Back in 1971, Steve Jobs and Steve Wozniak (founders of Apple Computer Inc.) went into business to build ‘Blue Boxes’. A device that allowed free illegitimate phone calls by faking the signals used by AT&T (Apple’s exclusive network carrier). In the picture, you can see Steve Jobs with a ‘Blue Box’.

From Wikipedia:
An early freaking tool, the blue box is an electronic device that simulates a telephone operator’s dialing console. It functions by replicating the tones used to switch long-distance calls and using them to route the user’s own call, bypassing the normal switching mechanism. The most typical use of a blue box was to place free telephone calls - inversely, the Black Box enabled one to receive calls which were free to the caller. The blue box no longer works in most western nations, as modern switching systems are now digital and no longer use the in-band signaling which the blue box emulates. Instead, signaling occurs on an out-of-band channel which cannot be accessed from the line the caller is using (called Common Channel Interoffice Signaling (CCIS)).

The Apple Founders not only built those devices, but Steve Jobs also sold them to his fellow students at the University of California, Berkeley. Allegedly they demonstrate the product by making prank calls.

From Wikipedia:
Some of the more famous pranksters were Steve Wozniak and Steve Jobs, founders of Apple Computer. On one occasion Wozniak dialed Vatican City and identified himself as Henry Kissinger (imitating Kissinger’s German accent) and asked to speak to the Pope (who was sleeping at the time).

Blue boxes were not just the domain of “pranksters” and “explorers”; others (such as the Mafia) used blue boxes solely to make free phone calls for criminal purposes.

Steve Jobs is a true visionary, he is the man who sees the future. Why would he go behind his fellow hackers to stop them from unlocking iPhone? Evidently, iPhone unlocking is in Apple’s interest.

Apple’s core business is hardware and it relies on the sales of its products. The iPhone is gateway for Apple like iPod, which will help them to increase in brand popularity and more hardware sales. Apple needed a carrier to launch iPhone and they signed up with AT&T with an undisclosed revenue sharing deal. The revenue generated from AT&T subscriptions won’t be a significant amount compared to the revenue from hardware sales.

It is AT&T who is more worried about iPhone hackers, not Apple. That’s why AT&T lawyers went knocking on the doors of iPhone hackers while Apple took a “neutral” stance on the unlocking issue. Unlocking a cell phone is legal and not a violation of laws.

Apple can’t stop anyone from unlocking any a cell phone. But, it is obliged to make iPhone as “unhackable” as possible because of the exclusivity deal with AT&T. At a recent Apple event in London, Jobs tactfully acknowledged with his statement “It’s a cat-and-mouse game”. It is evident that Apple is in the ‘mouse’ position in current scenario and they are ready with a new firmwire version which will lock the iPhones again to make AT&T and O2 happy.

We know there is no such thing as “unhackable”. Sooner or later, iPhone hackers will be able to hack and supply an upgrade version of their software to unlock the newer firmware versions. The cat-and-mouse game will continue, customers with unlocked iPhones will be able to upgrade with the newer version of firmware once the updated unlock solution comes out.

The copy protection seems to be ruined on the latest Blu-Ray and HD DVD technology has been broken, according to a code writer’s post at the Doom9 video enthusiast forums.

Someone on this forum has claimed to have written software, named BackupHDDVD, that bypasses the Advanced Access Content System (AACS) protection found on the new storage formats and allows users to copy data from the otherwise restricted discs to a PC.

Maybe this news is still in its rough form and maybe it is just limited to a handful of HD DVD titles, the program appears to confirm early fears that AACS is too similar to CSS, the encryption scheme used by standard DVDs and famously bypassed by Jon Lech Johansen in 2002.

If validated, this could force a radical revision of copy protection on future discs.

Yahoo Messenger users are being urged to upgrade to the latest version after the application was hit by a ‘highly critical’ vulnerability.

