* Posts by Big Mouth Barker

1 post • joined 4 Mar 2009

Hack-off contestant dubs Apple Safari 'easy pickins'

Big Mouth Barker

Apple Safari Security Issue

A couple hours ago I posted a short message on the Windows itunes forum board with a link to an article similar to this one concerning the Safari security issue. Within thirty minutes or less I received the following e-mail message:

(Big Mouth Barker),

Apple removed your post on Apple Discussions, titled "Heads up everybody regarding Safari," because it contained the following:

* Off-topic or non-technical posts

We are including a copy of your post at the end of this email for your reference.

Our terms of use, which include helpful information about using Apple Discussions, are located here: http://discussions.apple.com/help.jspa we encourage you to continue using the Apple Discussions while abiding by our terms of use.

If you would like to send feedback to Apple about a product, please use the appropriate selection here: http://www.apple.com/feedback

As part of submitting feedback, please read the Unsolicited Idea Submission Policy linked to the feedback page.

Kind regards,

Apple Discussions staff

++++++++++

A copy of your message for reference:

http://www.theregister.co.uk/2009/03/03/safari_at_pwn2own/

Security Issues. Must read article.

Issue No 1: Talk about double standards from Apple. Keep the following in mind when considering this issue: When I installed the iTunes desktop player Safari was not present nor did I want to download the browser. I tried it once and I realized from the getgo that this browser was going to be trouble. So I immediately removed it from my system. In this case, the iTunes player is downloading the browser for setup through the automatic updater. I feel that the subject matter that I posted on the forum was very relevant since it was being downloaded by the desktop player. It appears by the links that was provided in the e-mail that Apple does not like to hear critics talking about their products. Also, in their lack of response to the security issues by Apple, it also seem like they do not care about anything but profit.

Issue No 2: The iTunes Desktop Player may also have security issues as well. In the past couple of days I found the following entry in my DNS Cache Table:

C:\WhosIP\whosip>whosip -r 151.159.218.216

WHOIS Source: RIPE NCC

IP Address: 151.159.218.216

Country: EU # Country is really world wide

Network Name: EU-ZZ-151

Owner Name: Various Registries

From IP: 151.0.0.0

To IP: 151.255.255.255

Allocated: Yes

Contact Name: Internet Assigned Numbers Authority

Address: see http://www.iana.org.

Email: bitbucket@ripe.net

Abuse Email:

Phone:

Fax:

WHOIS Record:

% This is the RIPE Whois query server #2.

% The objects are in RPSL format.

%

% Rights restricted by copyright.

% See http://www.ripe.net/db/copyright.html

% Information related to '151.0.0.0 - 151.255.255.255'

inetnum: 151.0.0.0 - 151.255.255.255

netname: EU-ZZ-151

descr: Various Registries

country: EU # Country is really world wide

remarks: These addresses were issued by

The IANA before the formation of

Regional Internet Registries.

http://www.iana.org/assignments/ipv4-address-space

org: ORG-NCC1-RIPE

admin-c: IANA1-RIPE

tech-c: IANA1-RIPE

status: ALLOCATED UNSPECIFIED

mnt-by: RIPE-NCC-HM-MNT

mnt-lower: RIPE-NCC-HM-MNT

mnt-routes: RIPE-NCC-RPSL-MNT

changed: ripe-dbm@ripe.net 20030502

changed: hostmaster@ripe.net 20030621

changed: hostmaster@ripe.net 20050202

source: RIPE

organisation: ORG-NCC1-RIPE

org-name: RIPE NCC

org-type: RIR

address: RIPE Network Coordination Centre

address: P.O. Box 10096

address: 1001 EB Amsterdam

address: The Netherlands

phone: +31 20 535 4444

fax-no: +31 20 535 4445

e-mail: hostmaster@ripe.net

admin-c: CREW-RIPE

\tech-c: CREW-RIPE

ref-nfy: hm-dbm-msgs@ripe.net

mnt-ref: RIPE-NCC-RIS-MNT

mnt-ref: RIPE-NCC-HM-MNT

notify: hm-dbm-msgs@ripe.net

mnt-by: RIPE-NCC-HM-MNT

changed: hostmaster@ripe.net 20040417

changed: hostmaster@ripe.net 20070319

source: RIPE

role: Internet Assigned Numbers Authority

address: see http://www.iana.org.

e-mail: bitbucket@ripe.net

admin-c: IANA1-RIPE

tech-c: IANA1-RIPE

nic-hdl: IANA1-RIPE

remarks: For more information on IANA services

remarks: go to IANA web site at http://www.iana.org.

mnt-by: RIPE-NCC-MNT

changed: bitbucket@ripe.net 20010411

source: RIPE

I take security very seriously by keeping a close eye on my Host File as well as the DNS Table. The only program running at the time of this discovery was iTunes and I had not sufred the web when I descovered the entry. The following message was with the IP entry: “Scan iTunes”. In my view I believe it is time to form a coalition to approach iTunes and flat out tell them that they should pull these products with security issues if they are not going to do anything about it.

Big Mouth Barker

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019