Search
Huge Security Flaw In IPhone 2.0.2: Huge iPhone Security Flaw Puts All Private Information at Risk - Via :
There's a huge security problem in the latest iPhone 2.0.2: if you have your JesusPhone password protected, using a very simple trick gives anyone full access to your cellphone private information in Mail, SMS, Contacts, and even Safari. The two-step trick is even simpler to the one used in the past to gain access to the phone to install unlocking cards or jailbreak. Fortunately, there's a way to avoid this obvious security breach until Apple fixes it. read more »
Apple faithful snared in phishing scam targeting Mac.com users - Via The Register(UK):
Hundreds of Mac users have been snared in a phishing scam that coincided with the glitches in the roll-out Apple's MobileMe service.
Data obtained by CardCops, a credit card protection service owned by the Affinion Group, shows sensitive information belonging to several hundred people with Mac.com email addresses being traded in underground forums frequented by identity thieves. The details include social security numbers, birth dates, mothers' maiden names, credit card numbers and other sensitive information. read more »
minilinks for 2008-08-14 - Via EFF.org Updates: read more »
- Oops! FBI Sorry For Spying on Journalists FBI Director Robert Mueller called the NY Times and the Washington Post to express regret for a breach of reporters' phone records.
- Google Comes Clean On Targeted AdvertisingThe Internet giant confessed to using DoubleClick cookies to deliver targeted advertising to users.
How to Save Mac OS X From Malware - Via Slashdot:
eXchange writes "Well-known hacker Dino Dai Zovi has written an article at ZDNet discussing last week's discovery of a critical threat to Mac OS X, and another announcement of a Trojan horse exploiting this discovery. He suggests that Snow Leopard, or Mac OS X 10.6, should integrate more robust means of preventing malware attacks. Some of the suggestions he has include mandatory code-signing for kernel extensions (so only certified kernel extensions can run), sandbox policies for Safari, Mail, and third-party applications (so these applications cannot do anything to the system), and some lower-level changes, such as hardware-enforced Non-eXecutable memory and address space layout randomization."
(Read Original Article - Via Slashdot.)
Foundations of Mac OS X Leopard Security - Via Slashdot Book Reviews:
jsuda writes
"At least a half-dozen times in the book 'Foundations of Mac OS X Leopard Security' the authors state that there is a misconception that the Macintosh computer is immune from security problems. That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac. This book is meant to change all that. The authors acknowledge that the Mac OS X software has had little of the security problem experience of Windows (and other operating systems, to a lesser extent) but they spend 455 pages detailing exactly where and how the Macintosh platform is (or may be) vulnerable."
Click thru for the rest of Jsuda's review, or use our Amazon link to purchase - 'Foundations of Mac OS X Leopard Security'
(Read Original Article - Via Slashdot Book Reviews.)
Phishers point scam at Apple's iTunes - Via computerworld :
Phishers have targeted users of Apple Inc.'s iTunes music store with sophisticated identity theft attacks for the first time, a security company said today.
People began receiving spammed messages yesterday telling them that they must correct a problem with their iTunes account, said Andrew Lochart, an executive at e-mail security vendor Proofpoint Inc.
A link in the spam leads to a site posing as an iTunes billing update page; that phony page asks for information, including credit card number and security code, Social Security number and mother's maiden name.
The theft attempt is a new twist on the usual phishing attack, said Lochart. "We've gotten used to seeing the usual companies and brands attacked," he said, "like PayPal, eBay and Citibank. But we've never seen Apple as the target." read more »
Apples For The Army - Via Forbes.com:
Given Apple's marketing toward the young and the trendy, you wouldn't expect the U.S. Army to be much of a customer. Lieutenant Colonel C.J. Wallington is hoping hackers won't expect it either.
Wallington, a division chief in the Army's office of enterprise information systems, says the military is quietly working to integrate Macintosh computers into its systems to make them harder to hack. That's because fewer attacks have been designed to infiltrate Mac computers, and adding more Macs to the military's computer mix makes it tougher to destabilize a group of military computers with a single attack, Wallington says. read more »
Is Apple Tracking iPhone Users Through IMEI?: "ariefwn writes ''As I sit here applying a new layer of Reynolds tin foil to my international hat of conspiracy, its been proven that Apple tracks iPhone usage and tracks IMEI numbers of all their iPhones worldwide. read more »
Hacked iPhone No Longer Just a Theory: Demo Turns iPhone into Spy Device:
Readers of Threat Level will recall a little bit of flack that I and Wired received recently for writing a couple of stories about problems with the iPhone's security.
