Posts Tagged ‘exploit’

As one of the largest sites on the internet, there’s no doubt that Facebook is a prime target for hackers. It looks like some of those hackers were apparently successful — Facebook has just admitted that its systems were targeted last month in a “sophisticated attack.” However, the company was quick to point out that “we have found no evidence that Facebook user data was compromised.” It sounds like users have no need to worry at this point, but Facebook is continuing to work with its internal engineering teams, security teams at other companies targeted by the attack, and law enforcement officials in an effort to make sure such an attack doesn’t happen again. As for the attack itself, Facebook says that a “handful” of employees… Continue reading…

See more here:
Facebook hacked, but has found ‘no evidence’ that user data was compromised

Microsoft is today resolving a nasty vulnerability that targets old versions of Internet Explorer and allowed a user’s PC to be overtaken if the browser was steered to select malicious websites. After it was initially found last month, Microsoft offered up a few workarounds and a standalone patch to avoid the flaw, which threatens versions 6, 7, and 8 of Internet Explorer. But today’s security update should eliminate the vulnerability for good. Microsoft says that to date, just a “limited number” of customers have fallen victim to the zero-day exploit, but admits ” the potential exists that more customers could be affected in the future.” As such, the update has been designated critical and will be automatically installed for users that… Continue reading…

More:
Microsoft offers fix for exploit that could hijack PCs running old versions of IE

Yesterday we reported on an SMS exploit that could cause iPhone users to send text messages to numbers they haven’t selected, and now Apple has responded by warning users to be cautious when using SMS — and pointing to iMessage as a more secure alternative. “Apple takes security very seriously,” a company spokesperson told us. “When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks.” As highlighted by iOS hacker pod2g, the vulnerability consists of changing the “reply-to” field in the header of an SMS message. In the iOS Messages app, users see the number specified in the reply-to field as the originator of the message, even if it has come from a different source. Any replies…

More:
Apple responds to SMS security warning, says iMessage ‘protects against these kinds of attacks’

The Onity keycard lock that is used on millions of hotel room doors has reportedly been hacked. According to Forbes , 24-year-old Mozilla FireFox OS programmer Cody Brocious discovered the vulnerability and will present it at this year’s Blackhat conference. There’s a DC power jack meant to be used for re-programming on the bottom of vulnerable Onity locks, but this jack has a glaring security flaw: the numeric key that unlocks the door is stored insecurely in memory. Brocious can copy this key and send it right back out using a cleverly programmed Arduino development board and an appropriately sized DC jack

Read More:
Hotel keycard system from Onity said to be vulnerable to hacking

Protracted extortion negotiations with a hacker threatening to release stolen source code for several Symantec products ended yesterday with the code for pcAnywhere surfacing on The Pirate Bay. While Symantec has claimed it never had any intention of paying the $50,000 fee, and that the negotiations were part of a law-enforcement operation, the hacker in question has now told Reuters that he was always going to release the code. “We tricked them into offering us a bribe so we could humiliate them,” said YumaTough, thought to be part of the Anonymous-affiliated Lords of Dharamaja group.

Continued here:
Symantec source code hacker: we always planned to release the stolen code

Terrifying tales have surfaced recently of unsuspecting iPhone users that have had their private conversations swiped by thieves or intercepted by accident, and through our own independent test we’ve confirmed the issue and at least one way it could arise — but, to be clear, that doesn’t mean you should hit the panic button. Stories about a potential iMessages bug swirled after users started to report on the issue in forums — one user in a MacRumors thread said that after having their iPhone stolen, their iMessages were still being intercepted by the thief despite a remote wipe. In December, Ars Technica reported that one of their readers had befallen a similar fate. And recently, Gizmodo intercepted a bunch of private communications… Continue reading…

See more here:
Accidental espionage: how iMessage conversations end up in the wrong handsets

WhatsApp is implementing a series of security fixes, over the next 24 hours, to fix a flaw in its messaging service. WhatsApp confirmed to us on Friday that the firm has patched an issue that allowed a third-party website to update any users’ status message. The website, WhatsAppStatus , appears to have used one of a number of exploits discovered in December to modify status messages on the service. Exploiting a users status message simply required their phone number and a status message.

