Tag: newsletters

One day after iOS 6.1.3, a new iPhone lock screen bug emerges

Just a day after Apple released iOS 6.1.3 , a new lock screen bug has been discovered that could give an attacker access to private information. The vulnerability is different from the passcode bug(s) addressed by Tuesday’s iOS update, but the end result is similar: access to iPhone’s contact list and photos. The new lock screen bug was first documented by YouTube user videosdebarraquito , who posted a video demoing the procedure. The basic gist, seen in the video below, is to eject the iPhone’s SIM card while using the built-in voice controls to make a phone call. Bypassing the iPhone passcode lock on iOS 6.1.3. There are a couple important things to keep in mind, though. For one, it seems  like this bug applies to most modern iPhones, though apparently the procedure isn’t as easy as it looks. The YouTube video above shows the hack being executed on an iPhone 4, and iphoneincanada was able to replicate it on an iPhone 4. TheNextWeb was able to replicate it on an iPhone 4S but not an iPhone 5. But the iPhone 5 didn’t get away scot free, as German language site iPhoneblog.de appears to have been able to replicate the bug on that version of the phone. We have not yet seen a confirmed case of the bug existing on the iPhone 3GS, though it’s probably safe to assume that it does. Read 1 remaining paragraphs | Comments

Excerpt from:
One day after iOS 6.1.3, a new iPhone lock screen bug emerges

Finally, Feds say cops’ access to your e-mail shouldn’t be time-dependent

“When ECPA was enacted, e-mail was primarily a means of communicating information, not storing it,” said Sen. Mike Lee (R-UT) on Tuesday in a statement. Ed Yourdon On Tuesday, the Department of Justice acknowledged for the first time that the notion that e-mail more than 180 days old should require a different legal standard is outdated. This marked shift in legal theory, combined with new House subcommittee hearings and new Senate legislation, might just actually yield real, meaningful reform on the  much-maligned Electronic Communications Privacy Act . It’s an act, by the way, that dates back to 1986. As Ars’ Tim Lee wrote  in November 2012, “ECPA requires a warrant to obtain freshly sent e-mail before it’s been opened by the recipient. But once an e-mail has been opened, or once it has been sitting in the recipient’s e-mail box for 180 days, a lower standard applies. These rules simply don’t line up with the way modern e-mail systems work.” Read 14 remaining paragraphs | Comments

More:
Finally, Feds say cops’ access to your e-mail shouldn’t be time-dependent

Chameleon botnet steals millions from advertisers with fake mouseclicks

Security researchers have discovered a botnet that is stealing millions of dollars per month from advertisers. The botnet does so by simulating click-throughs on display ads hosted on at least 202 websites. Revealed and dubbed “Chameleon” by the Web analytics firm spider.io because of its ability to fool advertisers’ behavior-tracking algorithms, the botnet is the first found to use display advertisements to generate fraudulent income for its masters. In a blog post today, spider.io reported that the company had been tracking Chameleon since December of 2012. Simulating multiple concurrent browser sessions with websites, each bot is able to interact with Flash and JavaScript based ads. So far, more than 120,000 Windows PCs have been identified—95 percent of them with IP addresses associated with US residential Internet services. The company has issued a blacklist of the 5,000 worst-offending IP addresses for advertisers to use to protect themselves from fraud. While in many respects the botnet simulates human activity on webpages to fool countermeasures to clickfraud, it generates random mouse clicks and mouse pointer traces across pages. This makes it relatively easy for bot-infected systems to be identified over time. The bot is also unstable because of the heavy load it puts on the infected machine, and its frequent crashes can also be used as a signature to identify infected systems. Read 1 remaining paragraphs | Comments

See the original post:
Chameleon botnet steals millions from advertisers with fake mouseclicks

911 tech pinpoints people in buildings—but could disrupt wireless ISPs

NextNav’s enhanced 911 technology locates people within buildings—but may interfere with millions of existing devices. NextNav Cell phones replacing landlines are making it difficult to accurately locate people who call 911 from inside buildings. If a person having a heart attack on the 30th floor of a giant building can call for help but is unable to speak their location, actually finding that person from cell phone and GPS location data is a challenge for emergency responders. Thus, new technologies are being built to accurately locate people inside buildings. But a system that is perhaps the leading candidate for enhanced 911 geolocation is also controversial because it uses the same wireless frequencies as wireless Internet Service Providers, smart meters, toll readers like EZ-Pass, baby monitors, and various other devices. NextNav , the company that makes the technology, is seeking permission from the Federal Communications Commission to start commercial operations. More than a dozen businesses and industry groups oppose NextNav (which holds FCC licenses through a subsidiary called Progeny), saying the 911 technology will wipe out devices and services used by millions of Americans. Read 37 remaining paragraphs | Comments

Read this article:
911 tech pinpoints people in buildings—but could disrupt wireless ISPs

Most PC security problems come from unpatched third-party Windows apps

If you’ve got 99 security problems, odds are Microsoft’s not one—or at least it’s just a minority of them. In its annual review of software vulnerabilities , security software firm Secunia found that 86 percent of vulnerabilities discovered on systems scanned by its software in the 50 most popular Windows software packages in 2012 were attributable to third-party developers and not to Microsoft’s Windows operating system or applications. And for most of these vulnerabilities, a patch was already available at the time they were discovered. Of the top 50 most used Windows packages—including the Windows 7 operating system itself, 18 were found to have end-point security vulnerabilities, a 98 percent increase over five years ago. Of those 18 packages, Google’s Chrome and the Mozilla Firefox browser were the biggest culprits, with 291 and 257 detected vulnerabilities respectively. Apple iTunes came in third, with 243 detected vulnerabilities. The remainder of the top ten offenders were: Adobe Flash Player: 67 Oracle Java JRE SE: 66 Adobe AIR: 56 Microsoft Windows 7: 50 Adobe Reader: 43 Microsoft Internet Explorer: 41 Apple Quicktime: 29 Of the vulnerabilities documented in Secunia’s database, 84 percent had already been patched by vendors when they were discovered on systems. “This means that it is possible to remediate the majority of vulnerabilities,” said Secunia Director of Product Management Morten R. Stengaard. “There is no excuse for not patching.” Read on Ars Technica | Comments

View original post here:
Most PC security problems come from unpatched third-party Windows apps

Brazilian docs fool biometric scanners with bag full of fake fingers

Six silicone fingers, all in a row. BBC The BBC is one of several outlets carrying the bizarre story of a Brazilian doctor arrested for allegedly defrauding her employer, a hospital in the town of Ferraz de Vasconcelos, near São Paulo. At the time of her arrest, she was equipped with a total of sixteen fingers—ten of which God gave her, and six of which were crafted of silicone and given to her by coworkers. At least three of the extra fingers bore the prints of fellow doctors at the hospital. The doctor, Thaune Nunes Ferreira, 29, claims through her attorney that she was forced to use the silicone fingers to clock in to the hospital’s time card system in order to cover for absentee colleagues. “She says she was innocent because it is a condition they imposed on her to keep her job,” the attorney notes. According to the Bangkok Post and several other sources, Brazil’s Globo TV International network obtained and played footage of Ferreira clocking in to the hospital with her own permanently attached digits, then touching the same fingerprint scanner with two of the silicone fakes. The scanner produced paper time card receipts for her and the two employees to whom the silicone fingers’ prints belonged. In this way, notes the Post, “it looked like there were three doctors on duty when there was just one.” Read 2 remaining paragraphs | Comments

Link:
Brazilian docs fool biometric scanners with bag full of fake fingers

For first time, US military says it would use offensive cyberweapons

For the first time ever, the Obama administration has publicly admitted to developing offensive cyberweapons that could be aimed at foreign nations during wartime. According to an article published Tuesday night by The New York Times , that admission came from General Keith Alexander, the chief of the military’s newly created Cyber Command. He said officials are establishing 13 teams of programmers and computer experts who would focus on offensive capabilities. Previously, Alexander publicly emphasized defensive strategies in electronic warfare to the almost complete exclusion of offense. “I would like to be clear that this team, this defend-the-nation team, is not a defensive team,” Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee on Tuesday. “This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone.” Read 3 remaining paragraphs | Comments

Excerpt from:
For first time, US military says it would use offensive cyberweapons

ID thieves “dox” Joe Biden, Jay-Z, Michelle Obama, and dozens more

The front page of exposed.su. Identity thieves have posted social security numbers, credit information, and other sensitive data belonging to more than a dozen politicians and celebrities. It’s a list that includes Vice President Joe Biden, FBI Director Robert Mueller, former Secretary of State Hillary Clinton, rapper Jay Z, and actor and director Mel Gibson. The website, exposed.su, surfaced on Monday with birth dates, telephone numbers, home addresses, and in some cases credit reports for a handful of politicians and celebrities. Throughout the past 24 hours the site has published details on additional individuals. Social security numbers for Mueller, Jay-Z, and Gibson appeared to be valid, the Associated Press reported . Los Angeles Police Chief Charlie Beck, whose information was also posted on the site, hasn’t challenged the accuracy, either. Still, other journalists wrote that phone numbers purportedly belonging to former California Governor Arnold Schwarzenegger and actor Ashton Kutcher reportedly went to a movie production company and a New York-based accounting firm respectively. The site included the image of a gaunt young woman with black circles around her eyes and an index finger in front of her lips. It was headed by a quote from the Showtime TV series Dexter , in which the title character says, “If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve.” The site included an embarrassing or humorous photo related to each individual whose information was disclosed. The act of publicly documenting the private details of people is known as “doxxing,” and it came into vogue a few years ago with the growing visibility of the Anonymous hacking collective. Read 2 remaining paragraphs | Comments

Read the original post:
ID thieves “dox” Joe Biden, Jay-Z, Michelle Obama, and dozens more