Advertisements
Tag Archive | Security

Why Apple shouldn’t develop a backdoor for iOS as requested by the FBI following San Bernardino events

FBI (a.k.a. USA Federal Bureau Investigation) wants one of the San Bernardino terrorist’s iPhone 5C unlocked by Apple; even though it seems an easy matter, Apple doesn’t want to comply. And they have more than good reasons to do so.

First of all, Apple isn’t siding with terrorists: many big tech companies like Google and Microsoft have expressed their support. They already provided their stored backups of the device and did everything they could to help the investigators: however Cupertino does not want to decrypt the device itself by breaking its passcode protection. Since iOS 8, Apple deleted the encryption keys of their customer’s devices from their servers: in other words, not even they can access the stored data because they don’t have any way to do so anymore. As a result, the FBI is locked out of the phone and so is Apple… more or less.

Due to the security measures of iOS, FBI has requested Apple to develop a very particular version of their mobile operative system by introducing a backdoor that would let them brute force the passcode with the speed of modern computers, something they can’t do with the iOS we all know. By “brute forcing” we mean trying to input every possible combination electronically: Apple doesn’t let this happen in two ways: by wiping the data after 10 failed attempts, or by repeatedly disabling the device after too many wrong attempts. Read More…

Advertisements

iOS SSL security flaw forces devices in an endless reboot loop: had the iPad replaced for that.

Recently researches of Skycure have discovered an SSL security flaw in iOS systems which allows an external attacker to force your iPhone, iPad or iPod Touch in an endless reboot process, thereby making them useless.

The exploit uses a malevolent SSL certificate that makes the operative system crash every time it attempts to use a secure connection under Wi-Fi connectivity. Because of that, even if you had known what was causing the problem, you would never had the time to shut down your Internet connection on the device.

The flaw, named “No iOS Zone” first appeared on a video which showed an iPhone 5S stuck in reboot mode.

Read More…

Lenovo was found installing malicious adware on new computers

Lenovo has been caught installing a malicious adware named “Superfish” on new computers. The adware would inject third-party announcements on Google search results on Explorer and Chrome browsers (Firefox seems to be immune). While it may sound harmless for the computer, some users are reporting that it automatically installs a self-signed security certificate, which would allow it to take a peek on sensible data informations, such as bank accounts, emails and passwords.

Mark Hopkins – a Lenovo community administrator – states the following:

We have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.

Read More…

Heartbleed, the bug that crippled the Web’s security for the last two years.


Heartbleed logo

Heartbleed, a name that strikes fear lately, the bug found in OpenSSL encryption, that for the last two may have exposed your data on even the most famous websites we use everyday, such as Facebook, Google, Instagram, which could actually let your data to be “bleed” by someone from a server.

Although most of them have fixed the problem already with a patch, there’s no guarantee that your data hasn’t been stolen yet. Even if you are habitué of changing password at some point and don’t use the same for multiple accounts, it’s better to stay safe and sound. Still, we don’t know if hackers knew about this bug until last week when it was discovered. Here’s a list of the services that have been hit, where we strongly recommend to change password immediately.

  • Facebook
  • Instagram
  • Google & YouTube
  • Amazon Web Services
  • Tumblr
  • Dropbox
  • Box
  • OkCupid
  • IFTTT
  • Wikipedia
  • Wunderlist
  • Pinterest
  • Yahoo!
  • GoDaddy
  • Netflix
  • Flickr
  • Minecraft
  • SoundCloud

OS X and iOS users do not need to worry; Apple already claimed that they didn’t rely on OpenSSL, they’ve always been secure. Same goes for Microsoft and relative services such as Outlook.

______________________________________

In Italiano

Heartbleed, un nome che fa paura di recente. È il bug trovato nella crittografia OpenSSL che per due anni ha esposto dati degli utenti anche sui siti più famosi e usati al mondo, come Facebook, Google, Instagram, a causa di un errore di programmazione che permetteva a malintenzionati di far “sanguinare” (appunto dall’inglese “bleed”) certe informazioni dal server.

Nonostante la maggior parte abbia già rilasciato una patch volta a risolvere il problema, non c’è garanzia che i nostri dati non siano stati già rubati. Anche se avete l’abitudine di cambiare password periodicamente e di usarne sempre una diversa, è meglio restare sul sicuro. Tuttavia, non possiamo nemmeno essere certi che gli hacker fossero già a conoscenza del bug di Heartbleed fino a settimana scorsa quando è stato scoperto. Ecco una lista dei “colpiti”, ai quali consigliamo di modificare le credenziali di accesso immediatamente.

  • Facebook
  • Instagram
  • Google & YouTube
  • Amazon Web Services
  • Tumblr
  • Dropbox
  • Box
  • OkCupid
  • IFTTT
  • Wikipedia
  • Wunderlist
  • Pinterest
  • Yahoo!
  • GoDaddy
  • Netflix
  • Flickr
  • Minecraft
  • SoundCloud

Gli utenti Mac OS X e iOS non hanno di che preoccuparsi; Apple ha già reso noto di non utilizzare OpenSSL, sono sempre rimasti sicuri. Stesso vale per Microsoft, e per tutti i servizi correlati tra i quali Outlook.

Blackphone promises to stop NSA to watch over you.

After the NSA (acronym for USA’s National Security Agency) scandal about worldwide spying actions, you surely wondered if you’ve been spied all along; Xbox LIVE, World of Warcraft and even worldwide leaders haven’t escaped.

How do you avoid people on your back? This is the question posed by a swiss joint venture with Silent Circle and Geeksphone with a new kind of device, rightfully named Blackphone, and partially answered in a video that resembles the upcoming gaming title Watch Dogs.

Read More…

%d bloggers like this: