[Fri Aug 19 16:50:29 2022] index.cgi: CGI::param called in list context from /home/kevin/sites/csua.com/PRODUCTION/index.cgi line 78, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 415. Entry 54747 (Berkeley CSUA MOTD)
Berkeley CSUA MOTD:Entry 54747
Berkeley CSUA MOTD
2022/08/19 [General] UID:1000 Activity:popular

2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
           \_ You don't even need a severed finger.
              \_ My concern is more simple that this.  My wife can just wait
                 for me to fall asleep, and grab my hand to unlock my phone
                 and find pictures of me and all my mistresses! -- OP
2022/08/19 [General] UID:1000 Activity:popular

You may also be interested in these entries...
2013/8/16-10/28 [Computer/HW/Laptop] UID:54728 Activity:nil
8/16    I just left my employer. They didn't ask to get their HW back.
        Is is common for employers to contact me a few months/years later
        and ask for their HW back?
        \_ Is it an iPhone 9 prototype? :-)
           \_ as a matter of fact, it is just a 2 year old laptop
              and they don't seem to keep track of inventor
2013/7/31-9/16 [Computer/Companies/Apple, Industry/SiliconValley] UID:54719 Activity:nil
7/31    Hi, I am looking for a monitoring recommendation for use at home
        with my MacMini and as a second monitor for my Airbook. At this
        point I dont want to buy a fancy Apple monitor -- will probably
        wait for then to announce a new one -- but price doesnt really
        matter [office buy], but it doesnt seem like there is any need
        to spend more than $500? Historically I've just gotten a decent
2013/8/1-9/14 [Computer/Companies/Apple, Industry/SiliconValley] UID:54721 Activity:nil
8/1     Apple said if your phone was broken, "it was illegal for Apple to
        replace a phone with a better phone."
        link:www.csua.org/u/10um (http://www.linkedin.com
2012/12/18-2013/1/24 [Computer/SW/Languages/Perl] UID:54561 Activity:nil
12/18   Happy 25th birthday Perl, and FUCK YOU Larry Wall for fucking up
        the computer science formalism that sets back compilers development
        back for at least a decade:
        \_ I tried to learn Perl but was scared away by it.  Maybe scripting
           lanauages have to be like that in order to work well?
2012/12/12-30 [Computer/Companies/Apple, Industry/SiliconValley] UID:54556 Activity:nil
12/12   "Australian police urge motorists to stay away from Apple Maps"
2012/11/16-12/18 [Computer/Companies/Apple, Industry/SiliconValley] UID:54536 Activity:nil
11/16   Apple iOS 6 Maps can't even get the location of their own store right.
        http://www.csua.org/u/ye5 (http://www.telegraph.co.uk
2012/8/2-10/17 [Computer/SW/OS/OsX] UID:54450 Activity:nil
8/2     How do you guys like Mountain Lion 10.8.1 so far? Should I wait
        for 10.8.2 before upgrading?
        \_ I went from Snow Leopard to Mountain Lion on my mac mini. I haven't
           really noticed anyting different.
           really noticed anything different.
        \_ mostly refinements of 10.7, for example, integration of iPhone
Cache (4350 bytes)
mashable.com/2013/09/15/severed-finger-iphone-5s -> mashable.com/2013/09/15/severed-finger-iphone-5s/
iPhone 5S and its easy to use fingerprint verification button has suddenly pushed biometric security into the mainstream. But for those with a little imagination, there are now concerns that smartphone thieves might soon resort to physically removing a person's finger in order to gain access to a stolen device. More broadly, some of the immediate concerns from the Apple community ranged from fears that, based on recent government surveillance revelations, the government might now collect all iPhone user fingerprints, to the notion that a person's fingerprint might be lifted from a surface and used to hack into the device. dismissed as unfounded -- resonated more than the frightening thought of having one's hand physically mutilated in the course of being robbed of the new iPhone 5S. the one from Malaysia that detailed the theft of a biometrically secured Mercedes S-class car that resulted in the owner losing a finger so the thieves could start the car. Now, after the Apple event dust has settled, biometric security experts have begun to weigh in and the overall verdict is: Your fingers are safe. What we now know is that the iPhone's Touch ID fingerprint sensor uses radio frequency scanning to detect the sub-epidermal layers of your skin, a dynamic that requires the owner of the finger to be alive and attached to the finger being used. image has to be taken from a live finger," says Sebastien Taveau, chief technology officer at Validity Sensors, a California based provider of fingerprint sensor solutions. Of course, this new feature of the iPhone 5S doesn't rule out instances of victims being forced to use their fingers to access the smartphone, but it does offer some comfort to those worried about worst-case scenarios. For long-time observers of Apple this latest development doesn't come as much of surprise, as it fits the company's