Showing posts sorted by date for query iOS. Sort by relevance Show all posts
Showing posts sorted by date for query iOS. Sort by relevance Show all posts

Apple Brings iOS 7.0.4 [Includes New Features, FaceTime Bug & App Store Purchase Flaw Fixed]

Posted by Avik Sarkar On 11/17/2013 06:32:00 pm

Apple Brings iOS 7.0.4 & iOS 6.1.5 Includes New FeaturesFaceTime Bug  & App Store Purchase Flaw Fixed


California based tech giant Apple Inc has released a new update on their popular iOS software running on iPhone, iPad, and iPod touch devices. This release of of iOS 7.0.4  includes bug fixes and improvements, including a fix for an issue that causes FaceTime calls to fail for some users. iPods that are not able to upgrade to iOS 7 have their own version to upgrade to, iOS 6.1.5. The release of iOS 7.04 marks the third update of the iPhone operating system in the short time since Apple pushed out iOS 7 in September. The new OS represented a major change from the older operating systems, both in the look and feel of the software and in its functionality.  There’s much zooming in and out and all about in iOS 7, as well as a blurry background that has drawn quite a bit of criticism. iOS 7 also was a major security release, fixing issues with the iPhone’s certificate trust policy as well as remote code-execution vulnerabilities in the CoreGraphics and CoreMedia components. 

The new update improves iCloud Keychain, which was introduced in iOS 7.0.3, and the latest version of the desktop software, OS X Mavericks. The cloud-based technology keeps the Safari browser's passwords and credit card data in sync across all your Apple devices. Secondly, in Spotlight, the device's internal search engine, Apple has brought back the ability to search Google and Wikipedia from the results. The two services were removed when iOS 7 was first released in mid-September. 
Also on Thursday, Apple released a corresponding update to its Apple TV, updating the set-top box to version 6.0.2.  Users can update to the latest version by accessing the device's Settings, selecting General, then Software Update. In spite of the relatively small size of the update, it's recommended that users use Wi-Fi when updating. To avoid security vulnerabilities every Apple users are highly recommended to update their software. 



-Source (Apple, ZDNet & Threat Post





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

GFI LanGuard 2012 One Solution For vulnerability Scanning, Patch Management, Network & Software Audit

Posted by Avik Sarkar On 5/09/2013 04:28:00 pm

GFI LanGuard 2012 One Solution For Vulnerability Scanning, Patch Management, Network & Software Auditing 

Earlier we have talked about GFI LanGuard, but while looking at the rising cyber threats, security researcher  continue to identify new, sophisticated malware threats, vulnerability and patch management are more critical than ever as a key component of a layered security approach. To get rid of all those security challenges, GFI Software announced the availability of GFI LanGuard 2012, in which the manufacturer claimed to provide network and system administrators with the ability to manage 100 percent of their patching needs through a single, intuitive and easy-to-use interface, without the need for other update tools. So lets take a roam of this fine product of GFI Software-

Enhanced Features of GFI LanGuard 2012 include:
  • Comprehensive Patch Management – Administrators can now manage 100 percent of their patching needs – both security and non-security updates – from a centralized console. No other update tools are necessary.
  • Strong Vulnerability Assessment for Network Devices – Network devices such as printers, routers and switches from manufacturers such as HP and Cisco, can now be detected and scanned for vulnerabilities. GFI LanGuard 2012 performs over 50,000 checks against operating systems, installed applications and device firmware for security flaws and misconfigurations. It also runs network audits that now detect mobile devices running iOS and Android operating systems.
  • Improved Scan and Remediation Performance – New Relay Agents receive patches and definition files directly from the GFI LanGuard server and distribute as appropriate – helping IT resources save time, manage network bandwidth and increase the number of devices that can be accommodated. This is particularly effective in multi-site and large networks.
GFI LanGuard 2012 combines vulnerability scanning, patch management, and network and software auditing into one solution that enables IT professionals to scan, detect, assess and correct potential security risks on their networks with minimal administrative effort. GFI LanGuard also enables administrators to inventory devices attached to their networks; receive change alerts, such as notification when a new application is installed; ensure antivirus applications are current and enabled; and strengthen compliance with industry regulations through automated patch management that defends against potential network vulnerabilities. With GFI LanGuard, IT administrators can manage more than 2,500 machines from a single console, it integrates with more than 1,500 security applications and includes keyword search functionality.

