Part One: Simple Steps To Secure Your Client During Litigation

September 11, 2012

In the past year, there has been a distinct uptick in cases involving data breach and key logging malware- especially in family law cases. This uptick is not by anonymous, random third parties, but rather by the actual litigants in a case.

Part of the reason for the uptick is that “bugging” someone’s computer  or cell phone (electronic intercept) has gotten significantly easier. Most people can handle installing software.  Likewise with breaking into someone’s webmail, banking, or other online accounts.

Here are steps your client can take, right now, to protect their information and communications:

  • Create a List of Electronic Assets – Experience shows that, without a list, things will be overlooked.  Have your client list out cell phone, webmail, social network, and online banking accounts. In the same manner, have them list out things like wifi and home network assets.  This list is the starting point.
  • Change Passwords and Password Recovery Questions – Simply changing passwords is not enough. Password recovery questions (“What is the name of your favorite pet?”) are an easy way for someone who is familiar with your client to gain entry to their online resources.
  • Avoid Password Reuse – Using the same password for everything is a recipe for disaster. Understandably, it can be an inconvenience to use different passwords everywhere, but there are ways to make meaningful passwords that are easy to remember. Here is a full write-up on password reuse.
  • Review WiFi Security – If the opposing side in a matter was the one that set up the home wireless network, then all they need to do is be within range to join back on the network and gain access to systems or to “sniff” and view network traffic (including your client’s passwords, communications, etc.).
  • Review Joint Cellular Accounts – Depending on the carrier, joint cellular plans can give the opposing party access to endpoints in voice and text communications. Some carriers may actually have access to the content of text messages online. While TRO and data protection may prevent a direct change to the account or plan, your client may consider using a pay-as-you-go plan.

These are some simple steps that can be taken with minimal cost, and yet they will provide an immediate boost to your client’s security stance.

Tomorrow: Part 2- Simple Steps In Case of Breach

If you or your client feel that there has already been a breach, or you are facing a particularly aggressive or knowledgeable opposition, you may consider inquiring about our Client Information Security package (CISP).

The CISP is a flat-rate, full assessment of your client’s information security and includes a drop-in firewall with logging and 24/7 monitoring for intrusion attempts, malware activity, and other breach behavior.  Vidoc Razor not only will assess the security of your client, but fixes the issues identified.  All hardware is provided by Vidoc Razor.

You can find more information by clicking HERE.

Leave a Comment » | Forensics Beyond the Hard Drive, Tools and Tips | Tagged: , , , , | Permalink
Posted by inforensics

Weekly Highlights: September 10, 2012

September 10, 2012

Things You Might Have Missed Last Week

(Highlights in legal and electronic discovery news for the past week)

Interesting Electronic Evidence Cases

Robinson v. Jones Lang LaSalle Americas, Inc., No. 3:12-cv-00127-PK (D. Or. Aug. 29, 2012)

The defendant was seeking to compel production of discovery in (among other things) “all social media content involving [Plaintiff] since July 1, 2008” related to the Plaintiff’s “‘emotion, feeling, or mental state,’ to ‘events that could be reasonably expected to produce a significant emotion, feeling, or mental state,’ or to allegations in [Plaintiff’s] complaint.”.

Magistrate Judge Paul Papak (Oregon) found:

“I see no principled reason to articulate different standards for the discoverability of communications through email, text message, or social media platforms. I therefore fashion a single order covering all these communications.”

Link to Opinion PDF

Apple, Inc. v. Samsung Elecs. Co. Ltd., No. C 11-1846 LHK (PSG) (N.D. Cal. July 25, 2012)

The Defendant in this case was sanctioned for the loss of relevant emails due to Defendant’s failure to follow-up with employees to ensure compliance, and the Defendant’s failure to halt the email system’s auto-delete function.  Sanctions included an adverse inference that allowed the jury to presume that the missing evidence was relevant and favorable to the Plaintiff.

Link to Opinion PDF

Weekly Highlighted Case

EEOC v. Simply Storage Mgmt., LLC, 270 F.R.D. 430 (S.D. Ind. May 2010)

This case can be very useful when dealing with social media electronic evidence matters.  It was utilized by the Oregon magistrate in the above listed case (Robinson v. Jones Lang LaSalle Americas) when forming his opinion.

The defendant in this matter was seeking production of claimants’ social networking site profiles, as well as other communications from social sites used by the claimant.

