Tag: user agreement

Malicious Cisco router backdoor found on 79 more devices, 25 in the US

ZMap.io The highly clandestine attacks hitting Cisco Systems routers are much more active than previously reported. Infections have hit at least 79 devices in 19 countries, including an ISP in the US that’s hosting 25 boxes running the malicious backdoor. That discovery comes from a team of computer scientists who probed the entire IPv4 address space for infected devices. As Ars reported Tuesday, the so-called SYNful Knock router implant is activated after receiving an unusual series of non-compliant network packets followed by a hardcoded password. By sending only the out-of-sequence TCP packets but not the password to every Internet address and then monitoring the response, the researchers were able to detect which ones were infected by the backdoor. Security firm FireEye surprised the security world on Tuesday when it first reported the active outbreak of SYNful Knock. The implant is precisely the same size as the legitimate Cisco router image, and it’s loaded each time the router is restarted. It supports up to 100 modules that attackers can tailor to the specific target. FireEye found it on 14 servers in India, Mexico, the Philippines, and Ukraine. The finding was significant, because it showed an attack that had long been theorized was in fact being actively used. The new research shows it’s being used much more widely, and it’s been found in countries including the US, Canada, the UK, Germany, and China. The researchers wrote: Read 5 remaining paragraphs | Comments

More:
Malicious Cisco router backdoor found on 79 more devices, 25 in the US

New Android lockscreen hack gives attackers full access to locked devices

Software bugs that allow attackers to bypass smartphone lockscreens are common enough for both Android and iOS devices, but like a fender bender on the highway, many of us can’t resist the urge to gawk anyway. There’s a  newly disclosed way  for someone who has a few uninterrupted moments with a handset running most versions of Android 5.x to gain complete control of the device and all the data stored on it. The hack involves dumping an extremely long string into the password field after swiping open the camera from a locked phone. Unless updated in the past few days, devices running 5.0 to 5.1.1 will choke on the unwieldy number of characters and unlock, even though the password is incorrect. From there, the attacker can do anything with the phone the rightful owner can do. The following video demonstrates the attack in action. The technique begins by adding a large number of characters to the emergency call window and then copying them to the Android clipboard. (Presumably, there are other ways besides the emergency number screen to buffer a sufficiently large number of characters.) The hacker then swipes open the camera from the locked phone, accesses the options menu, and pastes the characters into the resulting password prompt. Instead of returning an error message, vulnerable handsets unlock. Read 2 remaining paragraphs | Comments

More:
New Android lockscreen hack gives attackers full access to locked devices

Here’s why you can’t delete native iOS apps from your iPhone

Megan Geuss If you’re an iOS user, you may have a junk folder on your device full of rarely used, native apps from Apple. Banishing them to their own cluster is just about the only course of action since these apps cannot be deleted. Now, we know more about why that’s the case: in an interview with Buzzfeed, Apple CEO Tim Cook said that deleting native apps would essentially cause a domino effect in other programs on the device, possibly breaking things elsewhere in iOS. “There are some apps that are linked to something else on the iPhone,” Cook told Buzzfeed . “If they were to be removed, they might cause issues elsewhere on the phone.” While Cook didn’t detail which preinstalled apps were linked to other functions, he went on to say that not every app is connected in this way. Eventually, Apple may allow some native apps to be deleted. “Over time, I think with the ones that aren’t like that, we’ll figure out a way [for you to remove them]. … It’s not that we want to suck up your real estate.” Read 1 remaining paragraphs | Comments

Read this article:
Here’s why you can’t delete native iOS apps from your iPhone

Office 2016 confirmed for September 22 release, February for business

Microsoft today confirmed a previous leak that Office 2016 would be released on September 22nd. But the release of Office 365 ProPlus—the version of the desktop suite that comes with some Office 365 subscriptions—is a little more complex. Office 365 ProPlus, unlike the perpetually licensed, non-Office 365 version of Office, currently receives a steady trickle of monthly feature updates in addition to the security updates that all desktop Office products receive. This will continue with Office 2016—but only for one branch, the “Current Branch.” A new second branch is being created, the “Current Branch for Business” (CBB). The CBB won’t receive these monthly feature updates. Instead, those will happen three times a year—February, June, and October—and these features will lag the Current Branch by four months. Read 4 remaining paragraphs | Comments

Continue reading here:
Office 2016 confirmed for September 22 release, February for business

Apple announces iPhone 6S and 6S Plus, with 3D Touch and A9 SoC

SAN FRANCISCO—Apple has officially unveiled its newest iPhones, the 6S and 6S Plus. Like the 3GS, 4S, and 5S before them, the phones are visually similar to their predecessors, and the devices focus mainly on internal upgrades and tweaks. The new phones will be available for preorder on September 11 and will officially launch on September 18. The new phones are built out of the same 7000-series aluminum used in the Apple Watch, a change which should make them sturdier and less prone to bending. The phones retain their 4.7- and 5.5-inch screens, though, as well as the TouchID sensor and button layout used in the iPhone 6. A new color option joins the line-up, too: Rose Gold. This brings the iPhone more in line with the Apple Watch’s exterior appearance options (especially important if you’re the kind of person who clutches their pearls at the idea of your phone’s color not coordinating with your watch). Unlike the Apple Watch,though, the iPhone’s Rose Gold is just annodized aluminum, not actual-for-real Apple Gold . The front of the devices has been given a new type of glass—one which Apple calls “dual ion-exchange” glass. Behind the new face, the phones’ also have Force Touch-style pressure sensitivity, which is called “3D Touch.” The new devices also provide tactile feedback via a Taptic Engine similar to the one in the Apple Watch. In the Apple Watch, Force Touch is usually used to bring up menu items, and 3D Touch provides similar functionality on the new iPhones. Read 5 remaining paragraphs | Comments

