I recently had some fairly serious problems with my iPod Touch when the latest 2.0.2 firmware was released. I don’t normally blog about these problems to complain, but it seems to me that there could be a serious issue affecting all iPod Touch and iPhone users - the Apple support website offered little or no help and at one point, I thought I might have bricked my iPod. In the hope of helping anyone out who may suffer the same problems, here’s my story…
Firstly, I should make it clear that my iPod is 100% above-board. It’s not Jailbroken and I bought and paid for both the original software update (the January Software Update which added mail functionality along with weather and stocks gadgets), and the iPhone 2.0 update for iPod Touch. I absolutely love my iPod and use it intensively for checking my email, general web surfing and all things music and video.
I first noticed a problem when I tried to update my iPod to the 2.0.2 software - I was able to update to 2.0.0 and 2.0.1 without any problems whatsoever just weeks earlier. I launched iTunes, plugged my iPod in and a “New Hardware Detected” bubble came up in Windows XP (Pro) stating that new hardware was found and it was a “Digital Stills Camera”. I thought that this was a bit strange, and within a few second, Windows went into memory dump mode and I got the Blue Screen Of Death (BSOD). Annoyed, I re-booted and plugged my iPod back in - this time it worked, connected no problem and so I started downloading the new firmware. The firmware downloaded (although at almost 250Mb, it seemed like a huge download for such a small device… I guess that’s just the way it is though) and began to install on my iPod. The “Digital Stills Camera” bubble popped up again in Windows and within seconds, my computer blue-screened and the software install didn’t finish correctly. I tried switching the iPod on - it worked, remembered my password etc, but when I tried to open anything (the Settings dialog for example), it just froze up.
As many of you from the UK will know, petrol prices have gone skywards and show no sign of slowing. With the Government announcing even more taxation on fuel, it’s time to take a stand. Lorry Drivers took matters into their own hands and staged the first of a number of threatened protests which I wholeheartedly agree with.
If you agree that fuel prices are too high and something has to be done at government level, please take just a few moments of your time to sign the government petition before 17 June 2008:
According to a number of recent BBC News articles, the UK government are currently considering creating a massive database logging all phone calls and emails sent. As usual, the excuse for needing such a database is “Terrorism” or “serious crime”, but at what point must voters and members of the public say that enough is enough? It is inconceivable to think that each and every call that is made is logged and every email that you send is noted - with current mobile phone technology, it’s possible for your location to be pin-pointed (simply download the Google Maps java application to your mobile handset and see for yourself by clickong on “my location”) so does this mean that yourlocation at the time of the call would be logged? It’s absolutely possible.
We’ve seen the function creep of technologies like this already - for example, average speed cameras that use number plate recognition to catch those speeding were installed under the promise that they would only ever be used for the purposes of speed control. Now though, we see that they are used to track movements of “terrorists” or “serious criminals”. With a database of all calls made and received, will the function eventually creep so that your exact location is logged every fifteen minutes or so when your mobile phone “checks in” with the network? Email on the move is also susceptible to this form of tracking - the IP address that sends the email could be tracked and in the future, why would they not start logging all the websites you’ve visited recently?
So it turns out that SHA-1 might be broken. If not broken as such, it’s certainly bruised and its ability to be relied upon is in a significant amount of doubt. But why should that matter? We can just use SHA-256 or SHA-512 for more security, can’t we? Well yes we can… but does that actually help the wider issue?
Think about this in another way: If you receive a signed email from a contact of yours and it verifies correctly, do you check what method of signature was used on the email? I’d suggest that unless you’ve fitted yourself for a tinfoil hat, you’re unlikely to do this. Seeing as the signature process is employed to provide verification, we need a method that can use in a widespread manner and that we can rely upon. Is it time to revoke SHA-1 and DSA signatures? Should encryption and signing packages refuse to verify messages and files signed using these methods? Perhaps. However, it’s extremely unlikely that this would be implemented - md5 was broken some time ago and yet it’s still used for verification of file downloads etc in a farily widespread manner. So what should we do to protect ourselves from potentially forged digital signatures?
This video is really an attack on the Fox News network, but I think it highlights effectively that any information that you hear mustn’t be taken as gospel. This goes hand-in-hand with my views on the UK and US governments pushing the excuse of “terrorism” on us so that we give up rights to privacy and head towards Surveilance Societies. Yes, I believe terrorism is a real problem, but how much of a problem is it really? As bad as they say? Or not really? Think about it.
The Raw Story reports that the US are currently drafting a law that will allow them full access to examine any email, file or web search at any time. Currently the plans are at the draft stage, but if passed, this could essentially mean the end to any form of privacy on the internet. Consider that the largest email providers such as Gmail, Hotmail (Live Mail - run by Microsoft), AOL and many others are based in the US but they have international users on a massive scale. This is a frightening plan that has global consequences, and will really pave the way for essential cryptographic systems on email.