After going through the above brief description, many of you must be excited about this new product. For the kind information of our readers, yes indeed GFI LanGuard 2012 is one of the finest tool ever released in this domain. Detailed information LanGuard 2012 can be found here. Also a 30 day trail pack of GFI LanGuard 2012 has been made available for download





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

Posted by Avik Sarkar On 12/02/2012 07:01:00 pm

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

The social networking giant Facebook announced that it started rolling out Photo Synchronization, in order to add more mobility and ease of use. According to Facebook Newsroom -the new Photo Sync will make photo sharing easier. With this feature, photos from your phone sync automatically to a private album on the web. When you want to share these photos, just pick and post your favorites. If you turn this feature on, up to 2GB of photos from your phone can be synced automatically to a private album on Facebook, from which you can then pick your favorites to share with your friends. It’s important to note that Facebook isn’t launching new Android and iOS apps today. The feature is already included, but the company is turning it on for more and more users, starting with a big push today. To turn the feature on in the Facebook app (if you have an iPhone, iOS 6 is required), tap Photos and then tap Sync at the bottom of your photos section. Once the uploads start coming in, you can check them out and share them via the app, on the mobile Web, or on your computer (go to your Timeline, click Photos, and click “Synced From Phone” at the top of your photos section). To save on the limited amount of space, you can stop photos from being synced by deleting them. In the app, that’s the “Remove synced photo” option once you pick a photo in the Synced section, and on your computer that’s the Delete option when you’re in the “Synced From Phone” folder. The good news is that deleting a photo from your synced photos won’t delete it from your phone’s gallery.
That’s right, you can turn photo syncing on or off, but you can also choose to sync over Wi-Fi only. Normally, when you’re on a cellular network like 3G or 4G, Facebook will sync photos at a smaller size (around 100K each), so they’re unlikely to use much of your data plan. Over a Wi-Fi connection, Facebook will sync larger versions of your photos. The best part: photos will not sync when your battery is low.

Get the latest Facebook app for Android or iPhone to try it out. Learn more at Facebook.com/mobile or visit the Help Center.


-Source (TNW & FB)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Patches Multiple Security Holes in Adobe Flash Player & AIR (CVE-2012-5274 to 5280)

Posted by Avik Sarkar On 11/09/2012 04:30:00 am

Critical Buffer Overflow, Memory Corruption & Security bypass Vulnerability in Adobe Flash Player & AIR Patched

Adobe- American multinational computer software company has released new versions of its Flash Player to eliminate a number of critical vulnerabilities  in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software. All the flaws were discovered by members of the Google Security Team are associated with several CVE numbers; CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280 are buffer overflows, CVE-2012-5279 is a memory corruption issue and CVE-2012-5278 is a security bypass; all of which are listed as potentially allowing an attacker to inject malicious code into the system. Google said it will update Flash Player installed with Google Chrome, and Microsoft will do the same with Internet Explorer 10. In the security bulletin Adobe said that it has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. 

Adobe recommends users update their product installations to the latest versions:-
  • Users of Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.110.
  • Users of Adobe Flash Player 11.2.202.243 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.251.
  • Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Windows, Macintosh and Linux.
  • Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.376.12 for Windows.
  • Users of Adobe Flash Player 11.1.115.20 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.27.
  • Users of Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.24.
  • Users of Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.600.

AFFECTED SOFTWARE VERSIONS:- 
  • Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.243 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (includes AIR for iOS) and Android
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system. To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.  To verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIR TechNote. Adobe also recommended its Adobe AIR users to update  to 3.5.0.600.
While talking about security patches in Adobe product, we want to give to reminder that just couple of weeks ago Adobe also plugged buffer overflow vulnerability in its Shockwave Player. Also in late September, Adobe disclosed that it had been attacked and hackers were using a valid Adobe certificate to sign two malicious utilities used most often in targeted attacks. Adobe revoked the certificate Oct. 4.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Posted by Avik Sarkar On 11/05/2012 05:08:00 am

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Couple of moths ago we got iOS6, where Apple added over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. With such tremendous features there also several security bugs have been spotted in the wild, which is affecting millions of iOS users across the globe. Among those bugs the most serious seems to be a kernel flaw discovered by researcher Mark Dowd of Azimuth Security and Eric Monti of Square that affects iPhone 3GS and later, as well iPod Touch and iPad2 and later. An attacker exploiting the vulnerability could essentially bypass address space randomization layout (ASLR) protections using a malicious application, and could determine addresses in the kernel, Apple’s advisory said. The researchers said the vulnerability, which could expose data to an attacker, occurs in the way iOS handles application programming interfaces in relation to kernel extensions. 

