Apple is typically close-mouthed about problems in today’s Statement on White iPhone 4

White models of Apple’s new iPhone® 4 have continued to be more challenging to manufacture than we originally expected, and as a result they will not be available until later this year

What could be more challenging to manufacture about the color white? I am certain some will see this as an antenna redesign moment. Apple probably intends it to be taken that way. The device is glass so color really should be a non-issue. More to the point, glass is very fragile so I sincerely doubt this has anything to do with white being a more fragile color than black. Will white be the iPhone4.1?

Engadget says no, it really is just a paint issue. The problem is related to getting the appearance right:

…the factory’s still working out the perfect combination of paint thickness and opacity — the former to ensure the next sub-contractor has enough clearance for the digitizer overlay, and the latter for the absolute whiteness that Jony Ive and co. strive for

vBulletin is a popular Internet forum/bulletin-board platform. Their support site has announced a Security Patch Release 3.8.6 PL1

It has come to our attention that 3.8.6 contains a security exploit related to the FAQ.

Just two files are in the PL1 release

includes/version_vbulletin.php
install/vbulletin-language.xml

The urgent security patch, which removes a “database_ingo” phrase, comes only eight days after the release of 3.8.6. Without the patch anyone easily can login to a vBulletin powered forum as the administrator.

vBulletin also offers the following query as a fix:

DELETE FROM ” . TABLE_PREFIX . “phrase WHERE varname = ‘database_ingo’

Note: Either remove the ” . TABLE_PREFIX . ” or replace it with your database prefix as needed.

A query on database_ingo reveals the following phrase in a vulnerable database:

< phrase name = “database_ingo” date = “1271086009” username = “Jelsoft” version = “3.8.5” > config [ ‘Database’ ] [ ‘dbname’ ] } < br /> Database Host : { $vbulletin -> config [ ‘MasterServer’ ] [ ‘servername’ ] } < br /> Database Port : { $vbulletin -> config [ ‘MasterServer’ ] [ ‘port’ ] } < br /> Database Username : { $vbulletin -> config [ ‘MasterServer’ ] [ ‘username’ ] } < br /> Database Password : { $vbulletin -> config [ ‘MasterServer’ ] [ ‘password’ ] } ] ] > config [‘Database’] [‘dbname’])
Database Host: ($ vbulletin -> config [‘master server’] [‘server name’])
Database port: ($ vbulletin -> config [‘master server’] [‘port’])
Database user name: ($ vbulletin -> config [‘master server’] [‘username’])
Database Password: ($ vbulletin -> config [‘master server’] [‘password’])]]> < / phrase>

The problem here should be obvious.

Big oops.

Winnipeg police were called in after an external audit initiated by the hospital found irregularities. Police suggest the theft took place over a very long term and thus could add up to $2 million in losses from the hospital-owned ATM.

Thieves may have stolen a minimum of several hundred thousand dollars or as much as C$2 million (U.S. $1.9 million) from a nonbank-owned ATM deployed in the lobby of Misericordia Health Centre, said Constable Jason Michayshen of the Winnipeg Police Service.

“It is a large amount of money stolen from the ATM, and the theft is very significant and very concerning,” said Michayshen, who added that the thefts may have occurred over as many as 10 years.

This puts a nice perspective on the current skimming stories and threats to ATM that seem sophisticated by comparison; good old fashioned secure process and procedure for ATM deposits and withdrawals seem to be the problem. A lack of simple fraud monitoring and weak or no internal audits certainly did not help the situation.

Officials at Misericordia Health Centre must be taking a hard look at their audit and security management systems right now. I hope they have already initiated an extensive third-party review of patient files and confidentiality.