feed on feeds - 2017/10/30 - items 0 to 15

In ExtraBITS this week, an upcoming iPhone-enabled ultrasound machine helped a doctor catch his own cancer, we learn just how expensive iPhone X repairs will be, and Amazon literally wants you to buy a product that will let strangers into your house.

Read the full article at TidBITS, the oldest continuously published technology publication on the Internet. To get a full-text RSS feed, help support our work and become a TidBITS member! Members also enjoy an ad-free version of our Web site, email delivery of individual articles, the ability to make long comments with live links, and discounts on Take Control orders and other Apple-related products.

Notable software releases this week include Parallels Desktop 13.1.1, BusyCal 3.2.3 and BusyContacts 1.2.4, ChronoAgent 1.8, Quicken 4.6.7, Mactracker 7.7, and Default Folder X 5.1.8.

Read the full article at TidBITS, the oldest continuously published technology publication on the Internet. To get a full-text RSS feed, help support our work and become a TidBITS member! Members also enjoy an ad-free version of our Web site, email delivery of individual articles, the ability to make long comments with live links, and discounts on Take Control orders and other Apple-related products.

An anonymous reader writes from a report via Techdirt that claims the company has "chosen to proclaim its willingness to hack into its own customers' devices if the government asks." From the report: From a Forbes article: "[CEO John] Chen, speaking at a press Q&A during the BlackBerry Security Summit in London on Tuesday, claimed that it wasn't so simple for BlackBerry to crack its own protections. 'Only when the government gives us a court order we will start tracking it. Then the question is: how good is the encryption? 'Today's encryption has got to the point where it's rather difficult, even for ourselves, to break it, to break our own encryption... it's not an easily breakable thing. We will only attempt to do that if we have the right court order. The fact that we will honor the court order doesn't imply we could actually get it done.'" Oddly, this came coupled with Chen's assertions its user protections were better than Apple's and its version of the Android operating system more secure than the one offered by competitors. This proactive hacking offer may be pointed to in the future by DOJ and FBI officials as evidence Apple, et al aren't doing nearly enough to cooperate with U.S. law enforcement. Of course, Chen's willingness to try doesn't guarantee the company will be able to decrypt communications of certain users. Blackberry may be opening up to law enforcement but it won't be sharing anything more with its remaining users. From the Forbes article: "Chen also said there were no plans for a transparency report that would reveal more about the company's work with government. 'No one has really asked us for it. We don't really have a policy on whether we will do it or not. Just like every major technology company that deals with telecoms, we obviously have quite a number of requests around the world.'"

Read more of this story at Slashdot.

Windows executables (PE files) can contain debug information, like the absolute pathname of the PDB file. A PDB file (Program DataBase) contains debug information and is produced by the linker.

This PDB pathname can be used as an IOC. Parts of the PDB pathname can be used as IOCs too. For example, if the project is stored in the user profile, the path will contain the username. I've successfully used this to track malware created by actors.

Extracting the PDB pathname can be as simple as grepping for string .pdb:

You can also open the PE file in a hex editor, and search for RSDS:

PE file parsers like pecheck.py can extract and parse this codeview information:

The structure starts with signature RSDS (0x53445352), is followed by a GUID (16 bytes), a counter (4 bytes) and then the PDB pathname.

This unique GUID can be found in the PDB file too, and creates a unique link between the PE file and the PDB file.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Bahrain's king said his country will not attend any summits in Qatar's presence unless it "corrects its approach".

Mustafa al-Imam will be brought to the United States to face charges, US President Donald Trump says.

According to a leaked advertisement, GameStop is rolling out a used game rental subscription service. Subscribers will be able to pick any used game, play it, return it and get another as often as they like. The service will reportedly cost $60 for six months, and players get to keep the last game they borrow. Polygon reports: The advertisement was first seen at ResetEra, the new gaming forum. It appears to be from the newest issue of Game Informer (which is published by GameStop). The "Power Pass" subscription lasts six months and costs $60, according to the advertisement. Sign ups will begin on Nov. 19. The fine print says the Power Pass must be activated by Jan. 31, 2018, possibly hinting at when this service will go live. The subscription requires that the user be a PowerUp Rewards member, and the offer will be available only to the used game catalog in a store (i.e. physical discs), not from GameStop's online library. The PowerUp Rewards requirement apparently is there to help GameStop track the game currently in a user's possession.