TweakTown NewsRefine News by Category:
Described as an "unintended security vulnerability," Dell has admitted that a root certificate preinstalled on some of its models exists and promises to remove it.
A Dell spokesperson explained that "to address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site, and technical support," further commenting that the computer giant does not install malware on user systems pre-delivery.
While Dell claims no responsibility for this flaw, a security blogger by the name of Hanno Bock disagrees. He says that this root certificate is not only shipped within these pre-built machines, but it's under the name 'eDellRoot' and is linked to 'Dell Foundation Services' drivers.
If it's on the internet, you can hack it. This is something that the FBI's chief security information officer, Arlette Hart, agrees with and discussed in length at the recent Structure cloud industry summit on Wednesday.
Talking about levels of enterprise and risk, Hart stated that accepting a risk doesn't mean it's going to happen," expanding "it means if the thing happens, you accepted the risk and will take the steps to mitigate that risk." Hart explained that while cloud data and technology is an extremely useful advancement, it can also be used for damaging purposes, saying "when the sword cuts, it cuts both ways."
While not directly answering any questions on 'the right to be forgotten', Hart also discussed that cloud-related risks are all part of business and an necessary evil to subject yourself to.
After news coming to light of the terrorist organisation ISIS using the PlayStation Network in order to coordinate attacks, security experts claim this group has now moved to Telegram in order to evade security organizations.
Utilizing an app made by Russian developers in order to evade their own Government, the messages still are much safer, says Cryptographer Matthew Green from Johns Hopkips. Professor Green Tweeted that this application's "crypto is like being stabbed in the eye with a fork."
While this app has not yet been formally announced as cracked, a researcher by the name of Thaddeus Grugq stated in a blog that he "wouldn't trust the encryption protection in Telegram against a nation state adversary."
Hacktivist collective Anonymous has reportedly declared war against the terrorist group ISIS, vowing revenge against the Islamic State following the recent terror attacks in Paris.
On the Saturday following the brutal attacks that saw more than 129 people murdered, ISIS took responsibility for the wave of terror that swept over the city of Paris. President François Hollande then confirmed the Islamic State's involvement. The terrorist group boasted that this wast just "the first of the storm" and called Paris a "capital of prostitution and obscenity."
Anonymous has now stood up to promise retribution, and has already begun wreaking havoc across the Islamic State's online network as part of the #OpParis campaign. "These attacks cannot be left unpunished. That's why Anonymous worldwide will track you," a recent Anonymous video proclaimed. "Yes, we are going to track you down, like we have since the Charlie Hebdo attacks. Wait, then, for a massive response from Anonymous. Know that we will find you, and we will hold nothing back."
An anonymous hacker group has remotely jailbroken a new iPhone running iOS 9.1, winning themselves a cool $1 million from startup Zerodium (self-described as a "premium exploit acquisition platform"). The winnings are pending final verification of the exploit, but results at this stage look good.
To put the difficulty of this feat in context: a chain of zero-day bugs needed to be found, the hack needed to be remote (much more difficult -- Chinese hacking team Pangu already hacked the new iPhone, but couldn't do it remotely) and made through Safari, Chrome, or a text or multimedia message, and full system access needed to be obtained. An iPhone has not been remotely jailbroken for over a year, since iOS 7. Zerodium says Apple will likely patch these bugs "in a few weeks to a few months".
T-Mobile has just announced that it has been hacked, with up to 15 million people affected. The hack hit Experian, which T-Mobile uses to process its credit applications.
The names, addresses, birth dates and social security numbers of 15 million customers were hacked, with the encrypted data including social security numbers and drivers license numbers. Experian says that the encryption protecting those precious bits and bytes of data was also compromised.
The hack took place between September 1, 2013 and September 16, 2015 - which means that anyone who had a credit check for a new line of service or a new smartphone could be affected. T-Mobile CEO John Legere has said that he's "incredibly angry" about the attack, and that the company would be going through a "thorough review" of their relationship with Experian. Legere reiterated that its payment systems and network were not attacked, with the blame placed on Experian.
T-Mobile and Experian will now be offering free credit monitoring and identity protection services for the next two years, which is a decent consolation prize.
While I'm not sure if this should be listed under the category of 'Hacking & Security' or 'Humor & WTF', Lenovo has allegedly been caught installing spyware yet again, developing and installing a program that is designed to send user data directly to this company on some refurbished laptop models.
The program is called "Lenovo Customer Feedback Program 64" and will operate daily on these systems, with this software's purpose being described by Lenovo as to "upload[s] Customer Feedback Program data to Lenovo." As seen on Gadgets 360 and Computerworld, this program comes with a few extra goodies in the form of "Lenovo.TVT.CustomerFeedback.Agent.exe.config, Lenovo.TVT.CustomerFeedback.InnovApps.dll, and Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst.dll."
What does this gibberish mean? Well, Omniture is an online marketing and Web analytics company, set out to monitor and track user usage in order to drive business. Lenovo does state on its website that there may be software installed on sold systems that connect to online servers, but it does not say anything about farming your data for financial gain.
Now readily available on Github, anyone with access to a 3D printer has the ability to download and create their very own TSA master keys, enabling them to open any TSA-recognized lock around the globe. This tool was made possible thanks to The Washington Post posting an image of TSA master keys in 2014.
OMG, it's actually working!!! pic.twitter.com/rotJPJqjTg— Bernard Bolduc (@bernard) September 9, 2015
In comes Github user Xyl2k, using the published image in order to duplicate these real-life keys on a computer, releasing the final STereoLithography (STL) files to the world. If you're wondering about the legitimacy of this 3d-printed project, Bernard Bolduc, a security researcher, tried it for himself and it worked without fault - check the Twitter post above.
We certainly don't encourage breaking into anyone's baggage at home or abroad, however, we do suggest you purchase a new style lock as soon as possible.
Unearthed by CynoSure Prime, these originally-cryptographically scrambled passwords were decoded through a single-computer process taking only a few hours, meaning analysts were able to look into similarities between accounts. This uncovered the unsurprising fact that '123456' was one of the most commonly-used passwords, used a total of 120,511 times.
Other culprits include 'f**ckme' and 'f**ckyou' both sitting just under 8,000 each, while the unimaginative password 'ashleymadison' saw use 6,213 times in total. We've talked about trends in terrible passwords before and it seems that '123456' may be in the number one spot until the end of time.
It looks like Intel is on a mission, where the chipmaker wants to see facial recognition or fingerprint scanners to replace the traditional, and easily penetrated passwords we all use for countless services, websites, bank accounts, and more.
Intel not only things it's a possibility, but that it's something it can get into motion very quickly. Kirk Skaugen, Senior VP and General Manager of Intel's Client Computer Group said at the Citi Global Technology Conference earlier this week: "We want to eliminate all passwords from computing. I can confidently say today, you can eliminate all your passwords today, if you buy a 6th Generation Core system".
So the company is saying that its Skylake architecture is capable of true facial recognition security thanks to Windows 10, where you can use the entire feature set of Windows Hello. This, mixed with Intel's RealSense 3D camera, we could see true facial recognition security that is much more secure than the traditional password. Skaugen added: "You can do everything from measure blood pressure, blink detection, all these kinds of things... In fact, in Berlin, one of my funniest demos in my 23 years at Intel is when I brought two identical twins out on stage and I mixed them up and only one could log in with the PC, and it actually worked". Now that, is some exciting stuff.