Apple has released updates for iOS 6 which include security fixes. The iOS 6.0.1 update includes security fixes for the kernel, passcode locking and WebKit. The WebKit issues were also fixed in an update of the Safari web browser for Mac OS X. “Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection,” Apple said. “This issue was addressed by unsliding the addresses before returning them.” 
A vulnerability in iOS’ Passcode Lock was also addressed in the latest update that could allow someone with access to the iOS device to access Passbook passes without entering a passcode. “A state management issue existed in the handling of Passbook passes at the lock screen. This issue was addressed through improved handling of Passbook passes,” Apple said. Finally, a pair of WebKit vulnerabilities were patched.
The first involved how iOS handled JavaScript arrays, and could allow an attacker to remotely execute code if a user visited a malicious site and was infected. Apple said it addressed the matter through additional validation of JavaScript arrays. The other WebKit flaw is a use-after-free issue in the handling of SVG images. Scalable vector graphics (SVG) are file formats for static or animated graphics. A user visiting a website hosting a malicious graphic could experience application crashes or worse, an attacker could remotely execute code.  
The iOS 6.0.1 software update also includes fixes for the iPhone 5 to allow it to install over the air updates and to make it work better with WPA2 Wi-Fi networks. There are also corrections for bugs which flashed horizontal lines over the keyboard and stopped the camera flash going off. The two WebKit issues were also the only issues apparently fixed in the Safari 6.0.2 update. Safari 6.0.2 is available through Software Update for Mac OS X 10.7 Lion and the Mac App Store for Mac OS X 10.8 Mountain Lion.

-Source (Apple, threat post & The-H)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

AT&T Locker: Offering Free Cloud Storage For iOS & Android Users

Posted by Avik Sarkar On 11/04/2012 04:52:00 am

AT&T Locker: Offering Free Cloud Storage For iOS & Android Users

AT&T a leader in telecommunication services, announced a brand new service which calls "AT&T Locker" that will allow iPhone and Android smartphone customers of AT&T to store 5GB worth of videos and photos for free in AT&T's cloud. The most interesting thing is that, the service is available through a free app in the Apple App Store or the Google Play store. And it allows users to store roughly 5,000 average sized photos in the cloud. The app requires subscribers use either an iPhone 3GS or newer device. And Android users must be on version 2.1 or higher of the Android OS. Users can choose to upload new photos and video via Wi-Fi, AT&T's cellular network or both. Customers can manage those photos and share them through the app on the smartphone or on the AT&T Locker web page. AT&T plans to incorporate additional features in future versions of AT&T Locker. And the company didn't say whether higher storage options will be available.
This service is exactly similar to Apple's iCloud service also allows up to 5GB of free storage. And it also offers Photo Stream, which allows its iPhone users to automatically store photos in Apple's cloud and share them across multiple iOS devices as well as share them with other people. The service stores up to 1,000 pictures automatically and this storage doesn't count against the iCloud storage limits. Google also offers storage in its Google Drive service. This service also offers up to 5GB of free storage. You can store anything here from pictures to documents to music. Of course there are also other options for storing photos and other digital content including Dropbox and Microsoft's SkyDrive which is also a very handy option. 



Brief Description:-

AT&T Locker™ allows you to Store, sync and share your photos, videos and documents in one convenient place. AT&T Locker is an app that lets you store, sync and share your data in one safe, convenient place. Your content is easy to access on your computer and phone from virtually anywhere. Photos and videos can be backed up automatically from your phone. It's also easy to share to email, Facebook and Twitter. First 5 GB of storage is free. Additional storage is available for the low monthly price of just $3.99 for 30GB or $9.99 for 100GB.

• Photos and videos can be automatically uploaded to your AT&T Locker from your phone
• Easily access your photos, videos and documents from your phone and computer
• Easy to share to email, Facebook and Twitter
• First 5 GB of storage is free. Additional storage is available.
• Your content is secure and backed up in the cloud
• Store your favorite memories in a safe and convenient place
• Store music from your computer to your AT&T Locker