From the article:
National Intelligence Director Mike McConnell is drawing up plans for cyberspace spying that would make the current debate on warrantless wiretaps look like a “walk in the park,” according to an interview published in the New Yorker’s print edition today.
McConnell is developing a Cyber-Security Policy, still in the draft stage, which will closely police Internet activity.
“Ed Giorgio, who is working with McConnell on the plan, said that would mean giving the government the autority to examine the content of any e-mail, file transfer or Web search,” author Lawrence Wright pens.
“Google has records that could help in a cyber-investigation, he said,” Wright adds. “Giorgio warned me, ‘We have a saying in this business: ‘Privacy and security are a zero-sum game.’”
A zero-sum game is one in which gains by one side come at the expense of the other. In other words — McConnell’s aide believes greater security can only come at privacy’s expense.Read the rest of this entry »
The results of this year’s Privacy International report are in and it doesn’t make comfortable reading! Many countries including the USA, China, Russia and the UK have been described as “Endemic Surveillance Societies” - a sobering thought when you consider that China (widely criticised for its web censorship and monitoring of citizens) is in the same category as the US and UK!
The report can be found here on the Privacy International website and I’d recommend you take a look and see how your own country got on.
It’s official: You have no right to the expectation of privacy when your computer is in for repair.
A recent Slashdot article told the story of a man from Pennsylvania who had his computer in for repair (a repair to the DVD burner of his PC). When the computer was in for the repair, technicians found illegal pornography on his hard disk, and he was reported to and arrested by the police. When it went to court, he successfully argued that the technicians had no right to be accessing data on his hard drive, but this decision was later overturned by a prosecution appeal.
In no conceivable way do I support his actions relating to the illegal material found on his computer, and I believe that people who make and access this material deserve to be prosecuted to the full extent of the law.
The fact the the material in question was found on the computer, however, highlighted the issue: do you or can you trust computer technicians with your data when your computer is in for repair?
A recent ruling in a Federal Appeals Court in the United States has extended the rights of privacy to email. In short, the judge ruled that law enforcement agencies need warrants in order to gain access to a suspect’s emails.
The full story can be read at Wired.com, but I’ve summarised the main points in the quotes below:
“A federal appeals court on Monday issued a landmark decision that holds that e-mail has similar constitutional privacy protections as telephone communications, meaning that federal investigators who search and seize emails without obtaining probable cause warrants will now have to do so.”
“The case boiled down to a Fourth Amendment argument, in which Warshak contended that the government overstepped its constitutional reach when it demanded e-mail records from his internet service providers. Under the 1986 federal Stored Communications Act (SCA), the government has regularly obtained e-mail from third parties without getting warrants and without letting targets of an investigation know (ergo, no opportunity to contest).”
The recent release of “iTunes Plus” has been over-shadowed by many users complaining about the fact that personal details have been embedded in the purchased track tags. Personally, I hardly find this surprising and I’d go so far to say that some users are citing “privacy concerns” as a reason to break the law, breach copyright and illegally share songs.
A bit of history: the Hymn Project is one of the oldest methods for users to remove the copy protection from songs legally purchased through iTunes (prior to version 7). This has been heralded as a “consumer champion” since it allows users to play their purchased songs on whatever equipment they like. Legalities aside, it is widely used and liked by many users. One of the key points in the Hymn Project, however, is that it removes the copy protection, but retains all the purchaser’s details on the track tags. The removal of the purchaser’s details was possible according to the Hymn site, but they saw no justification to do so.  The makers of Hymn rightly state that they do not condone piracy, they are simply exercising their rights to use their legally purchased content how they see fit without being guilty of piracy.
Now, with iTunes Plus offering DRM free downloads, severalsites feature complaints that this “hidden user information” is a major breach of privacy. I don’t think so.
RSS
August 20th, 2008 by 
Adam 
I recently had some fairly serious problems with my iPod Touch when the latest 2.0.2 firmware was released. I don’t normally blog about these problems to complain, but it seems to me that there could be a serious issue affecting all iPod Touch and iPhone users - the Apple support website offered little or no help and at one point, I thought I might have bricked my iPod. In the hope of helping anyone out who may suffer the same problems, here’s my story…
1 Comment »
The results of this year’s Privacy International report are in and it doesn’t make comfortable reading! Many countries including the USA, China, Russia and the UK have been described as “Endemic Surveillance Societies” - a sobering thought when you consider that China (widely criticised for its web censorship and monitoring of citizens) is in the same category as the US and UK!
A recent ruling in a Federal Appeals Court in the United States has extended the rights of privacy to email. In short, the judge ruled that law enforcement agencies need warrants in order to gain access to a suspect’s emails.
The recent release of “iTunes Plus” has been over-shadowed by many users complaining about the fact that personal details have been embedded in the purchased track tags. Personally, I hardly find this surprising and I’d go so far to say that some users are citing “privacy concerns” as a reason to break the law, breach copyright and illegally share songs.