As we pointed out here and here, security researchers took issue with the design of the iPhone, because the phone has all programs running as root and requires no authentication to install applications. The theory is that if any program has a vulnerability -- similar to one that was already discovered in a library used by the iPhone's browser and e-mail programs -- then a hacker could exploit the vulnerability by remotely installing malicious code that takes over the phone. One possible attack I mentioned was to turn the phone into a bugging device. read more »
Mac Users Get A Credit Card Stealing Trojan for Halloween, Security Company Reports: >Hackers are reportedly sticking virtual razor blades into Apple computers'this Halloween, as a Mac security vendor reports Wednesday'that a Mac-focussed Trojan is reportedly loose on the internet costumed as an innocent'video decoding file.
Mac OS X users visiting'malicious porn sites are told to download a special codec'that will let'Apple's Quicktime player to'play'the porn flicks, but instead of adult treats, users get a'malicious trick, according to anti-virus vendor Intego. read more »
Slashdot | OS X Leopard Firewall Flawed: "cycoj writes with a report in the German IT magazine Heise, taking a look at the new OS X Leopard firewall. They find it flawed. When setting access to specific services and programs to only allow SSH access, for example, they found that a manually started service was still accessible. read more »
Extra Extra: Threat Level Wants Your Apple Conspiracy Theory -- Update 1:
Apple's COO Timothy Cook told analysts Monday that, of the 1.4 million iPhones sold this year, about 250,000 weren't activated with the exclusive U.S. provider, AT&T.
Because of that, we estimate Apple won't realize tens of millions in annual revenue from part of its revenue-sharing plan with AT&T. Cook told analysts that 250,000 iPhones were 'bought with the intention of unlocking' -- meaning being hacked into and possibly sold for a profit overseas where they will operate on a network other than AT&T's.
A dispute is raging here at THREAT Level, at Wired News and with our brethren blog Epicenter over why Apple would allow this to happen. read more »
It seems that Leopard is officially coming out on October 26,2007 and it has a few features that people concerned with privacy and security might find of interest. Some are listed below in no particular order. read more »
Metasploit Creator Distributes Exploits for iPhone: HD Moore, one of the developers of the Metasploit pen-testing (and hacking) tool, has posted exploits and detailed instructions on how to attack an iPhone. The information takes hackers -- and the FBI and NSA -- one step closer to being able to remotely and surreptitiously take control of an iPhone and turn it into a surveillance device.
The exploits take advantage of a vulnerability in the TIFF image-rendering library that's used by the phone's browser, mail and iTunes software. It's the same vulnerability that allows Apple customers to unlock and customize their iPhones. But Moore's exploits will allow hackers to do much more. read more »
MSN rejects .Mac: "Microsoft's instant messaging network is rejecting users who have signed up using a .Mac email address.
Microsoft's instant messaging network is rejecting users who have signed up using a .Mac email address.
[...]
Macworld has received reports which indicate that existing users of MSN (now Windows Live) have been knocked off the network when they try to sign in if they have originally used a .Mac address to sign up for the service. read more »
On the heels of Apple's other two pieces of anti-competitive DMCA-bait, it now appears we have a third bit of lawyer-chum in the water: Apple has reportedly locked its latest iPods to its own iTunes software. So third-party applications (like Songbird) will no longer be able organize or sync your (unDRM-ed) music on these iPods. read more »
- Big Victory for Limits to Copyright LawThe 10th Circuit Court recognized First Amendment constraints on Congressional powers in copyright law.
- Internet Anonymity Tool Used for EavesdroppingA security researcher found a way to use Tor to spy on private communications.
read more »
iPhone Unlocking Secret Revealed: "
The iPhone unlocking story took its next logical turn this week, with the release of a free iPhone unlocking program. Previously, unlocking required buying a commercial program or following a scary sequence of documented hardware and software tweaks.
How this happened is interesting in itself. (Caveat: This is based on the stories I’m hearing; I haven’t confirmed it all myself.) The biggest technical barrier to a software-only unlock procedure was figuring out the unlocking program, once installed on the iPhone, could modify the machine’s innermost configuration information — something that Apple’s iPhone operating system software was trying to prevent. A company called iPhoneSimFree figured out a way to do this, and used it to develop easy-to-use iPhone unlocking software, which they started selling. read more »
iTunes Ringtones: Making You Pay Again For Music You Already Own: "
Tired of paying several dollars to buy ringtone versions of music you already own? When it comes to songs ripped from your CD collection or downloaded MP3s, widely-available software tools allow you to roll your own ringtones instead and put them on a variety of phones.
But what the world of unencrypted music giveth, DRM-locked media can taketh away. DRM allows media vendors to restrict your fair use rights so that they can be sold back to you piecemeal as 'features.' read more »
Delicious
Digg
Reddit
Google
Yahoo
Technorati