Saturday, August 1, 2009

Around The Horn vol.1,143

iPhone/GSM phones vulnerable to SMS hacks, patch coming soon

By chris.foresman@arstechnica.com (Chris Foresman) on Windows Mobile

As promised, iPhone security expert Charlie Miller, along with colleague Collin Mulliner, demonstrated a vulnerability in the SMS messaging system which can ultimately lead to hacking of an iPhone. Miller and his cohorts identified similar flaws in the Android and Windows Mobile operating systems, though no complete exploits were demonstrated. However, security researchers Zane Lackey and Luis Miras also demonstrated that the vulnerability can affect any GSM phone, though exactly how each phone reacts to the vulnerability differs.

The problem stems from the SMS system. Phones have to accept SMS messages, and these security experts have found that carefully crafted messages can be interpreted as binary instructions instead of text. Some phones may see a scrambled message—the iPhone, for instance, will show a text with just a square—or may see nothing at all. Lackey and Miras showed an exploit for a Sony Ericsson phone that simply showed the message, "New settings received. Install?" The user might easily assume the data is from a legitimate source.

Black Hat attendees warn of impending Mac OS X hacker doom

By chris.foresman@arstechnica.com (Chris Foresman) on security

Mac security researcher Dino Dai Zovi revealed a significant vulnerability in Mac OS X today at the Black Hat conference taking place in Las Vegas this week. He and other Mac security experts warn that Mac OS X could prove to be an easy target if hackers were to shift significant resources to exploiting any of its security flaws.

Dai Zovi detailed a technique that he calls "Machiavelli," which can be used to grab data, even if it is encrypted. Specifically, it relies on an exploit of Safari, the most common attack vector for Mac OS X. "There is no magic fairy dust protecting Macs," he told Reuters in an interview.

Saving us from forged DNS data: an update on DNSSEC

By iljitsch.vanbeijnum@arstechnica.com (Iljitsch van Beijnum) on web

Like so many of the Internet protocols invented decades ago, the Domain Name System has some serious security issues. Earlier this week in Stockholm, the Internet Society (ISOC), the Internet Engineering Task Force, and DNS experts provided a status update on DNSSEC, the secure DNS protocol designed to close a security hole in the bowels of the Internet that has been the target of exploits.

Researchers offer tools for eavesdropping and video hijacking

By Elinor Mills

LAS VEGAS--Showing off technology that James Bond would love, two researchers at Defcon on Friday demonstrated tools that allow people to eavesdrop on video conference calls and intercept surveillance camera video.

An attacker needs to be in the same building as the victims to carry out the man-in-the-middle attacks over ...

Apple fixes iPhone SMS flaw

By Jim Dalrymple

Apple on Friday fixed an SMS-related security flaw in the iPhone that had been at the center of one of the most talked-about exploits at this week's Black Hat security conference.

"We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms," Apple representative ...

Microsoft acknowledges Windows 7 activation leak

By Dong Ngo

Alex Kochis, Microsoft's director of Genuine Windows, posted a blog late Thursday addressing the "leak of a special product key" of Windows 7 RTM (release to manufacturers). This confirmed the rumor on Tuesday that an ISO file of Windows 7 RTM sent to Lenovo that ...

NASA hacker loses bid to avoid extradition

By David Meyer, Tom Espiner

Gary McKinnon has lost his high court bid in the U.K. to avoid extradition to the U.S. for hacking into military systems.

McKinnon had tried to argue that former home secretary, Jacqui Smith, was legally wrong to push for the extradition despite ...

An SMS can force a URL or app on smartphones

By Elinor Mills

LAS VEGAS--In one of a handful of SMS-related presentations here at the Black Hat security show, researchers demonstrated on Thursday how they can force certain types of smartphones to ...

McAfee acquiring MX Logic, delivers solid outlook

By Larry Dignan

This was originally published at ZDNet's Between the Lines.