Last May, the Great State of Texas saw a similar matter that relied, in part, on the EEOC case:

IN RE MAGELLAN TERMINALS HOLDINGS, L.P. AND MAGELLAN MIDSTREAM HOLDINGS GP, LLC 
Link to PDF Document

Electronic Evidence News

State Bar of Texas Alert Says ‘Scam Artist’ Stole Nonpracticing Lawyer’s ID for Fake Website

West Let Off the Hook on Web Malpractice Claim

OJ Simpson Prosecutor: Johnnie Cochran May Have Tampered with Bloody Glove

Leave a Comment » | Admissibility, Cases, Forensics Beyond the Hard Drive, Inforensics News, Investigation, Production, Reading | Permalink
Posted by inforensics

Google and Deep Web Search Cheat Sheets Updated

July 18, 2012

The “Deep Web Search” and “Google Search” cheat sheets have been updated to reflect new information and capabilities in conducting your own research on people, places, companies, and other matter-related information.  The links to the newly updated sheets are located below.

Using “open source information (OSI)”, sometimes referred to as “Publicly Sourced Information”, one can research a variety of information related to a case: Retained or opposing experts, litigants, other witnesses, company information, etc.

Effective use of this type of research can uncover bank accounts, holdings, affiliations, activities, locations, social network accounts and a host of other information that would otherwise remain unknown.

Some Background

In mid-2010 Vidoc Razor published free cheat sheets, as well as a blog post on how to use the sheets to research people involved in a matter: Expert witnesses, places, companies, etc. It is worth it to re-read that post to refresh your memory on how to use the sheets.

The original post can be found here: https://inforensics.vidocrazor.com/2010/11/02/qualifyanexpert/

Since then, the sheets have been very popular, and I have updated the sheets on a yearly basis.

Where Do I Start?

Start with the “Google Cheatsheet” PDF document that I have linked to this post.  For life beyond Google you can look at the “Deep Web Cheatsheet” that is attached.

Google Cheatsheet rev 201207

DeepWeb Cheatsheet rev 201207

Leave a Comment » | Tools and Tips | Tagged: , , , , , , , | Permalink
Posted by inforensics

Because One Thing Leads to Another: Data Breach and Password Re-Use

June 27, 2012

Dropping Your Breaches…

After the data breach of LinkedIn two weeks ago (6.5 million passwords leaked, a five million dollar lawsuit on the way), I have asked a simple question of some of my clients that I know are LinkedIn users: “Have you changed ALL your passwords yet?”.

The question has been met with confusion (“What data breach?”) and, in most cases, with indifference (“I don’t see what benefit having access to MY LinkedIN would provide a hacker.”). When I mention the phrase “password re-use”, I receive an almost universal response of “huh?”.

Single Point of Failure

Password re-use is seemingly an ingrained response to the presence of a password: You have hundreds of password protected resources, so it is natural that you would re-use the same password across multiple (or all) of those resources. This is the problem.

From the point of view of a hacker the world looks a little wider:

1- Breach LinkedIN passwords

2- Now leverage the email addresses, username conventions, etc. to test the password on:

Workplace accounts – Obvious information on LinkedIN. This could include work email systems, vpn access, extranets, etc.

Gmail and other webmail accounts – Possibly contains password/access information to online banking, work, other accounts

Mobileme and other “Cloud” services – Dropbox, anyone?

Online Banking – A pretty obvious target.

You can see how the seemingly “insignificant” breach can lead to much bigger issues.

In the case of the LinkedIN breach, the information obtained was posted for download by anyone that wanted to take a whack at them. Consider the scenario of an opposing party downloading your breached information and leveraging it for further access.

We know that information security is a balance between usability of information and systems, and security of those same areas. So how does one maintain separate use passwords but still easily access needed resources?

So Now What?

Fortunately there are some solutions. I have listed the top ones below:

Password Safe  (also known as PWSafe) – Windows, iPad, iPhone, Mac, Linux: This is actually my favorite. Syncing among the devices is supported by iCloud (of course then you need to make sure that Apple iCloud isn’t breached) so that a change on one device is rolled out to all the others. Password Safe is free for Linux and Windows (it’s always a nice thing to do to donate to the open-source team that keeps it going and evolving, though). The PWSafe version is $3.99 for Mac and $1.99 for iPad/iPhone.

