Injecting Malware into iOS Devices via Malicious Chargers
Have you ever been out, and your phone is low on power, so you ask someone if you can borrow their charger? I bet you have! I have all the time and I never gave it a second thought – until now.
It is possible for a hackers to build a charger that cracks your phone when you plug it in to recharge. Wow – it seems so obvious now! I would never have thought about it if I hadn’t read about the Security researchers at the Georgia Institute of Technology.
They built a malicious USB charger that can inject malware onto an iPhone, iPad, or other current-gen iOS device. This USB charger, called Mactans, takes less than a minute to compromise a device once it has been plugged in. A lot less time than it takes to charge your phone.
This current exploit attacks Apple iOS devices but that is not why I am writing about it. I am sure that every smartphone on the market today is vulnerable to a similar attack.
So, next time your going to borrow some juice for your phone – make sure you trust the source or your phone may get rooted.
For more information on this specific hack:
Description of presentation at the Black Hat conference
Fake iPhone charger can hack iOS in under 60 seconds
Black Hat hackers break into any iPhone in under a minute, using a malicious charger
Black Hat hackers break into any iPhone in under a minute, using a malicious charger
On an NTFS volume when you delete a file it is still recoverable so if you want to really remove a file you need to do a secure delete of that file. You can use the Cipher tool, which is part of a default Windows install, to securely delete files. It is not as convenient as some 3rd party tools but it is nice to have an option for Windows RT and any Windows install.
The way it works is first you delete your file and then have Cipher.exe overwrite the free space with random bits.
Here are the steps to securely delete files in Windows.
- Open and Administrative command prompt (Run as administrator)
- delete the file (example: del c:\tmp\brianpasswords.txt)
- Run Cipher to clean the free space (example: cipher.exe /wC:\tmp)
This is not the fastest process and not as easy as a third party tool but it works. If you are looking for more how to information on deleting or undeleting files see my previous posts:
How to delete those pesky undeletable files
Recover lost Files even after a format! Free with PhotoRec tool (best undelete tool – and free)
Lastly if you want a great secure delete tool – I like the free sysinternals command line tool sdelete.exe which you can grab from the link below. It wipes a file or the free space on a drive.
Sysinternals Secure Delete – free tool to wipe data
The video below features surfer Stephanie Gilmore and has caused some controversy due to the use of sexy images to grab your attention while it is really an ad for the 2013 Roxy Pro Biarritz surfing meet.
So why am I writing about it? Glad you asked…Because what I noticed was the sexy HTC Windows Smartphone and the beautiful Microsoft Surface PC. Stephanie even checks her outlook email on the Surface device. I thought this might be a Microsoft commercial. It sure is nice to get free advertising in a positive hip and trendy ad. What really struck me is that this add is pushing sexy all the way and they choose Microsoft devices not Apple or Google. I know – your saying “that’s what struck you?” – I’m just wondering could it be?
Could it be the Microsoft is sexy again?
Can you guess who she is?
***Update: Microsoft is a sponsor of the Woman’s surfing competition, so it’s not free advertising.
Today is Patch Tuesday – July 2013: 7 Updates Correcting 18 Issues
There are exploits in the wild for some of these problems. Hopefully you patch before you get your machine owned. If you run an enterprise – spend the time looking at these patches and getting your environment patched. Use your patching process if you have one in place; If you don’t have a process – isn’t it about time you implement a patching process?
These updates effect all supported operating systems. Both 32-bit and 64-bit Windows operating Systems are effected including Windows RT. There are also updates for Microsoft Office 2010, 2007, and 2003, as well as Visual Studio .NET 2003, Microsoft Silverlight 5, Microsoft Lync, and Windows Defender.
For more information see the Microsoft site:
Update your Windows RT device to the Windows 8.1 Preview – you won’t regret it!
I updated my Surface RT to the Windows 8.1 Preview last week and I really like it! The addition of Outlook for email is my favorite upgrade with the extra 2.9 Gig of extra drive space my second favorite improvement. There are a few other noteworthy improvements like adding a “Start Button” and improving the search. There are other new features but I will let you explore to find them or read about Scott Hanselman’s favorites here:
I had read that to upgrade Windows RT to Windows 8.1 Preview you just used the Store. So I logged in and searched the store for the update. I couldn’t find it. Very irritating. I did a “Bing” search and couldn’t find any blogs detailing the steps. (I checked Google too:) That was irritating, it does use the store to do the upgrade but you need to install a patch first and then it upgrades the machine.
