Hacking & Security

We need to talk about email

Sophos Naked Security - 22 Srpen, 2014 - 13:50
Today the people of the world will exchange about 250 *billion* messages using a system that has been shockingly insecure for decades: email. That's why we need to talk about email...

Útok na dálku může snadno poškodit vaše chytré hodinky Pebble

CSIRT.cz - 22 Srpen, 2014 - 13:48

Hodinky Pebble, které mohou být snadno propojeny s vaším chytrým telefonem s iOS nebo Androidem a interagovat s aplikacemi, obsahují zranitelnost, která umožňuje vzdálenému útočníkovi tyto hodinky i zcela zničit.

Kategorie: Hacking & Security

Nejoblíbenější aplikace pro Android nechávají uživatele napospas MITM útokům

CSIRT.cz - 22 Srpen, 2014 - 13:41

Analýza tisíce nejpopulárnějších bezplatných aplikací pro Android z Google Play Store odhalila smutnou realitu. Mnoho z nich obsahuje SSL/TLS zranitelnost, která může být zneužita pro provedení man-in-the-middle (MITM) útoku.

Kategorie: Hacking & Security

Hacknutí semaforů je tak snadné

CSIRT.cz - 22 Srpen, 2014 - 13:33

Nová studie provedená bezpečnostními výzkumníky z University of Michigan demonstruje, jak jednoduché je napadnout systémy semaforů.

Kategorie: Hacking & Security

Do you really need to pay $20 to delete your Ashley Madison profile?

Ars Technica - 22 Srpen, 2014 - 13:30
When a British Ars reader went to delete his Ashley Madison account, this is what he saw.

Earlier this week, Ars got an e-mail from a reader named Rob Plant. “I think most right-thinking people have been dismayed by the tactics of charging for picture take downs—what is worrying to me is that these practices now seem to have been taken up by more legitimate websites.”

Ars has long covered the scourge of “revenge porn,” in which seedy websites post revealing photos of unwilling people and then charge those victims a fee to take the photos down. But Plant was writing about a site called Ashley Madison, which markets itself as a dating website for married people to find accomplices in extra-marital affairs. (Its slogan is blunt: “Life is short. Have an affair.”) The website has been around since 2001, and although it's taken some guff for allegations that it populates its network with fake profiles of women, it still boasts 29 million users worldwide, most of whom are presumably not fake.

The way it works is this: Ashley Madison allows people to sign up for free with "Guest" accounts, which permit users to send and receive photos and “winks.” Guest accounts can also reply to messages sent by a member. To become a "Full Member," one must buy credits, as opposed to, say, paying a monthly subscription. Full Members can initiate messages and chats with their credits, and women can send messages “collect." After first contact (and guidelines of the Prime Directive permitting) messages between the two users are free.

Read 23 remaining paragraphs | Comments

Kategorie: Hacking & Security

Mobile apps could be abused to make expensive phone calls

InfoWorld.com [Security] - 22 Srpen, 2014 - 13:28

A security precaution skipped in mobile applications such as Facebook's Messenger could be abused to make an expensive phone call at a victim's expense, a developer contends.

Phone numbers often appear as links on a mobile device. That is possible by using a Uniform Resource Identifier (URI) scheme called "tel" to trigger a call.

Kategorie: Hacking & Security

Mobile apps could be abused to make expensive phone calls

InfoWorld.com [Security] - 22 Srpen, 2014 - 13:28

A security precaution skipped in mobile applications such as Facebook's Messenger could be abused to make an expensive phone call at a victim's expense, a developer contends.

Phone numbers often appear as links on a mobile device. That is possible by using a Uniform Resource Identifier (URI) scheme called "tel" to trigger a call.

Kategorie: Hacking & Security

Mobile apps could be abused to make expensive phone calls

InfoWorld.com [Security] - 22 Srpen, 2014 - 13:28

A security precaution skipped in mobile applications such as Facebook's Messenger could be abused to make an expensive phone call at a victim's expense, a developer contends.

Phone numbers often appear as links on a mobile device. That is possible by using a Uniform Resource Identifier (URI) scheme called "tel" to trigger a call.

Kategorie: Hacking & Security

Mobile apps could be abused to make expensive phone calls

InfoWorld.com [Security] - 22 Srpen, 2014 - 13:28

A security precaution skipped in mobile applications such as Facebook's Messenger could be abused to make an expensive phone call at a victim's expense, a developer contends.

Phone numbers often appear as links on a mobile device. That is possible by using a Uniform Resource Identifier (URI) scheme called "tel" to trigger a call.

Kategorie: Hacking & Security

Využití serverů Facebooku k DDoS útoku

CSIRT.cz - 22 Srpen, 2014 - 13:16

Způsob, jakým jsou obnovovány obrázky připojené k příspěvkům na Facebooku, může být zneužit k provedení DDoS útoku.

