Sweet hackintosh…
Wikimaniacs via Giz
The downside of facial recognition software
Joy of Tech via Superman of Steel. Silly.
Toys weekend deal: 500GB Pocket Drive, $104.99
From the Toys section:
We talked this week about the 500 GB sweet spot in laptop hard drives. Another good option has popped up. J&R just marked down the Western Digital 500GB USB External WDME5000TN (Midnight Black) hard drive to $104.99(+$6 Shipping). This is in retail box and is $45 off of list price and less than we could find anywhere else (J&R through Buy.com has it for the same price with more for shipping and tax). Other colors are also available at higher prices.
While that is slightly more expensive than the internal drives we talked about earlier, it comes with an enclosure (which is easy to open and swap with your laptop’s internal drive). It also features the Western Digital hard drive that gets higher ratings than either Seagate or Samsung at the same price we mentioned earlier without the enclosure.
Also, you can protect that portable 2.5 inch drive with a Case Logic portable hard drive case for another $10.
Technical Details
- Box Contents – My Passport Essential 500GB Portable USB Hard Drive, USB 2.0 cable, Quick Install guide
- 500GB Hard Drive Capacity
- Installation is a snap because you don’t really install this drive; you just plug it in and it’s ready to use. There is no CD to install; the included software loads from the drive the first time you plug it in
- Powered by the USB bus. No separate power supply is needed
- This ultra-portable drive fits easily in your pocket or purse, weighs only a few ounces, and holds tons of valuable data
Product Description
Product Description
These elegant portable drives are simple to use, light and easy to carry, and require no power adapter — they are powered directly through the USB cable. Pack up your office files and take them home. Carry thousands of songs or pictures. Synchronize files between home and office and encrypt everything on the drive for added security. WD Sync synchronization and encryption software lets you take your critical data with you. Plug My Passport into any PC, edit files, read e-mail, and view photos. Then sync all of your changes back to your home or office computer. Your data is protected with 128-bit encryption (Windows only). Perfect for the business traveler who needs to transfer large amounts of data from laptop to clients or just daily backups in case of accidents from mishandled luggage to coffee spills. Also comes in handy if you’re worried about laptop theft and someone else having access to your important data, you can store it on this portable encrypted drive instead. For all those precious pictures, videos, music and data files, this external hard drive is a must have. WD Sync synchronization and encryption software lets you save your critical data and take it with you. Plug your drive into any PC, edit files, read e-mail, and view photos. Then sync all of your changes back to your home or office computer (Windows only) Search your drive, manage your photos, and simplify Web searches with included Google software (Windows only) Up to 480Mb/sec Bus Transfer Rate with USB 2.0 System Requirements – Windows 2000/XP/Vista, Mac OS X (10.1.5 or later), Available USB port Approximate Unit Dimensions – 0.59 (H) x 4.96 (L) x 3.14 (W) Approximate Unit Weight – 0.23lb
These elegant portable drives are simple to use, light and easy to carry, and require no power adapter — they are powered directly through the USB cable. Pack up your office files and take them home. Carry thousands of songs or pictures. Synchronize files between home and office and encrypt everything on the drive for added security. WD Sync synchronization and encryption software lets you take your critical data with you. Plug My Passport into any PC, edit files, read e-mail, and view photos. Then sync all of your changes back to your home or office computer. Your data is protected with 128-bit encryption (Windows only). Perfect for the business traveler who needs to transfer large amounts of data from laptop to clients or just daily backups in case of accidents from mishandled luggage to coffee spills. Also comes in handy if you’re worried about laptop theft and someone else having access to your important data, you can store it on this portable encrypted drive instead. For all those precious pictures, videos, music and data files, this external hard drive is a must have. WD Sync synchronization and encryption software lets you save your critical data and take it with you. Plug your drive into any PC, edit files, read e-mail, and view photos. Then sync all of your changes back to your home or office computer (Windows only) Search your drive, manage your photos, and simplify Web searches with included Google software (Windows only) Up to 480Mb/sec Bus Transfer Rate with USB 2.0 System Requirements – Windows 2000/XP/Vista, Mac OS X (10.1.5 or later), Available USB port Approximate Unit Dimensions – 0.59 (H) x 4.96 (L) x 3.14 (W) Approximate Unit Weight – 0.23lb
if (typeof jQuery != ‘undefined’) {
jQuery(‘#productDescription’).lazyLoad({ overlayImg: ‘http://9to5mac.files.wordpress.com/2008/12/transparent-pixel._v42752373_.gif’, forceGeneralImages: true, triggerSeparately: true });
}
<style type="text/css"> img.select-this-item { display: none !important; } input.no-js-checkbox { display: inline; } div#cart-wrapper { display: none; } .alt .accessory-item { height: 225px; } </style>
Jailbreaking is copyright infringement and a DMCA violation (illegal) says Apple
Fred von Lohmann, a legal representative from the EFF, says that recent comments filed by Apple (PDF) with the Copyright Office as part of the 2009 DMCA triennial rulemaking state that iPhone and iPod jailbreaking constitutes copyright infringement and a DMCA violation.