McAfee on Thursday announced it's acquiring MX Logic, which provides on-demand e-mail, continuity, and Web services, for $140 million in cash.

The move is designed to bolster McAfee's security as a service lineup. Security software vendors ...

Adobe patches critical Flash hole

By Stephen Shankland

Adobe has released a patch for a critical Flash Player problem that could let attackers take over people's computers through content viewed in a browser.

The vulnerability affected a file that shipped with Flash Player 9.x and 10.x for Windows, Mac OS X, and Linux, and with ...

Hackers: We can bypass San Francisco e-parking meters

By Declan McCullagh

A three-man team of programmers and engineers announced on Thursday that it has found a way to park for free by bypassing the security of "smart" parking meters used in cities including San Francisco, which has about ...

Researchers can attack mobile phones via spoofed SMS messages

By Elinor Mills

LAS VEGAS--Researchers at the Black Hat security conference on Thursday showed how an attacker could spoof a type of SMS message that appears to be sent from the carrier or some other trusted source.

This attack on MMS (multimedia messaging service) messages, a type of SMS message, could allow an ...

Symantec: Shorter contracts ding earnings

By Larry Dignan

This was originally published at ZDNet's Between the Lines.

Symantec's fiscal first quarter fell short of expectations as corporate customers opted for shorter-term maintenance and license renewals.

The company, which makes security and storage software, reported first-quarter net income of $73 million, or 9 cents a share, down ...

Jailbreaking iPhone could pose threat to national security, Apple claims

By Dong Ngo

I just got my new iPhone 3GS the other day and the first thing I did with it was get it jailbroken, just how I handled my iPhone 3G.

This time around, it was not really because I was in dire need of any extra functionality (the 3GS now can ...

5 Tips for Safe Tweeting

By Rik Ferguson on Twitter

  If you use, or are thinking of joining the estimated 32 million people who are already using the micro-blogging service Twitter, then here are 5 security tips for you consider.   1.     Consider *everything* you post, at least three times, before you post it. There is currently no effective means of deleting or recalling public tweets.   2.     Never share [...]

sqlmap 0.7 Released – Automatic SQL Injection Tool

By Darknet on web-application-security

We’ve been following sqlmap since it first came out in Feburary 2007 and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008. For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection [...]

Chinese Firm Writes First SMS Worm

By Darknet on yxe worm

Ah another first, and once again China is at the forefront! We recently reported about a Chinese company sharing their huge malware database and now a group of Chinese companies has managed to develop the first SMS worm! It’s a pretty cool concept, abusing the Symbian Express Signing procedure. It reminds me of the heydays of [...]

Mobile Security Still Not Caught up to the Hype

In Mobile malware

Mobile security is a serious issue, as recent research has shown. However, it is important to distinguish between the actual threat and hyperbole. 

Rolling Review: Symantec's DLP-9

Symantec's DLP software provides robust leak prevention for endpoints and on the network.

Hacker Gary McKinnon Loses Extradition Appeal

Fighting to avoid what he fears will be unfair treatment from U.S. courts, U.K. hacker Gary McKinnon lost another appeal in his attempt to avoid being extradited.

Apple Fixes iPhone SMS Vulnerability

Moving to close a hole revealed at the Black Hat security conference on Thursday, Apple has released iPhone OS 3.0.1.

Black Hat: Social Networks Reveal, Betray, Help Users

Researchers at security conference show how social networks can reveal more than users intend.

Black Hat: Mac OS X Rootkit Debuts

The development of a proof-of-concept rootkit for Mac OS X reinforces the fact that security concerns aren't just for Windows users.

Black Hat: Android, iPhone SMS Flaws Revealed

Security researchers have identified several SMS vulnerabilities that can be used to deny service to mobile phones. They're presenting on Thursday but their findings have been published.

