Refurb iPhones May Contain Personal Data

A report has surfaced about a refurbished iPhone that was found to contain some personal data from the previous user. Using a forensic software program, a detective from the Oregon State Police found that an out-of-the-box refurb iPhone contained much sensitive data. The article doesn’t specify exactly what, but it’s likely that it contained e-mails and, perhaps, user names used with Safari.

The problem here is that the restore process used to wipe the iPhone doesn’t really delete the actual data it contains, but only erases the disk catalog. Files and data can still remain on the iPhone, and with the right software this is accessible. While most people don’t have software that can do this, some, as this article shows, have access to such tools.

Whenever you return a device that you have used, there remain traces of your activity, some of which may lead to identity theft if exploited. One problem with the iPhone is that there is no way to securely delete its contents. We wrote about this last year, explaining how to securely erase a Mac before sending it out for repairs, or selling it or giving it away. For an iPhone, one suggestion is to fill the iPhone with music - leaving as little free space as possible - to overwrite as much of its storage as you can. Until there is a real disk management tool for the iPhone, there is no other choice: there is no equivalent to Disk Utility for the device, though we may see one when the iPhone starts accepting applications.

iPhone Denial of Service Exploit

MacInTouch is reporting a remote denial of service exploit that affects the iPhone. Visiting malicious web pages that exploit this vulnerability will cause an iPhone or iPod Touch to hard crash, opening the possibility of malicious users injecting code to the device. The exploit causes the mobile version of Safari to crash and leads to a kernel panic, but doesn’t affect Safari running on Mac OS X.

This exploit has just been made public, and it remains to be seen whether the vulnerability behind it can be exploited in any serious ways.

Intego’s Software Present and Accounted For at New Boston Apple Store

Apple has just opened a new retail store in Boston, and, in pictures of browsers checking out software, Intego’s boxes are prominent. You can see the green Intego boxes in this picture: at the top-center, you can see two ContentBarrier boxes; below them is an Internet Security Barrier Dual Protection box and to the left of the woman’s purse, you can see a VirusBarrier box. Intego is proud to have its software present at all of Apple’s stores, both retail and online.

Safari’s Private Browsing Stores Some User Data

Apple’s Safari web browser offers a “private browsing” feature, which prevents storage of store browser history, download history, auto-fill entries, Google searches (in the Search field), and cookies. It turns out, though, according to an article on MacFixit, that some data gets recorded. Plug-ins, such as Flash Player, are not affected by Safari’s private browsing setting.

The article concludes by saying, “As such, if you’d like your browsing to be even more private, turn off plug-ins. In Safari, this can be accomplished by going to Safari > Preferences > Security and deselecting ‘Enable plug-ins.’”

Another Mac OS X Server Hack?

In a recent article, we reported on Tom Yager, a journalist for InfoWorld, who suspected that his Mac OS X server was hacked. Tom has since written about a root exploit he discovered, and now continues discussing this exploit and the effects it has had, turning his server into a spam zombie. Intego’s researchers believe this is the result of an OpenSSH vulnerability that has just been discovered, which affects multiple Unix- or Linux-based platforms. We would recommend that, until Apple patches this flaw, users keep an eye open, especially on their servers. Yager’s articles give a good idea what to look for.

And the Winner Is: Intego VirusBarrier

The latest issue of MacFormat Magazine, the UK’s leading Mac publication, has a no-holds-barred test of six Mac antivirus programs, and guess who comes up the winner? Intego VirusBarrier X5! The editors tested six aspects of a half-dozen Mac virus protection programs (such as ease of installation, ease of use, level of protection, ease of updating), and came up with a clear winner. As MacFormat says, “Intego’s VirusBarrier is the one to go for if you want excellent virus protection in a Mac-friendly package.” They summed up their review saying, about VirusBarrier, “It’s easy to update, it’s Mac-friendly and it runs unobtrusively. VirusBarrier is a great all-around system protector.”

Unfortunately, MacFormat doesn’t put its articles online, so we can’t link to it for you to read the entire test. If you’re in the UK, pick up the magazine, which coincidently includes a demo version of VirusBarrier X5 on its included DVD. But if it does come online in the future, rest assured that we’ll let you know.