A flaw in IOS 4.1 allow access to personal datas
A new security flaw has been discovered in iOS: it bypasses the password that protects iOS an iPhone running 4.1.
So, the hacker can access personal data stored in the mobile.
To achieve this, it must simply enter # # # on the keypad, instead of an emergency number, then just press all the buttons lock and appeal. This causes the release of the phone application that provides access to contacts, messaging and call history.
Apparently, this flaw is exploitable from version 4.2 Beta 3 IOS. Which suggests that Apple got wind of the vulnerability and that it has corrected
Source: Video of a Brazilian hacker who gave a demonstration of the exploit:
A flaw allows the takeover of computers browsing with Firefox
According to a Norwegian firm security, hackers exploited a flaw in the Firefox browser to take control of computers that visit the official website of the Nobel Peace Prize.
The Mozilla Foundation has confirmed this vulnerability was rated critical. It affects versions 3.5 and 3.6 of its browser.
According to the company Norman ASA, the site of the famous Prize nobelpeaceprize.org "was first suffered an attack that has to inject an iframe pointing to a malicious server.
This server then issues a variety of exploits targeting (and first) only the Firefox browser. One of the achievements is taking control away from Firefox 3.6.11.
To force the installation of malware, attackers exploited a flaw-type "competitive situation" (in English "race condition"). Attack complex that plays on the execution order of instructions, an order which provides different results.
The malicious Windows executable that is installed and then tries to query multiple internet addresses.
If one of them meets the malware launches Shell and open the socket, and gives the attacker access to the victim's computer with the same rights as the logged user.
Mozilla provides a patch is being prepared to plug this loophole.
Meanwhile, installing NoScript extension is recommended to restrict the execution of JavaScript to trusted sites.
Many analysts see clearly the hand of Beijing in this case.
The attack came just three weeks after the Chinese dissident Liu Xiaobo (described as "criminal" by Beijing), has been crowned winner of the Nobel Peace 2010.
Sources :
Firefox: an hacking extension poses problems
A Firefox extension, dubbed Firesheep, is in fact a usurper of cookies. It was downloaded 104,000 times in 24 hours between curious and ... malicious.
The extension allows anyone to retrieve identifiers (then use to connect) to the accounts of users connected via a Wi-Fi not secure a site that does not use secure HTTPS connections. Among them there are many popular sites including Facebook and Twitter
Firesheep was developed by Eric Butler to the attention of major players in the web, including social, on a latent lax in terms of secure identification.
And it worked. Too well, this developer independent American states on his blog that he does not expect that "Firesheep" arrived in the Top 10 most popular Google queries in the United States.
Butler explains that on a wifi network is not secure, cookies may not be encrypted and are easy to intercept. It is therefore easy to copy in their browser and impersonate someone else.
A method that automates the extension and makes it very easy.
If it does not directly have the password for the user, it nevertheless opens the door to a multitude of flight information, refer to conduct banking transactions.
This video explains the workings of this image feat:
Security flaw discovered iOS 4.1
A new security flaw was discovered in iOS 4.1, this flaw allows access to the directory of an iPhone protected by a password.
Handling is fairly simple, just to have an iPhone on iOS 4.1 Protecting a password and :
- Click "Emergency Call"
- Type a number at random, ex: 1234
- Tap on "Call" followed immediately:
- Pressing the power button on the top right.
If you were fast enough, you should find yourself in the application "Phone" of the iPhone and can see the different contacts and even call them!
Namely, this flaw does not appear to be present in the beta iOS 4.2 but there is no fix to date for version 4.1, either by Apple or Cydia.
A 12 years old hacker found a critical flaw in Firefox
In the series' value does not expect the number of years "after the young girl of 16 who is developing a site for the British government, this is the hacker of 12 years is a critical flaw in Firefox.
And pocketing $ 3,000 in the passage provided by the Mozilla Foundation for any contributor who help significantly to improve the security of its browser.
Alex Miller is a young boy from San Jose (Calif.) computer enthusiast. Passionate but not insensitive to the gains.
When Mozilla has decided to multiply by six the reward for the discovery of a significant vulnerability, the young prodigy has made up his mind to win the award.
His initial analysis led him to find some flaws, minor, insufficient to receive the jackpot.
Stubborn, Alex Miller continues his research for 10 days at an hour and a half per day, until he uncovers a flaw in the use of application memory.
Tracking down bugs is not easy. Very technical, it concerns only a small community of developers, says essentially Brandon Sterne, head of security at Mozilla, about Alex Miller.
An annoying boy ?
Source : Mercury News
Certificates
Categories
- Ansermot.ch (9)
- Community (99)
- Development (250)
- Misc (21)
- Projects (25)
- FireStats Charts (12)
- WordPress Blog Farmer (4)
- WP Page Qr (3)
- Social (24)
- System (111)