Remote BIND 9 DoS Vulnerability Patched

By Denys Ma on Add new tag

A new, remotely exploitable denial-of-service (DoS) vulnerability affecting BIND Version 9 was reported by ISC on July 28. It’s also reported that exploits have been seen in the wild.  Because BIND is widely used, these attacks can affect many critical infrastructures. Here’s a little description of the problem. The vulnerability exists in the DNS dynamic-update request [...]

iPhone Virus: What You Need to Know

The iPhone's security flaws were laid bare at the Black Hat Conference in Las Vegas yesterday, and now the smartphone-clutching public has boiled itself into a frenzy. But how serious is this supposed iPhone virus, and what can be done to protect your iPhone from infection? Here is what we know, and why you probably shouldn't worry.

Adobe patches 12 Flash bugs, 3 caused by Microsoft

Adobe on Thursday patched a dozen vulnerabilities in Flash Player, including three it inherited from faulty Microsoft development code and one that hackers have been exploiting for at least a week.

Conficker talk sanitized at Black Hat to protect investigation

A talk at Black Hat had to be scaled back because it contained information about Conficker that might tip investigators’ hand and send the perpetrators further underground, says F-Secure's chief research officer.

Practicing safe surfing can derail attempts to cruise ‘Net anonymously

A Google service that helps protect Internet surfers from malicious sites also gathers data about browsing activities that users are trying to keep secret, a researcher told Black Hat attendees.

Sophos: MI5 hack is warning to all website owners

Security firm Sophos is warning website publishers to be wary of a group of cybercriminals that managed to hack into MI5's website.

NASA hacker loses appeal against extradition

NASA hacker Gary McKinnon has once again lost his fight against extradition to the US.

P2P ban plan for government gets mixed response

A proposal to introduce a bill seeking to formally ban the use of peer-to-peer (P2P) file sharing applications on government and contractor networks is evoking a mixed response.

The Macalope Weekly: R.I.P. Apple Tablet

Can it be? Is the device we already started saving up an undetermined amount of money to buy because we don't even know how much it costs yet dead on before arrival?! Or is it coming to CES with Apple? And an iPhone bug lets the Macalope ride one of his favorite hobby horses: Apple and security.

Defense stalwarts building cybersecurity CSI

Northrop Grumman has become the latest defense contractor to go whole hog into cyber threat monitoring and detection. The defense giant said it has opened cyber threat detection and response center staffed around-the-clock, providing security monitoring for more than 105,000 clients and 10,000 servers worldwide.

Meter hackers find free parking in San Francisco

San Francisco's ambitious plans to roll out computerized smart parking meters have hit a snag: They can be hacked for free parking.

More holes found in Web's SSL security protocol

Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet.

Open-source project aims to makes secure DNS easier

A group of developers has released open-source software that gives administrators a hand in making the Internet's addressing system less vulnerable to hackers.

Disney, Universal demand closure of The Pirate Bay

Disney and Universal Studios are among 13 production companies that are trying to get BitTorrent search engine the Pirate Bay closed.

Fake anti-virus programs set to rule the roost

The phenomenon of fake anti-virus (AV) software is growing at such a pace that it could grow to eclipse all other types of malicious software, one security company has suggested.

UnboundID adds proxy server to directory lineup

Directory and identity start-up UnboundID completed its directory lineup with the release of a proxy server that provides users with load balancing, failover and extra security controls.

Surveillance camera hack swaps live feed with spoof video
Reliving Thomas Crown

Defcon Corporate teleconferences and other sensitive video feeds traveling over internet are a lot more vulnerable to interception thanks to the release of free software tools that offer penetration testers and attackers a point-and-click interface.…

Apple patches Black Hat SMS vuln
Claims 24 hour turnaround

Yesterday, The Reg reported that researchers had discovered a vulnerability in the iPhone and other mobile devices that made them vulnerable to an SMS hack.…

Flash update plugs zero-day Adobe vuln
Plethora of patches perplexes punters

Adobe released an update to its Flash Player software on Thursday, completing a busy week of security updates from the software developer.…

McAfee gobbles up MX Logic for cloud security push
Splashes out again with SAAS-y purchase