See the original post:
Apple announces iPhone 6S and 6S Plus, with 3D Touch and A9 SoC

Static RAM created out of carbon nanotubes

We’re already at the point where the features we etch into processors are about the same size as some molecules—hemoglobin, for example, is five nanometers across. Too much smaller, and the behavior of electrons will become dominated by quantum effects, potentially causing some unpredictable behavior. One potential solution to this is to actually use individual molecules to create the features on chips. Carbon nanotubes are promising candidates, as they naturally come in both semiconducting and metallic forms. But getting the right kind of nanotubes into a structure where they perform consistently has been a challenge. Now, a team has shown that the properties of nanotubes can be manipulated and preserved in a way that could make them useful for electronics. While the work was done with populations of nanotubes rather than single molecules, it did manage to turn the nanotubes into functional RAM. Read 8 remaining paragraphs | Comments

View the original here:
Static RAM created out of carbon nanotubes

Norwegian Pirate Party provides DNS server to bypass new Pirate Bay blockade

Following a court-ordered block of The Pirate Bay and a number of other file-sharing websites in Norway, the Norwegian Pirate Party (Piratpartiet Norge) has now set up free, uncensored DNS servers that anyone can use to bypass the block. While the DNS servers are based in Norway, anyone can use them: if your ISP is blocking access to certain sites via DNS blackholing/blocking, using the Piratpartiet’s DNS servers should enable access. A few days ago, TorrentFreak reported that the Oslo District Court had sided with several Hollywood studios and domestic Norwegian rights holders in a case that sought to block a number of sites, including The Pirate Bay, Viooz, and ExtraTorrent. The court ordered that the country’s major ISPs, including Telia, TeliaSonera, NextGenTel, and Altibox, must block the sites. The Norwegian Pirate Party, as you can probably imagine, isn’t happy with the court-ordered block. In response, it has set up an unblocked DNS server—dns.piratpartiet.no—and a website that shows you how to change your DNS server settings on Windows, Mac, or Linux. Read 5 remaining paragraphs | Comments

View article:
Norwegian Pirate Party provides DNS server to bypass new Pirate Bay blockade

FBI, DEA and others will now have to get a warrant to use stingrays

The Department of Justice (DOJ) announced sweeping new rules Thursday concerning the use of cell-site simulators, often called stingrays, mandating that federal agents must now obtain a warrant in most circumstances. The policy, which takes effect immediately, applies to its agencies, including the FBI, the Bureau of Alcohol, Tobacco and Firearms (ATF), the Drug Enforcement Administration, and the United States Marshals Service, among others. “Cell-site simulator technology has been instrumental in aiding law enforcement in a broad array of investigations, including kidnappings, fugitive investigations and complicated narcotics cases,” Deputy Attorney General Sally Quillian Yates said in a statement . “This new policy ensures our protocols for this technology are consistent, well-managed and respectful of individuals’ privacy and civil liberties.” Read 15 remaining paragraphs | Comments

View article:
FBI, DEA and others will now have to get a warrant to use stingrays

Sneaky adware caught accessing users’ Mac Keychain without permission

Last month, Ars chronicled a Mac app that brazenly exploited a then unpatched OS X vulnerability so the app could install itself without requiring people to enter system passwords. Now, researchers have found the same highly questionable installer is accessing people’s Mac keychain without permission. The adware taking these liberties is distributed by Israel-based Genieo Innovation, a company that’s long been known to push adware and other unwanted apps . According to researchers at Malwarebytes, the Genieo installer automatically accesses a list of Safari extensions  that, for reasons that aren’t entirely clear, is stashed inside the Mac Keychain  alongside passwords for iCloud, Gmail, and other important accounts. Genieo acquires this access by very briefly displaying a message asking for permission to open the Safari extensions and then automatically clicking the accompanying OK button before a user has time to respond or possibly even notice what’s taking place. With that, Genieo installs an extension known as Leperdvil. The following three-second video captures the entire thing: Read 5 remaining paragraphs | Comments

Continue Reading:
Sneaky adware caught accessing users’ Mac Keychain without permission

Wikipedia blocks hundreds of linked accounts for suspect editing

The Wikimedia Foundation, the host of the online encyclopedia Wikipedia, said late Monday that it has suspended 381 accounts or “socks” that it claims accepted or charged money “to promote external interests on Wikipedia without revealing their affiliation.” The foundation said that it believed that activity from so-called “sockpuppet” accounts “were perpetrated by one coordinated group.” The foundation said that volunteer editors spent weeks investigating what it said was a violation of its terms of use . “The editors issued these blocks as part of their commitment to ensuring Wikipedia is an accurate, reliable, and neutral knowledge resource for everyone,” Wikimedia said in a statement. Read 6 remaining paragraphs | Comments

Originally posted here:
Wikipedia blocks hundreds of linked accounts for suspect editing