Bummer. To quote the EFF:
Apple’s iPhone, now the best-selling cellular phone in the U.S., has been designed with restrictions that prevent owners from running applications obtained from sources other than Apple’s own iTunes App Store. "Jailbreaking" is the term used for removing these restrictions, thereby liberating your phone from Apple’s software "jail." Estimates put the number of iPhone owners who have jailbroken their phones in the hundreds of thousands.
As part of the 2009 DMCA rulemaking, EFF has asked the Copyright Office to recognize an exemption to the DMCA to permit jailbreaking in order to allow iPhone owners to use their phones with applications that are not available from Apple’s store (e.g., turn-by-turn directions, using the iPhone camera for video, laptop tethering).
Apple’s copyright infringement claim starts with the observation that jailbroken iPhones depend on modified versions of Apple’s bootloader and operating system software. True enough — we said as much in our technical white paper describing the jailbreak process. But the courts have longrecognized that copying software while reverse engineering is a fair use when done for purposes of fostering interoperability with independently created software, a body of law that Apple conveniently fails to mention.
As for the DMCA violation, Apple casts its lot with the likes of laser printer makers and garage door opener companies who argue that the DMCA entitles them to block interoperability with anything that hasn’t been approved in advance. Apple justifies this by claiming that opening the iPhone to independently created applications will compromise safety, security, reliability, and swing the doors wide for those who want to run pirated software.
If this sounds like FUD, that’s because it is. One need only transpose Apple’s arguments to the world of automobiles to recognize their absurdity. Sure, GM might tell us that, for our own safety, all servicing should be done by an authorized GM dealer using only genuine GM parts. Toyota might say that swapping your engine could reduce the reliability of your car. And Mazda could say that those who throw a supercharger on their Miatas frequently exceed the legal speed limit.
But we’d never accept this corporate paternalism as a justification for welding every car hood shut and imposing legal liability on car buffs tinkering in their garages. After all, the culture of tinkering (or hacking, if you prefer) is an important part of our innovation economy.
Of course, many iPhone owners will be happy to choose solely from the applications that Apple is willing to approve, just like many Ford owners are happy relying exclusively on their local Ford dealer. But if you want to pop the hood, the DMCA surely shouldn’t stand in your way.
How easy is Jailbreaking an iPhone? It is Ashton Kutcher easy.
Update: Um, so you, us and Ashton are criminals it appears.
We’re veering away from our technology coverage slightly today to illustrate a point. Jailbreaking your iPhone is pretty damn easy. And no it won’t void your warranty (just got back from the Apple Store replacing my jailbroken phone with broken volume control). It is so easy that That 70′s Show star Ashton Kutcher rolls with a jailbroken iPhone to make videos of Paparazzi.
http://qik.com/swfs/qikPlayer4.swf
For a look on the other side of the camera click here. Shame on you for saying that jailbreaking is too difficult!
OK, paprazzi make us a little sick, no more of this for awhile. Via Engadget
Apple updates Java, OSX Security
Hit that Software Update to get a comprehensive security updates and some new Java goodness.
Security Update 2009-001
-
AFP Server
CVE-ID: CVE-2009-0142
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: A user with the ability to connect to AFP Server may be a able to trigger a denial of service
Description: A race condition in AFP Server may lead to an infinite loop. Enumerating files on an AFP server may lead to a denial of service. This update addresses the issue through improved file enumeration logic. This issue only affects systems running Mac OS X v10.5.6.
-
Apple Pixlet Video
CVE-ID: CVE-2009-0009
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exist in the handling of movie files using the Pixlet codec. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.
-
CarbonCore
CVE-ID: CVE-2009-0020
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in Resource Manager’s handling of resource forks. Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of resource forks. Credit: Apple.
