Security – Page 705 – Computer Security Articles

Credit to Author: Lucian Constantin| Date: Thu, 23 Mar 2017 14:13:00 -0700

A group of hackers threatening to wipe data from Apple devices attached to millions of iCloud accounts didn’t obtain whatever log-in credentials they have through a breach of the company’s services, Apple said.

“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” an Apple representative said in an emailed statement. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”

A group calling itself the Turkish Crime Family claims to have login credentials for more than 750 million icloud.com, me.com and mac.com email addresses, and the group says more than 250 million of those credentials provide access to iCloud accounts that don’t have two-factor authentication turned on.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 23, 2017 admin

Google: Half of Android devices haven’t been patched in a year or more

Credit to Author: Gregg Keizer| Date: Thu, 23 Mar 2017 12:41:00 -0700

Google engineers yesterday acknowledged that half of all Android devices had not received a security update in the past year, even as they argued that the firm has made progress in streamlining the open-source operating system’s patching process.

“About half of devices in use at the end of 2016 had not received a platform security update in the previous year,” Adrian Ludwig and Mel Mille, members of the Android security team, said in a post to a company blog.

Although Google has issued monthly security updates for Android since 2015 — and deploys those patches to Nexis and Pixel devices as soon as they’re available — other device makers often take weeks or months to push updates to customers, or never do. Android’s update problem is not new — it’s been in stark contrast to other operating systems, notably iOS, macOS and Windows, since Android’s inception — and is baked into the relationship between Google and the hardware manufacturers who build and sell phones.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 23, 2017 admin

Newly leaked documents show low-level CIA Mac and iPhone hacks

Credit to Author: Lucian Constantin| Date: Thu, 23 Mar 2017 11:53:00 -0700

The CIA has had tools to infect Apple Mac computers by connecting malicious Thunderbolt Ethernet adapters to them since 2012, according to new documents purported to be from the agency and published by WikiLeaks.

One of the documents, dated Nov. 29, 2012, is a manual from the CIA’s Information Operations Center on the use of a technology codenamed Sonic Screwdriver. It is described as “a mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting.”

Sonic Screwdriver allows the CIA to modify the firmware of an Apple Thunderbolt-to-Ethernet adapter so that it forces a Macbook to boot from an USB stick or DVD disc even when its boot options are password protected.

To read this article in full or to leave a comment, please click here

Security Wired

March 23, 2017 admin

WikiLeaks Reveals How the CIA Can Hack a Mac’s Hidden Code

Credit to Author: Andy Greenberg| Date: Thu, 23 Mar 2017 18:09:19 +0000

The leak shows how physical access hacks can plant undetectable spying code deep in a Macbook’s firmware. The post WikiLeaks Reveals How the CIA Can Hack a Mac’s Hidden Code appeared first on WIRED.

Security Wired

March 23, 2017 admin

WikiLeaks Shows How the CIA Can Hack a Mac’s Hidden Code

Credit to Author: Andy Greenberg| Date: Thu, 23 Mar 2017 18:09:19 +0000

The leak shows how physical access hacks can plant undetectable spying code deep in a Macbook’s firmware. The post WikiLeaks Shows How the CIA Can Hack a Mac’s Hidden Code appeared first on WIRED.

ComputerWorld Independent

March 23, 2017 admin

Senate votes to kill FCC's broadband privacy rules

Credit to Author: Grant Gross| Date: Thu, 23 Mar 2017 10:13:00 -0700

The U.S. Senate has voted to kill broadband provider privacy regulations prohibiting them from selling customers’ web-browsing histories and other data without their permission.

The Senate’s 50-48 vote Thursday on a resolution of disapproval would roll back Federal Communications Commission rules requiring broadband providers to receive opt-in customer permission to share sensitive personal information, including web-browsing history, geolocation, and financial details with third parties. The FCC approved the regulations just five months ago.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

March 23, 2017 admin

Snowden's ex-boss offers advice on stopping insider threats

Credit to Author: Michael Kan| Date: Thu, 23 Mar 2017 10:10:00 -0700

Steven Bay, a former defense contractor, knows a thing or two about insider threats. For a brief period, he was the boss of Edward Snowden, the famous leaker who stole sensitive files from the U.S. National Security Agency.

Recalling the day he learned Snowden had been behind the NSA leaks back in June 2013, Bay said he received texts about the breaking news while in a leadership meeting at a church. The first text said “Sorry man, looks like your worst nightmare came true.”

Bay was crushed: “I went out into an empty room of the church and I just melted down crying.”

To read this article in full or to leave a comment, please click here