Security

Charging is not supported with this accessory

2 Comments

Yet another odd problem with the iPhone has surfaced with virtual systems. When the USB charging/sync cable is connected to an emulated USB the following error will popup:

The phone then drops its connection. This is easily repeatable:

  1. Plug the phone into a USB port on the host computer and note that it is charging
  2. Boot the guest computer
  3. Connect the guest computer USB port to the iPhone
  4. Wait a few seconds as communication is established over USB and note that the phone throws an error and stops charging

Apple Support tells you that this error message is supposed to be related to hardware:

Charging with a FireWire-based power source is not supported – except on original iPhone and iPod touch (1st generation). If you connect your device to a FireWire-based charger or accessory, you will see the alert screen below:

The solution, however, is with the software.

Here is the configuration that fixed the problem in VirtualBox. In this example the host is Ubuntu 10 and the guest is Windows 7.

Create a static USB filter with Vendor ID 05ac. Then boot the guest OS and note that the iPhone no longer throws the above error message — communication now will be stable.

I have read endless forum speculation about the cause of the charging error — quality of cables, third-party hardware issues, etc. and most seem to end with “go to the Genius Bar and get a new phone”. Apple is mum on troubleshooting but some report success getting the Genius Bar to give them a brand new phone under warranty.

The repeatability of this error shown above shows that Apple’s iPhone software should be suspect, rather than just hardware. They interpret communication over USB perhaps to protect the phone from earlier generation (firewire) chargers or to force licensing by third-party manufacturers. Whatever their reason, hopefully they will soon fix the software to be more reliable.

Security

The “Bomb Magnet”, a British Soldier in Afghanistan

Leave a comment

The Sunday Telegraph has a fascinating first-person account of military operations in Afghanistan by the ‘bomb magnet’ soldier blown up 15 times. The A Company 4 Rifles fought against 500 attacks and had 200 IED incidents at Forward Operating Base Inkerman, Sangin, Helmand Province. One in four of the company were killed or injured by situations such as this one:

On another occasion, the sergeant major spent 26 hours in a Mastiff, which had been blown up by two Russian-made anti-tank mines stacked on top of each other.

Describing the event, he said: “We were moving down Route 611 to recover a vehicle which had been blown up after a 107mm rocket had been fired at it. The vehicle had burned for 36 hours and no one had gone near it but as soon as the fire went out, the area as flooded with kids. We recovered the vehicle and then returned along the same stretch of road two hours later on another job.

“What we didn’t know at the time was that the Taliban had managed to lay three devices in a carefully planned IED ambush in just 20 minutes, in broad daylight in an area being monitored by two bases with cameras.

Food, Poetry, Security

Hacking passwords to Hell

Leave a comment

Hell is actually a pizza chain that started in 1996 that now has 64 stores in New Zealand, England, Australia and Ireland:

Clever marketing strategy but a website they used to manage customer information is said to have been breached. A police report revealed more than 230,000 “entries” at risk with names, phone numbers, email addresses and passwords. Risky Business claims an exclusive on this story called I know what you ate last summer

One source Risky.Biz spoke to says they looked into the security of the website when rumours of the breach started doing the rounds:

Immediately I spotted the SQL Queries being made by the Flash SWF as part of the query string to the server-side. The Flash client makes queries which are hard-coded in the .swf (this is dumb as it means SQL Injection is effectively a ‘feature’ of the store).

You could easily alter the query string to show the hashes stored in the MySQL users table. I figured out the version of MySQL was 4.0 (Debian Sarge) – and the hashes in this version are very weak, cracking them would take less than a couple of hours.

MySQL was listening on a remote port, so one could simply log in remotely and run queries or dump the database slowly so as to not be noticed.

Security researcher and Metasploit creator H D Moore described the security arrangements of the online ordering portal, as described above, as “about 50 steps of fail”.

HD could have gone for the 9 levels of Infernal fail, or called it divinely comical, but 50 steps is still pretty good.

Food, Security

Camel Milk

1 Comment

The Daily Record reports that the FDA is considering camel milk. Camel dairies already exist in America and promote camel milk benefits

To milk a camel, you need warm hands, a gentle touch and quick timing — camels give milk only in 90-second bursts.

Gil and Nancy Riegler, owners of the nation’s largest camel dairy near San Diego, said the extra work pays off with milk that is therapeutic, nutritious and delicious.

It’s also illegal to sell in the United States.

Illegal to sell milk?

Millions of tons are produced in desert regions around the world but Europe and the US do not yet allow it to be sold. There is no doubt the hundreds of thousands of Somalis, Mongolians, Ethiopians in America alone would purchase the milk if available. The problem will be how to try and fit camels into the industrialized cattle model, or how to learn to let go of the cattle model and start over. A new approach to dairy sounds interesting — it might even improve milk quality enough to make quantity a non-issue.

The Camelicious dairy, opened in 2006, uses mechanized milking technology and trains camels to walk into the milking parlor. When the dairy first started, “the Bedouins said, ‘No way will the animals enter that milking parlor,'” said Peter Nagy, the Hungarian farm manager there.

He and his wife, both veterinarians, solved the problem, he said, but “I cannot explain exactly how this was done.” Mr. Nagy credits training by his wife: “A woman has a sixth sense” that allows her to “know how the animals feel.”

I would wager his wife also is good at information security and risk management. Reuters in Australia suggests Europe also is looking at legalizing camel milk.

“People with lactose intolerance can drink it with no problem, unlike cow’s milk, it doesn’t cause protein allergies, and it’s high in insulin,” said Ulrich Wernery, the scientific director of Dubai’s Centre for Veterinary Research Laboratory.

Similar in taste and appearance to cow’s milk, he said camel milk is closer in composition to human milk, making it a healthier option than cow milk.

Camel milk also is high in vitamin C, which Wernery said explains its importance to Bedouins, Arab desert nomads, who historically lacked fruits or vegetables in their diet and have been drinking camel milk for generations.

Many health benefits compared to cow milk, a history of safe consumption…the FDA would be wise to legalize.