Security

Researchers claim iOS multitasking exploit could allow taps, clicks to be monitored on iPhone, iPad

An exploit in the way iOS handles multitasking may allow the touch-equivalent of keylogger-type attacks — where your input is recorded in order to discover your passwords and other data — to work not only on jailbroken iPhones and iPads, but on any device. It would require a malicious app to be created, to get past App Store review, and to get installed onto your device, which is a complex chain and not one anyone has claimed to have actually seen happen yet. But according to Min Zheng, Hui Xue, and Tao Wei of FireEye, it is possible:

More →

7
loading...
0
loading...
24
loading...
0
loading...

Understanding Apple's SSL/TLS Bug

Yesterday Apple released updates for iOS 6, iOS 7, and Apple TV to squash a security bug that affected SSL/TLS connections. Often times, security patches can fix obscure bugs that could only occur under the strangest of circumstances, and they get rolled in to larger updates that address many other issues. However, this fix warranted its own updates, both for iOS 7 and for iOS 6. So what kind of bug calls for such a response? Fortunately for those of us curious enough to wonder, Adam Langley has the answer.

More →

38
loading...
0
loading...
176
loading...
0
loading...

Kickstarter hacked, no credit cards compromised but your Facebook login has been reset

Kickstarter, the popular crowd-funding service, has has been hacked. No credit cards were compromised but some user data, including encrypted passwords wee accessed, and they've reset Facebook logins as a precaution. Their CEO, Yancey Strickler, posted on the Kickstarter blog:

More →

11
loading...
0
loading...
90
loading...
0
loading...

How a fake 2014 Sochi Winter Olympics hacking story is causing real damage to NBC News' reputation

NBC News would have you believe that the life expectancy of a MacBook Air or Android phone at the Winter Olympic Games is roughly zero, at least when it comes to it being hacked and your financial and other personal information stolen. Anyone with a base level of technical knowledge at all would recognize it as complete and utter bullshit the minute they saw it. Sadly, as many of us who got contacted by concerned family members know, it's far too easy to scare everyone else. Robert Graham of Errata Security calls the report "100% fraudulent":

More →

20
loading...
0
loading...
100
loading...
0
loading...

What's really going on with the Starbucks mobile app information leak, and what you need to know

Earlier this week, security researcher Daniel Wood disclosed his findings on Starbucks' insecure handling of sensitive user information in their iPhone app. The sensitive information discovered includes usernames, passwords, emails, addresses, location data, and OAuth keys. While Wood's findings are valid, the interpretations of his findings have been inaccurate and exaggerated.

More →

26
loading...
0
loading...
111
loading...
0
loading...

Tim Cook is Apple's moral center and 'we believe' its post-PC battle-cry

Steve Jobs was not only Apple's visionary, he was one of the most important cultural influencers of our time. Apple. Mac. NeXT. Pixar. iMac. iPod. iTunes. iPhone. iPad. Any one of those would be a worthy achievement. All of them, a universe denting one. But Steve Jobs is gone and Tim Cook now helms Apple. He was an operations guy, not a product guy. He didn't dream up the next world-changing product, but he did make those dreams a reality. It would be easy, natural-even, for him to continue in an operational role as CEO, but steadily, over the course of the last two years, he's been doing more than that. He's been taking on a moral role as well.

More →

27
loading...
0
loading...
94
loading...
0
loading...

Snapchat security breach reportedly leaks 4.6 million user details online

Literally hours into 2014 and we already have a security scandal on our hands, with Snapchat stepping back into the spotlight. Just a matter of days after exploits for the social media service were announced by a security group, it's now claimed that 4.6 million users' phone numbers and login details have been posted online.

More →

20
loading...
0
loading...
151
loading...
0
loading...

Apple claims no knowledge of DROPOUTJEEP, will protect customer data from any and all attacks, regardless of who's behind them

Apple has commented on the DROPOUTJEEP program, which a security researcher claimed let the NSA and similar government agencies compromise iOS devices, enable cameras and mics, and track data with a "100% success" rate. Matthew Panzarino from TechCrunch got the statement:

More →

8
loading...
0
loading...
44
loading...
0
loading...

Snapchat API and exploits published by hacker group, could allow users' names and phone numbers to be connected

It appears that Snapchat's API has been hacked, and exploits that allow a script to associate user's phone numbers, display names, user names, and account privacy level en masse have been published. An Australian hacker group calling themselves Gibson Security published details the hack this week. Snapchat's API has so far been undocumented.

More →

5
loading...
0
loading...
48
loading...
0
loading...

RSA refutes 'secret contract' deal with NSA

RSA has been essential to corporate security for years - developers of trusted cryptography techniques that serve as the lynchpin to corporate data security. Now the company - presently owned by enterprise data company EMC Corp. - is under fire following allegations it was paid by the National Security Agency (NSA) to promote the use of flawed encryption technology.

More →

5
loading...
0
loading...
29
loading...
0
loading...

Pages