ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
A British security researcher has discovered today that a recent security flaw in the Sudo app also impacts the macOS operating system, and not just Linux and BSD, as initially believed.
The vulnerability, disclosed last week as CVE-2021-3156 (aka Baron Samedit) by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited root access to other users.
Qualys researchers discovered that they could trigger a "heap overflow" bug in the Sudo app to change the current user's low-privileged access to root-level commands, granting the attacker access to the whole system.
The only condition to exploit this bug was that an attacker gain access to a system, which researchers said could be done by either planting malware on a device or brute-forcing a low-privileged service account.
A British security researcher has discovered today that a recent security flaw in the Sudo app also impacts the macOS operating system, and not just Linux and BSD, as initially believed.
The vulnerability, disclosed last week as CVE-2021-3156 (aka Baron Samedit) by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited root access to other users.
Qualys researchers discovered that they could trigger a "heap overflow" bug in the Sudo app to change the current user's low-privileged access to root-level commands, granting the attacker access to the whole system.
The only condition to exploit this bug was that an attacker gain access to a system, which researchers said could be done by either planting malware on a device or brute-forcing a low-privileged service account.
Am Beispiel der Gesichtserkennung im neuen iPhone X illustriert der Whistleblower Edward Snowden die Gefahren, denen wir uns schon in naher Zukunft stellen müssen.
Im Rahmen einer Keynote auf der JBFOne, dem IT-Kongress der Fiducia & GAD, warnte Edward Snowden davor, dass Firmen immer mehr Daten anhäufen und ganz offensichtlich nicht in der Lage sind, diese zu schützen. Das zeige gerade aktuell das Beispiel des Fahrdienstes Uber, der erst jetzt zugab, dass ihm 2016 Kundendaten geklaut wurden. Auf der anderen Seite geben Endanwender immer mehr Daten über sich preis. Sie nutzen ganz freiwillig Überwachungs-Gerätschaften, wie sie sich selbst Orwell nicht hätte vorstellen können.
Als Beispiel führte der live aus seinem russischen Exil zugeschaltete Whistleblower das neue iPhone X an. Apples neues Smartphone verfügt über eine eingebaute Gesichtserkennung, die unter anderem zur Authentifizierung des Anwenders genutzt wird. Die sei zwar bereits umgangen worden, aber das sei gar nicht das eigentliche Problem. Das liege vielmehr darin, dass Apple auch Entwicklern von Fremd-Apps Zugriff auf die Daten der intelligenten Gesichtserfassung gewähren will. Und diese werden das missbrauchen, malt Snowden den Teufel an die Wand.
Am Beispiel der Gesichtserkennung im neuen iPhone X illustriert der Whistleblower Edward Snowden die Gefahren, denen wir uns schon in naher Zukunft stellen müssen.
Im Rahmen einer Keynote auf der JBFOne, dem IT-Kongress der Fiducia & GAD, warnte Edward Snowden davor, dass Firmen immer mehr Daten anhäufen und ganz offensichtlich nicht in der Lage sind, diese zu schützen. Das zeige gerade aktuell das Beispiel des Fahrdienstes Uber, der erst jetzt zugab, dass ihm 2016 Kundendaten geklaut wurden. Auf der anderen Seite geben Endanwender immer mehr Daten über sich preis. Sie nutzen ganz freiwillig Überwachungs-Gerätschaften, wie sie sich selbst Orwell nicht hätte vorstellen können.
Als Beispiel führte der live aus seinem russischen Exil zugeschaltete Whistleblower das neue iPhone X an. Apples neues Smartphone verfügt über eine eingebaute Gesichtserkennung, die unter anderem zur Authentifizierung des Anwenders genutzt wird. Die sei zwar bereits umgangen worden, aber das sei gar nicht das eigentliche Problem. Das liege vielmehr darin, dass Apple auch Entwicklern von Fremd-Apps Zugriff auf die Daten der intelligenten Gesichtserfassung gewähren will. Und diese werden das missbrauchen, malt Snowden den Teufel an die Wand.
L’iPhone 5S a été mis à mal par une équipe de Corée du Sud, qui a réussi à profiter d'une combinaison de deux bugs dans Safari pour en prendre le contrôle. Le Samsung Galaxy S5 non plus n'a pas réisté aux assauts des hackers. Deux équipes ont profité de failles dans la gestion du protocole NFC pour en prendre le contrôle. le Nexus 5 a lui aussi été piraté via NFC, grâce à une technique étonnante, qui a consisté à forcer un appairage Bluetooth entre deux appareils.
Gust MEES's insight:
L’iPhone 5S a été mis à mal par une équipe de Corée du Sud, qui a réussi à profiter d'une combinaison de deux bugs dans Safari pour en prendre le contrôle. Le Samsung Galaxy S5 non plus n'a pas réisté aux assauts des hackers. Deux équipes ont profité de failles dans la gestion du protocole NFC pour en prendre le contrôle. le Nexus 5 a lui aussi été piraté via NFC, grâce à une technique étonnante, qui a consisté à forcer un appairage Bluetooth entre deux appareils.
