hack ▪ March 18
hack ▪ March 4
Cryptographers have discovered that a security flaw dating back to the ’90s is placing OS X, iOS and Android users at risk from hacking attacks when visiting some major websites, including American Express, Airtel, Bloomberg, Business Insider, Groupon, Marriott and many more.
The FREAK exploit allows an attacker to force a website to use lower-grade encryption for HTTPS connections, which can be cracked within a few hours when using a small botnet of just 75 computers. Once cracked, attackers would be able to hack the website as well as steal personal data from those visiting the site … expand full story
hack ▪ February 22
hack ▪ January 2
Update: We are now receiving reports that the vulnerability has been patched. People trying to use the tool are apparently now being correctly locked out from repeated password attempts.
A new tool submitted to GitHub claims to be able to perform password dictionary attacks on any iCloud account, seemingly able to evade detection from Apple’s rate-limiting security that is supposed to prevent such dictionary attacks from happening. In September, Apple reported it had closed one such hole that allowed brute-force attacks to occur.
The sourcecode for the tool has been released onto GitHub. Upon inspection, the tool is really rather crude in its complexity. It simply tries every possible word in its 500-long word-list as the password for a given iCloud account email. This means whilst it will succeed “100%” at trying 500 times over, the tool is by no means guaranteed to succeed at cracking your password.
hack ▪ December 30, 2014
A security researcher speaking at the Chaos Computer Congress in Hamburg demonstrated a hack that rewrites an Intel Mac’s firmware using a Thunderbolt device with attack code in an option ROM. Known as Thunderstrike, the proof of concept presented by Trammel Hudson infects the Apple Extensible Firmware Interface (EFI) in a way he claims cannot be detected, nor removed by reinstalling OS X.
Since the boot ROM is independent of the operating system, reinstallation of OS X will not remove it. Nor does it depend on anything stored on the disk, so replacing the harddrive has no effect. A hardware in-system-programming device is the only way to restore the stock firmware.
Apple has already implemented an intended fix in the latest Mac mini and iMac with Retina display, which Hudson says will soon be available for other Macs, but appears at this stage to provide only partial protection… expand full story
hack ▪ December 9, 2014
Password managers are a great way to have strong, unique passwords for each website you access – but vital as it is these days, there’s no denying that it’s a chore to change them. Dashlane, a Mac and Windows password manager app, aims to take away the pain by doing it for you automatically across 50 top US websites like Apple, Amazon, Dropbox, Facebook, PayPal, WordPress and Twitter.
Importantly, the app can even cope with sites that employ two-factor authentication to login or change a password, prompting you for the code when required … expand full story