Read More:
WhatsApp implementing security fixes following website status exploit

A lot has happened since we reported on the Wi-Fi Protected Setup (WPS) vulnerability found by Stefan Viehbock yesterday. It seems security firm Tactical Network Solutions (TNS) had independently discovered the vulnerability, working on it for nearly a year. On hearing of Viehbock’s discovery, TNS released its open source Reaver tool for exploiting the vulnerability, partly as a way to draw attention to a commercial version of the software. This was followed shortly thereafter by Viehbock releasing his own WPSCrack tool in reply. Both tools are able to crack WPS PINs — Viehbock’s in as little as two hours, TNS’s in four to ten — after which both tools allow an attacker to easily recover the (much more secure) WPA password, giving…

Read More:
Wi-Fi Protected Setup attack tools released to public

Give HP kudos for timeliness: less than a month after Columbia University researchers shared a worrisome lack of security surrounding firmware updates on the company’s line of laserjet printers, a fix is now available for affected models. If you’ll recall, Ang Cui and Salvatore Stolfo made headlines by revealing that attaching a virus to a print job on a vulnerable device could provide full access to an intruder, allowing sensitive content to be intercepted and even giving those with the most malicious of intent a way to overheat the fuser within. For its part, HP steadfastly denied the possibility of fire or an explosion, assuring consumers that the built-in thermal breaker is there for the specific purpose of preventing such hazards…. Continue reading…

View post:
HP releases firmware fix for laserjet printer exploit

The US surveillance drone that is now in the hands of Iran was allegedly captured using a GPS exploit. The Christian Science Monitor  has what it claims to be an exclusive interview with an Iranian intelligence engineer, who states that the country was able to cut off the RQ-170′s communications with the CIA and reprogram the drone with a new navigational course. Still, the supposed operation wasn’t without fault: a slight difference in altitude between the original intended landing spot in Afghanistan and where the Iranians instead had the detoured drone touch down resulted in a rough landing. Damage to the left wing can be seen in photographs released by Iran’s Revolutionary Guard, though  the United States says  that same damage… Continue reading…

Visit link:
Iran allegedly used GPS exploit to capture US drone

Microsoft has confirmed that the bug in Windows Phone that allows an SMS message to disable the messaging app and reboot the phone is indeed legitimate and the company is actively investigating. Greg Sullivan, Senior product manager for the Windows Phone division at Microsoft, writes “We are aware of the issue and our engineering teams are examining it now. Once we have more details, we will take appropriate action to help ensure customers are protected.” Thankfully, the exact method for the exploit was not disclosed by WinRumors when it uncovered the issue and it doesn’t appear that the issue is strictly security-related, so users should be able to relax while Microsoft looks into a fix. Hopefully it will come in the form of an… Continue reading…

View post:
Microsoft confirms Windows Phone SMS flaw, working on a fix

Microsoft has released a new beta tool called Windows Defender Offline that’s designed to scan for spyware and viruses prior to Windows startup, which could make it effective against malicious software, like rootkits, that can be difficult to remove while the OS is running. It’s designed to boot from removable media such as a CD, DVD, or USB flash drive, making it particularly useful for troubleshooting multiple computers. The tool has similar functionality as the new version of Windows Defender that will be integrated with Windows 8 , which adds the virus protection that’s not included in the version that ships with Windows Vista and Windows 7. Windows Defender Offline beta is now available for download as a 214MB setup file from the… Continue reading…

Taken from:
Windows Defender Offline beta tool removes malware before startup

Charlie Miller, a longtime Mac hacker, has earned himself a bit of notoriety this week by revealing a security hole in iOS and losing his Apple Developer Program license in the process. He managed to identify an exception introduced from iOS 4.3 onwards that allows the browser to run unsigned code in memory, which he then expanded to include other apps, thereby skipping the code-signing check that is fundamental to iOS security. The result, as demonstrated in the video below, is that seemingly benign apps can make use of that exception to download and run unchecked and unauthorized code through the system. Charlie demonstrates the problem using his Instastock app, which in itself contains no malicious code and was therefore approved for..

Continue Reading:
Researcher who exposed iOS app vulnerability loses his Developer Program status, is courted by Microsoft

I don’t have any particular affinity towards blade wielding of any kind (I generally just gnaw on whole slabs of steak), but when I look at Gerber’s Gator Machete Pro , I have a strong desire to slice something in half. More »

View article:
If There’s Any Possible Way to Improve Upon the Machete, This Is It [Desired]

Don’t be an amateur on Halloween. You’re a grown-up now, which means you should have the foresight to plan the night of mayhem in advance. Here’s seven tools to launch a legendary assault on the neighborhood. More »

Read More:
Six Tools to Wreak Havoc on Halloween [Toolkit]

Apple files a ton of patents. While some of those ideas come to fruition and make the world a better place, most are just the company hedging its bets on every damn idea someone at the company sketches on a napkin. So don’t hold your breath for an iPhone with a hinge . More »

View article:
Will Your Next iPhone Have Hinges? Probably Not [Patents]