Tag: california

Apple releases iOS 7.1.2 with iBeacon, mail attachment encryption fixes

Andrew Cunningham Apple today released iOS 7.1.2, the second minor update to iOS 7.1 . The list of changes is short and focused mainly on minor bugs—it “improves iBeacon connectivity and stability,” patches a security hold whereby at-rest e-mail attachments could be accessed by an attacker if he or she had physical access to your phone, and fixes a problem with data transfers from accessories “including barcode scanners.” The e-mail attachment bug is probably the most important thing addressed by the update—it was reported widely back in April when Andreas Kurtz wrote about it on his blog . Kurtz was able to access e-mail attachments using standard tools on several different iOS devices running versions 7.1.1 and 7.0.4. As part of the iBeacon update, iOS 7.1.2 also re-enables Bluetooth on iOS devices, which we verified on an iPhone 5S by disabling Bluetooth before installing the update. Read 1 remaining paragraphs | Comments

Read the original:
Apple releases iOS 7.1.2 with iBeacon, mail attachment encryption fixes

Verizon Wireless employee stole 900 phones, made $270,000 profit on eBay

A Verizon Wireless account executive who pleaded guilty to stealing more than 900 cell phones and selling them on eBay for a profit of $272,290 was sentenced this week to 27 months in prison. James Hopkins, 35, committed the fraud throughout most of 2009 while working as a business-to-business account executive at a Verizon Wireless branch office in Trevose, PA, according to a criminal complaint. He was charged with mail fraud and sentenced in US District Court in New Jersey, where Verizon is based. “From February through November 2009, Hopkins placed numerous orders for Verizon Wireless cellular telephones, handheld devices and accessories in the names of existing Verizon Wireless customers without their knowledge,” the US Attorney’s office in New Jersey wrote in an announcement. “After arranging for the merchandise to be shipped to the home of a relative in New Jersey, the defendant manipulated Verizon’s computer database to conceal the fraudulent orders and shipments. Hopkins received $328,517 worth of stolen Verizon Wireless merchandise, which he sold on eBay for a profit of $272,290.” That amounts to a profit of about $300 for each stolen phone. Read 2 remaining paragraphs | Comments

More here:
Verizon Wireless employee stole 900 phones, made $270,000 profit on eBay

Burglar logs in to Facebook in victim’s house, forgets to sign off

Nicholas Wig. Dakota County Sheriff’s Office A 27-year-old Minnesota man appears to have violated at least two tenets of the digital age: Never log in to your Facebook account in a stranger’s house you’re burglarizing, and don’t forget to sign off if you do. Such egregious violations have led to the arrest of a South St. Paul man charged with burglary allegations. Nicholas Steven Wig is accused of stealing cash, credit cards, a watch, a checkbook, and other items. When the victim came home last week, he noticed a screen missing from a window and his house in disarray. He also discovered his home computer was open to a Facebook page of one “Nick Dub,” who turned out to be Wig, police said. Read 4 remaining paragraphs | Comments

See the article here:
Burglar logs in to Facebook in victim’s house, forgets to sign off

Are those lost IRS e-mails “unbelievable”? Not really

Former IRS official Lois Lerner giving testimony to a Congressional committee in 2013. The IRS says it can’t find her e-mails from before 2011. During a hearing held yesterday by the House Oversight Committee, Committee Chairman Darrel Issa said that it was “unbelievable” that the IRS had lost the e-mails of former IRS official Lois Lerner. While Congressman Issa is not generally ignorant on tech issues, he’s clearly not familiar with just how believable such a screw-up is. The IRS claims that many of Lerner’s e-mails were lost when the hard drive on her desktop computer crashed in 2011. In a Monday night hearing, IRS Commissioner John Koskinen told Issa and the Oversight Committee that there was no way to recover these e-mails. “If you have a magical way for me to do that,” he told Issa, “I’d be happy to hear about it.” The IRS is not the only federal agency to lose e-mails over the past few years. In fact, despite efforts at many agencies to standardize and improve e-mail by moving to services like Google Apps for Government and Microsoft Office 365 Government, many agencies still run their e-mail like it’s 1999. It’s not just a technology issue—it’s an IT policy issue, a staffing issue, and a cultural issue within government, one that the federal government shares with many private corporations. Read 12 remaining paragraphs | Comments

