We have many posts about iOS lockscreen vulnerabilities and the new iOS couldn’t resist of having (at least) one too. If someone steal your iPhone then be sure he will be able to access it and find all your sensitive information. According to Apple they already fixed about 80 vulnerabilities, they could avoid them with the experience they have or by delaying it for few months and have security researches finding those before they release it to the market. Of course timing and profit are everything for Apple and security is second. The security hole is for the normal PIN code or password lock of the screen.
Auction for an Android Firefox exploit
An Android Firefox exploit found which can be triggered and execute apk files. It forces Firefox versions 23/24/26 to download and execute a malicious application. This exploit was posted by a Russian hacker and exploit writer and the auction starts at $460. This can happen by just visiting a malicious site so even browsing is not safe. The only thing for the attacker is to use some social engineering and convince people to visit a malicious website. He might not even have to do it since he can instead infect a known website and all its visitors be victims. Update your software to the latest version and be careful on the websites you are visiting.
Facebook vulnerability allows to delete any picture
Arul Kumar, an Indian security researcher found a vulnerability to Facebook which he could delete any image within a minute. The vulnerability was in Facebook’s support dashboard and they rewarded him with $12.500 for helping the security team to patch it. Basically the security hole was in the photo removal request where the attacker could change the profile id and the image id and so be able to delete any image on Facebook. Imagine if someone that hates you finds this and exploits it or pay someone else and delete all your images. There are people that have uploaded hundreds of photos and they can’t even imagine such a thing happening to them.
iPhone to be controled remotely by authorities
Apple invented a new technology that will be able to switch off camera and wi-fi from iPhone remotely. This is to be used for when people enter a “sensitive area”. It basically broadcasts a signal and when iPhone receives it, it will shut down features or entirely. For some of us this is not an issue since I never bought and I will never buy Apple device if they keep overcharge everything. And they of course continue do it since there are many people paying. To our subject, those are not rumors, there is a patent filled by Apple titled “Apparatus and methods for enforcement of policies upon a wireless device”.
PRISM scandal helped Tor
We all learned about NSA’s Prism and that user data is available to US government like any other public document. Tor is in general terms an anonymity tool for user internet activity. Since Snowden revealed the information about Prism Tor gained more than 600.000 new users and it now has about 1.2 million users. Tor is also used by hackers and web criminals to hide their activity. This is not Tor’s fault, almost any tool can be used for good and bad things. Some countries ban Tor network in order to be able to monitor their citizens easier. Some times I can’t believe why countries move backwards technology and progress.
Age of Empires II HD Black Screen Solution
This post is for those who love Age of Empires games and they want to play the HD release but instead of the map they see black screen. Don’t worry and there is an easy and fast solution for this. It happened to me on Windows 7 so I can’t say if it is Windows 7 specific problem or a general one. Also, it depends if you installed through Steam or normally. I provide both solutions which are basically the same.
Lenovo is banned by spy agencies
Most of you know Lenovo, the biggest Chinese computer maker. It has recently been banned and it can’t supply equipment for several intelligence and security agencies. Mostly for government agencies in US, UK, Canada, Australia and New Zealand. This is because there are concerns that it contains serious hardware and firmware backdoor vulnerabilities. Even though a hardware backdoor is very hard to detect, it is very critical for agencies like NSA. Huawei should feel very lucky since it will most probably fill the gap with its equipment. Lenovo is the company that acquired the personal computer business from IBM when they decided to leave the PC business back in 2005.
Facebook vulnerability reveals the email address of any account
During the creation of a Facebook account you must provide an email address which becomes your primary email address. A security researcher found a vulnerability in Facebook, yes another one, that reveals the primary address of any account. The flaw can be found in the invitation mechanism and hackers and spammers can exploit this vulnerability to get the primary email address of every account. The process can be easily automated so this is not an issue to someone with basic programming knowledge. I will not post the steps of how someone can get this information as it is already patched by Facebook and they awarded $3500 to the person that found the vulnerability. If you receive an email to your email address that you only used on Facebook then you know why.
NSA and Israel created Stuxnet
According to Edward Snowden NSA and Isreal worked together to create Stuxnet, a computer worm that was used to attack Iran’s nuclear facilities. It was spread via Microsoft Windows and its target was industrial control systems by Siemens. After that, a more sophisticated virus called Flame was linked with Stuxnet. Kaspersky researchers concluded that the creators of the Flame were the same that also created Stuxnet due to the similarities in the code. So, if what the whistleblower says is true then NSA created both malicious software. I guess they created more than the ones we just learned about. But don’t worry, they create malicious software, worms and viruses to protect you, at least this is what they will say if you ask them. They don’t want to but they have to in order to protect the people.
Most Android devices are at risk
Researches at Bluebox Security have discovered a vulnerability in Android core from version 1.6 (Donut). This means that almost all Android devices are vulnerable. The numbers are huge, it is about a billion devices. Apparently Samsung knew about this and its flagship, Galaxy S4, is patched and safe from this vulnerability. Bluebox will reveal details of this security hole during the Black Hat USA conference. To understand how serious this vulnerability is, a hacker can modify any application without breaking its cryptographic signature