McAfee has agreed to buy email and filtering services firm MX Logic for $140m in cash, followed by a further $30m, providing performance targets are met.…

Hijacking iPhones and other smart devices using SMS
No user interaction necessary

Black HatUpdate: Apple says it has patched the vulnerability described below. The full story is here

Meter insecurity raises specter of free parking hacks
Cloned card could allow unlimited parking

Black Hat Hackers have figured out a way to trick San Francisco's computerized parking meter system into giving away unlimited free parking by cloning the smart cards used to pay fees.…

Cisco patches DoS vuln pair in IOS
No exploit spotted

Cisco has issued a pair of updates today patching two remote denial of service vulnerabilities affecting certain devices running its Internetwork Operating System (IOS).…

MI5 website vuln builds mountain out of molehill
Team Elite: Mission Implausible

Hackers have uncovered information security shortcomings involving MI5's website, even though the problem is nowhere near as severe as one tabloid paper claims.…

Intel warns over bare-metal BIOS bug
Set bug panic meters to 'important'

Intel has warned that some of its motherboards contain a flaw in their BIOS setup that creates a privilege escalation vulnerability.…

Tiny typo blamed for massive IE security fail
That'll teach you to keep your ampersands in order

One small typo in Microsoft's code caused the security vulnerability that prompted Microsoft to release an out of sequence patch on Tuesday, it has emerged.…

Adobe Patch is out, (Fri, Jul 31st)

It looks like today will be patch day for a lot of folks. It appears that Adobe has rele ...(more)...

The iPhone patch is out, (Fri, Jul 31st)

Just what we have been waiting for - the patch is out. We have received confirmation that the ...(more)...

Google Safe Browsing, (Fri, Jul 31st)

Last night one of our long time readers sent me an email that had a link to a Google Safebrowsing Di ...(more)...

Don't forget to tell your SysAdmin Thanks, (Fri, Jul 31st)

I had totally forgotten that this is indeed a special day! A holiday of sorts for me and all S ...(more)...

iPhone Hijack, (Thu, Jul 30th)

We received some information today about a bug in the iPhone OS that may cause some pretty s ...(more)...

Happy patching day, (Thu, Jul 30th)

With the DNS issues, Microsoft OOBpatch and the Flash issue a couple of other things may have ...(more)...

P2P Leaks of Government Data Prompt Promise of Legislation (July 29 & 30, 2009)

US Representative Edolphus Towns (D-NY) plans to introduce legislation prohibiting the use of peer-to-peer (PP2) filesharing software on government and government contractor computers.......

Smart Grid Grant Applicants Must Demonstrate They Take Security Seriously (July 28, 2009)

The US Department of Energy says that companies hoping for federal grants designated for the country's smart grid will first need to demonstrate that they have implemented policies and procedures to protect their systems from cyber attacks.......

AT&T Blocked 4chan to Prevent DDoS Attack From Spreading (July 28, 2009)

AT&T says it blocked access to parts of the 4chan website to prevent a distributed denial-of-service (DDoS) attack from spreading and affecting service for other AT&T customers...

Research Shows Digital Certificate Warnings are Ineffective (July 28 & 29, 2009)

Researchers at Carnegie Mellon found that digital certificate warnings are not an effective security tool.......

Dutch Spammer Fined (July 28 & 29, 2009)

A Dutch spammer has been fined 250,000 euro (US $353,000) by the Dutch Independent Post and Telecommunications Authority (OPTA).......

Center for Democracy & Technology Seeks Information About Computer Monitoring System (July 28, 2009)

The Center for Democracy & Technology (CDT) has published a report calling for the US government to release information about the Einstein computer monitoring system.......

Fixes Available for BIND Vulnerability (July 29, 2009)

The Internet Software Consortium has issued an urgent alert warning of a security flaw in BIND that can be exploited to crash vulnerable Domain Name System (DNS) servers using a single maliciously crafted dynamic update packet.......

