The other day I mentioned that it’s possible to clone a RFID passport, a massive security risk that the government seemingly doesn’t care to much about. It’s no longer really a proof of concept. Elvis now has an accepted RFID passport. That’s right. Mr. dead in 1977 Elvis Aaron Presley. The hack was done in Amsterdam, but you can bet it will be done elsewhere as time progresses.
I got a few emails in the past 24 hours that need to be addressed. I’ve seen both of these issues before, but never has it become so common that I see two almost back to back.
VideoSurf sent me an invitation to check out their product. Unfortunately I’m a somewhat busy person and just haven’t gotten around to it. They noticed this and sent me a reminder, which I thought was kind of nice. Unfortunately like many companies these days, their mail software doesn’t set a character encoding, meaning their email looks like garbage. If I change the character encoding in my mail client to UTF-8 all looks great. What’s the lesson here?
Content-Type: text/plain; charset=utf-8
That’s all it takes to make sure I see every character in your email. It’s not hard.
Yahoo’s Flickr service sent me an email that my “upload has failed”. I know that’s not true since I don’t use Flickr to host my images. Viewing the email it’s obvious a spammer trying to abuse their service forged the From: header with my email address. This failed for the spammer, and the fail notification went to me. I host SPF records so that recipients mail servers can verify if an email originated from a system that’s authorized to send emails from my domain. Why doesn’t Yahoo check to see if this email they received forged headers? This would obviously be a good way to tell if someone is trying to spam their system, and would stop other innocent victims from getting backscatter.
Apple today announced they are dropping the criticized NDA. This is great news, but not good enough if Apple wants to hold it’s strong position in the smart phone race. I strongly agree with Ryan Block that Apple needs to open up the app store (or just get rid of it). Jailbreaking is a pain and a risk people don’t always want to take.
It’s for Apple’s own good to open things up.
I just found out the other day I found my first bug worthy of being a CVE (Common Vulnerabilities and Exposures) Candidate: CVE-2008-3747. Low profile, but I guess still a potential vulnerability.
I must admit I didn’t know that the database is funded by the National Cyber Security Division of the United States Department of Homeland Security. I did know US-CERT was.