Pwn2Own: an iPhone hacked in 20 seconds
When Pwn2Own hacking contest, the database that contains the SMS from the iPhone did not take long.
Two hackers, enzo Iozzo and Ralf Philipp Weinmann, managed to introduce himself and to copy any content (including SMS, which had been deleted) by redirecting users to a compromised website.
All this in record time, since they were just 20 seconds to suck all the data from the database of the iPhone. their technique could also provide access to contacts, photos, audio, etc ... the smartphone.
The two men received $ 15,000 for their victory, and details of their achievement will not be revealed until Apple has been informed of this vulnerability and the patch it.
Souce : developpez.com
First malware to practice overwrite discovered hidden in an Adobe Updater
A malicious code has been spotted for the first time by computer security experts.
Indeed, researchers have discovered a malware that replaces the updates to certain applications. Usually, such programs do not overwrite practice.
Only computers running Windows are affected. The malware hides in the form of an updater for Adobe products or Java. A variant mimics Adobe Reader v.9 and overwrite AdobeUpdater.exe, which aims to connect regularly to the Adobe servers to check if a new version is available.
Once installed on a warm machine, the malware opens a client DHCP (Dynamic Host Configuration Protocol), DNS (Domain Name System), a network share, and a port to receive commands.
According to an expert at Trend Micro, good antivirus should detect this threat. It also states that infected computers will be altered even after uninstalling the malware, because they will lose the auto-update any infected software, exposing the machine has other threats if patches can not then be quickly installed (because of this defect). It will indeed users victim of these malicious codes, start to download updates to their hand, what some will do or will not want to do.
Source : Nguyen Cong Cuong's blog (Security analyst)
Techcrunch.com down !
Here's what you see when you want to go to techcrunch.com this morning...
WordPress targeted by a worm
The society Automattic, WordPress platform editor, alert users about a worm that's targetting WordPress blogs. This alert is for the admins that have there blog on there own server.
All site that are not under WP 2.8.4 should update as soon as possible.
How to Keep WordPress Secure
An article about how it's important to keep your WordPress up to date, and how to secure your blog was posted on the WordPress.org development blog.
Read it full
Certificates
Categories
- Ansermot.ch (9)
- Community (99)
- Development (250)
- Misc (21)
- Projects (25)
- FireStats Charts (12)
- WordPress Blog Farmer (4)
- WP Page Qr (3)
- Social (24)
- System (111)