Adobe Releases Flash Player Security Update (July 30, 2009)

Adobe has issued security updates to fix a critical vulnerability in Flash Player.......

Typo Responsible for Out-of-Cycle Microsoft Patch (July 29 & 30, 2009)

The critical vulnerability Microsoft addressed in an out-of-cycle security release earlier this week is due to an extra character in the code.......

Microsoft Issues Two Out-of-Cycle Bulletins (July 28, 2009)

Microsoft released two out-of-cycle security bulletins to address a critical remote code execution flaw in the Microsoft Active Template Library (ATL).......

Clampi Trojan Steals Account Data (July 29, 2009)

The Clampi Trojan horse program has proven it is capable of stealing account information related to more 4,600 companies around the world.......

Scareware Purveyors are Turning a Hefty Profit (July 29, 2009)

According to statistics from Panda Security, an estimated 35 million computers are infected with scareware, also known as rogueware, every month.......

Undersea Cable Damage Causes Internet Outages in West Africa (July 30, 2009)

A cable disruption of an unknown nature has caused Internet connectivity problems in West Africa.......

INVITATION TO PARTICIPATE IN NATIONAL DIALOGUE FOR QUADRENNIAL HOMELAND SECURITY REVIEW

The Department of Homeland Security is in the process of completing the first ever congressionally- mandated Quadrennial Homeland Security Review (QHSR), a top-to-bottom review that will inform the Department of Homeland Security's policies and priorities for the next four years.......

Researchers say search, seizure protection may not apply to SaaS data

By Robert Westervelt

Researchers examining cloud computing security issues presented a number of technical and legal hurdles that Software as a Service users could face.

DoD urges less network anonymity, more PKI use

By Robert Westervelt

U.S. Department of Defense CISO Robert Lentz went down a laundry list of security technologies needed to protect both private and government networks from cybercriminals. The age of anonymity on networks needs to come to a close to improve national cybersecurity, Lentz said at Black Hat 2009.

McAfee to acquire email SaaS vendor MX Logic

By Neil Roiter and Marcia Savage

McAfee will acquire MX Logic, one of the few remaining independent email security SaaS vendors, for $140 million in cash in a deal announced Thursday.

Machiavelli Mac OS X rootkit unveiled at Black Hat

By Michael S. Mimoso

Researcher Dino Dai Zovi presented details on a rootkit called Machiavelli, a proof-of-concept Mac OS X rootkit that seeks to dent what many Mac enthusiasts believe is an impervious OS.

WASC Web Honeypot Project enters next phase

By Robert Westervelt

Ryan Barnett of Breach Security and leader of the WASC Honeypot Project talks about phase three of the project, which uses an open proxy server to analyze Web attack data.

New Cisco IOS bugs pose tempting targets, says Black Hat researcher

By Robert Westervelt

VoIP implementations, basic coding within the devices and few router security features have made them an increasingly attractive target.

Microsoft kill-bits, browser plug-ins pose big risks, say Black Hat researchers

By Robert Westervelt

Researchers at Black Hat say complex interoperability flaws affect browser plug-ins that transmit data between different components of an OS. The holes could be exploited to gain access to a system.

Kaminsky reveals key flaws in X.509 SSL certificates at Black Hat

By Michael S. Mimoso

Researcher Dan Kaminsky returned to Black Hat with new research on X.509 certificates, explaining an attack method that could enable malicious hackers to spoof legitimate SSL certificates..

Cisco IOS Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities

Recent versions of Cisco IOS Software support RFC4893 ("BGP Support for Four-octet AS Number Space") and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates.

HP-UX Running Kerberos Denial Of Service And Execution Of Arbitrary Code

Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code.

Joomla! Multiple Full Path Disclosure Vulnerabilities

This vulnerability could allow a malicious user to view the internal path information of the host due to some files were missing the check for JEXEC.

Cisco Wireless LAN Controllers Multiple Vulnerabilities

Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms.

