Apple 2.0

This is one of those stories that will only matter to the handful of readers who worry about Valleywag's credibility.

The Silicon Valley gossip site ran this photo today under the headline "Rich Kids: Want an Early iPhone?" The item, phoned in by Numair Faraz, read:

Tough luck, unless you're some mogul's kid. Spotted, yesterday at the beach resort up the coast from Los Angeles, the year's most anticipated new gadget, only available to humble mortals in June. Numair Faraz reports: "Further proof that Malibu is the most spoiled place on earth... While at the grocery store, today, I saw what must have been a 13-year-old boy, with a new iPhone, taking photos of random things. Guessing game: which Valley executive's kid?" (link)

For anybody who cared to play their little guessing game, there was big fat hint in the tags:

Apple, Larry Ellison, Malibu, Rich Kids, Top

I don't know about you, but the iPhoto pictured above looks about as authentic as the one Madonna was supposed to have been sporting a few weeks ago. I checked with Apple PR and for what it's worth they're pretty sure Valleywag's  iPhone is a PhotoShop job. Whether Larry Ellison -- or his spawn -- is carrying they cannot say.

UPDATE: Proprietor Nick Denton confirms: "Oh, yeah, photoshop by Richard Blakeley. Pretty nice job, I thought."

ZDNet's Ryan Narain caught up with Dino Dai Zovi and got the computer security specialist to talk about the strategy he used to win a Hack-a-Mac contest at last week's CanSecWest conference in Vancouver (see here). Excepts from the Q&A:

How did you find [the exploit]?

I do manual code inspection, that's my primary research tactic.   I look at feature sets. I look at the entire attack surface, look in areas of functionality where there were vulnerabilities in the past.  I ... see what looks dangerous, what looks sketchy.  In this case, there was blood in the water so I started looking at something specific and found this one.  Then I worked up the exploit from there.

What can you divulge about this specific vulnerability?

I have to be careful because this is still unpatched and ZDI [Tipping Point's Zero Day Initiative] owns the exclusive rights to all the information.  The most I can say is that running Web browsers in hardened configuration would prevent this vulnerability from being exploited.

Turn off all unnecessary browser features such as extra plug-ins, JavaScript and Java.

There was very little user action involved.  Once the browser opened to a Web page that the attacker controlled, it was game over. (full interview here)

It was Dai Zovi's friend Shane Macaulay, on site in Vancouver, who actually ran the exploit. For their reward, the pair won the Apple (AAPL) Mac Book whose security they breached. They also became eligible for a $10,000 cash prize offered by Tipping Point.

"Shane can have the laptop," Dai Zovi told CNET News. "I want the money."

In a dubious demonstration of the insecurity of Apple's (AAPL) Macintosh OS X, a pair of software engineers won a free MacBook and, most likely, a $10,000 prize for finding and exploiting a security hole in the Safari Web browser. 

The rules of the two-day contest "PWN to OWN" contest, held at the CanSecWest computer security conference in Vancouver, B.C., were relaxed on the second day after none of participants were able to break into two MacBooks connected to a wireless router.

On the second and final day of the conference, participants were allowed to put malicious code online and launch so-called drive-by attacks on the Mac's built-in Safari browser. Two hours and 24 minutes later, the organizers announced that one of the MacBooks had been breached.

It's not fair to blame Apple, since Sony makes the batteries, and there's really nothing funny about a fire that could have burned down someone's house. But given the schadenfreude Mac lovers shared watching those Dells burn, it seems only fair to air this tale of smoke and burning plastic, originally posted on the Australian website MacTalk by a mate in Melbourne called mattyb:

3am last night. I woke up to my girlfriend screaming (yelling "Matty!") and the dog barking. She fell asleep on the couch in the back lounge of our house. I jumped out of bed and raced out thinking that maybe somebody had come through the back door or something.

As I was running I saw a fire. At first I thought that the lamp had fallen and set fire to the curtain. As I got closer I realised it was my mac book .... burning! I picked it up and blew on it and swung it around to put the flames out. The book shelf it was sitting on was burnt and there were a couple of magazines that were on fire too. I quickly put those out and calmed down...

What actually happened?
[Skipping details about earlier signs of battery malfunction, including shortened life, failure to recharge etc.]

My girlfriend said she heard it hissing like a steam valve, then smoke started pouring out of it and a couple of seconds later, a very large flash fire started. I'm sure you have read about these and seen the dell video. This is what happened to my macbook.

The battery is swollen and burnt so it's definitely the battery that exploded and caught fire. The macbook is melted on the bottom and severely charred (along with my bookshelves, books, magazines and the wall). The space bar is melted as is the track pad. The screen has been damaged a little too.

I bought it at the end of June last year so it's still under 12 month warranty.
Strange thing is, there was no symptoms like excessive heat or deformation of the battery or anything like that at all.
I also checked quite a while ago to see if my battery was one of the recall units. It was not.

Can anyone recommend an efficient service centre in Melbourne who will be able to replace it quickly? I have a lot of work to finish by the end of March.
I am also hoping they can recover some data from the hard drive.

The smell was the worst part - that burnt plastic smell (full text and more pix here)

Ex ped: Note that the battery was not one of the series that was recalled, a sticky issue for both Apple and Sony.

It started with an innocent query on MacSlash about why the Mac OS X spellcheck and Apple's (AAPL) lovely Dictionary application so often disagree. Someone named elliotj wrote

For example, try typing the word [REDACTED] into TextEdit, and then try searching for it in Dictionary.app. [Full post here]

There followed several earnest posts about Unix spellers and Oxford dictionaries. But my hat goes off to WarpFlyght, who wrote this delightful piece of unintended poetry:

Many, many, many...

Refugia, Talaria, flensing, timeous, riverine, nullipara, crenellated, lothario, frisson, aspirational, potence, codswallop, sigil, prang, simoleon, gamine, anima, paralogism, snootful, anhedonic, theremin, counterpose, peridot, inutile...

As Tom Lehrer  would say, these are the only  ones of which the news has come to Harvard, and there may be many others but they haven't been discovered.