Get Better Gear!
- Madden NFL 10: The Grizzled Veteran from Electronic Arts, US$9.99
- NFL 2010: Rookie of the Year from Gameloft, US$2.99
- UNIEA Intrecciato, U-Pouch and U-Hip Pop iPhone Cases from UNIEA, $34.95, $22.95, $29.95
- Kensington Windshield/Vent Car Mount with Sound Amplified Cradle for iPhone from Kensington, $39.99
- SigFx Energy iPhone Case Contains Smart Battery from SigFx Energy, US$69.95
Top 5 Free Apps
iTunes New Music Releases
Top 5 Paid Apps
Discover New Music
- Depeche Mode
Oddly enough, Playing The Angel is a return to form for Depeche Mode, even though it may well be argued that they never truly deviated from their roots in their more recent offerings. In the
How to Dismantle an Atomic Bomb
- U2
U2's latest entry is a mostly underwhelming collection of songs that does very little to sound any different from its equally pedestrian predecessor, 2000's "All That You Can't Leave Behind." While
- Poe
Poe rocked my world with "Angry Johnny" (I want to kill you/I want to blow you/Away) and "Trigger Happy Jack" (Trigger Happy Jack/ You're gonna blow/But I'm gonna get off/Before you go), as powe
- Powderfinger
- Guitar-driven rock out of Australia, Powderfinger has not seen much exposure in the States, but should get a nod for their toe-tapping songs. Building off their previous release, "Internationalist" (
- Goldfrapp
On their latest CD, Supernature, Goldfrapp has put together a successful mix of 1980-era New Romanticism, German cabaret, and T. Rex glam that leaves you riveted even through the album's lulls. It's a great amalgam that sounds current without sounding at all dated.
Reader Specials
Visit Deals On The Web for the best deals on all consumer electronics, iPods, and more!
News
Safari Exploit Allows Hacker to Call 1-900 Numbers
Wednesday, November 19th, 2008 at 3:00 PM - by Bryan Chaffin
An exploit has been discovered in the Safari Web browser on iPhone that could allow a maliciously-crafted Web page take control of your iPhone and force it to dial any phone number, for instance a nice, expensive 1-900 number that could cost the user dearly.
The exploit was discovered by the Institute for Fraunhofer for Safe Information Technology (SIT) in Germany last month. According to the SIT, they immediately informed Apple, and a fix will be released on November 21st, 2008. Apples usual corporate policy is to not announce or discuss vulnerabilities until they release a patch.
The exploit involves tricking an iPhone user into clicking on a link, say in piece of e-mail, an SMS text message, or even from another Web page. That link would take the user to a Web page with as few as three lines of code that trigger the exploit. The iPhones screen then blanks out, a dialog that cant be interacted with shows that the phone is dialing, and the deed is done.
SIT has posted a video demonstration of the exploit that merely dials another cell phone sitting next to the iPhone. Any number could be dialed, but a 1-900 number would be a likely choice for hackers, as it would allow them collect money merely by having received the call at their 1-900 "service."
SITs announcement was first reported by German magazine Der Spiegel, and pointed out to us by Matthis Drolet (thanks for the head sup, Matthis!) SIT released the following images demonstrating the process:

The bad guy sends an e-mail or SMS text message with a URL

The iPhone switches over to Safari, and shows (in this case) what looks like a blank page

Surprise! Your iPhone is dialing a number!

Now your iPhone appears to be locked up while the call goes through...
Recent Headlines
- EA Publishes Original Monopoly for iPhone
- New iPhone Games: Secret of the Lost Cavern Ep 1, New DJ Nights, More
- Musée du Louvre, Art Lite, SketchBook Mobile X and More.
- GelaSkins Intros Tim Burton, Bettie Page, WETA iPhone Skins
- iPhone Gets the Green Light in South Korea
- Qualcomm Hopes to Get In On the iPhone Action
- Ice Age: Dawn of the Dinosaurs Lands at App Store

















Post Your Comments