Norton Antivirus Hacked

Norton antivirus has a gaping security flaw

By on May 17, 2016 at 11:34 AM.

Norton antivirus has a gaping security flaw

A security researcher has discovered a “bug” in Symantec antivirus software, which affects “the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products.” I say “bug” because it’s less bug, and more a gaping security flaw that makes it incredibly easy to hack any PC, Mac or Linux box running Symantec software.

The flaw (spotted by The Register) was found by Tavis Ormandy, a white-hat hacker whose previous work has involved hacking internet-connected scales. The Symantec bug is to do with how the antivirus engine scans code, in particular an old compression tool.

More →

No Comments
Apple Vs FBI

iPhone hacking case highlights FBI’s lack of tech expertise

By on March 30, 2016 at 5:50 PM.

iPhone hacking case highlights FBI’s lack of tech expertise

Apple’s legal saga with the FBI may have finally come to an anti-climactic resolution, but the issues that the case brought to the forefront will undoubtedly rise again. In the future, there will inevitably be another strategically important smartphone, perhaps an iPhone, that the FBI won’t be able to access by itself.

One of the more interesting issues to arise out of Apple’s legal wrangling with the FBI is that the mighty FBI’s tech prowess is seemingly far less sophisticated than some may have initially assumed. In fact, the FBI’s inability to access the locked iPhone of one of the San Bernardino shooters was so surprising and incongruous that Apple in one of its legal briefs was even compelled to ask if the FBI really tried all that hard to hack into the device.

More →

No Comments
iPhone Hacking

Is Apple’s reluctance to implement a bug bounty program a security risk?

By on March 25, 2016 at 6:30 PM.

Is Apple’s reluctance to implement a bug bounty program a security risk?

While many Silicon Valley tech companies famously employ ‘bug bounty’ programs whereby individuals or third-party groups can receive substantial monetary rewards for finding critical software bugs, Apple is curiously the odd man out. Whether it’s Google handing out $12,000 to a former employee who managed to purchase the Google.com domain name or Facebook paying $15,000 to a security researcher who happened upon a way to unlock any user’s account, paying cold hard cash to learn about previously undetected security vulnerabilities is not only commonplace, but also makes a lot of sense.

More →

No Comments
iPhone Hacking Apple Engineers

Apple engineers would rather quit than develop an iPhone backdoor for the FBI

By on March 18, 2016 at 8:17 AM.

Apple engineers would rather quit than develop an iPhone backdoor for the FBI

Apple’s legal wrangling with the FBI over mobile encryption continues to play out in dramatic fashion. On one hand, we have the DOJ going so far as to boldly claim that they might seek to compel Apple to hand over its iOS source code along with the electronic signature needed to run a modified version of iOS on an iPhone. And on the other hand, we have Tim Cook articulating that the FBI wants Apple to effectively create the “software equivalent of cancer.”

With this particular backdrop, one can see why Tim Cook feels that he’s been living in a “bad dream” ever since the issue of encryption exploded onto the scene and took over the news cycle. Expounding on the matter in a recent TIME interview, Cook said the FBI’s approach to the issue has been unprofessional and that he was “deeply offended” by the FBI “lying” about Apple’s intentions.

And yet, in the midst of all this, one group we haven’t heard much of anything from are Apple engineers, the very people who, if the FBI has its way, would be responsible for creating an entirely new version of iOS that one might reasonably categorize as a backdoor.

More →

No Comments
iPhone iOS Backdoor San Bernardino

With its refusal to unlock San Bernardino shooter’s iPhone, Apple is fighting for us all

By , on February 17, 2016 at 8:19 AM.

With its refusal to unlock San Bernardino shooter’s iPhone, Apple is fighting for us all

A federal judge on Tuesday afternoon ordered Apple to provide technical assistance to the FBI with respect to accessing an iPhone 5c owned by Syed Farook, one of the San Bernardino shooters. Presumptively, the device was used to help plan and coordinate the December 2015 shooting that tragically left 14 people dead and many more wounded.

More →

No Comments
FBI Hack

Hacker group just doxxed 22,000 FBI employees

By on February 9, 2016 at 10:55 PM.

Hacker group just doxxed 22,000 FBI employees

Shortly after revealing the contact information of nearly 10,000 Department of Homeland Security employees, a group of hackers on Monday also published the contact information of more than 22,000 FBI employees. The leaked information, in addition to disclosing names and job titles, also includes employee phone numbers, states of residence, and email addresses.

Notably, identifiable information of FBI employees from all areas of the bureau was compromised, including special agents, intelligence analysts, technicians, language specialists and more.