-Source (AT&T, Cnet)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

Posted by Avik Sarkar On 10/26/2012 05:59:00 am

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

We all are very much aware that Sony along with its product's were always been a very hot favorite target of hackers. But here there are few twists, so the word 'Hack' will be be the appropriate one to describe of what happened to Sony. According to a report on Eurogamer Sony's PlayStation 3 is facing a new security threat - one it hasn't seen since the system was cracked via the PSJailbreak in 2011. The PS3 has been hacked before, but Sony was able to inhibit the hack with an update to its own firmware. This is much like the history of jailbreaking on Apple's iOS. But the latest PS3 break is being dubbed unpatchable and the final hack. That's because this hack isn't giving you an exploit to use against a programming hole. It's giving you Sony's so-called LV0 (level zero) cryptographic keys
A decryption key that is reported to be circulating on the net is said to remove the final protective barrier on some models of Sony's PlayStation 3 consoles. In the long run, the release of the key will probably allow unsigned software such as homebrew games, Linux distributions, or pirate copies of software to run on some PS3 consoles. Allegedly, the private key can be used to modify and sign the "LV0" (Level 0), for example to disable its security checks. When the PS3 system boots, from version 3.60 of the PS3's firmware, the LV0 is directly launched by the bootloader (bootldr) that is built into the system's hardware – which means that the chain of trust is broken at a very early stage. As Sony won't be able to update the bootloader with a software update, the hacker community considers this the "final hack" of the PS3 in its current forms. Eurogamer says that these keys may not have been released at all if not for a Chinese hacking outfit called "BlueDiskCFW," who gained access to the keys and planned to charge for new custom firmware updates it would create. The original group that created the LV0 had no plans on releasing them, but eventually they were leaked onto the Internet in some limited fashion. Seeing that someone was going to profit on them, the group known as "The Three Tuskateers" decided to release them into the wilds of the Internet. 
In a statement the hacker group says that "You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Search Guru Bill Stasior CEO of Amazon’s A9 Unit, Hired By Apple To Oversee Siri

Posted by Avik Sarkar On 10/20/2012 12:07:00 pm

Search Guru Bill Stasior CEO of Amazon’s A9 Unit, Hired By Apple To Oversee Siri

To be the very best, you need to deliver your hundred percent even some times more than hundred percent, and this race continues. As a result Apple has hired 'search guru' Bill Stasior, CEO of Amazon.com’s A9 search and advertising search unit, to oversee Apple's Siri voice-activated personal assistantStasior, who joined Amazon in 2003 as director of search and navigation, founded A9.com in May 2004 and then became CEO of the wholly owned subsidiary in February 2006, according to his LinkedIn profile. Stasior, who holds undergraduate and graduate degrees from the Massachusetts Institute of Technology, describes A9.com as a “company with a mission to create groundbreaking technologies in search, advertising, and mobile that power customer centric, Internet businesses.” Apple confirmed his hire but didn't provide any comment. Stasior has an impressive pedigree (you can read his resume and see a really geeky binary image he posted of himself here). The MIT PhD has taught there, too, and has done stints at Oracle, Netcentives and AltaVista. 
 Siri, Apple's famous voice-activated personal assistant program, was acquired in April 2010 to launch a big stake in voice-activated search. Since Apple kicked Google Maps to the curb in iOS 6, the only remaining tie with Google is search. Will Apple eventually do its own search network? Who knows. Stasior’s background in search will certainly be of value if the time ever comes. While Siri has had a high profile in the iPhone range, Apple has lost some of the talent who created it. Adam Cheyer, who co-founded the voice recognition software, recently left the company. CEO Dag Kittlaus departed in October 2011. 
Here we want to remind you that last month Twitter hired famous whitehat hacker Charlie Miller, to boost up its security. Here its Apple who hired Stasior presumably, strengthening Apple’s search and search advertising technology in the wake of its increasing competition with Google. While talking about the news of hiring geniuses then the name of Nicholas Allegra, the world-famous hacker known as "Comex", creater of JailbreakMe.com comes. He was also hired by Apple in 2011. 


-Source (AllThingsD) 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

Posted by Avik Sarkar On 9/23/2012 12:05:00 am

Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

As expected, here comes double bang from Apple. Apple has also released  iOS 6 along with OS X Mountain Lion 10.8.2 and made available for public. In case of users of recent iPad, iPhone, and iPod touch models can obtain the update either by connecting their devices to iTunes and clicking the "Check for Update" button or checking for over-the-air updates on their devices. iOS 6 adds over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. It will also ship on the iPhone 5, which launches on Friday, and on the fifth-generation iPod touch launching next month. The operating system arrives as the golden master build 10A403 for existing devices, and Apple has also posted a special 10A405 build for the iPhone 5 and a 10A406 build for the upcoming fifth-generation iPod touch.

With iOS Apple quietly pushed out 10.8.2, the second minor update to Mountain Lion since it was released in July. The update is currently available via the Software Update functionality in the Mac App Store. The update includes a number of enhancements, most notably Facebook integration and Game Center. It also includes support for several features integrating with iOS 6, such as Passbook passes and  iMessage/FaceTime access via phone number. 