LastPass  – Windows, Linux, Mac, iPhone, iPad, Android, PocketPC:  LastPass is perhaps the most “feature rich” password management systems out there, and even offers password management for common web-based forms. There is a free and premium version. The premium version runs $1 per month.

KeePass  – Windows, Mac, Linux, iPhone, PocketPC, Android: KeePass uses very strong encryption (SHA-256). It interested me for a couple reasons: Multiple user support and it keeps the password encrypted even in RAM memory. The only reason I don’t use this one is that I don’t find synching to be as transparent, and I was already in the habit of using Password Safe (since it’s creation by Bruce Schneier). KeePass is free for the desktop versions (I recommend donations to the open-source team that keeps it running).

So the question becomes: “How would you and your firm like to be at the center of a multi-million dollar lawsuit that could have been prevented by a series of easy to use software that costs nothing to use?”.

Coming next week: Information security breaches for law firms are on the rise. How vulnerable are you, and what easy steps can you and your firm take to defend yourself?

2 Comments | Tools and Tips | Tagged: , , , , | Permalink
Posted by inforensics

Quick Tips For Preserving Social Media

June 6, 2011

There is no arguing that social media sites are a boon for information related to a case, and not just for Family law, but also for corporate litigation as well.  We have had tremendous success with using social sites to tie component pieces of  a hard drive or cell phone investigation together.

The proliferation of social websites like Facebook can create discovery issues, though: How do you properly preserve a social site?  How do you deal with the opposing side arguing that the request to preserve is “overly burdensome”?

In this article I will walk you through three of the most popular social media sites and some techniques to preserve them easily.

1: Facebook (www.FaceBook.com):  Facebook is probably the easiest site to preserve.  The user can simply go to “Account Settings”, scroll down to “Download Your Information”, and click on “learn more”.  From the Facebook description:

“This tool lets you download a copy of your information, including your photos and videos, posts on your Wall, all of your messages, your friend list and other content you have shared on your profile. Within this zip file you will have access to your data in a simple, browseable manner.”

Once the user clicks “Download”, FaceBook will aggregate the information and email a link to the download.  Depending on how much information is there, this can take several minutes or even hours.

2: LinkedIn (www.LinkedIN.com):  LinkedIN is a site geared more towards a professional profile than Facebook.  We have been successful in using it to uncover additional email addresses, business documents, associations and affiliations primarily in Corporate cases, but it has factored into family law cases before.

The good news is that, while the Facebook preservation method is only useful if you are the specific user, LinkedIN can be documented for the profile information of other users.  The bad news is that it is slightly more complex than Facebook to preserve (but not much more!).

The easiest way to archive a LinkedIN account is to already have one yourself, or to create one.  NOTE: If the person you are archiving has LinkedIN’s upgraded service, or has agreed to let others see when they view a profile, they will be able to see that you viewed their profile.  I’m not going to encourage you to break the Terms of Service by creating an archive account, but that is one way to get around this.

Next, you will want to navigate to Profile-> Profile Organizer.  This is actually a paid service offered by LinkedIN, but usually it has a free 30-day trial.  More importantly, the free trial does not require a credit card.

Once you sign up for the Profile Organizer, you will be able to search for specific individuals, companies, etc.  When you find a profile you can save it to your organizer, archive it, and print it to a PDF.

3: Twitter (www.Twitter.com): Unlike the others, Twitter doesn’t have an actual built-in archiving functionality.  Twitter DOES have a great advanced search function that you can access at: search.twitter.com

Once on the Twitter search site, look for the “Advanced Search” link.  This will allow you to drill into searches by user, dates, topics, specific words or phrases, locations, etc.
Once you have search results, you can print to PDF, save the list, or use the nifty RSS link in the upper right called “Feed for this query”.

Leave a Comment » | Forensics Beyond the Hard Drive, Tools and Tips | Tagged: , , , , , , | Permalink
Posted by inforensics

Eight Strategies To Control Information Forensic Costs

April 12, 2011

I’m often told that the biggest barrier to introducing information forensics to a potential case is the cost of doing so, and I believe it.  It is hard to explain to a client that they may expend resources with no return on the expenditure, and yet effective use of information forensics can be a valuable part of case strategy.  Here are eight strategies to effectively control information forensic cost:

