July 2007
Beer and Privacy (3 July 2007
Belgian Court Rules ISPs Must Stop File-Sharing (5 July 2007
The Greek Cellphone Tapping Scandal (6 July 2007
Pen Registers and the Internet (7 July 2007
Security and Usability: Windows Vista (13 July 2007
Fidget Toys (13 July 2007
Checkers: Solved (19 July 2007
Secondary Uses and Privacy (20 July 2007
Security Flaw in the iPhone (23 July 2007
Hacking Forensic Software (26 July 2007
Insider Attacks (28 July 2007

Security Flaw in the iPhone

23 July 2007

A buffer overflow flaw — a very common programming bug that can have serious security consequences — has been found in the iPhone by Charlie Miller, Jake Honoroff, and Joshua Mason of Independent Security Evaluators (Avi Rubin's company). Yes, it's a security problem; yes, Apple needs to fix it ASAP. A technical description of the problem is here.

It's not the end of the world, though. (More details on my opinion are in the New York Times article.) The I.S.E. FAQ says it best:

Should I turn my iPhone off and lock it in a drawer until Apple fixes this? Not unless you plan to do the same to all the other computers you own. The iPhone is an internet connected device running a relatively full featured software suite: this research shows that it is vulnerable just like many other similarly capable devices, both PCs and embedded systems.
In other words, exercise caution, not paranoia.
Tags: security