This update is recommended for all OS X Mountain Lion users, and includes new features and fixes:
Facebook 
• Single sign on for Facebook
• Adds Facebook as an option when sharing links and photos
• See Facebook friends' contact information and profile pictures in Contacts
• Facebook notifications now appear in Notification Center



Game Center
• Share scores to Facebook, Twitter, Mail, or Messages
• Facebook friends are included in Game Center friend recommendations
• Added Facebook "Like" button for games
• Challenge friends to beat your score or achievement



Other new features
• Adds Power Nap support for MacBook Air (Late 2010)
• iMessages sent to your phone number now appear in Messages on your Mac
• You can now add passes to Passbook (on your iPhone or iPod touch) from Safari and Mail on your Mac
• FaceTime can now receive calls sent to your phone number
• New shared Reminders lists
• New sort options allow you to sort notes by title, the date you edited them, and when you created them
• Dictation now supports additional languages: Mandarin, Cantonese, Spanish, Korean, Canadian English, Canadian French, and Italian
• Dictionary app now includes a French definition dictionary
Sina Weibo profile photos can now be added to Contacts

* Requires iOS 6


General fixes
The OS X Mountain Lion v10.8.2 update also includes general operating system fixes that improve the stability, compatibility and security of your Mac, including the following fixes:


• Adds an option to discard the changes in the original document when choosing Save As 
• Unsent drafts are now opened automatically when launching Mail
• Receive Twitter notifications for mentions and replies from anyone
• URLs are shortened when sending tweets from Notification Center
• Notifications are disabled when AirPlay Mirroring is being used
• Adds SSL support for Google searches from the Smart Search Field in Safari
• Adds a new preference to have Safari launch with previously open webpages
• Resolves an issue that may cause the "Enable Autodiscover" checkbox to always remain checked
• Enables access to the Mac App Store when Parental Controls are enabled Support for @icloud.com email addresses
• Resolves a video issue with some VGA projectors when connected to certain Mac notebooks
• Addresses an issue that may prevent Active Directory accounts from being locked out
• Resolves an issue that may cause the policy banner to re-appear prior to logging in
• Improvements to SMB
• Addresses an issue with NIS users when auto-login is enabled
• Addresses an issue in which the Keychain may not be accessible
• Ability to pre-authenticate a FileVault protected system
• Addresses an issue that may cause Xsan to not automatically start after migrating from Mac OS X Snow Leopard 


Direct downloads of OS X 10.8.2 is also available through Apple's site form the following links-



-Source (Apple & MacRumors)                             




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

iPhone 4S Hacked By Dutch Researchers During Pwn2Own Contest

Posted by Avik Sarkar On 9/20/2012 05:40:00 pm

iPhone 4S Hacked By Dutch Researchers During Pwn2Own Contest & Won $30,000 Prize
 

So called fully patched and secured iPhone 4S have fall into victim in-front of hackers. Two Dutch clever minds during a Pwn2Own contest were able to hack a fully patched iPhone 4S to gain a slew of information from the device. The hackers, Joost Pol and Daan Keuper, were able to find vulnerability in WebKit that allowed them to hi-jack photos, videos, address book contacts, and browsing history right from the phone. The two earned a $30,000 cash-prize for performing what they call “a clean hack.” 

That was the intellectual challenge that drove a pair of Dutch researchers to start looking for an exploitable software vulnerability that would allow them to hijack the address book, photos, videos and browsing history from a fully patched iPhone 4S. 
"It took about three weeks, starting from scratch, and we were only working on our private time," says Joost Pol (photo left), CEO of Certified Secure, a nine-person research outfit based in The Hague. Pol and his colleague Daan Keuper used code auditing techniques to ferret out the WebKit bug and then spent most of the three weeks chaining multiple clever techniques to get a "clean, working exploit." "We really wanted to see how much time it would take a motivated attacker to do a clean attack against your iPhone. For me, that was the motivation. The easy part was finding the WebKit zero-day," Pol said in an interview.  Once the vulnerability in WebKit was found, the hackers said they put many things together in about three weeks to write an exploit to hack the iPhone 4S. The two found that the exploit developed also worked for iOS 6 (released today) and all previous versions of iOS devices.
Although the successful attack exposed the entire address book, photo/video database and browsing history, Pol and Keuper said they did not have access to the SMS or e-mail database. "Those are not accessible and they're also encrypted," Keuper explained.
While Pol and Keuper could use the hack for harm, the two said the exploit has already been destroyed. Pol told : ”We shredded it from our machine. The story ends here, we’re not going to use this again. It’s time to look for a new challenge.” They further added that iOS is definitely the most secure mobile platform around thanks to Apple’s strict guidelines. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Twitter Hires Renowned Apple Hacker Charlie Miller For Twitter Security Team