More →

No Comments
VPN Security Flaw IP Addresses

Security flaw can expose your real IP address when using a VPN

By on November 27, 2015 at 6:15 PM.

Security flaw can expose your real IP address when using a VPN

Virtual private networks (VPNs) are supposed to help users protect their online privacy. VPN services obfuscate the user’s real IP address by routing traffic through other international servers. There are plenty of online companies who offer free or paid access to VPN subscriptions that many users rely on to avoid geofences (read: access Netflix U.S. content from anywhere in the world), download pirated content or just to simply mask their online activity to enhance privacy protection.

However, a discovery has revealed that VPN services aren’t as secure as you’d think, as a huge security flaw can apparently expose the real IP address of their users.

More →

No Comments
Android Hack

Scary new Android exploit can take over any device in seconds

By on November 13, 2015 at 2:23 PM.

Scary new Android exploit can take over any device in seconds

A new mobile exploit recently unveiled at the MobilePwn2Own panel at the PacSec conference this week enables an attacker to take control of any Android device via a Chrome link which unknowingly directs users to a malicious website.

Developed by Chinese security researcher Guang Gong, the full mechanics and underpinnings of the exploit weren’t revealed due to obvious security considerations. What we do know is that the exploit takes advantage of a security hole in Android’s JavaScript v8 engine.

More →

No Comments
Belkin N600

Popular Belkin Wi-Fi router has numerous security holes

By on September 3, 2015 at 10:00 PM.

Popular Belkin Wi-Fi router has numerous security holes

Led by Joel Land, security researchers from Carnegie Mellon University’s Computer Emergency Response Team (CERT) recently discovered that a popular Belkin router contains a number of serious security vulnerabilities that can leave users exposed to a wide variety of attacks.

According to a CERT vulnerability report published earlier this week, the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 is vulnerable to a number of harrowing exploits. Speaking to the device’s popularity, the router in question is the first product listed when one searches for a “Belkin Router” on Amazon.

More →

No Comments
Android Lock Pattern

Watch out, Android users: Your lock pattern isn’t as secure as you think

By on August 21, 2015 at 1:35 PM.

Watch out, Android users: Your lock pattern isn’t as secure as you think

While the prevalence of smartphones with fingerprint-based security has increased considerably over the past two years, the vast majority of Android users still rely on tried and true lock patterns to unlock their devices. That said, new research suggests that the lock patterns typically chosen by Android users may not be as hard to crack as previously imagined.

Originally introduced in 2008, Android’s lock pattern screen was presented as both an easier and more secure alternative to traditional numeric passcodes. While a standard four-digit pin gives users 10,000 possible combinations, a secure lock pattern with 9 distinct nodes can yield 389,112 possible patterns. While one might think that this makes Android devices inherently secure, Marte Loge of the Norwegian University of Science and Technology recently explained why your Android lock pattern may be easier to crack than you imagined.

More →

No Comments
Kaspersky AntiVirus

World’s top antivirus firm accused of sabotaging Microsoft and other rivals

By on August 14, 2015 at 9:00 PM.

World’s top antivirus firm accused of sabotaging Microsoft and other rivals

In the realm of antivirus software, few companies are as respected as Kaspersky Lab. Based out of Moscow, Kaspersky over the years has garnered a lot of praise for detecting and detailing some of the more sophisticated pieces of malware the world has ever seen, including the famed Stuxtnet computer worm and an even complex piece of malware known as Flame.

More →

No Comments
Tor Security Privacy

MIT researchers can break Tor anonymity without even touching encryption

By on July 30, 2015 at 2:25 PM.

MIT researchers can break Tor anonymity without even touching encryption

Before the arrest of Silk Road creator Ross Ulbricht made headlines a few years ago, most everyday web users had never heard of Tor. Originally developed by US Naval Research Laboratory employees, Tor (an acronym for “The Onion Router”) is a popular piece of software designed to enable truly anonymous communications online. Today, it’s estimated that approximately 2.5 million users use Tor on a daily basis.

More →

No Comments
Android Security

Warning: Crazy new Android security flaw can render your phone completely lifeless

By on July 30, 2015 at 9:55 AM.

Warning: Crazy new Android security flaw can render your phone completely lifeless

Another day, another Android vulnerability. Just days after researchers disclosed an MMS-based Android vulnerability that potentially puts 950 million Android devices at risk, a different group of researchers have come forward with yet another Android-based security exploit.

The latest Android vulnerability affects more than half of all Android devices in circulation today and has the potential to render handsets completely inert, which is to say infected phones cannot make calls or receive any other type of notification. What’s more, the screen itself may become lifeless, effectively turning Android phones into expensive screen savers.

More →

No Comments