Drupal 6 Date and Calendar XSS Vulnerability

The Calendar module suffers from a cross site scripting (XSS) vulnerability due to the fact that it does not properly sanitize names during display.

Apple Fixes iPhone SMS Vulnerability Highlighted at Black Hat

Apple has swatted a bug in the iPhone that security researchers Charlie Miller and Collin Mulliner spotlighted at the Black Hat security conference in Las Vegas. 

British Hacker Loses Latest Try to Block Extradition

Gary McKinnon, the British hacker accused of breaking into U.S. military computers, lost his latest attempt at avoiding extradition to the United States. McKinnon is accused of hacking computers at the Pentagon, NASA and the U.S. Army and Navy in 2001 and 2002.

Adobe Flash Vulnerabilities Plugged in Security Update

Adobe updates its Flash software to patch several security issues, including a vulnerability being exploited by attackers. Among the vulnerabilities being patched are flaws in Microsoft's Active Template Library, which was used by Adobe during its development process.

McAfee to Buy MX Logic to Build SAAS Business

McAfee agrees to buy security vendor MX Logic for $140 million to bolster its software-as-a-service business. The deal follows McAfee's recent announcement that it will be looking to expand its SAAS footprint among enterprises.

Black Hat '09 Shines Light on Security

The Black Hat security conference wrapped up today in Las Vegas. For those who couldn't attend, here are a few of the stories that came out of it.

PCI Compliance Only the Start of Security

Reports that companies involved in some of the latest data breaches were PCI-compliant continues to spark discussion of whether PCI is a solid measuring stick for overall security. Industry observers say yes, but businesses need to change their check-list approach.

Following the Money: Rogue Anti-virus Software

In Web Fraud 2.0

By its very nature, the architecture and limited rules governing the Web make it difficult to track individuals who might be involved in improper activity. Cyber-sleuths often must navigate through a maze of dead-end records, pseudonyms or anonymous corporations, usually based overseas. The success rate is fairly low. Even if you manage to trace one link in the chain -- such as a payment processor or Web host -- the business or person involved claims that he or she was merely providing a legal service to an unknown client who turns out to be a scammer. But every so often, subtle links between the various layers suggest a more visible role by various parties involved. This was what I found recently, when I began investigating a Web site name called innovagest2000.com. This Innovagest2000 domain has for at least four years now been associated with spyware and so-called "scareware,"

Critical Update for Adobe Flash Player

In New Patches

Adobe Systems Inc. today issued a security update to its Flash player to plug at least a dozen security holes in the software, including some that hackers have been using in to break into vulnerable systems. The latest update brings Flash player to version 10.0.32.18. Updates are available for most Flash installations on Windows, Mac and Linux machines.

Clampi Trojan: The Rise of Matryoshka Malware

In Fraud

Last week, Security Fix told the online banking saga of Slack Auto Parts, a company in Georgia that lost nearly $75,000 at the hands of an extremely sophisticated malicious software family known as "Clampi". I only mentioned the malware in passing, but it deserves a closer look: Research released this week by a top malware analyst suggests that Clampi is among the stealthiest and most pervasive threats to Microsoft Windows systems today.

Apple warns iPhones vulnerable; fixes bug (Reuters)

In technology

Reuters - Apple Inc has released an iPhone software patch to fix a critical software bug uncovered by two independent researchers that make the devices susceptible to secret attacks by hackers.

Apple says it's fixed iPhone SMS vulnerability (AP)

In technology

AP - Apple Inc. says it has fixed an iPhone vulnerability that lets hackers knock people offline — and possibly take over the phones — by sending them specially crafted text messages.

Essential Security Fixes for Adobe Flash, Reader, Acrobat and AIR (PC World)

In technology

PC World - Adobe has issued a range of patches for its most popular software to head off malware-pushing assaults that use poisoned PDF files to trigger a flaw in Flash.