View article:
Are those lost IRS e-mails “unbelievable”? Not really

Microsoft wants you to trade in your MacBook Air for a Surface Pro 3

Ready to kick your MacBook Air to the curb (and wonder how much exactly in in-store credit it’s worth)? Your friendly neighborhood Microsoft Store is ready to help. Peter Bright This weekend, Microsoft Stores launched a trade-in program to encourage sales of the new Surface Pro 3 , but the trade-in promotion named only a single device : the MacBook Air, at a value of “up to $650” toward any Surface Pro 3 purchase. At the lowest specification, that trade-in amount would let buyers walk out of a Microsoft Store with an Intel i3 Surface Pro 3 for as little as $150. Though Microsoft Stores maintain a trade-in program that accepts video games, consoles, Apple iDevices, and PC laptops, this is the first promotion from Microsoft Stores that has actively sought Apple laptops—or, in this case, laptop singular. Seeing as how Microsoft has attempted to position the Surface Pro 3 as the best of both tablet and laptop worlds, the capable, paper-thin MacBook Air is the obvious recipient of Microsoft’s promotional crosshairs. We called the flagship Microsoft Store in Seattle with trade-in value questions, and while the representative said that any Macbook Air could be traded in at stores in the United States and Canada, he insisted that Microsoft won’t break down the exact trade-in value of a given Macbook Air or any other Apple hardware (iPhones, iPads, etc.) without seeing the product in person. The response came even after we tried listing off our MacBook Air’s processor, hard drive, and other specs. This stays in line with Microsoft Store policy through their own website to not disclose trade-in values. Read on Ars Technica | Comments

Read more here:
Microsoft wants you to trade in your MacBook Air for a Surface Pro 3

IE users get new protection against potent form of malware attack

a_codepoet Microsoft developers have fortified Internet Explorer with new protections designed to prevent a type of attack commonly used to surreptitiously install malware on end-user computers. The “isolated heap for DOM objects” made its debut with last week’s Patch Tuesday . Just as airbags lower the chance of critical injuries in automobile accidents, the new IE protection is designed to significantly lessen the damage attackers can do when exploiting so-called use-after-free flaws in the browser code. As the name suggests, use-after-free bugs are the result of code errors that reference computer memory objects after they have already been purged, or freed, from the operating system heap. Attackers can exploit them by refilling the improperly freed space with malicious code that logs passwords, makes computers part of a botnet, or carries out other nefarious behavior. Use-after-free flaws are among the most commonly exploited, often at great expense to end users. Recent in-the-wild attacks that targeted IE versions 9, 10, and 11 capitalized on a use-after-free bug. The bug class has been at the heart of many other real-world attacks on IE that are too numerous to count . (They have also been known to bring down Google Chrome and Mozilla Firefox.) Wei Chen, an exploit developer with Rapid 7’s Metasploit vulnerability framework, likens use-after-free exploits to sneaking tainted cookies into an already-opened bag of Oreos. Read 5 remaining paragraphs | Comments

View article:
IE users get new protection against potent form of malware attack

Credit Cards Hacked Multiple Times at Hotels, Retailers. Check Yours

You might want to be more careful in checking your credit card statements for fraudulent charges. CSO notes that Amex has had to issue three breach notifications this month, due to three separate hacks. Read more…

Read the article:
Credit Cards Hacked Multiple Times at Hotels, Retailers. Check Yours

At least 32,000 servers broadcast admin passwords in the clear, advisory warns

An alarming number of servers containing motherboards manufactured by Supermicro continue to expose administrator passwords despite the release of an update that patches the critical vulnerability, an advisory published Thursday warned. The threat resides in the baseboard management controller (BMC), a motherboard component that allows administrators to monitor the physical status of large fleets of servers, including their temperatures, disk and memory performance, and fan speeds. Unpatched BMCs in Supermicro motherboards contain a binary file that stores remote login passwords in clear text. Vulnerable systems can be detected by performing an Internet scan on port 49152. A recent query on the Shodan search engine indicated there are 31,964 machines still vulnerable, a number that may not include many virtual machines used in shared hosting environments. “This means at the point of this writing, there are 31,964 systems that have their passwords available on the open market,” wrote Zachary Wikholm, a senior security engineer with the Carinet Security Incident Response Team. “It gets a bit scarier when you review some of the password statistics. Out of those passwords, 3,296 are the default combination. Since I’m not comfortable providing too much password information, I will just say that there exists a subset of this data that either contains or just was ‘password.'” Read 5 remaining paragraphs | Comments

Visit site:
At least 32,000 servers broadcast admin passwords in the clear, advisory warns

Report: Seattle paid $17,500 to boost online reputation of city official

tdlucas5000 A newly-published document shows that Seattle’s publicly-owned electrical utility paid thousands of dollars to Brand.com to manage the online reputation of CEO Jorge Carrasco. The document , which was received and published Saturday by the Seattle Times after a public records request, shows that Brand.com charged City Light $5,000 in December 2013. As the contract states: Read 6 remaining paragraphs | Comments

Excerpt from:
Report: Seattle paid $17,500 to boost online reputation of city official