Capital Berg

Keeps People Up-To-Date

Thursday, October 29, 2020
Log in

Apple’s Latest Security Patch can still Be Bypassed

By

"Apple’s Latest Security Patch can still be bypassed"

Patrick Wardle confirmed that Apple’s latest security patch is still vulnerable to malware attacks.

Everyone is keen on thinking that Macs are among the safest devices on the market. But it would seem that Apple’s products are as vulnerable as other devices. According to a tech specialist, Apple’s latest security patch can still be bypassed by any malware program.

The Gatekeeper forgot to lock the gate

Patrick Wardle, a researcher and a computer specialist, is currently working with the tech giant in order to find the holes in Mac’s security protocols.

For many months now, the avid researcher kept probing Mac’s defense. Wardle declared the last version of Gatekeeper was very loose in terms of security, meaning that any malware application, masquerading as a legit app could get past the security system and infect the computer.

After many trials and errors, Apple managed to release a new patch, one that will be able to repair any breach in the security net. Discovering Apple’s newest addition to the Gatekeeper, Wardle took it upon himself to test the strength of the program.

It was he who declared that the new patch was so inefficient in terms of security, which he managed to find around it in just 5 minutes.

So, let’s talk about malware. We all know for a fact that last year nearly every gadget available on the market was targeted by malware attacks. It wasn’t any different in Apple’s case. Moreover, it would seem that the latest hack attacks were focused on bringing down the allegedly fool-proof Mac protection grid.

According to Wardle and to several tech specialists, infecting a Mac with a malicious code was a piece of cake. Malicious code would be embedded in legit applications, thus being capable of following the all-seeing Gatekeeper.

The security program primary goal is to check the digital signature of the application. If the application had Apple’s digital signature, then Gatekeeper would allow the user to install the application. Same thing happened with the digital signature of third-party applications.

But it seems that the Gatekeeper wasn’t infallible. In fact, very often, seemingly legit applications available on the web contained malware code.

Wardle, a computer scientists, declared that Apple’s latest security patch can still be bypassed. Currently, the researcher is aiding Apple to patch all the holes in Gatekeeper’s security grid.

Until another version of the app blocker is launched, Wardle recommendation to the user is to download applications directly from Apple’s online store. Furthermore, the users must download these applications via a secure/ encrypted internet connection.

Photo credits:www.pixabay.com

2014’s List Of Worst Passwords: Just As Horrible As You’d Think

By

Worst-passwords

 

If the onset of prominent hackings taught us anything in 2014, its literally nothing.

Password management firm Splashdata revealed its yearly list of the most terrible passwords and it’s just as horrible as you’d think. The organization, which investigated the 3 million passwords released online last year, uncovered that the most common leaked password in 2014 was “123456,” followed by “password” — both topped the list last year, as well.

Obviously, the more common a password is the higher the chances a hacker can get into individual records, such as email and banking.

While number series were as popular as ever, games terms like “baseball” and “football” were used more often, and additionally words related to most loved games teams — “yankees,” “hawks,” “steelers,” “rangers” and “lakers” all made the top 100.

Birthday years were common as well (particularly 1989, 1990, 1991 and 1992) and names like “Michael,” “Jennifer,” “Michelle” and “Hunter” are also among the top 100 worst passwords of 2014.

The list is especially alarming as it comes on the heels of significant hacking attacks against firms like Sony Pictures and the celebrity naked photograph scandal that hit last year.

Just have a look at the full list of passwords;

  1. 123456
    2. password
    3. 12345
    4. 12345678
    5. qwerty
    6. 123456789
    7. 1234
    8. baseball
    9. dragon
    10. football
    11. 1234567
    12. monkey
    13. letmein
    14. abc123
    15. 111111
    16. mustang
    17. access
    18. shadow
    19. master
    20. michael
    21. superman
    22. 696969
    23. 123123
    24. batman
    25. trustno1

There are simple approaches to handle the issue of passwords. And the responsibility is not so much on you — the entire password system is imperfect and muddled. However, there are simple steps you can take to be more secure. One is utilizing password management software to guarantee that your passwords are strong enough; upgraded, and safely locked down and in a place you can find them.

For people who can’t be worried to make that stride, you can still do more. Regardless of the fact that your password isn’t completely random and disconnected from your personality (which is best), you can still pick your same evident passwords and spruce them up a bit.

You can use the position of keys on a keyboard to do this — for instance, people who use “123456” or “qwerty” can just scramble those together based on the keys, making something like ‘q1w2e3r4t5′. Need to make it simpler? Take something you’ll recall: “My uncle lives in Kansas” and make it your password “Myunclelivesinkansas” and include his street address: “Myunclelivesinkansas207.” These long, complex passwords are really very hard to hack and are easy to recall. While these won’t prevent great hackers from getting into your stuff, at least you’ll be making moves to escape from the top 10.

Scammers can replicate finger prints just using Photos

By

scammers-replicate-finger-prints

According to German researchers, scammers can now replicate your fingerprints using high-quality photos.

The Chaos Computer Club at Chaos Communication Congress (31C3) this weekend presented the method by which the fingerprints are outlined. Jan Krissler well known online as Starbug, outlined the method by which he reproduced the fingerprint of Germany’s Federal Minister of Defense, Ursula von der Leyen.