The flaw allows for a buffer overflow attack against an ActiveX control bundled with the installer for the application. An attacker could exploit the vulnerability to take control of a system by luring a user to a specially crafted website.

Yahoo said in a security advisory that it is not aware of any attacks exploiting the flaw.
Danish security vendor Secunia gave the flaw a severity rating of ‘highly critical’, the fourth on a five step scale.

The flaw affects Yahoo Messenger versions 2005.1.1.4 and above. An update can be downloaded from Yahoo’s website.

McAfee has recently predicted about the new patterns of the online crime that we may need to prepare ourselves as exploiters will continue to expand their malware tools in 2007 and it is most likely to include the emerging media such as video files and mobile phones.

Unfortunately the online criminals will develop malware for any application that attracts large numbers of consumers and, as a result, are likely to start creating movie Trojans.

When a user opens such a file in their media player, the software will automatically start downloading and installing malware or adware. A first example of such an online threat was detected earlier this month in the Realor worm that targets the Real Player.

Mobile phones too are expected to receive increased scrutiny from criminals. As the Symbian operating system is becoming the de facto standard for consumer smartphones and is reaching critical mass, the software becomes an attractive target for malware authors. Also, smartphones are starting more closely to resemble computers and consumers are getting used to installing and running software on the devices.

Microsoft’s Windows Vista operating system is notably absent from McAfee’s list of security predictions for 2007. The software offers several technologies that prevent attacts that are common today. However, Marcus expects that it will take malware authors about nine months before they figure out ways to compromise the software’s defences.

Despite the onslaught of new security vulnerabilities, Marcus remained optimistic about the overall state of computer security, pointing to advances in security software.

McAfee’s complete list of predictions for next year is as follows:

1. The number of password-stealing websites will increase using fake sign-in pages for popular online services such as eBay.
2. The volume of spam, particularly bandwidth-eating image spam, will continue to increase.
3. The popularity of video sharing on the web makes it inevitable that hackers will target MPEG files as a means to distribute malicious code.
4. Mobile phone attacks will become more prevalent as mobile devices become ’smarter’ and more connected.
5. Adware will go mainstream following the increase in commercial Potentially Unwanted Programs.
6. Identity theft and data loss will continue to be a public issue – at the root of these crimes is often computer theft, loss of back-ups and compromised information systems.
7. The use of bots, computer programs that perform automated tasks, will increase as a tool favoured by hackers.
8. Parasitic malware, or viruses that modify existing files on a disk, will make a comeback.
9. The number of rootkits on 32-bit platforms will increase, but protection and remediation capabilities will increase as well.
10. Vulnerabilities will continue to cause concern fuelled by the underground market for vulnerabilities.

Adobe declared about a new discovery of a security flaw that could give attackers control over compromised systems. They have warned their users about its root cause.

The vulnerability affects the ActiveX components for versions 7.0.0 through 7.0.8 of both its Reader and Acrobat applications.

This vulnerability can be exploited when a user views a specially-crafted web page with Internet Explorer. Once the exploit has been executed, an attacker would have the ability to remotely install and execute malware.

The vulnerability was originally reported by French security research firm FrSIRT. Both FrSIRT and Adobe rate the vulnerability as “critical” and this is a highest alert level for both organisations.

According to Adobe, the threat can be neutralised by deleting the AcroPDF.dll ActiveX file. This will disable the ability to view PDF files within Internet Explorer, however. Other browsers and non-Windows operating systems are not affected by this vulnerability.

A hacker known for cracking the copy-protection technology in DVDs claims to have unlocked the playback restrictions of Apple Computer Inc.’s iPod and iTunes music products and plans to license his code to others.

The move by Jon Lech Johansen, also known as “DVD Jon,” could pit the 22-year-old against Apple’s lawyers, experts say, but if successful could free users from some restrictions Apple and its rivals place on digital music.

Today, songs purchased from Apple’s online iTunes Music Store can’t be played on portable devices made by other companies. Songs purchased from many other online music stores also won’t work on iPods because they similarly use a form of copy-protection that Apple doesn’t support.

Johansen said he has developed a way to get around those restrictions by creating code that mimics Apple’s copy-protection system. But unlike his previous work, which he usually posts for free, the Norway native plans to capitalize on his efforts through his Redwood Shores-based DoubleTwist Ventures, said the company’s only other employee, managing director Monique Farantzos.

An unnamed client will soon use the technology so its copy-protected content will be playable on iPods, she said, declining to give any specifics.

“There’s a certain amount of trouble that Apple can give us, but not enough to stop this,” Farantzos said Tuesday. “We believe we’re on good legal ground, and our attorneys have given us the green light on this.”

Apple spokeswoman Kristin Huguet said the company was declining to comment.

A few others, including RealNetworks Inc.’s RealPlayer Music Store, have also tried to circumvent Apple’s copy-protection technology, called FairPlay, but haven’t gained much traction.

Fred von Lohmann, a staff attorney at the privacy-advocacy group, Electronic Frontier Foundation, said Johansen is treading carefully this time, consulting with lawyers, but isn’t necessarily cleared from a legal fight over copy-protection laws.

“There is a lot of untested legal ground surrounding reverse engineering,” he said.

Johansen became a hero to hackers at age 15, when he posted software called DeCSS to unlock the Content Scrambling System, or CSS, the film industry used on DVD movies to prevent illegal copying. The act made Johansen, who was then living in Norway, a folk hero among hackers.

After the film industry complained, Norwegian authorities charged him with data break-in, but Johansen was acquitted.

He has since become a strong advocate of the open-source philosophy of making software code freely available for inspection and sharing.A hacker known for cracking the copy-protection technology in DVDs claims to have unlocked the playback restrictions of Apple Computer Inc.’s iPod and iTunes music products and plans to license his code to others.

The move by Jon Lech Johansen, also known as “DVD Jon,” could pit the 22-year-old against Apple’s lawyers, experts say, but if successful could free users from some restrictions Apple and its rivals place on digital music.

Today, songs purchased from Apple’s online iTunes Music Store can’t be played on portable devices made by other companies. Songs purchased from many other online music stores also won’t work on iPods because they similarly use a form of copy-protection that Apple doesn’t support.

Johansen said he has developed a way to get around those restrictions by creating code that mimics Apple’s copy-protection system. But unlike his previous work, which he usually posts for free, the Norway native plans to capitalize on his efforts through his Redwood Shores-based DoubleTwist Ventures, said the company’s only other employee, managing director Monique Farantzos.

An unnamed client will soon use the technology so its copy-protected content will be playable on iPods, she said, declining to give any specifics.

“There’s a certain amount of trouble that Apple can give us, but not enough to stop this,” Farantzos said Tuesday. “We believe we’re on good legal ground, and our attorneys have given us the green light on this.”

Apple spokeswoman Kristin Huguet said the company was declining to comment.

A few others, including RealNetworks Inc.’s RealPlayer Music Store, have also tried to circumvent Apple’s copy-protection technology, called FairPlay, but haven’t gained much traction.

Fred von Lohmann, a staff attorney at the privacy-advocacy group, Electronic Frontier Foundation, said Johansen is treading carefully this time, consulting with lawyers, but isn’t necessarily cleared from a legal fight over copy-protection laws.

“There is a lot of untested legal ground surrounding reverse engineering,” he said.

Johansen became a hero to hackers at age 15, when he posted software called DeCSS to unlock the Content Scrambling System, or CSS, the film industry used on DVD movies to prevent illegal copying. The act made Johansen, who was then living in Norway, a folk hero among hackers.

After the film industry complained, Norwegian authorities charged him with data break-in, but Johansen was acquitted.

He has since become a strong advocate of the open-source philosophy of making software code freely available for inspection and sharing.