-
CFNetwork
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Restores proper operation of cookies with null expiration times
Description: This update addresses a non-security regression introduced in Mac OS X 10.5.6. Cookies may not be properly set if a web site attempts to set a session cookie by supplying a null value in the "expires" field, rather than omitting the field. This update addresses the issue by ignoring the "expires" field if it has a null value.
-
CFNetwork
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Restores proper operation of session cookies across applications
Description: This update addresses a non-security regression introduced in Mac OS X 10.5.6. CFNetwork may not save cookies to disk if multiple open applications attempt to set session cookies. This update addresses the issue by ensuring that each application stores its session cookies separately.
-
Certificate Assistant
CVE-ID: CVE-2009-0011
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: A local user may manipulate files with the privileges of another user running Certificate Assistant
Description: An insecure file operation exists in Certificate Assistant’s handling of temporary files. This could allow a local user to overwrite files with the privileges of another user who is running Certificate Assistant. This update addresses the issue through improved handling of temporary files. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.
-
ClamAV
CVE-ID: CVE-2008-5050, CVE-2008-5314
Available for: Mac OS X Server v10.4.11, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in ClamAV 0.94
Description: Multiple vulnerabilities exist in ClamAV 0.94, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.94.2. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at http://www.clamav.net/
-
CoreText
CVE-ID: CVE-2009-0012
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Viewing maliciously crafted Unicode content may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow may occur when processing Unicode strings in CoreText. Using CoreText to handle maliciously crafted Unicode strings, such as when viewing a maliciously crafted web page, may result in an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Rosyna of Unsanity for reporting this issue.
-
CUPS
CVE-ID: CVE-2008-5183
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination
Description: Exceeding the maximum number of RSS subscriptions results in a null pointer dereference in the CUPS web interface. This may lead to an unexpected application termination when visiting a maliciously crafted website. In order to trigger this issue, valid user credentials must either be known by the attacker or cached in the user’s web browser. CUPS will be automatically restarted after this issue is triggered. This update addresses the issue by properly handling the number of RSS subscriptions. This issue does not affect systems prior to Mac OS X v10.5.
-
DS Tools
CVE-ID: CVE-2009-0013
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Passwords supplied to dscl are exposed to other local users
Description: The dscl command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. Passwords exposed include those for users and administrators. This update makes the password parameter optional, and dscl will prompt for the password if needed. Credit: Apple.
-
fetchmail
CVE-ID: CVE-2007-4565, CVE-2008-2711
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in fetchmail 6.3.8
Description: Multiple vulnerabilities exist in fetchmail 6.3.8, the most serious of which may lead to a denial of service. This update addresses the issues by updating to version 6.3.9. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/
-
Folder Manager
CVE-ID: CVE-2009-0014
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Other local users may access the Downloads folder
Description: A default permissions issue exists in Folder Manager. When a user deletes their Downloads folder and Folder Manager recreates it, the folder is created with read permissions for everyone. This update addresses the issue by having Folder Manager limit permissions so that the folder is accessible only to the user. This issue only affects applications using Folder Manager. This issue does not affect systems prior to Mac OS X v10.5. Credit to Graham Perrin of CENTRIM, University of Brighton for reporting this issue.
-
FSEvents
CVE-ID: CVE-2009-0015
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Using the FSEvents framework, a local user may be able to see filesystem activity that would otherwise not be available
Description: A credential management issue exists in fseventsd. By using the FSEvents framework, a local user may be able to see filesystem activity that would otherwise not be available. This includes the name of a directory which the user would not otherwise be able to see, and the detection of activity in the directory at a given time. This update addresses the issue through improved credential validation in fseventsd. This issue does not affect systems prior to Mac OS X v10.5. Credit to Mark Dalrymple for reporting this issue.
-
Network Time
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: The Network Time service configuration has been updated
Description: As a proactive security measure, this update changes the default configuration for the Network Time service. System time and version information will no longer be available in the default ntpd configuration. On Mac OS X v10.4.11 systems, the new configuration takes effect after a system restart when Network Time service is enabled.
-
perl
CVE-ID: CVE-2008-1927
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Using regular expressions containing UTF-8 characters may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of certain UTF-8 characters in regular expressions. Parsing maliciously crafted regular expressions may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of regular expressions.