  1. Prioritize Systems. In cases where there are multiple computer systems, hard drives or electronic devices involved, try to identify which ones are more likely to contain key evidence or facts in the case.  Your expert should be willing and able to help you do this, based on the facts of the case and the role of the devices involved.
  2. Image and Hold. Perform forensic imaging of the systems and devices involved to preserve them, but unless there are other factors involved you may not need to do analysis on ALL the systems at once.  Start with the high priority systems, and then see if there is likely to be value on the other systems or devices involved.  “Image and Hold” can also be an effective early strategy for a single computing device as well.
  3. Be Selective. We are often approached with multiple cell phones and hard drives.  One of the first questions I ask is if the cell phones were potentially backed up on one of the computer systems.  If so, then we can often process the backup (or “synch”) of the cell phones just as though we had the cell phone itself.  This helps to prevent duplicating cost.
  4. Evaluate Before Analyze. Full disclosure: This is a self-serving statement, in that Vidoc Razor runs a flat-rate evaluation service, but that doesn’t make it any less true.  Your expert must be able to provide an evaluation of the computer systems involved to identify which devices are useful to a case, versus ones that are redundant or don’t contain case useful information.  Make sure that the evaluation is  in context with the case, and not a simple cookie-cutter print-out of log files.
  5. Look for Flat-Rate Services. I have heard many complaints of forensic costs that run wild because of hourly rates.  It isn’t hard for a forensic service to provide cost-effective, flat rates that still provide high-quality results.  Your expert should be interested in looking for a long-range relationship as part of your legal arsenal, rather than getting rich off of a single big case.
  6. Understand the Differences Between Data, Information, and Intelligence. This seems like semantics, but it really isn’t.  Data is a stream of un-evaluated, un-interpreted symbols.  Information is what data becomes once it is useful (in context).  Intelligence is what information becomes once it becomes fact.  Once you stop thinking about “data forensics” and start utilizing “information forensics” you can find all three in a variety of places beyond the hard drive, or as a supplement to the evaluation or analysis performed on a hard drive or cell phone.
  7. Know Your End-Game. It is easy to get caught in the flood of information that can open up in the effective use of information forensics.  It is equally easy to chase down information that doesn’t necessarily support your overall case strategy.  For each new  tributary that opens up to you, ask yourself if it is actually something that supports your end-strategy, or potentially alters it.  If not, then why spend resources to chase it?
  8. Take a Deep Breath. If I had a nickel for every time I have heard the phrase “I am completely computer illiterate”, I would be living on easy street.  In a Yogi Berra-esque way: “This ain’t rocket surgery.”  For some reason the mere exposure to electronic investigation causes people to shut down.  While information forensics can be very technical, I promise you that the average attorney has dealt with much more complicated issues.  Take a deep breath and enjoy the new strategies and brand new streams of information that open up to you and your client and augment your ability to argue your cases.

Next Post:  Effective Information Forensic Strategy

Leave a Comment » | Forensics Beyond the Hard Drive, Inforensics Opinion, Tools and Tips | Tagged: , , , , , , , | Permalink
Posted by inforensics

Stripping Anonymity From the Internet

January 13, 2011
Stripping anonymity is like peeling an informational onion. It is about tying together otherwise benign pieces of information that, in the aggregate, allow you to identify, uncover, and infer the existence of other pieces of information. 

Pieces of information across the internet can be pulled in from so-called “Dark web” sources (sounds sexy, right? It actually just refers to information that is contained in databases that are not indexed by search engines), public records, search engine indexed information, metadata information contained in posted documents (photos, PDF docs, various graphics formats, etc.), online newsgroups, social media sites to name a few.

Using these pieces of information to uncover locations, associations, activities, behaviors and motives is entirely possible (and, in fact, is done every day in active investigative work), but not in every case. As you may imagine, it is easy for the thread to get broken and for a logical disconnect to occur. The trick is to combine inductive and deductive reasoning with the real information you find, and then to develop theories about other possibly available pieces of information and test those theories.

At a certain point any investigation, electronic or otherwise, will likely require “boots on the ground” to verify assumptions.

For your reading pleasure I’ve provided a link to a popular story back in 2006 about the accidental release of “anonymous” search results by AOL and the subsequent work done by a NY Times reporter in using aggregated information about search queries to strip anonymity.

http://select.nytimes.com/gst/abstract.html?res=F10612FC345B0C7A8CDDA10894DE404482

Wikipedia entry on the same incident:

http://en.wikipedia.org/wiki/AOL_search_data_scandal

Leave a Comment » | Forensics Beyond the Hard Drive, Inforensics Opinion, Tools and Tips | Tagged: , , , , | Permalink
Posted by inforensics

Changes to FRCP 8, 26 and 56 Just Around The Corner

November 16, 2010

December 1, 2010 marks the date that some important changes to Federal Rules of Civil Procedure will take effect.