L’iPhone 5S a été mis à mal par une équipe de Corée du Sud, qui a réussi à profiter d'une combinaison de deux bugs dans Safari pour en prendre le contrôle. Le Samsung Galaxy S5 non plus n'a pas réisté aux assauts des hackers. Deux équipes ont profité de failles dans la gestion du protocole NFC pour en prendre le contrôle. le Nexus 5 a lui aussi été piraté via NFC, grâce à une technique étonnante, qui a consisté à forcer un appairage Bluetooth entre deux appareils.
Apple has contacted TechCrunch with a statement about the DROPOUTJEEP NSA program that detailed a system by which the organization claimed it could snoop on..
Are Mac Users safe from Malware? Not as much as you might think. Symantec's Security Expert Kevin Haley breaks down the Mac's invincibility myth. Learn why M...
Israeli researcher Dany Lisiansky uncovered the flaw, and made a video to demonstrate a way to take a victim’s locked iPhone running iOS 7.02, and ===> access their call history, voicemails and entire list of contacts. <===
Israeli researcher Dany Lisiansky uncovered the flaw, and made a video to demonstrate a way to take a victim’s locked iPhone running iOS 7.02, and ===> access their call history, voicemails and entire list of contacts. <===
Israeli researcher Dany Lisiansky uncovered the flaw, and made a video to demonstrate a way to take a victim’s locked iPhone running iOS 7.02, and ===> access their call history, voicemails and entire list of contacts. <===
Two security vulnerabilities have been discovered in Apple's new mobile operating system, less than 24 hours after launch.
Gust MEES's insight:
In iOS7 this can be done even when the phone is locked with a passcode, as the voice-activated assistant Siri can be instructed to carry out the task.
The other flaw is potentially even more serious - allowing users' email and social networking accounts to be hijacked even when the user has locked and password-protected their phone.
In iOS7 this can be done even when the phone is locked with a passcode, as the voice-activated assistant Siri can be instructed to carry out the task.
The other flaw is potentially even more serious - allowing users' email and social networking accounts to be hijacked even when the user has locked and password-protected their phone.
Cupertino finally gives an explanation for the extended downtime of its developer website.
After a weekend of outage and mysterious password reset emails, Apple has revealed the cause of the extended downtime of its developer website.
===> "Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website," Apple said in an email sent to developers. <===
While Apple claimed that the site's information was encrypted, and thus unable to be accessed, the company could not rule out that developer names, mailing addresses, or email addresses were not accessed during the incident.
===> "Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website," Apple said in an email sent to developers. <===
While Apple claimed that the site's information was encrypted, and thus unable to be accessed, the company could not rule out that developer names, mailing addresses, or email addresses were not accessed during the incident.
===> "Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website," Apple said in an email sent to developers. <===
While Apple claimed that the site's information was encrypted, and thus unable to be accessed, the company could not rule out that developer names, mailing addresses, or email addresses were not accessed during the incident.
===> "Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website," Apple said in an email sent to developers. <===
While Apple claimed that the site's information was encrypted, and thus unable to be accessed, the company could not rule out that developer names, mailing addresses, or email addresses were not accessed during the incident.
Apple says its developer site was targeted in an attack, and that any information that was taken was encrypted. The site remains down. Read this article by Josh Lowensohn on CNET News.
Samuel Groß et Richard Zhu se sont distingués durant la première journée du Pwn2Own 2018. Samuel Groß a exploité une faille de Safari permettant une élévation de privilèges pour écrire son nom sur la barre tactile d'un MacBook Pro. Il a reçu 65 000 $ en guise de récompense et six points pour le titre tant convoité de Master of Pwn.
De son côté, Richard Zhu a quant à lui contourné les défenses de Microsoft Edge en utilisant deux vulnérabilités de type use-after-free et un dépassement d'entier dans le noyau. Il a gagné 70 000 $ et 7 points supplémentaires dans la course au titre de Maître.
Samuel Groß et Richard Zhu se sont distingués durant la première journée du Pwn2Own 2018. Samuel Groß a exploité une faille de Safari permettant une élévation de privilèges pour écrire son nom sur la barre tactile d'un MacBook Pro. Il a reçu 65 000 $ en guise de récompense et six points pour le titre tant convoité de Master of Pwn.
De son côté, Richard Zhu a quant à lui contourné les défenses de Microsoft Edge en utilisant deux vulnérabilités de type use-after-free et un dépassement d'entier dans le noyau. Il a gagné 70 000 $ et 7 points supplémentaires dans la course au titre de Maître.
The company releases iOS 9.2.1 and OS X 10.11.3 with mostly security fixes.
Nine fixes were posted for the Mac platform, including a fix for a flaw that could've allowed an attacker to execute code with kernel privileges. The patch also comes with fix for an issue that prevents some Macs from waking from sleep when connected to some 4K-resolution displays.
Another batch of nine fixes were also posted for the iOS platform, including a WebSheet flaw that could've allowed a malicious captive portal from accessing user cookies.
