July 2007
Beer and Privacy (3 July 2007)
Belgian Court Rules ISPs Must Stop File-Sharing (5 July 2007)
The Greek Cellphone Tapping Scandal (6 July 2007)
Pen Registers and the Internet (7 July 2007)
Security and Usability: Windows Vista (13 July 2007)
Fidget Toys (13 July 2007)
Checkers: Solved (19 July 2007)
Secondary Uses and Privacy (20 July 2007)
Security Flaw in the iPhone (23 July 2007)
Hacking Forensic Software (26 July 2007)
Insider Attacks (28 July 2007)

Security Flaw in the iPhone

23 July 2007

A buffer overflow flaw — a very common programming bug that can have serious security consequences — has been found in the iPhone by Charlie Miller, Jake Honoroff, and Joshua Mason of Independent Security Evaluators (Avi Rubin’s company). Yes, it’s a security problem; yes, Apple needs to fix it ASAP. A technical description of the problem is here.

It’s not the end of the world, though. (More details on my opinion are in the New York Times article.) The I.S.E. FAQ says it best:

Should I turn my iPhone off and lock it in a drawer until Apple fixes this? Not unless you plan to do the same to all the other computers you own. The iPhone is an internet connected device running a relatively full featured software suite: this research shows that it is vulnerable just like many other similarly capable devices, both PCs and embedded systems.
In other words, exercise caution, not paranoia.