Posted by Avik Sarkar On 9/20/2012 03:44:00 pm


Twitter Hires Renowned Apple Hacker Charlie Miller For Twitter Security Team

It is almost impossible task for social networks to keep everything safe against hacks and other vulnerabilities. Hackers will constantly find their way around anything that you put in place. So they often deals with hackers & turn themselves to beef up the security level. Social networking giant Twitter exactly did the same thing. The micro-blogging network has hired the famous/infamous Apple hacker, Charlie Miller, to be a part of its security team. Charlie Miller, a popular figure among hackers, broke the news via his Twitter account, saying, “Monday I start on the security team at Twitter. Looking forward to working with a great team there!” Twitter issued a short statement noting that Miller’s title will be that of Software Engineer, but declined to discuss any further details.
Charlie Miller has a background as a Global Exploitation Analyst in the National Security Agency, and has hacked devices running on iOS, OSX, and Android. He is considered to be a white-hat hacker, which means that he hacks to expose vulnerabilities in a system in order to have those weaknesses fixed. Five year ago, Miller was said to be the first to hack the iPhone using the device’s browser, exposing the handset’s vulnerability to security attacks. Several months after this, he was likewise able to hack a MacBook Air in just two minutes. This feat allowed Miller to win the Pwn2Own hacking competition. Miller also showed a way to hijack iPhones through SMS in 2009. In 2011, he used the MacBook power adapter to implant malware on the laptop. In the same year, his license as an Apple developer got revoked because Apple found that he breached the development agreement. 
In more recent times, Miller had been working on Android devices. In June, he was able to overcome Bouncer, Google’s security program. He has furthermore experience in using Near Field Communications to control Samsung and Nokia handsets with a simple wave of another phone that is within the vicinity. 
While talking about Charlie Miller, we must have to take another name and that is Nicholas Allegra, the world-famous hacker known as "Comex", creater of JailbreakMe.com; who later has been hired by Apple itself . In case of Twitter we must have to say, apart from Miller, Twitter also hired Moxie Marlinspike, a hacker who specializes in SSL and VPN encryption.







