doesn’t work.    It’s all very well a Government thinking that they can routinely pick up terrorists by swooping on a Facebook page – but in reality what sort of hardened operatives are they going to pick up?   One thing for sure they won’t be very clever – in fact you’ll probably pick up the likes of these two harmless muppets who tried to organise a riot on Facebook.   Their riot attracted no rioters and they were picked up and sentenced to four years (which will probably be reduced to 2 weeks on appeal).

Jordan Blackshaw, left, and Perry Sutcliffe-Keenan

Now to be honest I don’t know about you, but I might be prepared to concede a large part of my liberty and privacy if I thought the world would become a genuinely safer and better place.   However picking up the likes of these two hardly meets that criteria.

The point I’m trying to make is that when internet filtering, censoring and surveillance techniques are utilised the only people who are affected are those with nothing to hide, plus perhaps a few thick criminals/terrorists who are probably of limited danger.   There are many ways to circumvent filters, there are lots of ways to communicate anonymously and all those who need to are doing just that.

Do Al Qaeda communicate through Facebook, My Space or Twitter – I suspect not.  Do they send out their orders by emails in clear text with PDF attachments detailing their targets – of course they don’t.    They’ll be using TOR, encrypted emails, hidden web sites and communication networks on the Dark web.   There will be codes, ciphers and carefully devised communication methods and strategies plus loads of other stuff on here The Ninja Proxy!

Of course they might be like this lot from the rather funny film Four Lions –

 

But I suspect not.

Should Facebook Be Blocked at Work ?

So do you think it’s legitimate to use Facebook at work? Is it ok to spend an hour or two catching up with friends in your lunch hour or is it strictly a leisure time site.

A couple of people who read my post about how you can get passed facebook blocks at work got a bit annoyed about me suggesting it should be banned. Although this is not surprising as the comments were from my friends who are a pretty anarchic lot and would get upset if they were banned from invading Burma. I suspect the phrases ‘infringing on my democratic rights’ and ‘subverting the masses’ might be used.

I mean I hate filtering and censorship more than most people, but really if I was paying someone to do a job and they instead spent thirty hours a week messing about on FB then I have to say I’d be pretty annoyed. So although I hate the blocking aspect I think an employer has the right to do this within reason.

After all this afternoon I opened up Facebook and was confronted by this rather witty post –

A Sample Facebook Post?

Now if you can try and focus on the caption below it’s rather witty, but I think most of us would recognise that having images popping up like that on your screen at work is probably not that appropriate. The problem is that the image is from a wall post and you have little control about what appears there. If that image popped up on your brand new 40″ LCD monitor – there’s a very real chance someone would take offence.

The Problem With Filtering is The Technology

Of course that particular image may get blocked anyway even if you don’t specifically target certain web sites. Many of the advanced content filters make assessments on each image that is downloaded. So the algorithm might for instance assess the number of flesh colored pixels and block on that basis. Certainly the market leaders have this facility although you can see massive problems in this as well. After all the lady from our Facebook picture seems to have forgotten her underwear but to be fair her impressive behind has very few flesh colored pixels on display (umm).

So the following picture would definitely trigger the flesh pixel trigger on some content filters I’ve used.

Facebook Censored Images

Although most of us won’t find that terribly erotic ( although the world is wonderfully diverse and it’s great that someone will!) – it will likely trigger the erotic/porn filter on many filters. Algorithms aren’t great at this sort of stuff, they miss things – lines of code deciding what you can or can’t do is never going to be that desirable.

After all if you’ve got a dirty mind ( I confess I have) then you would presume masses of flesh colored pixels would mean PORN. But it’s not always the case as I hope the above picture illustrates – it’s not that clear cut – just like life!

Censorship should be restricted in my opinion to genuinely criminal or illegal stuff, otherwise you just start on that road of banning things that are embarrassing, inconvenient or you’d just rather keep quiet about. It’s certainly not a basis of democracy, and nobody will die from seeing a slim, pert behind climbing into a helicopter!

The solution in my opinion at least for work is a simple Internet Usage policy which relies on people’s common sense. Let employees use the internet in their own time for ordinary tasks – don’t overly restrict but make it clear that you should have consideration for your fellow workers, don’t access porn, gamble or run a far right political party at work. You can do that at home, or travelling home on the train with your smart phone.

Additional

Ok some times jobs are just too boring without some sort of distraction – so if you want to access Facebook even if it’s blocked – check this post on proxy avoidance about half way down there’s a link to download the demo version of Identity Cloaker which is free and works for Facebook and a few other sites.

It’s demonstrated on this video –

If you just want a Facebook Unblocker then there’s nothing to beat it, also works with Twitter at the time of writing (December 2013)