security – Page 155

OPM Says 5.6 million Fingerprints Stolen In Cyberattack

mschaffer writes: The Office of Personnel Management data breach that happened this summer just got a little worse. The OPM now says that 5.6 million people’s fingerprints were stolen as part of the hacks. The Washington Post reports: “That’s more than five times the 1.1 million government officials estimated when the cyberattacks were initially disclosed over the summer. However, OPM said Wednesday the total number of those believed to be caught up in the breaches, which included the theft of the Social Security numbers and addresses of more than 21 million former and current government employees, remains the same.” Read more of this story at Slashdot.

Apple’s iOS 9 Breaks VPNs

An anonymous reader writes with a report from The Stack that researchers have discovered a crucial security problem in the latest version of iOS 9: it breaks VPN connections to corporate servers. According to the linked piece, “The flaw was first detected in the iOS 9 beta, and has not been fixed in the released version. Neither has the bug been removed in the current iOS 9.1 beta.” The workaround might not be what you want to hear, either, if you’ve happily upgraded to the latest version: it’s to downgrade to iOS 8.4.1. Read more of this story at Slashdot.

See more here:
Apple’s iOS 9 Breaks VPNs

Tracking a Bluetooth ATM Skimming Gang In Mexico

tsu doh nimh writes: Brian Krebs has an interesting and entertaining three-part series this week on how he spent his summer vacation: driving around the Cancun area looking for ATMs beaconing out Bluetooth signals indicating the machines are compromised by crooks. Turns out, he didn’t have to look for: His own hotel had a hacked machine. Krebs said he first learned about the scheme when an ATM industry insider reached out to say that some Eastern European guys had approached all of his ATM technicians offering bribes if the technicians allowed physical access to the machines. Once inside, the crooks installed two tiny Bluetooth radios — one for the card reader and one for the PIN pad. Krebs’s series concludes with a closer look at Intacash, a new ATM company whose machines now blanket Cancun and other tourist areas but which is suspected of being connected to the skimming activity. Read more of this story at Slashdot.

View the original here:
Tracking a Bluetooth ATM Skimming Gang In Mexico

D-Link Accidentally Publishes Private Code Signing Keys

New submitter bartvbl writes: As part of the GPL license, D-Link makes its firmware source code available for many of its devices. When looking through the files I accidentally stumbled upon 4 different private keys used for code signing. Only one — the one belonging to D-Link itself — was still valid at the time. I have successfully used this key to sign an executable as D-Link. A Dutch news site published the full story (translated to english with Google Translate). Read more of this story at Slashdot.

See more here:
D-Link Accidentally Publishes Private Code Signing Keys

Super Logout Logs You Out of Dozens of Services at Once

Logging out of your account when you’re done using a computer other than your own is just good security. If you use multiple accounts and want to simplify the process, Super Logout can log you out of over 30 major services at once. Read more…

See more here:
Super Logout Logs You Out of Dozens of Services at Once

GM Performs Stealth Update To Fix Security Bug In OnStar

An anonymous reader writes: Back in 2010, long before the Jeep Cherokee thing, some university researchers demonstrated remote car takeover via cellular (old story here). A new Wired article reveals that this was actually a complete exploit of the OnStar system (and was the same one used in that 60 Minutes car hacking episode last year). Moreover, these cars stayed vulnerable for years — until 2014, when GM created a remote update capability and secretly started pushing updates to all the affected cars. Read more of this story at Slashdot.

Read the original post:
GM Performs Stealth Update To Fix Security Bug In OnStar

Bugzilla Breached, Private Vulnerability Data Stolen

darthcamaro writes: Mozilla today publicly announced that secured areas of bugzilla, where non-public zero days are stored, were accessed by an attacker. The attacker got access to as many as 185 security bugs before they were made public. They say, “We believe they used that information to attack Firefox users.” The whole hack raises the issue of Mozilla’s own security, since it was a user password that was stolen and the bugzilla accounts weren’t using two-factor authentication. According to Mozilla’s FAQ about the breach (PDF), “The earliest confirmed instance of unauthorized access dates to September 2014. There are some indications that the attacker may have had access since September 2013.” Read more of this story at Slashdot.

View article:
Bugzilla Breached, Private Vulnerability Data Stolen

Subpoenaed Clinton Staffer Will Plead the Fifth Over Email Scandal Questions

The FBI is investigating whether Hillary Clinton’s use of a private email compromised national security . And now the staffer who set it up is planning to stay silent during questioning to avoid incriminating himself. Read more…

Visit site:
Subpoenaed Clinton Staffer Will Plead the Fifth Over Email Scandal Questions

LILO Bootloader Development To End

An anonymous reader writes: For any longtime Linux users, you probably remember the LILO bootloader from Linux distributions of many years ago. This bootloader has been in development since the 90’s but development is finally ending. A homepage message reads, “I plan to finish development of LILO at 12/2015 because of some limitations (e.g. with BTFS, GPT, RAID). If someone want to develop this nice software further, please let me know …” Read more of this story at Slashdot.

Colombia is conducting widescale illegal surveillance

Want to know why it’s important to have checks on mass surveillance programs? Colombia should serve as a good example. Privacy International reports that the country not only collects bulk internet and phone data on a grand scale, but violates the law in the process — it’s supposed to require judicial approval for any surveillance, but regularly ignores that oversight. Colombian agencies have also relied on controversial tools like IMSI catchers (which scoop up nearby cellphone data) and Hacking Team’s spyware, and they’ve sought to expand their powers rather than rein things in. It’s no secret that Colombia has a history of surveillance, fueled in no small part by its decades-long battles with rebels and drug cartels. And unfortunately, the pressure to keep an eye on communications isn’t likely to drop anytime soon. A Venezuelan immigrant crackdown has forced many Colombia-born residents back to their homeland, increasing tensions between the two countries. It may take a long while before the political climate is truly conducive to surveillance reform. [Image credit: AP Photo/Fernando Vergara] Filed under: Cellphones , Wireless , Internet Comments Via: The Verge Source: Privacy International Tags: colombia, hackingteam, imsicatcher, internet, privacy, security, spying, spyware, surveillance

Follow this link:
Colombia is conducting widescale illegal surveillance

Ken May

Tag: security