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

A Tribute to The 10 Most Infamous Student Hackers of All Time

Posted by Avik Sarkar On 9/15/2012 04:01:00 pm

A Tribute to The 10 Most Infamous Student Hackers of All Time

Since last two years, we the VOGH team has been covering all the latest cyber security updates. But today lets do some thing different. One of our frequent reader and fan Katina Solomon has requested us to share a fantastic article. Everyday VOGH draws headlines of hackers around the world and their activities. While trying to maintain speed with time, we usually forgot our past. Today we will take you into the past, where we will discuss about those heroes, who are always been ill treated by the society & the system while revamping those heroes into cyber-criminals or infamous hackers. Its our question to our humanity "Did the system has done justice with them??" 
Hacking has always been inherently a young person’s game. The first usage of the word “hacker” was to describe pranksters meddling with the phones at MIT. Many hackers have cited boredom, a desire for change, or the thrill of going somewhere one is not supposed to go as their motivation for hacking, all of which could apply to scores of common activities on college campuses. While today’s hacking scene is dominated by large hacking groups like Anonymous and Masters of Deception, many of the greatest hacks ever have been pulled off by college, high school, and even middle school kids who rose to infamy armed only with a computer and the willingness to cross the bounds of legality.
  1. Sven Jaschan: In the words of one tech expert, “His name will always be associated with some of the biggest viruses in the history of the Internet.” The viruses: the Sasser and NetSky worms that infected millions of computers and have caused millions of dollars of damage since their release in 2004. The man behind the viruses proved to be not even a man at all, legally. Seventeen-year-old hacker Sven Jaschan, a student at a computer science school in Germany, claimed to have created the viruses to become a hero by developing a program that would eradicate the rampaging Mydoom and Bagle bugs. Instead he found himself the subject of a $250,000 bounty courtesy of Microsoft, for which some of his classmates turned him in.
  2. Jonathan James: In 2000, at the age of 16, James, or “C0mrade” as he was known in the hacker community, infamously became the first juvenile federally sentenced for hacking. The targets of his notorious hack jobs were a wing of the U.S. Department of Defense called the Defense Threat Reduction Agency, NASA, and the Marshall Space Flight Center in Huntsville, Ala. (By hacking the latter James gained the ability to control the A/C in the International Space Station.) All of these were pulled off “for fun” while James was still a student at Palmetto Senior High in Miami. Unfortunately, the fun ran out when James was tied into a massive identity theft investigation. Though insisting he was innocent, James took his own life, saying he had “no faith in the justice system.”
  3. Michael Calce: Yahoo. CNN. Ebay. Amazon. Dell.com. One by one in a matter of days, these huge websites crashed at the hands of 15-year-old Canadian high school student Michael Calce, aka “MafiaBoy.” Armed with a denial-of-service program he called “Rivolta” that overloaded servers he targeted, the young hacker wreaked $7.5 million in damages, according to court filings. Calce was caught when he fell victim to a common ailment of teenage boys: bragging. The cops were turned on to him when he began boasting in chat rooms about being responsible for the attacks. On Sept. 12, 2001, MafiaBoy was sentenced to a group facility for eight months on 56 counts of cybercrime.
  4. Kevin Mitnick: Before performing hacks that prompted the U.S. Department of Justice to declare him “the most wanted computer criminal in United States history,” Kevin Mitnick had already made a name for himself as a hacker in his school days, first at Monroe High School in LA and later at USC. On a dare, Mitnick connived an opening into the computer system of Digital Equipment Corporation, which some fellow hackers then used to steal proprietary source code from the company before ratting on him. While still on probation for that crime, Mitnick broke into the premises of Pacific Bell and had to go on the run from police in the aftermath, during which time he hacked dozens of systems, including those of IBM, Nokia, Motorola, and Fujitsu.
  5. Tim Berners-Lee: “Scandalous” is a synonym for “infamous,” and for this legendary computer scientist, knight of the British Empire, and inventor of the World Wide Web to have been a hacker in his school days is certainly a juicy factoid. During his time at Oxford in the mid-’70s, Sir Tim was banned from using university computers after he and a friend were caught hacking their way into restricted digital areas. Luckily by that time he already knew how to make his own computer out of a soldering iron, an old TV, and some spare parts. And also luckily for him, he will always be revered as the father of the Internet.
  6. Neal Patrick and the 414s: In the early ’80s, hacking was still a relatively foreign concept to most Americans. Few recognized the enormous power hackers could hijack with a few strokes on a keyboard, which explains why a young group of hackers known as the 414s (after a Milwaukee area code) were virtual celebrities after they hacked into the famous Los Alamos National Laboratory, the Memorial Sloan-Kettering Cancer Center, and elsewhere. While today hacking a lab where classified nuclear research is conducted could earn you a one-way ticket to Guantanamo, the 17-year-old ringleader and high school student Neal Patrick was on the cover of Newsweek. The group members got light sentences but prompted Congress to take a stronger role in cybercrime.
  7. Robert T. Morris: The first ever Internet worm, the Morris Worm derived its name from Cornell grad student Robert Tappan Morris. In 1988, Morris released the worm through MIT’s system to cover his tracks, which would seem to contradict his claims that he meant no harm with it. But that’s exactly what resulted: the worm spread out of control, infecting more than 6,000 computers connected to the ARPANET, the academic forerunner to the World Wide Web. The damages reached as high as an estimated $10 million, and Morris earned the ignominious distinction of being the first person prosecuted under the Computer Fraud and Abuse Act. Morris got community service but was apparently not considered too infamous to be offered his current job as a professor at MIT.
  8. George Hotz: To some, George Hotz (aka “geohot,” aka “million75,” aka “mil”) is a public menace, a threat to electronic businesses everywhere. To many, Hotz is a hero. The high-schooler shot to fame/infamy in 2007 at the tender age of 17 by giving the world its first hacked, or “jailbroken” iPhone. He traded it for a new sports car and three new iPhones, and the video of the hacking received millions of hits. Apple has had to grudgingly come to terms with jailbreaking, seeing as the courts have declared it legal, but Sony Corp. is definitely not OK with such tampering. When Hotz hacked his PlayStation 3 and published the how-to on the web, the company launched a vicious lawsuit against him. In turn, the hacker group Anonymous launched an attack on Sony, stealing millions of users’ personal info.
  9. Donncha O’Cearbhaill: According to the FBI, this 19-year-old freshman at Trinity College Dublin is one of the top five most wanted hackers in the world. Well, he was; now that he’s been arrested he’s not really “wanted” anymore. The Feds contend the young man is a VIP member of the Anonymous and LulzSec hacking groups that have already been mentioned and whose targets have included the FBI, the U.S. Senate, and Sony (in the Hotz backlash). It seems “Palladium” (O’Cearbhaill) took the liberty of listening in on a conference call between the FBI and several international police forces who were discussing their investigations of the hacking groups. He could be sentenced to up to 15 years in prison if convicted for that hack alone.
  10. Nicholas Allegra: Just as George Hotz moved on from the Apple hacking game, Brown University student Nicholas Allegra is also hanging up his jersey. “Comex,” as he is known to millions of rooted iPhone fans, created the simple-to-use Apple iOS jailbreaking program JailbreakMe in 2007 and has since released two newer versions of it. However, Comex seems to have gone over to the dark side, accepting an internship with the very company whose products he became famous exploiting. Still, Allegra’s hacking skills are so advanced (one author puts him five years ahead of the authors of the infamous Stuxnet worm that corrupted Iran’s nuclear facilities) and so many people availed themselves of his talents, he will forever live in hacking infamy.

