Room362.com

So, according to my iPhone, the DNS servers that it uses is patched. (209.183.33.23 - schinetdns.mycingular.net) However, when I tried to send an image of the doxpara page through email it gave me an SSL error and asked me to accept the certificate.... Um, no thank you. So, for the time being I will not be checking my email for a while, or for that matter anything I need to authenticate with. Too much? probably, but just erring on the side of caution. I will post the screen caps when I don’t have SSL errors.

H.D. Moore actually contacted ATT about the issue. Check out his post to twitter for the response they gave him:H.D. Moore vs. ATT

“reads a response from AT&T: ”We will investigate your complaint and take appropriate action.“ DNS server is now offline...”

Now I wonder how many iPhones out there have already clicked “Continue”

EDIT: Here is a weird thing, as soon as I dropped to the “EDGE” network, the email sent with no errors. So here is the image: (Remember, this was taken while on 3G)

It’s almost that time. DefCon is right around the corner and things are coming together nicely. Here is where we stand and a rough schedule of events:

• Bloggers welcome. I got a lot of feedback asking if it’s just for “Podcasters” but we would like to invite bloggers to participate as well.
• I-Hacked.com and Astaro are our current sponsors, and I am still waiting on confirmation from two others.
• We have Skybox 208 all day Saturday. During the day it will be open to all podcasters to record in peace and quite if they wish.
• We have the following podcasters attending that I know of
  • PaulDotCom - Larry and Paul
  • CyberSpeak - Bret and Ovie (possible)
  • Network Security Podcast
  • Security Justice
  • Securabit
  • SploitCast
  • Security Catalyst (possible)
• Special Guests
  • Hvensnt from I-Hacked.com
  • Offensive Security
• Schedule of Events (Saturday)
  • 10 AM to 7 PM - Open to Podcasters Only
  • 7 PM - 8:30 - Setup and Testing for Live show
  • 8:30 - 9:00 - Doors open for audience
  • 9 - 10 - Live Show
  • 10 + After Party

We’ll see you there!

mubix

So after my last post, which autotwittered, I got a reply from a guy by the name of Frank Eliason, who goes by the handle “ComcastCares” on Twitter. And this is how the converation went:

mubix: Blogged Comcast: The start of a new series http://tinyurl.com/6jrvhe
5 days ago

comcastcares: @mubix I would like to help. Email me *********[snipped]@cable.comcast.com (new email: We_Can_Help@cable.comcast.com)
5 days ago

mubix: @comcastcares it shouldn’t come to the point where you need to help. I expect a certain level of service for the golf time I am paying for
about 3 hours later

comcastcares: @mubix The golf time?
2 minutes later

mubix: @comcastcares the premium that I pay monthly helps pay for Comcast execs trips to the golf course
about 1 hour later

comcastcares: @mubix Oh! I have not been golfing in a long time. Actually I do not know any golfers here. I guess I should make more friends

So after I’m done insulting the guy, he still goes out of his way to help me out. The very next day after this twitter conversation happens, a “gumbling” as my wife put it, contractor came to my house and put the cable in the ground. So I would like to give notice to Comcast: Frank Eliason is the best employee you have, if he every leaves or gets fired, I’m switching providers. To those who have problems with Comcast and their customer support, click the email link above and Frank will fix any problem you have, or at the very least he will know who to contact and with get things actually moving.

Thank you Frank.

mubix

So, now that your feed reader is full up of all the DNS problems, I would like to present you with one more tidbit. How many of you have checked your iPhone, Blackberry, or other web enabled mobile device against this vulnerability?  I did, and wasn’t happy.

For more information please check out these links:

In depth explination: http://www.mcgrewsecurity.com/?p=151
To check to see if you are vulnerable: http://www.doxpara.com/
http://www.mckeay.net/2008/07/21/patch-dns-now/
http://www.matasano.com/log/mtso/
http://www.doxpara.com/?p=1176
http://blogs.zdnet.com/security/?p=1520

I am truely getting tired of iPhone “Web Apps”. I created the title like I was going to give them a fair chance, but they truely have ZERO integration into the actual phone. They do have a pretty interface and I have to give props to some of the design developers, but does this seem more of a copout to anyone else?

I’ll give an example. I LOVE Remember the Milk. It is probably the best task system out there in my opinion. I have for the longest time tried to get tasks on my phone and have it integrate into my calendar. So I was very excited about the new iPhone and the possibility that there would be a killer app for calendar / todo syncing with the service I already love, RTM. To my shock I found they had a Web App. What does this do for me? I now can add tasks to my to do and RTM can email or text me when something comes up. I find this pointless, because I can simply add tasks with a full qwerty keyboard at the nearest computer with a internet connection. PLUS to add to it, RTM wants me to “Go Pro” in order to... use their WEBSITE? Hmm, pay 25 dollars and use their iPhone friendly web site, or just use their normal site from my iPhone.... I am not against paying for a product, and I am especially not against supporting a developer, but don’t make me pay for VISITING YOUR WEB SITE.

I feel that a lot of these “Web Apps” are a complete waste of developers time, instead give me an ACTUAL iPhone App! Now, if Apple is charging all kinds of money to be published to the App Store than I retract all I have said. If not, you are missing the boat people, charge 9.99 a pop and make an iPhone app that is worth downloading. I promise that I won’t be the only one pushing that “Purchase” button.