O2 says iPhone SMS patch imminent (Macworld.com)

In technology

Macworld.com - Don't fear the square text message! British wireless provider O2 told the BBC that Apple will shortly be rolling out a patch for the recently uncovered SMS vulnerability that could allow hackers to remotely take control of phones.

UK court rejects hacker's bid to avoid extradition (AP)

In technology

AP - Britain's High Court on Friday rejected an autistic British man's bid to avoid extradition to the United States to face trial for hacking into military computers.

Update: Apple Reportedly Patches iPhone SMS Flaw (PC Magazine)

In technology

PC Magazine - Apple will patch a critical security flaw on the iPhone that could let malicious hackers disable or take over any of the devices, a UK carrier told the BBC today.

British Court Allows Hacker to be Extradited to U.S. (PC World)

In technology

PC World - A British hacker who broke into U.S. government computer systems seeking evidence of alien life has failed in his latest efforts to block extradition to the U.S. to face trial.

British hacker loses bid to avoid US extradition (AFP)

In technology

AFP - A Briton accused of hacking into US military and NASA computers on Friday lost his latest legal bid to avoid extradition to the United States.

Court Allows Extradition of British Hacker to Proceed (PC World)

In technology

PC World - A British hacker who broke into U.S. government computer systems seeking evidence of alien life has failed in his latest efforts to block extradition to the U.S. to face trial.

Researchers: iPhone Vulnerable to Attacks (PC Magazine)

In technology

PC Magazine - Security experts have uncovered flaws in Apple Inc's iPhone that they said hackers can exploit to take control of the popular device, using the tactic for identity theft and other crimes.

Anti-theft software could create security hole (AP)

In technology

AP - A piece of anti-theft software built into many laptops at the factory opens a serious security hole, according to research presented Thursday.

McAfee 2Q profit slides 40 pct, tops analyst views (AP)

In business

AP - McAfee Inc.'s second-quarter financial performance exceeded analyst expectations amid rising demand for the software maker's computer security products.

U r pwned: text messaging paves way for hacking (AP)

In technology

AP - Getting a text message is akin to someone sliding a piece of mail under your door: You may not have asked for it, you can't stop its delivery and you have to deal with it whether you want to or not.

Meter Hackers Find Free Parking in San Francisco (PC World)

In technology

PC World - San Francisco's ambitious plans to roll out computerized smart parking meters have hit a snag: They can be hacked for free parking.

iPhone vulnerable to hacker attacks: researchers (Reuters)

In technology

Reuters - Security experts have uncovered flaws in Apple Inc's iPhone that they said hackers can exploit to take control of the popular device, using the tactic for identity theft and other crimes.

Open-source Project Aims to Makes Secure DNS Easier (PC World)

In technology

PC World - A group of developers has released open-source software that gives administrators a hand in making the Internet's addressing system less vulnerable to hackers.

Mac Flaw Could Let Hackers Get Scrambled Data (PC Magazine)

In technology

PC Magazine - A Mac security expert has uncovered a technique that hackers could use to take control of Apple Inc computers and steal data that is scrambled to protect it from identity thieves.

Researchers find insecure BIOS 'rootkit' pre-loaded in laptops

By Ryan Naraine on Vulnerability research

LAS VEGAS — A popular laptop theft-recovery service that ships on notebooks made by HP, Dell, Lenovo, Toshiba, Gateway, Asus and Panasonic is actually a dangerous BIOS rootkit that can be hijacked and controlled by malicious hackers. The service — called Computrace LoJack for Laptops — contains design vulnerabilities and a lack of strong authentication  that [...]

Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities

In Cisco Security Advisory

Recent versions of Cisco IOS Software support RFC4893 ("BGP Support for Four-octet AS Number Space") and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates.

Apple Releases Fix for iPhone SMS Vulnerability (PC Magazine)

In technology

PC Magazine - Apple on Friday confirmed that it has issued an update to fix a security glitch on the iPhone that could have allowed hackers to disable or take over the smartphones.

No comments:

Post a Comment

My Blog List