The changes will affect the following:

1. Rule 8:  General Rules of Pleading  (Last amended Aug. 1, 1987)

2. Rule 26:  Duty to Disclose; General Provisions Regarding Discovery (Last amended Dec. 1, 1993)

3. Rule 56: Summary Judgment (Last amended Dec. 1, 2009)

As an expert witness, Rule 26 is the change that has most impact to me and how I interact with my cases and my clients.  For this reason I have focused on outlining the more significant changes.  I have provided a link to the full House Document 111-111 at the bottom of this post.

The biggest change is in the wording and interpretation of Rule 26(a)(2)(C) regarding disclosures of draft copies and communication of the expert witness.  While the previous 1993 interpretation meant that all drafts, notes and communications are to be disclosed, the new Rule 26 fixes this interpretation.

Citing the “profoundly practical” argument for extending work-product protection to certain communications and all drafts of the written report, the Civil Rules Committee went on to point out the loss of “robust communication” between the attorney and the expert [1] (we all know the wild gyrations we take to avoid discoverable material) , the “tortuous steps to avoid having the expert take any notes”, and the “often futile” attempts to show that the expert was unduly influenced by the retaining lawyer. [2]

On a real-life level, I never take notes unless they are to document methodology, and unless given specific permission I avoid email and other written communication to my retaining attorney.  Report generation (unless it violates a specific order) means that I generate a report without saving it and have a remote viewing session with my retaining attorney.  This tends to create:

  • Extra phone calls to verify recollection of information,
  • Unnecessary phone tag,
  • Additional report generation time, and
  • A decrease in the retaining litigant’s view of the efficiency and effectiveness of the process.

Here are some of the highlights of the Rule 26 changes that fix the above issues:

  1. 26(a)(2)(B)(ii) has been amended to read that disclosure is to include all “facts or data considered by the witness in forming” their opinions.  This changes the previous wording of “the data or other information” verbiage that was used to imply all communications, written notes and drafts.
  2. The “Time to Disclose Expert Testimony” has been shifted to 26(a)(2)(D) and specifies the time limit for rebuttal evidence for both 26(a)(2)(B) and 26(a)(2)(C).  The new 26(a)(2)(C) deals with witnesses that are not required to provide a report.
  3. 26 (b)(4)(B) protects “drafts of any report or disclosure required under 26(a)(2), regardless of the form in which the draft is recorded.”  Essentially this makes the verbiage change in 26(a)(2) explicit.
  4. 26 (b)(4)(C) provides protection for “communications between the party’s attorney and any witness required to provide a report under Rule 26(a)(2)(B), regardless of the form of the communications”.  There are three types of communications that are exempted from this protection, though:
  • Communications that relate to compensation for the expert’s study or testimony;
  • Communications that identify facts or data that the party’s attorney provided and that the expert considered in forming the opinions to be expressed (emphasis added)
  • Communications that identify assumptions that the party’s attorney provided and the the expert relied on in forming the opinions to be expressed (emphasis added)

In short – better communication, less wild gyrations by the experts and their retaining attorney and shorter deposition without all the attempts to show undue influence. I was excited to see this discussed at Sedona and am thrilled to see the results just around the corner.

The only thing I will miss is the competitive advantage actually knowing FRCP gave me in this area vs. the numerous experts that didn’t seem to take the time.

The benefits, though, definitely outweigh this one advantage.

The link to the Supreme Court’s Approved Rules page is here:

Approved Rules Page

Direct links to the component PDF documents are below:

Rules (Clean Version)

Excerpt of the Judicial Conference Report

Excerpt of the Report of the Advisory Committee on Civil Rules

[1] 111th Congress, 2d Session House Document 111-111, page 35
Civil Rules Committee Report 5/8/2009, page 3

[2] 111th Congress, 2d Session House Document 111-111, page 25
Excerpt From The Report of the Judicial Conference 12/18/2009, page 3

2 Comments | Inforensics News | Tagged: , , , , , , | Permalink
Posted by inforensics

Qualifying An Expert Using Open Source Information

November 2, 2010

“Knowledge is of two kinds. We know a subject ourselves, or we know where we can find information upon it.” – Samuel Johnson

Those that have heard me speak on electronic forensics know well the distinction that I make between data forensics and information forensics (“inforensics“).  The distinction is very clear:  data is a stream of unevaluated symbols, and information is the point at which the symbols become useful.

