security

Encrypt and store passwords and secret keys with Secure Temple

At first glance, it is not immediately apparent what Secure Temple does. The app is created without interface in mind. It lacks clear directions, has multiple unmarked menus, and doesn't even describe what the function of the app is supposed to be (unless you read the description in the App Store). That alone is enough to frustrate and chase away most users. However, behind the obtuse design and stark menus there is a tool that can be extremely useful for anyone that creates and stores large volumes of passwords, secret keys and other number strings on their iPhone or … Read more

Apple's latest iOS update has another passcode security flaw

The same hacker who found a passcode workaround after Apple's iOS update last month has found another way to access the photos and contacts of a password-protected iPhone.

YouTube user "VideosdeBarraquito" uploaded a video today showing how to access the files using the voice command feature on the phone. He gives a voices command to dial a number and while the number is dialing, he uses a paperclip to eject the phone's SIM card. After the card ejects, the phone ends the call and he is able to go into the locked phone's address book … Read more

'Chameleon Botnet' takes $6-million-a-month in ad money

A newly discovered botnet has found a way to siphon cash from advertisers.

Spider.io, a security researcher, yesterday announced that it has discovered a new botnet, called Chameleon, that's targeting "at least" 202 Web sites. The botnet is made up of over 120,000 host machines running Windows, according to Spider.io. Those machines are connecting to the Web with a Flash-friendly Trident-based browser that executes JavaScript. The vast majority of the machines -- 95 percent -- have come from U.S.-based IP addresses.

The botnets have targeted at least 202 Web sites, hitting them … Read more

Samsung lock screen flaw found; company working on fix

A security researcher has revealed a method for accessing applications running on a locked Samsung handset.

The flaw is somewhat similar to one that was revealed by another researcher earlier this year on iPhones. On a Samsung handset, users can, from the lock screen, pretend to dial an emergency services number, quickly dismiss it, and with some sleight of hand, quickly gain access to any app or widget, or the settings menu in the device. The dialer can also be launched, allowing the "hacker" to place a call.

According to Terence Eden, who discovered the flaw and posted … Read more

South Korea probes 'massive' cyberattack

South Korea's police are currently investigating a "massive" hack attack on Internet service provider LG Uplus, which led to server outages at three domestic broadcasters and two major banks.

As a result, the army raised its alert status amid concerns the attacks were initiated by its neighbors in North Korea.

Reuters reported Wednesday that authorities were looking into the attack on LG Uplus, which was suspected to be conducted by a group calling itself the "Whois Team".

The investigations were triggered by disrupted servers at television networks YTN, MBC and KBS. Customers at Shinhan Bank … Read more

BlackBerry 10 erroneously reported as not secure enough by U.K.

Updated at 3:30 p.m. PT This article, originally headlined "BlackBerry 10 deemed not secure enough by U.K.," previously reported the U.K.'s Computer Experts Security Group had determined that the new operating system did not meet its standards. At the time of its publication, the CESG was unavailable for comment, so the article relied on the reporting of The Guardian. We have since learned that report was inaccurate. We have received comment from the CESG that indicates BlackBerry 10 has not yet undergone required testing. We have included the group's statement in this … Read more

Feds said to probe Microsoft over foreign bribery claims

Federal regulators are looking into an alleged bribery scheme involving Microsoft and its partners in China, Italy, and Romania, according to a Wall Street Journal report.

According to the report, lawyers at the Justice Department and the Securities and Exchange Commission are focused on allegations of kickbacks in China, as well as the company's relationship with resellers and consultants in Romania and Italy.

While Microsoft did not directly acknowledge the investigation, it said in a statement provided to CNET that it takes such allegations "seriously" and cooperates with government inquiries "fully."

"Like other large … Read more

Intellectual Ventures sues Symantec over patents, again

Intellectual Ventures, the controversial patent and technology firm founded by former Microsoft executive Nathan Myhrvold, has sued security company Symantec once again.

In a new complaint (PDF), filed in the U.S. District Court of Delaware, Intellectual Ventures accused Symantec of infringing on three of its patents in some of its products.

The complaint targets Symantec's Replicator, Veritas Volume Replicator, and ApplicationHA products specifically, and claims the company "actively, knowingly, and intentionally" infringed on IV's patents with those products.

"We have been unable to reach an agreement with Symantec, and, in addition to their infringement … Read more

What 420,000 insecure devices reveal about Web security

A researcher used a simple, binary technique to take control of more than 420,000 insecure devices including Webcams, routers, and printers running on the Internet -- and says that's just a hint of the potential for real trouble to get started.

In a SecLists posting yesterday, the unnamed researcher describes how he was able to take control of open, embedded devices on the Internet. The researcher did so by using either empty or default credentials such as "root:root" or "admin:admin", indicating how a surprisingly large number of devices connected to the Web … Read more