Kategorie: Hacking & Security

Android users - Sophos needs you (and you could bag a prize)!

Sophos Naked Security - 22 Srpen, 2014 - 12:13
Sophos is looking for beta testers for the new version of Sophos Anti-Virus and Security for Android. And to sweeten the deal, we're giving away 20 Google Play gift cards worth $25.

So long, iOS -- jailbreakers have found their home: Android

InfoWorld.com [Security] - 22 Srpen, 2014 - 12:00

This week, another virus was reported infecting jailbroken iPhones. Honestly, if you jailbreak your iPhone or iPad, you deserve what you get as a result.

Kategorie: Hacking & Security

So long, iOS -- jailbreakers have found their home: Android

InfoWorld.com [Security] - 22 Srpen, 2014 - 12:00

This week, another virus was reported infecting jailbroken iPhones. Honestly, if you jailbreak your iPhone or iPad, you deserve what you get as a result.

Kategorie: Hacking & Security

So long, iOS -- jailbreakers have found their home: Android

InfoWorld.com [Security] - 22 Srpen, 2014 - 12:00

This week, another virus was reported infecting jailbroken iPhones. Honestly, if you jailbreak your iPhone or iPad, you deserve what you get as a result.

Kategorie: Hacking & Security

So long, iOS -- jailbreakers have found their home: Android

InfoWorld.com [Security] - 22 Srpen, 2014 - 12:00

This week, another virus was reported infecting jailbroken iPhones. Honestly, if you jailbreak your iPhone or iPad, you deserve what you get as a result.

Kategorie: Hacking & Security

Google Fixes 12 Vulnerabilities in Chrome 36

LinuxSecurity.com - 22 Srpen, 2014 - 11:20
LinuxSecurity.com: Google patched its Chrome browser this week, fixing 12 vulnerabilities, including both a serious information disclosure bug and a use-after-free vulnerability that could let users obtain potentially sensitive information and execute arbitrary code.
Kategorie: Hacking & Security

Samsung To Pay $2.3 Million Fine for Deceiving the U.S. Government

The Hacker News - 22 Srpen, 2014 - 10:15
The United States division of Samsung has been charged with deceiving the US government into believing that several of its products met the necessary US government policies, resulting in the US government buying unauthorised Chinese-made electronics. The South Korean electronics giant has agreed to pay the Government $2.3 million in fines to settle the charges of violating trade agreements
Kategorie: Hacking & Security

Stealing encryption keys through the power of touch

Ars Technica - 22 Srpen, 2014 - 01:50
Daniel Genkin et al.

Researchers from Tel Aviv University have demonstrated an attack against the GnuPG encryption software that enables them to retrieve decryption keys by touching exposed metal parts of laptop computers.

There are several ways of attacking encryption systems. At one end of the spectrum, there are flaws and weaknesses in the algorithms themselves that make it easier than it should be to figure out the key to decrypt something. At the other end, there are flaws and weaknesses in human flesh and bones that make it easier than it should be to force someone to offer up the key to decrypt something.

In the middle are a range of attacks that don't depend on flaws on the encryption algorithms but rather in the way they've been implemented. Encryption systems, both software and hardware, can leak information about the keys being used in all sorts of indirect ways, such as the performance of the system's cache, or the time taken to perform encryption and decryption operations. Attacks using these indirect information leaks are known collectively as side channel attacks.

Read 9 remaining paragraphs | Comments

Kategorie: Hacking & Security

Researchers create privacy wrapper for Android Web apps

Ars Technica - 21 Srpen, 2014 - 22:35

Yoav F On a mobile application, users typically have a single choice to protect their privacy: install the application or not.

The binary choice has left most users ignoring permission warnings and sacrificing personal data. Most applications aggressively eavesdrop on their users, from monitoring their online habits through the device identifier to tracking their movements in the real world via location information.

Now, a research group at North Carolina State University hopes to give the average user a third option. Dubbed NativeWrap, the technology allows Web pages to be wrapped in code and make them appear as a mobile application, but with user-controlled privacy. Because many applications just add a user interface around a Web application, the user should have equivalent functionality for many wrapped apps, said William Enck, assistant professor in the department of computer science at North Carolina State University.

Read 7 remaining paragraphs | Comments

Kategorie: Hacking & Security

Stealthy, Razor Thin ATM Insert Skimmers

LinuxSecurity.com - 21 Srpen, 2014 - 22:04
LinuxSecurity.com: An increasing number of ATM skimmers targeting banks and consumers appear to be of the razor-thin insert variety. These card-skimming devices are made to fit snugly and invisibly inside the throat of the card acceptance slot. Here's a look at a stealthy new model of insert skimmer pulled from a cash machine in southern Europe just this past week.
Kategorie: Hacking & Security
Syndikovat obsah