tradition of taking existing technology and mainstreaming it through innovation. used a technology that's been around for a long time, but the big difference is that they made it cool," says Taveau. "It's been around on laptops, but besides locking and unlocking your laptop there was not much of a use case for it. "Now with Apple, by actually building an experience, they are educating the market, which is very important... Image: Nina Frazier, Mashable 2 Apple-event-1-28 iOS 7 Craig Federighi, senior vice president of software engineering, demonstrates iOS 7, Apple's forthcoming mobile operating system. Image: Nina Frazier, Mashable 3 Apple-event-1-71 Apple Unveils the iPhone 5C Image: Nina Frazier, Mashable 4 Apple-event-1-73 Apple Unveils the iPhone 5c The new device comes in five colors. Image: Nina Frazier, Mashable 5 Apple-event-1-77 iPhone 5C Specs Image: Nina Frazier, Mashable 6 Apple-event-1-84 iPhone 5C Pricing Philip W Schiller, senior vice president of worldwide marketing at Apple, reveals the pricing for the iPhone 5C. Image: Nina Frazier, Mashable 7 Apple-event-1-101 Apple Unveils iPhone 5S The new device comes in three colors. Image: Nina Frazier, Mashable 8 Apple-event-1-102 Apple Unveils iPhone 5S Philip W Schiller, senior vice president of worldwide marketing at Apple, reveals the iPhone 5S. Image: Nina Frazier, Mashable 9 Iphone-5s-getty-image iPhone 5S Schiller speaks about the iPhone 5S. Apple-event-1-161 Touch ID The iPhone 5S can scan your fingerprint. Apple-event-1-166 New iPhone Pricing Image: Nina Frazier, Mashable 12. Apple-event-2-14 Elvis Costello Performs The musician played his new song "Tripwire." Apple-event-1-195 Elvis Costello Performs Image: Nina Frazier, Mashable 14. Apple-event-1-2 Hands-on With the Iphone 5S Image: Nina Frazier, Mashable 15. Apple-event-8 Hands-on With the Iphone 5S Image: Nina Frazier, Mashable 16. Apple-event-15 Hands-on With the Iphone 5S Image: Nina Frazier, Mashable 17. Apple-event-1-3 Attendees Wait for the Event to Begin Image: Nina Frazier, Mashable 18. Apple-infinite-loop-getty-image Apple Headquarters in Cupertino People arrive for the product announcement. Mashable is the largest independent online news site dedicated to covering digital culture, social media and technology. With more than 20 million unique monthly visitors, Mashable has one of the most engaged online news communities. Founded in 2005, Mashable is headquartered in New York City with an office in San Francisco.
Cache (3906 bytes)
C-RaDaR Darmstadt Chaos Computer Club breaks Apple TouchID 2013-09-21 22:04:00, frank The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates - again - that fingerprint biometrics is unsuitable as access control method and should be avoided. Apple had released the new iPhone with a fingerprint sensor that was supposedly much more secure than previous fingerprint technology. A lot of bogus speculation about the marvels of the new technology and how hard to defeat it supposedly is had dominated the international technology press for days. "In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake", said the hacker with the nickname Starbug, who performed the critical experiments that led to the successful circumvention of the fingerprint locking. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints." this how-to with materials that can be found in almost every household: First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market. Update: The process described above proved to be somewhat unreliable as the depth of the ridges created by the toner was a little too shallow. First, the residual fingerprint from the phone is either photographed or scanned with a flatbed scanner at 2400 dpi. Then the image is converted to black & white, inverted and mirrored. This image is then printed onto transparent sheet at 1200 dpi. To create the mold, the mask is then used to expose the fingerprint structure on photo-senistive PCB material. A thin coat of graphite spray is applied to ensure an improved capacitive response. This also makes it easier to remove the fake fingerprint. Finally a thin film of white wood glue is smeared into the mold. After the glue cures the new fake fingerprint is ready for use. "We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you cant change and that you leave everywhere every day as a security token", said Frank Rieger, spokesperson of the CCC. "The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access." Fingerprint biometrics in passports has been introduced in many countries despite the fact that by this global roll-out no security gain can be shown. iPhone users should avoid protecting sensitive data with their precious biometric fingerprint not only because it can be easily faked, as demonstrated by the CCC team. Also, you can easily be forced to unlock your phone against your will when being arrested. Forcing you to give up your (hopefully long) passcode is much harder under most jurisdictions than just casually swiping your phone over your handcuffed hands. Many thanks go to the Heise Security team which provided the iPhone 5s for the hack quickly.