-
Printing
CVE-ID: CVE-2009-0017
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: A local user may obtain system privileges
Description: An error handling issue exists in csregprinter, which may result in a heap buffer overflow. This may allow a local user to obtain system privileges. This update addresses the issue through improved error handling. Credit to Lars Haulin for reporting this issue.
-
python
CVE-ID: CVE-2008-1679, CVE-2008-1721, CVE-2008-1887, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3144, CVE-2008-4864, CVE-2007-4965, CVE-2008-5031
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in python
Description: Multiple vulnerabilities exist in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project.
-
Remote Apple Events
CVE-ID: CVE-2009-0018
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Sending Remote Apple events may lead to the disclosure of sensitive information
Description: An uninitialized buffer issue exists in the Remote Apple Events server, which may lead to disclosure of memory contents to network clients. This update addresses the issue through proper memory initialization. Credit: Apple.
-
Remote Apple Events
CVE-ID: CVE-2009-0019
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Enabling Remote Apple Events may lead to an unexpected application termination or the disclosure of sensitive information
Description: An out-of-bounds memory access exits in Remote Apple Events. Enabling Remote Apple Events may lead to an unexpected application termination or the disclosure of sensitive information to network clients. This update addresses the issue through improved bounds checking. Credit: Apple.
-
Safari RSS
CVE-ID: CVE-2009-0137
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution
Description: Multiple input validation issues exist in Safari’s handling of feed: URLs. The issues allow execution of arbitrary JavaScript in the local security zone. This update addresses the issues through improved handling of embedded JavaScript within feed: URLs. Credit to Clint Ruoho of Laconic Security, Billy Rios of Microsoft, and Brian Mastenbrook for reporting these issues.
-
servermgrd
CVE-ID: CVE-2009-0138
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Remote attackers may be able to access Server Manager without valid credentials
Description: An issue in Server Manager’s validation of authentication credentials could allow a remote attacker to alter the system configuration. This update addresses the issue through additional validation of authentication credentials. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.
-
SMB
CVE-ID: CVE-2009-0139
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Connecting to a maliciously crafted SMB file system may lead to an unexpected system shutdown or arbitrary code execution with system privileges
Description: An integer overflow in SMB File System may result in a heap buffer overflow. Connecting to a maliciously crafted SMB file system may lead to an unexpected system shutdown or arbitrary code execution with system privileges. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.
-
SMB
CVE-ID: CVE-2009-0140
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Connecting to a maliciously crafted SMB file server may lead to an unexpected system shutdown
Description: A memory exhaustion issue exists in the SMB File System’s handling of file system names. Connecting to a maliciously crafted SMB file server may lead to an unexpected system shutdown. This update addresses the issue by limiting the amount of memory allocated by the client for file system names. Credit: Apple.
-
SquirrelMail
CVE-ID: CVE-2008-2379, CVE-2008-3663
Available for: Mac OS X Server v10.4.11, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in SquirrelMail
Description: SquirrelMail is updated to version 1.4.17 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/
-
X11
CVE-ID: CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in X11 server
Description: Multiple vulnerabilities exist in X11 server. The most serious of these may lead to arbitrary code execution with the privileges of the user running the X11 server, if the attacker can authenticate to the X11 server. This update addresses the issues by applying the updated X.Org patches. Further information is available via the X.Org website at http://www.x.org/wiki/Development/Security
-
X11
CVE-ID: CVE-2006-1861, CVE-2006-3467, CVE-2007-1351, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Multiple vulnerabilities in FreeType v2.1.4
Description: Multiple vulnerabilities exist in FreeType v2.1.4, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by incorporating the security fixes from version 2.3.6 of FreeType. Further information is available via the FreeType site at http://www.freetype.org/ The issues are already addressed in systems running Mac OS X v10.5.6.
-
X11
CVE-ID: CVE-2007-1351, CVE-2007-1352, CVE-2007-1667
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Multiple vulnerabilities in LibX11
Description: Multiple vulnerabilities exist in LibX11, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by applying the updated X.Org patches. Further information is available via the X.Org website at http://www.x.org/wiki/Development/Security These issues do not affect systems running Mac OS X v10.5 or later.
-
XTerm
CVE-ID: CVE-2009-0141
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: A local user may send information directly to another user’s Xterm
Description: A permissions issue exists in Xterm. When used with luit, Xterm creates tty devices accessible by everyone. This update addresses the issue by having Xterm limit the permissions so tty devices are accessible only by the user.
Submit a Tip
cancel
