Tag Archives: Security

Google, Samsung phones will now receive monthly over-the-air security updates

Posted on by

“Mere hours after Samsung shared plans to issue over-the-air (OTA) security updates ‘about once per month’ for its Android devices, Google has announced pretty much the same strategy. Starting this week, Nexus devices will receive regular OTA updates each month focused on security, in addition to the usual platform updates.  Just like Samsung, Google didn’t explicitly say why the new Android security update process is being unveiled now, but it did mention Stagefright, a vulnerability disclosed last week that affected roughly 95 percent of Android devices. In short, the security hole could allow a hacker to remotely access an Android smartphone using only a person’s telephone number.”

http://venturebeat.com/2015/08/05/google-announces-nexus-devices-will-now-receive-monthly-over-the-air-security-updates/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Google pushes fixes for critical code-execution bug in Android

Posted on by

“Google and its Android partners on Wednesday started distributing a fix for a vulnerability that could cause millions of phones to execute malicious code when they’re sent a malformed text message or the user is lured to a malicious website.  The flaw in an Android code library known as Stagefright was disclosed last week, several months after security researchers privately reported it to engineers responsible for Google’s Android operating system. Google engineers, in turn, have introduced changes to the Android text messaging app Messenger. The changes mitigate the threat by requiring users to click on videos before playing them.”

http://arstechnica.com/security/2015/08/google-pushes-update-for-critical-android-bug-but-wont-say-if-its-fixed/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Rowhammer.js Is the Most Ingenious Hack I’ve Ever Seen

Posted on by

“The bad news is that if your computer is vulnerable, it’s a hardware issue, and there’s very little you personally can do about it. No software patches are coming to the rescue any time soon. The good news is that this hack is so complicated to pull off, you’re probably safe just from its level of difficulty alone.  So what exactly is Rowhammer.js? While it still needs to be tested further, the researchers claimed it is the ‘first remote software-induced hardware-fault attack’ in existence, written entirely in JavaScript. In other words, it’s scalable, powerful, takes more than a little luck to pull off, and if you understand how it works, it’s the most clever thing you’ll see all week.”

http://motherboard.vice.com/read/rowhammerjs-is-the-most-ingenious-hack-ive-ever-seen

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

0-day bug in fully patched OS X comes under active exploit to hijack Macs

Posted on by

“Hackers are exploiting a serious zero-day vulnerability in the latest version of Apple’s OS X so they can perform attacks that install malware without requiring victims to enter system passwords, researchers said.  As Ars reported last week, the privilege-escalation bug stems from new error-logging features that Apple added to OS X 10.10. Developers didn’t use standard safeguards involving additions to the OS X dynamic linker dyld, a failure that lets attackers open or create files with root privileges that can reside anywhere in the OS X file system. Researchers from anti-malware firm Malwarebytes said a new malicious installer is exploiting the vulnerability to surreptitiously infect Macs.”

http://arstechnica.com/security/2015/08/0-day-bug-in-fully-patched-os-x-comes-under-active-exploit-to-hijack-macs/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

New attack on Tor can deanonymize hidden services with 88% accuracy

Posted on by

“Computer scientists have devised an attack on the Tor privacy network that in certain cases allows them to deanonymize hidden service websites with 88 percent accuracy.  Hidden services allow people to host websites without end users or anyone else knowing the true IP address of the service. The deanonymization requires the adversary to control the Tor entry point for the computer hosting the hidden service. It also requires the attacker to have previously collected unique network characteristics that can serve as a fingerprint for that particular service. The new research underscores the limits to anonymity on Tor, which journalists, activists, and criminals alike rely on to evade online surveillance.”

http://arstechnica.com/security/2015/07/new-attack-on-tor-can-deanonymize-hidden-services-with-surprising-accuracy/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Hackers Can Use Your Car to Kill You

Posted on by

the-daily-bell-top-logo61

“The FBI denied investigating Hastings. Maybe the journalist who took down one top general and elevated another just happened to fall asleep at the wheel. We can’t know for sure what happened to Hastings. We do know for sure that it is now technically possible to take control of a vehicle and make it do undesirable things, like crash into palm trees at high speed. The hackers profiled in the Wired report are surely not the only ones with this ability. It’s no stretch to imagine that CIA and Pentagon experts have the same skill. Would they use it to silence a critic? Maybe they already did.”

http://www.thedailybell.com/news-analysis/36441/Hackers-Can-Use-Your-Car-to-Kill-You/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

950 million Android phones can be hijacked by malicious text messages

Posted on by

“Almost all Android mobile devices available today are susceptible to hacks that can execute malicious code when they are sent a malformed text message or the user is lured to a malicious website.  The vulnerability resides in an Android code library that processes several widely used media formats. The most serious exploit scenario is the use of a specially modified text message using the multimedia message (MMS) format. All an attacker needs is the phone number of the vulnerable Android phone. From there, the malicious message will surreptitiously execute malicious code on the vulnerable device with no action required by the end user and no indication that anything is amiss.”

http://arstechnica.com/security/2015/07/950-million-android-phones-can-be-hijacked-by-malicious-text-messages/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Jeep owners urged to update their cars after hackers take remote control

Posted on by

“Security experts are urging owners of Fiat Chrysler Automobiles vehicles to update their onboard software after hackers took control of a Jeep over the internet and disabled the engine and brakes and crashed it into a ditch.  A security hole in FCA’s Uconnect internet-enabled software allows hackers to remotely access the car’s systems and take control. The Uconnect hack affects driving systems from the GPS and windscreen wipers to the steering, brakes and engine control.  The security researchers notified Fiat Chrysler nine months ago.  The update requires users to manually update their cars by visiting the manufacturer’s site, downloading a programme on to a flash drive and inserting it.”

http://www.theguardian.com/technology/2015/jul/21/jeep-owners-urged-update-car-software-hackers-remote-control

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Government IT official with fake degree ran law enforcement data systems

Posted on by

“The Department of the Interior’s computer systems played a major role in the breach of systems belonging to the Office of Personnel Management, and DOI officials were called before the House Oversight and Government Reform Committee on Wednesday to answer questions about the over 3,000 vulnerabilities in agency systems discovered in a penetration test run by Interior’s Inspector General office. But there was one unexpected revelation during the hearing: a key Interior technology official who had access to sensitive systems for over five years had lied about his education, submitting falsified college transcripts produced by an online service.”

http://arstechnica.com/tech-policy/2015/07/government-it-official-ran-law-enforcement-data-systems-for-years-with-faked-degrees/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Brazil Builds Internet Cable To Portugal To Avoid NSA Surveillance [2014]

Posted on by

“Brazil is building a cable across the Atlantic to escape the reach of the U.S. National Security Agency (NSA). The move is one of many ways the Brazilian government is breaking ties with American technology companies — but it won’t come cheap.  The 3,500-mile fiber-optic cable will stretch from Fortaleza to Portugal, with an estimated cost of $185 million, Bloomberg reported.  Of course, none of this will go to American vendors.  Last year, Edward Snowden leaked documents that showed the NSA was accessing personal information of Brazilian citizens, including listening to phone calls of President Dilma Rousseff, its embassies and the state-owned oil company Petrobras.”

http://www.ibtimes.com/brazil-builds-internet-cable-portugal-avoid-nsa-surveillance-1717417

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet