• Ar chevron_right

    A watch designed exclusively for kids has an undocumented spying backdoor / ArsTechnica · Monday, 12 October - 13:00 · 1 minute

A watch designed exclusively for kids has an undocumented spying backdoor

Enlarge (credit: Xplora )

A popular smartwatch designed exclusively for children contains an undocumented backdoor that makes it possible for someone to remotely capture camera snapshots, wiretap voice calls, and track locations in real time, a researcher said.

The X4 smartwatch is marketed by Xplora, a Norway-based seller of children’s watches. The device, which sells for about $200, runs on Android and offers a range of capabilities, including the ability to make and receive voice calls to parent-approved numbers and to send an SOS broadcast that alerts emergency contacts to the location of the watch. A separate app that runs on the smartphones of parents allows them to control how the watches are used and receive warnings when a child has strayed beyond a present geographic boundary.

But that’s not all

It turns out that the X4 contains something else: a backdoor that went undiscovered until some impressive digital sleuthing. The backdoor is activated by sending an encrypted text message. Harrison Sand, a researcher at Norwegian security company Mnemonic, said that commands exist for surreptitiously reporting the watch’s real-time location , taking a snapshot and sending it to an Xplora server, and making a phone call that transmits all sounds within earshot.

Read 15 remaining paragraphs | Comments

  • Ar chevron_right

    Apple’s T2 security chip has an unfixable flaw / ArsTechnica · Saturday, 10 October - 11:04 · 1 minute

2014 Mac mini and 2012 Mac mini

Enlarge / The 2014 Mac mini is pictured here alongside the 2012 Mac mini. They looked the same, but the insides were different in some key—and disappointing—ways. (credit: Andrew Cunningham )

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for more than a year to jailbreak older models of iPhones . But the fact that the T2 chip is vulnerable in the same way creates a new host of potential threats. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside.

In general, the jailbreak community hasn't paid as much attention to macOS and OS X as it has iOS, because they don't have the same restrictions and walled gardens that are built into Apple's mobile ecosystem. But the T2 chip, launched in 2017 , created some limitations and mysteries. Apple added the chip as a trusted mechanism for securing high-value features like encrypted data storage, Touch ID, and Activation Lock, which works with Apple's "Find My" services. But the T2 also contains a vulnerability, known as Checkm8, that jailbreakers have already been exploiting in Apple's A5 through A11 (2011 to 2017) mobile chipsets. Now Checkra1n, the same group that developed the tool for iOS, has released support for T2 bypass.

On Macs, the jailbreak allows researchers to probe the T2 chip and explore its security features. It can even be used to run Linux on the T2 or play Doom on a MacBook Pro's Touch Bar. The jailbreak could also be weaponized by malicious hackers, though, to disable macOS security features like System Integrity Protection and Secure Boot and install malware. Combined with another T2 vulnerability that was publicly disclosed in July by the Chinese security research and jailbreaking group Pangu Team, the jailbreak could also potentially be used to obtain FileVault encryption keys and to decrypt user data. The vulnerability is unpatchable, because the flaw is in low-level, unchangeable code for hardware.

Read 13 remaining paragraphs | Comments

  • In chevron_right

    GitHub adds CodeQL scanning for security bugs / infoworldcom · Wednesday, 30 September - 21:38 edit

GitHub has made its CodeQL code scanning service generally available. Based on semantic code analysis technology acquired from Semmle, CodeQL now can be enabled in users’ public repositories to discover security vulnerabilities in their code bases.

CodeQL is intended to run only actionable security rules by default, to help developers remain focused on the task at hand and not become overwhelmed with linting suggestions. CodeQL integrates with the GitHub Actions CI/CD platform or a user’s other CI/CD environment. Code is scanned as it is created while actionable security reviews are surfaced within pull requests and other GitHub experiences. This process is intended to ensure that vulnerabilities never make it into production.

To read this article in full, please click here

Značky: #Rozne, #Security

  • In chevron_right

    2 egregious cloud security threats the CSA missed / infoworldcom · Tuesday, 29 September - 10:00 edit

My interesting weekend reading was this Cloud Security Alliance (CSA) report , which was vendor sponsored, highlighting 11 cloud security threats that should be on top of everyone’s mind. These threats are described as “egregious.”