The inforensics approach also encompasses the use of relevant information and evidence that extends beyond the hard drive and can be used even when there is no hard drive or direct electronic platform available.

Take for example researching experts.  Using “open source information (OSI)”, sometimes referred to as “Publicly Sourced Information”, one can research a retained or opposing expert very effectively.

What Are Your Sources?

Google is a great place to start, and for purposes of this post we will focus primarily on Google – although the attachments to this post include other resources that you may explore as well.  There is definitely “life after Google” and you should explore it.  Possible research sources can include:

  • Newsgroups
  • Social networking sites (Facebook, Myspace, LinkedIN, etc.)
  • Blogs
  • Online news resources
  • Registration databases (websites, public records, etc.)

What Types of Information Are Out There?

In general you will be working with two main categories of information on the web:

  • Indexed Information.  This is information that has been picked up, searched and indexed by a search engine.
  • “Deep Web” or “Dark Web”.  This sounds mysterious, but really just means information that is usually in a database and has not been indexed by a search engine.  The location of a particular database can be found using a search engine, but the information contained within the database is usually accessed directly via the site that provides it, not a search engine.

Registration databases tend to fall into the”Deep Web” category, whereas many newsgroups can be searched directly through Google or a search engine.

What to Look For?

You might start with making a list of information you want to know about your expert, or an opposing expert:

  • Areas that indicate bias.
  • Published works.
  • Attributed quotes.
  • Other activities.
  • Work history.
  • Multiple versions of a CV.

These are just some examples.

Where Do I Start?

Start with the “Google Cheatsheet” PDF document that I have linked to this post.  For life beyond Google you can look at the “Deep Web Cheatsheet” that is attached.

Google Cheatsheet rev. 201011

DeepWeb Cheatsheet rev 201011

Last Minute Tips

If you are not already comfortable doing so, learn how to use “Browser Tabs” in your internet browser.  This will help you organize information you find and will allow you to conduct multiple-threaded searches.

Good luck!  As always, if you are an attorney or member of law enforcement and want to contact me to ask questions feel free to do so.  This post is actually a distillation of a 1.5 hour CLE training, and an 8 hour training that has been done for TCLEOSE credits.  If your law firm, legal association, or branch of LE is interested in the full training, I am happy to help.

Leave a Comment » | Forensics Beyond the Hard Drive, Tools and Tips | Tagged: , | Permalink
Posted by inforensics

‘Dangerous’ iPhone exploit code goes public – Computerworld

August 13, 2010

‘Dangerous’ iPhone exploit code goes public – Computerworld.

This was actually predictable.

A proof of concept demonstration demonstrated an ability to “Jailbreak” iPhones over the web, with no intervention of a computer,etc. but rather through surfing to a website directly on the iPhone. The reports are that this exploit is performed through a vulnerability within Adobe PDF handling on IOS platforms (the software that iPhones, iPads, etc. use to run).

The originator of the exploit, a software hacker named “Comex”, did not initially release the code.

Throngs of people proceeded to jailbreak their iPhones in this way.  Those of us in the security and forensics world knew that an exploit would not be far behind.

On Wednesday Apple released a patch to fix the issue that enables this to happen.  Minutes later Comex released his code to the internet-at-large.

What does this all mean?

I know a large number of attorneys that use iPhones- I do too.  I also know a large number of attorneys that use PDF documents (most, if not all, of them).

Because of the complexity of the code I would give this about two, maybe three, more days before there are active attempts to inject malicious code into iPhones.  This could hit attorneys that haven’t patched especially hard because of the PDF angle.

The answer is simple:  Patch your iPhone, iPad, etc.  The patch works. I have only done limited testing, but even Comex notes that the patch stops the exploit.  Comex sent a Tweet yesterday after apple released the patch that says it all:

That was fun while it lasted. Hope you saved your SHSH. Remember that 4.1 rhymes with fun.”

(4.1 is the vulnerable version of the iPhone IOS, 4.2 is the patched version)

Leave a Comment » | Uncategorized | Permalink
Posted by inforensics

« Previous Entries
Next Entries »