Apple engineering mistake exposes cleartext passwords for Lion

Apple’s latest update to OS X contains a programming error that reveals the passwords for material stored in the first version of FileVault, the company’s encryption technology, a software consultant said. He wrote on Cryptome that a debugging switch inadvertently left on in the current release of Lion, version 10.7.3, records in clear text the password needed to open the folder encrypted by the older version of FileVault. Users who are vulnerable are those who upgraded to Lion but are using the older version of FileVault. The debug switch will record the Lion passwords for anyone who logged in since the upgrade to version 10.7.3, released in early February. Apple has two versions of FileVault. The first version allowed a user to encrypt the contents of the home folder using the Advanced Encryption Standard (AES) with 128-bit keys. An upgraded product, FileVault 2, which shipped with OS X Lion, encrypts the entire content of the hard drive. When someone upgrades to Lion but still uses the first version, the encrypted home folder is migrated, which is now vulnerable with this security issue. The consultant said the password is accessible to anyone with root or administrator access. He said passwords can also be read by “booting the machine into FireWire disk mode and reading it by opening the drive as a disk or by booting the new-with-Lion recovery partition and using the available superuser shell to mount the main file system partition and read the file.”

Details Here

first published week of:   05/07/2012

10 GIS and GeoTech Mapping apps for the iPhone Power User
according toGISuser.com

There’s a number of fine mobile location aware mapping and “Geo” apps available for the hardcore, mobile Geo enthusiast and GeoGeek… I’ve plugged a number of these apps over the years and here’s a reminder of just a few of the fine apps available for you iOS fans. And so, 10+1 GIS and Mapping apps for the iPhone:(Note: The Harlow Report is reporting the first 5 -- use the link below for the full list).

1. Avenza PDF Maps App for Apple iOS – Geospatial PDF reader for iPhone, iPad and iPod Touch. PDF Maps is the first application of its kind designed specifically for using geographically-aware PDF files on portable devices and opens the door to allowing any map to be GPS-aware.
2. Esri ArcGIS for iOS app – The app lets users collect, edit, and update features and attribute information while performing field data collection and inspection. To download or get more information about ArcGIS API for iOS, visit the ArcGIS Resource Center
   
3. AutoCAD WS – think Autodesk on your iPhone… enable AutoCAD users to edit and share AutoCAD files on iPad, iPhone and iPod touch so they can have real-time collaboration even while on the go. The latest release (1.1) adds new features such as offline capabilities, email attachment support, a more intuitive touch and gesture interface, and more.
4. TomTom App for iPhone with MapShare – TomTom Map Share enables iPhone users to make changes instantly to their own maps and to benefit from free, map updates made by the TomTom community and verified by TomTom
5. MapZen PoI Collector for OSM data collection using iPhone (download directly here) A mobile app enabling rapid and simple contribution and data editing of OpenStreetMap (OSM) data.
   http://mapzen.cloudmade.com/

first published week of:   05/28/2012

10 Silicon Valley Companies You Wish You Worked for (or Started)
by marcus wohlsen

The history of Silicon Valley is the history of digital technology. To become a part of that history, do you go to work for one of the giants — Apple, Google, Intel, HP, Oracle, Facebook? Or do you catch a wave that hasn’t crested yet?

Longtime Silicon Valley venture capitalist turned Stanford faculty member and entrepreneur Andy Rachleff tells his students the best thing they can do is join a mid-size company that has proven its durability but is still growing rapidly. In a recent blog post on the website of his software-driven money management service Wealthfront, he writes:

You get more credit than you deserve for being part of a successful company, and less credit than you deserve for being part of an unsuccessful company. Success will help propel your career. At a fast-growing company, chances are good you’ll have a higher position two years after you join. At a slow-growth company, no matter how good a job you do, you won’t have the same opportunities to advance. When it comes time to leave the successful company, you’ll be able to write your own ticket.

Rachleff’s advice is actually geared toward aspiring tech stars who are thinking about going to work at a startup. He says don’t. But it sounds equally applicable to going to work for a giant company where you're in danger of becoming just another cog.

In our last post, we highlighted the 10 San Francisco tech companies you wish you worked for based on Rachleff’s recommendations. They tended toward the fun and quirky. In Silicon Valley the geeks get serious. Rachleff says these 10 private companies, each with revenue between $20 million and $300 million, are among the best you could join to launch a successful career in tech. (Coming next: 10 tech companies you wish you worked for outside of California.)

Details Here

first published week of:   11/05/2012

10,358 reasons to worry about critical infrastructure

A security researcher was able to locate and map more than 10,000 industrial control systems hooked up to the public Internet, including water and sewage plants, and found many could be open to easy hack attacks, due to lax security practices. Infrastructure software vendors and critical infrastructure owners have long maintained industrial control systems — even if rife with security vulnerabilities — are not at risk of penetration by outsiders because they are not online. However, a computer science doctoral student from Cambridge University developed a tool that matches information about industrial control systems connected to the Internet with information about known vulnerabilities to show how easy it could be for an attacker to locate and target them. To debunk the myth industrial control systems are never connected to the Internet, the student used the SHODAN search engine, which allows users to find Internet-connected devices using simple search terms. He then matched that data to information from vulnerability databases to find known security holes and exploits that could be used to hijack the systems or crash them. He used Timemap to chart the information on Google maps, along with red markers noting brand devices that are known to have security holes in them. The student found 10,358 devices connected through a search of 2 years worth of data in the SHODAN database. However, he was unable to determine how many of the devices uncovered were actually working systems, nor was he able to determine in all cases whether the systems were critical infrastructure systems installed at power plants and other significant facilities. The student also found only 17 percent of the systems he found online asked him for authorization to connect, suggesting administrators either were not aware their systems were online or had simply failed to install secure gateways to keep out intruders.

Details Here

first published week of:   01/23/2012

12 Common Project Management Mistakes--and How to Avoid Them
by Jennifer Lonoff Schiff

So many projects, so much mismanagement. That's the refrain of many IT executives. Indeed, even with project management software, IT projects often wind up taking longer (much longer) than planned and costing more than budgeted.

Why do good projects go bad? CIO.com surveyed dozens of IT executives and project managers and came up with a list of 12 Common Project Management Mistakes -- along with ways to avoid these often time-consuming and potentially costly problems.

Project Management Mistake No. 1: Not Assigning the Right Person to Manage the Project. "Typically during resource allocation, most of the effort is focused on finding the right resources other than finding the right project manager," explains Sudhir Verma, vice president of the Consulting Services & Project Management Office at Force 3, a technology solutions provider. Indeed, too often "project managers get picked based on availability, not necessarily on skill set." However, an inadequately trained and/or inexperienced project manager can doom a project.

Solution: Choose a project manager whose skill set(s) match the project requirements.

Details Here

first published week of:   10/01/2012

15 Most Overpriced Gadgets of All Time
by avram piltch - laptop mag

There's nothing wrong with charging a lot of money for your gadget. Some of the best things in life are the exact opposite of free; a truly superior product is definitely worth spending more. Unfortunately, sometimes tech companies think too much of their wares and too little of your intelligence. The result is a product whose price is out of whack with its real value in the marketplace.

Here are 15 truly outrageous offenders, the most overpriced gadgets of all-time.

Cutting-edge technology is expensive enough as it is; why overpay for the stuff that's not a good value? Laptop Magazine’s Avram Piltch breaks down some of the worst all-time bargains in tech.

Details Here

first published week of:   12/10/2012

Volume 31

-->