The company releases iOS 9.2.1 and OS X 10.11.3 with mostly security fixes.
Nine fixes were posted for the Mac platform, including a fix for a flaw that could've allowed an attacker to execute code with kernel privileges. The patch also comes with fix for an issue that prevents some Macs from waking from sleep when connected to some 4K-resolution displays.
Another batch of nine fixes were also posted for the iOS platform, including a WebSheet flaw that could've allowed a malicious captive portal from accessing user cookies.
The company releases iOS 9.2.1 and OS X 10.11.3 with mostly security fixes.
Nine fixes were posted for the Mac platform, including a fix for a flaw that could've allowed an attacker to execute code with kernel privileges. The patch also comes with fix for an issue that prevents some Macs from waking from sleep when connected to some 4K-resolution displays.
Another batch of nine fixes were also posted for the iOS platform, including a WebSheet flaw that could've allowed a malicious captive portal from accessing user cookies.
Macs have never been that popular in business. But if Apple is indeed no longer supporting security updates for older Mac OS X versions, Macs won't have any place left in the enterprise office.
The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID.
This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.
The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID.
This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.
The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID.
This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.
The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID.
This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.
iPhones and iPads will be vulnerable until they get the iOS 7 update, which is scheduled for release later this year. Until then, you might want to avoid plugging into sleazy charging stations, tho...
For a very long time, Apple and its pseudo-religious user-base prided itself on being a platform free of malware; those days are inarguably and unequivocally over. Its emergence as the early winner...
We use latest technology to produce our notes so that it looks 100% https://banksnote.com identical to the real note. This thus implies all security features present in the real notes are present in the note we make. Our team is made up of Quality IT technicians from Morocco, US, Russia, India, https://banksnote.com Korea and China etc We offer high quality counterfeit NOTES for all currencies.
Why would you buy from us? https://banksnote.com Our banknotes contain the following security features that make it to be genius and we have the best grade counterfeit in the world both Euro and Dollar and any bills of your choice you want. Security features of our bank notes below : https://banksnote.com Intaglio printing Watermarks Security thread https://banksnote.com See-through register Special foil/special foil elements Iridescent stripe / shifting colors. https://banksnote.com
Apple's Dev Center went down on Thursday causing issues for developers around the world. The system remained down for three days and is still currently unavailable.
This brings up an interesting question regarding single points of failure in the mobile application distribution system. When one component goes down, or is breached in this case it affects the entire ecosystem.
===> We hear a lot about mobile apps and devices being hacked, however as I have stated before that is small potatoes when compared to the treasure trove of the back-end systems that power mobile applications and services. <===
What is the point of hacking one person’s phone when there are entire app store infrastructures to target?
===> We hear a lot about mobile apps and devices being hacked, however as I have stated before that is small potatoes when compared to the treasure trove of the back-end systems that power mobile applications and services. <===
===> We hear a lot about mobile apps and devices being hacked, however as I have stated before that is small potatoes when compared to the treasure trove of the back-end systems that power mobile applications and services. <===
===> We hear a lot about mobile apps and devices being hacked, however as I have stated before that is small potatoes when compared to the treasure trove of the back-end systems that power mobile applications and services. <===
You may want to think twice about using your iPhone as a wireless hotspot. A group of researchers from the Department Informatik at Friedrich-Alexander-Universität Erlangen-Nürnberg in Germany deve...
===> You may want to think twice about using your iPhone as a wireless hotspot. <===
A group of researchers from the Department Informatik at Friedrich-Alexander-Universität Erlangen-Nürnberg in Germany developed software allowing them to crack the Apple’s personal hotspot passwords in less than a minute.
===> You may want to think twice about using your iPhone as a wireless hotspot. <===
A group of researchers from the Department Informatik at Friedrich-Alexander-Universität Erlangen-Nürnberg in Germany developed software allowing them to crack the Apple’s personal hotspot passwords in less than a minute.
===> You may want to think twice about using your iPhone as a wireless hotspot. <===
A group of researchers from the Department Informatik at Friedrich-Alexander-Universität Erlangen-Nürnberg in Germany developed software allowing them to crack the Apple’s personal hotspot passwords in less than a minute.
To get content containing either thought or leadership enter:
To get content containing both thought and leadership enter:
To get content containing the expression thought leadership enter:
You can enter several keywords and you can refine them whenever you want. Our suggestion engine uses more signals but entering a few keywords here will rapidly give you great content to curate.
A British security researcher has discovered today that a recent security flaw in the Sudo app also impacts the macOS operating system, and not just Linux and BSD, as initially believed.
The vulnerability, disclosed last week as CVE-2021-3156 (aka Baron Samedit) by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited root access to other users.
Qualys researchers discovered that they could trigger a "heap overflow" bug in the Sudo app to change the current user's low-privileged access to root-level commands, granting the attacker access to the whole system.
The only condition to exploit this bug was that an attacker gain access to a system, which researchers said could be done by either planting malware on a device or brute-forcing a low-privileged service account.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux