Skip to content

Month: December 2008

Sim City for iPhone Cheats

With the recent release of Sim City for the iPhone and iPod Touch, there has been a scurry to hunt for working cheat codes. Anyone who has played any of the original Sim City series knows that at least half the fun of the game is in the building of the city, and many times it’s nice not to have to worry about the budget management side of the game. Thus, cheat codes became desirable.

In the Sim City for the iPod game, which you should definitely purchase if you haven’t yet, cheat codes are equally important.

To enter cheat codes, you simply shake your device to trigger a box that will show up for entering the code.

So far, there are only two known working codes, and they are case sensitive:

  • i am weak – makes it free to build anything.
  • pay tribute to your king – bestows all gifts  (city hall, statue, spaceport, science research centers, etc).

So far, those are the only known working cheat codes, even though other folks have tried all of the codes from previous version of the game. If you know of any more, post them in the comments, and I’ll update this post once they are verified to work.

Practical Security: Web Browser Vulnerabilities

Secunia, a computing security clearinghouse, has issued a warning regarding a new, zero day vulnerability in the Internet Explorer web browser.  This includes Internet Explorer 5, Internet Explorer 6, and Internet Explorer 7 on fully patched Windows XP systems.

Attackers can craft web pages in such a way to use this vulnerability to issue commands on your computer.  There are active exploits currently being used on the Internet to do this.

Your safest immediate course of action is to not use Internet Explorer until a patch is issued by Microsoft.  Instead, use Firefox, Safari, or Chrome.  Unless you are using version 9.3 of Opera, you should quit using it as well.

On another note, there was an article in the news recently which named Firefox as the most insecure application of 2008.  The article is highly biased, however, and the criteria for defining insecure applications ruled out the inclusion of Internet Explorer.  Still, it’s worth a read to help raise awareness about the vulnerabilities of computing on the Internet these days.

Whatever browser you use, you should know that exploits are found in all of them.  As exploits are discovered, they are usually patched as soon as possible, and it’s well worth checking for and installing the latest versions often.  Until patches are released, however, it’s a good plan to switch browsers.

Apple Attacks On The Rise?

We here at Geekamongus are by no means partial to one operating system over another.  We love Macs, we love Linux, we love Solaris, and we love those other guys.  Seriously, in no way do we ever intend on taking sides, and articles such as this one are not to be mistaken as an attack upon a particular vendor, nor should they be misconstrued as a statement proclaiming that we prefer other platforms.

That said, some news items of late have raised a few eyebrows upon the foreheads of the security-minded regarding Apple and their operating system, OS X.  For example, there seems to be a new variant of an OS X trojan out there, according to the folks at

Judging by the responses from the opinionated users at the bottom of that article, the Mac fan base may be smart enough to avoid such malicious software.  Cynicism aside, it is clear there is an entirely untapped user base upon which Phishing attacks may be starting to prey.  One must consider the fact that people who have used Macs their whole lives may not be as familiar with such vulnerabilities, where web sites attempt to trick you into downloading a plugin with ulterior motives in mind, and that they could be more easily fooled into taking the bait.  Heck, it would seem the folks at Apple could use some tutelage about Microsoft viruses too.

Seeing as Apple still considers themselves to be rather impervious to viruses, trojans, worms, and their ilk, I don’t forsee this getting better any time soon, even though they did briefly post a note about using antivirus software on their website.  One thing Microsoft users have going for them is that they are by-and-large more aware of common Internet vulnerabilities because they run into them more often, and they must take steps to avoid them.  Some may even have received training in the workplace or from a geeky neice or nephew.

Granted, OS X is based upon a relatively secure Unix kernel and the Apple marketshare is much smaller than that of Microsoft.  That can certainly help when talking about the prevention of spreading traditional viruses, trojans, and worms.  However, when a user is unaware and clicks “OK” to download and install seemingly legitimate plugin, all bets are off.  And who know what evil is brewing in the basements of evildoing jerkfaces to target OS X itself in ways which Windows users are unfamiliar with.

PCI Compliance

The other day I had an old client forward me an email from their credit card processing company, saying that the server upon which their website was hosted failed their PCI Compliance security check.  I had never heard of this and was wary that it might be a service they were being tricked into adding on, but upon further investigation, I learned that many credit card processing companies are now instituting this new security policy, which is designed to tighten up security on web servers in order to decrease the chances of credit card theft.

This sounded all well and good, and I figured that with my background in securing servers to meet Department of Defense standards it ought to be a breeze.  Little did I know that the server in question would put up quite a battle for the lone reason that it was running Plesk, the web host management tool.  I had written off Plesk long ago, having ditched the server I had it running on after many issues with it, and I thought I would never have to work with it again, but alas…

I started Googling, of course, and found some great resources out there which cover the tightening up of Plesk in order to meet PCI compliance.

One of the best articles I found was at, which explains how to fix issues with Courier, Qmail, Apache, SSL, and iptables in case you don’t have Plesk’s Firewall add-on.

Also, a fellow by the name of DrJermy writes of his solutions about dealing with Plesk and PCI Compliance.

For some general information about what PCI compliance is all about, check out

My Take

As I worked through the PCI issues with the client who contacted me, I started realizing that the standards by which the server was being scanned were presumptuous in that they didn’t take into account back porting, as implemented by RedHat, and that they were making me fix issues which seemed rather trivial in regards to credit card processing security.

If they really wanted to do something that mattered, they should have a look at the NSA’s hardening guides.