Here is what you need to start the upgrade:
Start IE and browse to the Windows Product Preview Page. http://preview.windows.com/
Click on the Get it now button. From an account with admin privileges install the patch. After you install this patch the system will want to reboot and then it will want to download a new image.
Then update took me about two hours to complete. It was worth the time. –Brian
***Update: Detailed article on upgrading. http://www.nextofwindows.com/upgrade-microsoft-surface-rt-to-windows-8-1/
There is a new update for Office on Mac that released two weeks ago. If you were running Windows – Windows Update would notify you and patch it for you but if you are running on a Mac you have to take care of this yourself. Sorry.
This update fixes critical issues and also helps to improve security. It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code. For more information about this update, please visit the Microsoft Web site.
Applies to: Office 2011, Office 2011 Home and Business Edition, Word 2011, Excel 2011, PowerPoint 2011, Outlook 2011, Office for Mac Standard 2011 Edition, Microsoft Office for Mac Home & Student 2011, and Microsoft Office for Mac Academic 2011.
Microsoft Office for Mac 2011 14.3.5 Update – now available for download
Didn’t make it to TechEd this year? Don’t worry! This month, we are releasing a new article that highlights the Best of TechEd every workday. In today’s article I look at Windows Server 2012R2 Desired State Configuration (DSC).
I actually missed the announcement of DSC at TechEd and it wasn’t until I returned home that my good friend and Microsft Most Valuable Professional (MVP) Steve Murawski told me about this announcement. Steve is a brilliant Server Admin and also a PowerShell fanatic. I have not seen him this excited about a new technology in Windows Server.
When Desired State Configuration is run it looks for the server to be configured a certain way. If it is not configured that way it configures it. If the server is already configured that way then it just continues. This is a very powerful tool which can prevent configuration drift. Your server will be configure the way you set and will keep getting set back that way even if someone attempts to change it.
If you manage Windows Servers then you really want the power and simplicity of Desired State Configuration.
The main goals in building DSC were to:
- Simplify Configuration
- Prevent Configuration Drift
- Enable Continuous Deployment
- Create an ecosystem
If you want to understand more I have two links for you to check out. The first is the session from TechEd 2013 by Jeffrey Snover and Kenneth Hansen. I have the link directly below. The second link is for a hands on lab from TechEd 2013 that has you configure servers using DSC.
Desired State Configuration in Windows Server 2012 R2 PowerShell link:
- 8:36 – Demo PowerShell Code to Install IIS and Explain the syntax
- 21:15 – Demo of how it can fix your mistakes –(fixes two webservers in seconds)
- 26:55 – Demo – per node information and differences
- 32:30 – Demo expanding to 3 servers from 2 with a simple text edit.
- 37:40 – Success – 3 Servers now running
- 38:45 – How does this work –
- 42:16 – Eric Winter SCVMM “the Cloud OS Virtual Machine Role” working with DSC
- 47:25 – Julian Dunn from OpsCode.com
- 1:07:30 – The Pull Model vs Push Model
Online hands on lab for Desired State Configuration
Enjoy! – Brian
Didn’t make it to TechEd this year? Don’t worry! This month, we are releasing a new article that highlights the Best of TechEd every workday. In today’s article I look at Mark Russinovich’s talk on Azure Internals. Watch his session and learn about Microsoft’s data center architecture, what goes on behind the scenes when you deploy and update a Windows Azure app, and how it monitors and responds to the health of machines, its own components and the apps it hosts. Mark also highlights recent enhancements and how the platform implements some of the latest features.
Here are a few things that I found interesting in this session:
- The Fabric Controller- Manages everything in a Cluster (about 1,000 servers)
- The Datacenter.xml file has the description for the 1,000 machines, their power strips, and their networks.
Steps when Provisioning a Physical Node
- Physical Machine Powers On and does a PXE-Boot
- A WinPE instance loads – which downloads a VHD file to the local attached storage
- Physical Machine reboots and boots from the VHD file (can cache multiple vhd boot images)
- This server can be multiple things. One of the things it could be is a Fabric Controller server, it could also be a Hyper-v server.
Hardware load balancers were expensive and not able to handle the needs of the Azure datacenter so they developed a Software Load Balancer and that feature is being added to Server 2012R2.
Here is the link to the Windows Azure Internals session by Mark Russinovich:
Here are a few interesting spots in the session
35:30 – How Azure provisions a node (server)
39:10 – Deploying a Service
48:40 – Demo – view of a service across different fault domains in a cluster
51:02 – Visualize a service deploying across 3 servers
52:19 – Deploying a Role Instance – Differencing Disks created
55:20 – Infrastructure as a Service – Topology
1:03:32 – Maintaining Service Health
1:08:10 – Azure Operations Room Video ( 2 guys manage all of Azure!)