CSA surveyed 241 experts on security issues in the cloud industry and came up with these top 11 threats:

  1. Data breaches
  2. Misconfiguration and inadequate change control
  3. Lack of cloud security architecture and strategy
  4. Insufficient identity, credential, access, and key management
  5. Account hijacking
  6. Insider threat
  7. Insecure interfaces and APIs
  8. Weak control plane
  9. Metastructure and applistructure failures
  10. Limited cloud usage visibility
  11. Abuse and nefarious use of cloud services

This is a pretty good report, by the way. It’s free to download, and if you’re interested in the evolution of cloud computing security, it’s a good read.

To read this article in full, please click here

Značky: #Security, #Rozne

  • Pe chevron_right

    Code Snippets to Customize WordPress Sitemaps (Complete Guide) / perishablepress · Wednesday, 23 September - 18:14 edit

By now most have heard about the WP Sitemaps feature introduced in WordPress version 5.5. From what I’ve read most existing sites that needed a sitemap already had one via one of the many free sitemap plugins. But for new WordPress sites going forward, having all the sitemap code in the WordPress core now means that new sites have the option of rolling with the default WordPress sitemaps, or use a dedicated plugin to do the job. This post is […]

Značky: #WordPress, #snippets, #Rozne, #robots, #code, #SEO, #Security, #sitemaps

  • Ga chevron_right

    A new security flaw is revealed with 'BlindSide' on Linux affecting Intel and AMD / GamingOnLinux · Saturday, 12 September - 16:07 · 1 minute

VUSec have published and shown an example of a newly discovered flaw present with both Intel and AMD processors when used with Linux.

BlindSide allows attackers to “hack blind” in the Spectre era. That is, given a simple buffer overflow in the kernel and no additional info leak vulnerability, BlindSide can mount BROP-style attacks in the speculative execution domain to repeatedly probe and derandomize the kernel address space, craft arbitrary memory read gadgets, and enable reliable exploitation.

It's quite a wide-reaching security issue too which they mentioned testing being successful across Intel Skylake, Kaby Lake and Coffee Lake microarchitectures and additionally AMD Zen+ and Zen2 microarchitectures with their testing overcoming the latest mitigations too.

Going by what they said in the full paper, the issue is present in the Linux Kernel from v3.19 up to v5.8 so that's potentially a lot of systems. They said it means that "an attacker armed with a write vulnerability can perform BlindSide attacks on a wide range of recent production Linux kernel versions even when blind to the particular kernel version".

They showed off a demo of it in action too:

youtube video thumbnail
Watch video on

The conclusion of their paper:

We presented BlindSide, a new exploitation technique that leverages an underexplored property of speculative execution (i.e., crash/execution suppression) to craft speculative probing primitives and lower the bar for software exploitation. We showed our primitives can be used to mount powerful, stealthy BROP-style attacks against the kernel with a single memory corruption vulnerability, without crashes and bypassing strong Spectre/randomization-based mitigations.

As always, ensure you're regularly checking for updates. It's better to be up to date and safe, than think some specific situations won't apply to you. Better safe than sorry.

You can see the full paper here and their blog post here . Hat tip to Phoronix .

Article from - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.
  • Pe chevron_right

    7G Firewall: September 2020 Update / perishablepress · Wednesday, 9 September - 21:30 edit

Pleased to announce that the 7G Firewall is updated to version 1.3 (September 3rd, 2020). Now available for download, 100% free and open-source as always. 7G Firewall: summary of changes Changes to 7G Firewall include: Reorders some rules within the firewall Replaces L flag with END for logging rules Renames log files and updates logging rules Removes logging loop-protection rules Adds some new patterns to the firewall Removes some patterns from the firewall This update was big focus on better […]

Značky: #Rozne, #apache, #firewall, #.htaccess, #Security, #nG, #mod_rewrite, #updates, #blacklist

  • Ar chevron_right

    Twitter hackers used “phone spear phishing” in mass account takeover / ArsTechnica · Friday, 31 July - 03:31

Twitter hackers used “phone spear phishing” in mass account takeover

Enlarge (credit: Tom Raftery )

The hackers behind this month’s epic Twitter breach targeted a small number of employees through a “phone spear phishing attack,” the social media site said on Thursday night. When the pilfered employee credentials failed to give access to account support tools, the hackers targeted additional workers who had the permissions needed to access the tools.

“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter officials wrote in a post . “This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.

Thursday's update said that the hackers downloaded personal data from seven of the accounts, but didn't say which ones.

Read 8 remaining paragraphs | Comments