Starbug captured high-quality snaps of the hand gestures of Ursula at a public presentation from which he carved out the prints.

The copy made by Starbug can be used to access anything protected by her biometric data, BBC said.

Krissler advertised in a statement “After this talk, politicians will presumably wear gloves when talking in public,”

So if anyone who can replicate the fingerprints of any official can easily break in devices like a smartphone or PC. But it would be problematic if they are used for something like unlocking doors.

Krissler also said in his statement that it would no longer be necessary for the hacker to steal the items touched by that person.

“In the past years, it was successfully demonstrated a number of times how easily fingerprints can be stolen from its owner if a person touched any object with a polished surface (like a glass or a smartphone),” he said.

This is not the first time that the Chaos Computers have targeted the fingerprints. They have unlocked Apple 5S using fake fingerprints just after a week of its release. “This demonstrates—again—that fingerprint biometrics is unsuitable as [an] access control method and should be avoided,” the group said at the time.

Researchers from Germany’s Security Research Labs (SRLabs) earlier this year revealed “how flaws in the implementation of fingerprint authentication in the Samsung Galaxy S5 expose users’ devices, data, and even bank accounts to thieves and other attackers.”

It did make a concern for other companies who added fingerprint scanners to their Smartphones.

SONY Attackers Leaked Trove Of Records Including Employee Passwords

By

Sony-pictures-leaks-passwords

Everybody is terrible at passwords; that is nothing new. Yet if you’re working at a prominent studio like Sony, maybe you ought to pick a finer secret word than “s0ny123” or “password.”

Days after the enormous hack against Sony, a group of hackers calling themselves “GOP”(Guardian of Peace) discarded online a trove of records that seem to be from the internal computers of Sony Pictures Entertainment. The documents contain all types of data, for example, sales reports, syndication contracts, and employee salaries.

Along with the hacked trove is also a folder called, just, “passwords.” And much the same as you’d expect, inside the folder there’s a document called “passwords.doc” dated March 2, 2011, which contains what resembles a rundown of worker usernames, passwords, and even credit card numbers.

One more folder in the trove contained payroll spreadsheets, with details, for example, workers’ names, occupation titles, home addresses, and current pay rates. A portion of the spreadsheet records is ensured by a password — a decent security practice. Sadly, within the same folder, there’s also a file named “passwords” which contains the password to open the documents.

It’s still misty how the hacker got access to Sony’s computer systems, and how they found themselves able to siphon out a huge number of documents. However, judging from the utilization of frightful passwords and the act of placing passwords in folders right beside the files they are suppose to protect, Sony’s security practices may be worthy of some responsibility.

Certainly, this isn’t the first time Sony has been trapped using awful security and password rehearses. Way back in 2011, Sony was broken numerous times, hitting the organization’s Playstation Network and Sony Pictures, uncovering 37,000 client accounts. The hack uncovered that Sony was putting away those clients’ passwords in plaintext instead of encrypting them, which is currently the diligence standard.

What’s A Snappen & Why You Should Be Alarmed

By

thousands-of-snapchat-images-laeaked

Once again the underhanded doings of hackers is setting the web on fire. Now the fiendish felons are threatening to leak upwards of 200,000 images from the popular photo sharing website Snapchat.

The infamous leak website 4chan.org’s underbelly users announced that they had access to hundreds of thousands of photos, personal photos from Snapchat. The hackers threaten to release a tsunami of the photos on Sunday into a searchable database that is tied to Snapchat usernames. The fiends state that they have been stealing photos that were sent by third party Snapchat app for years. Called “Snappening” this hack arrives a few weeks after hundreds of celebrity people’s private naked photos were published on the 4chan.org site after a leak from iCloud.

One might think that Snapchat has countermeasures in place to prevent such leaks but they state that photos are deleted from their databases when a member opens them or if unopened the photos are deleted in 30 days. The phone app however is different and that’s where the problem lies. Snapchat instead hides the pictures on android devices so that the OS and apps ignore the photos. The photos, however, are still accessible by some third party apps that don’t necessarily follow Android rules. The images remain and are recoverable and thus do not disappear, forever.

It’s theorized that an app, Snapsave might well be the source of the leak. Using Snapchat while sending a picture, the person on the receiving end takes a screenshot of the picture, however, the app immediately informs the sender. Snapsave proclaims to have the ability to save photos and videos unbeknownst to the sender. The archived pictures can then be stored in the cloud. Snapsave’s developer Georgie Casey states emphatically that his app has nothing to do with this debacle. That being said, however, the SnapSaved.com website no longer exists.

Perhaps the warning post began in May 2014 when Snapchat themselves stated that it might sometimes be possible to retrieve photos after they’ve deleted them. They warned users to be cautious with what they post.

The photos in question are reportedly those of an explicit nature and anyone can take a guess at what their neighbors have been doing, naughty or nice.

No one should download the leaked pictures as some may be of underage teenagers and that would be a crime in most countries in the world. Parents should have instructed their children not to post such pictures in the first place, however, sometimes the kids can circumvent the protections and their parent’s warnings.

The hackers are doing this likely just to show that they can, for bragging rights and not realizing nor taking responsibility for what ramifications may occur. Some may last years. All users of Snapchat may be at risk and if you think you are you might want to look for your username on 4chan.org’s site and demand any photos be taken down immediately. Check with your authorities on handling this as it may be delicate.

Categories