Tag: security

Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

mrflash818 writes: A new report from analytics service SourceDNA found that roughly 1, 500 iOS apps (with about 2 million total installs) contain a vulnerability that cripples HTTPS and makes man-in-the-middle attacks against those apps easy to pull off. “The weakness is the result of a bug in an older version of the AFNetworking, an open-source code library that allows developers to drop networking capabilities into their apps. Although AFNetworking maintainers fixed the flaw three weeks ago with the release of version 2.5.2, at least 1, 500 iOS apps remain vulnerable because they still use version 2.5.1. That version became available in January and introduced the HTTPS-crippling flaw.” Read more of this story at Slashdot.

View post:
Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

Tech vs. terror: Drones and data fight a new battle against poachers

When night falls, danger unfolds at the uMkhuze Game Reserve. And while some of the world’s most deadly predators—ranging in size from hyenas to lions—coexist next to African elephants, giraffes, and more within this massive, 140 square mile natural area, they aren’t the only creatures out hunting at night. This particular section of the iSimangaliso Wetland Park in KwaZulu-Natal, South Africa plays host to one of the country’s most profitable, albeit illegal, industries: poaching. In Africa, it’s a $70 billion business. Organized crime rings dabbling in poaching often carry ties to other smuggling industries like narcotics and weapons; some even connect with terrorist organizations. In this specific target area, rhinos most often land in the criminal crosshairs, with over 3,800 killed in South Africa alone over the past seven years. Their horns allegedly sell for $65,000 per kilogram as poachers look to profit from ivory and rhino horn powder. On the evening of November 4, 2014, two poaching suspects entered the reserve. One carried a .458 caliber rifle outfitted with a silencer. A cane knife—a long, machete-like tool used for harvesting—may have also been involved. Nearly 80 rhinos had been poached already that year; more seemed destined for the tally. But by chance, four park rangers noticed suspicious movement while on foot patrol that evening. A firefight ensued. Read 30 remaining paragraphs | Comments

More:
Tech vs. terror: Drones and data fight a new battle against poachers

$17 radio amp lets thieves steal Priuses

If your car has a proximity-based ignition fob that lets you start the engine without inserting a key, thieves on the street in front of your house can use an amp to detect its signal from your house and relay it to the car, getting away clean. Read the rest

Excerpt from:
$17 radio amp lets thieves steal Priuses

LG Split Screen Software Compromises System Security

jones_supa writes: The Korean electronics company LG ships a split screen tool with their ultra wide displays. It allows users to slice the Windows desktop into multiple segments. However, installing the software seriously compromises security of the particular workstation. The developers required administrator access for the software, but apparently they hacked their way out. The installer silently disables User Account Control, and enables a policy to start all applications as Administrator. In the article there is also a video presentation of the setup procedure. It is safe to say that no one should be running this software in its current form. Read more of this story at Slashdot.

Originally posted here:
LG Split Screen Software Compromises System Security

Popular Android Package Uses Just XOR — and That’s Not the Worst Part

siddesu writes A popular ‘encryption’ package for Android that even charges a yearly subscription fee of $8, actually does nothing more than give false sense of security to its users. Not only is the app using a worthless encryption method, it also uses weak keys and ‘encrypts’ only a small portion of the files. One wonders how much snake oil flows through the app stores, from ‘battery savers’ to ‘antivirus’. What is the most worthless app purchase you made? Did you ask for a refund? Read more of this story at Slashdot.

View article:
Popular Android Package Uses Just XOR — and That’s Not the Worst Part

It’s Very, Very Easy for Hackers to Steal Your IRS Account

The only thing that sucks worse than doing taxes is a hacker stealing your identity, doing your taxes for you, and then depositing your return in a random bank account, where it can later be transferred to Nigeria. Sound impossible? It’s not, according to the story of an unlucky man named Michael Kasper. Read more…

See the original post:
It’s Very, Very Easy for Hackers to Steal Your IRS Account

AT&T’s plan to watch your Web browsing—and what you can do about it

If you have AT&T’s gigabit Internet service and wonder why it seems so affordable, here’s the reason—AT&T is boosting profits by rerouting all your Web browsing to an in-house traffic scanning platform, analyzing your Internet habits, then using the results to deliver personalized ads to the websites you visit, e-mail to your inbox, and junk mail to your front door. In a few select areas including Austin, Texas, and Kansas City, Missouri—places where AT&T competes against the $70-per-month Google Fiber—Ma Bell offers its own $70-per-month ” GigaPower ” fiber-to-the-home Internet access. But signing up for the deal also opts customers in to AT&T’s “Internet Preferences” program, which gives the company permission to examine each customer’s Web traffic in exchange for a price that matches Google’s. AT&T charges at least another $29 a month ($99 total) to provide standalone Internet service that doesn’t  perform this extra scanning of your Web traffic. The privacy fee can balloon to more than $60 for bundles including TV or phone service. Certain modem rental and installation fees also apply only to service plans without Internet Preferences. Read 67 remaining paragraphs | Comments

Read More:
AT&T’s plan to watch your Web browsing—and what you can do about it

Hack Air-Gapped Computers Using Heat

An anonymous reader writes Ben-Gurion University of the Negev (BGU) researchers have discovered a new method to breach air-gapped computer systems called “BitWhisper, ” which enables two-way communications between adjacent, unconnected PC computers using heat. BitWhisper bridges the air-gap between the two computers, approximately 15 inches apart that are infected with malware by using their heat emissions and built-in thermal sensors to communicate. It establishes a covert, bi-directional channel by emitting heat from one PC to the other in a controlled manner. Also at Wired. Read more of this story at Slashdot.

Read more here:
Hack Air-Gapped Computers Using Heat

A look at Android 5.1: speed, security, tweaks

Four months after the first release of Android 5.0 Lollipop , Google has followed up with a second version: Android 5.1. The speedy turnaround time compared to Android 5.0 (which appeared a year after 4.4) means that there aren’t many large-scale changes to look at—but the release does feature numerous little improvements and tweaks. It’s faster! (on the Nexus 6, at least) Ron Amadeo 5.1 brings much faster random read and write speeds to the Nexus 6, and the Nexus 5 improves a little, too. 3 more images in gallery 5.1 seems to have eliminated many of the performance issues with the Nexus 6. When we initially reviewed the device, the Nexus 6 was slower at loading apps and switching tasks than the older Nexus 5 had been. With 5.1, the newer phone feels much snappier; with non-game apps, it can now keep pace with the Nexus 5. On benchmarks, we’re seeing much higher random read and write scores on the Nexus 6 with 5.1; random read gets a 2x speed boost, while random write is a whopping 9x faster. The same dramatic speed boosts aren’t present on the Nexus 5, and we suspect the difference is that the Nexus 6 is encrypted while the Nexus 5 is not. According to Francisco Franco , a longtime third-party Android kernel developer, Google is now using NEON instructions on the Nexus 6 to speed up encryption performance. Performance could be further improved by enabling hardware-accelerated encryption, which the Nexus 6 still doesn’t use, but Google has been experimenting with the feature in the Android Open Source Project. Read 7 remaining paragraphs | Comments

Read More:
A look at Android 5.1: speed, security, tweaks