Didn’t make it to TechEd this year? Don’t worry! This month, we are releasing a new article that highlights the Best of TechEd every workday. In today’s article I focus on Hyper-v Replica and the Hyper-v Replica Capacity Planner tool.
Hyper-v Replica is an awesome technology. I often refer to it as poor man’s geo clustering. It is a fantastic DR tool that asynchronously sends changes of a running VM on Hyper-v to another Hyper-v server. This enable you to turn on the other server if there is a problem with the first server. Much faster than restoring from tape!
There are a few new features in Server 2012R2 Hyper-v Replica
- Resynchronization – How to handle resync automatically
- Extend Replication to a Third Hyper-v server
- Change the Synchronization time interval (30 sec to 5 minutes to 15 Minutes)
(Changes possible loss window and bandwidth needs)
- Linux VM Enhancements
- Online Disk Resizing
- Generation 2 VMs
- Seamless upgrade from 2012
Capacity Planner for Hyper-v Replica
Just before TechEd we just released a new FREE tool called the Capacity Planner for Hyper-v Replica. This is a great tool which monitors VMs you select. You will want to have it monitor your VMs during typical max workloads so it can analyze how many VMs you can replicate across your network. This is great for planning checking if your WAN can handle the bandwidth without causing WAN congestion.
Download the Capacity Planner for Hyper V Replica here:
Understanding Hyper-V Replica: Performance, Networking and Automation
There was a great session at TechEd 2013 on Understanding Hyper-V Replica: Performance, Networking and Automation. In this session you can learn about Hyper-v replica planning, bandwidth management, and new features. What is doesn’t have is a basic over view of setup or overview, so you should have a basic understanding first.
Here are some highlights of the session:
Session Objectives & Takeaways
- Overview of Hyper V Replica
- Infra-structure Planning
- Introduction to Capacity Planner for Hyper V Replica
- Deployment Considerations & Automation
- Monitoring your replication
- How to failover & failback
- Automating Hyper V Operations using System Center Orchestrator (SCO)
- What’s new with Hyper V Replica in Windows Server 2012 R2
The Session recording is available here:
Raghavendran Gururajan – Principle Program Manager
Charles Joy – Senior Program Manager
When looking at your Disaster Recover procedures take a look at Hyper-v Replica and see how you can improve your recovery time while lowering costs as you insure the continuity of your business.
*** Update*** My coworker and good friend KeithMayer has a great lab posted on using the Capacity Planner for Hyper-v. Try it yourself!
Guided Hands-on Lab: Capacity Planner for Windows Server 2012 Hyper-V Replica
The Software industry is in the midst of a huge paradigm change. The way we buy and sell software is changing with the advent of the new mobile devices. Yes, I know it’s the app store but it is more than that.
With the launch of the app stores software writers build their apps and sell them through the devices app store. The store takes a piece of the sale – usually 30% of the total sale for the app store. After understanding this new world a little better, developers have learned how to maximize their revenue.
There are two main ways to maximize revenue in this new app store marketplace. One is to use in app purchases. While some app stores still require that they still get their 30% cut some do not. Further most people won’t spend a large amount of money on phone a game especially when there are free games. Free like a puppy is the new method to maximize revenue in games. The trick is to create a compelling game where the player gets hooked. Then you have levels where it is almost impossible to pass to the next level without some in app purchase of some new tool or feature. I have seen games where they are able to get $20 out of a player. For a free phone game. Pretty smart and the customers don’t seem to mind as long as they enjoy the game. I doubt they could get them to spend the money upfront in the old way of selling software.
In app purchases may work great for games but it is not so attractive for business software. Here what software developers are doing is making the program available for free but requiring some cloud service on the back end. This is where they will charge and avoid the 30% app store fee. Dropbox is a good example of this. They have a free client everywhere and it syncs files to your devices, but if you need more space than than their free offer has then you have to purchase more space.
Microsoft seems to be moving in this direction also. This past Friday Microsoft released Office Mobile for the iPhone. The app is free on Apple’s app store but it does require an Office 365 subscription.
For the official Office Team announcement here is their blog post:
Office Mobile for iPhone now available for Office 365 subscribers
It is my belief that is is the new world of software and we will be seeing more of this from all software vendors. That is, free downloads with charges on the back end probably from some cloud service. What do you think?