We want to dedicate the above post to the legendary hacker, who left us -Jonathan James aka “C0mrade”. Also the post is a tribute to all the so called 'infamous hackers'. You are our heroes and inspiration, you will always be there in our soul. Team VOGH salutes you...... 


-Thank you Katina & Online Degrees




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI Agent's Laptop Hacked, 12 Million Apple UDID Stolen By Anonymous (#FFF)

Posted by Avik Sarkar On 9/04/2012 10:55:00 pm

FBI Agent's Laptop Hacked, 12 Million Apple UDID Stolen By Anonymous (#FFF)

#Antisec an Offshoot part of infamous hacker collective Anonymous claims to have stolen a file from an FBI laptop which contained more than 12 million unique Apple device indentity numbers. The hackers declares this hack as part of their Friday rampage (#FFF) though the breach did not took place on Friday
The data which hackers stole came from a laptop belonging to Supervisor Special Agent at the FBI, Christopher K. StanglStangl, who joined the FBI in 2003 after graduating from Monmouth University, has been with the agency for nine and a half years and won an award in 2010 for helping bust a cyber crime ring. He was also sucked into another Anonymous stunt earlier this year when at least one of their supporters breached an FBI conference call that had been discussing Anonymous and LulzSec. Stangl was listed among those invited into the call, in an e-mail that was posted on PastebinIn a video posted to Facebook in 2009 (and which will likely be getting a lot more views in the coming days), Stangl is shown wearing a dark suit and tie, speaking to the camera, and calling for “cyber security experts” to join the FBI.

According to the hacker :-

"During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose."

The data is just part of a larger database of 12,367,232 UDIDs, and personal information such as full names, cellphone numbers, addresses and zipcodes belonging to Apple customers. The data was allegedly stolen via exploiting a Java vulnerability. In a pastebin note, the hacker posted several download links of the hacked database. Several security experts have already stated that the stolen data is correct. For those you are not familiar with the term UDID -Each iOS device (iPhone, iPad, iPod touch) is assigned a unique alphanumeric number known as a UDID. This was previously used by app developers to track data usage for their apps, until Apple decided to reject any apps which sought to gain access to this number in the most recent official iOS update. As well as believing that the FBI was using these identifiers to track people, though AnticSec, in its missive on Pastebin, said it didn't agree with the idea of hardware coded identifiers anyway: "We always thought it (UDIDs) was a really bad idea. That hardware coded IDs for devices concept should be eradicated from any device on the market in the future." To read the full press release of #Antisec click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Releases SkyDrive For Android Phones

Posted by Avik Sarkar On 8/30/2012 01:38:00 am

Microsoft Releases SkyDrive For Android Phones

Few weeks ago software giant Microsoft announced to release an official SkyDrive app for Android phones.  So finally the application is ready to download and use. This new app for Android is similar to other mobile apps for Windows Phone and iOS and is a key part of making sure your SkyDrive files are accessible and shareable from all your devices. The app was mainly designed to work best with Android 4.0 Ice Cream Sandwich, though it will work on Android 2.3 and above. "In building the new SkyDrive app for Android, we wanted to ensure we kept the same intuitive design of all SkyDrive experiences while also making use of Android design patterns and conventional interactions, so this feels natural for people with Android phones," Mike Torres, group program manager for SkyDrive Apps, wrote in a blog post Tuesday.



Brief Description:-
SkyDrive is the place to store your files so you can access them from virtually any device. With SkyDrive for Android, you can now easily access and share files on the go. You can also upload photos or videos from your phone to SkyDrive.

Features:-

  • Access all of your SkyDrive content including files shared with you.
  • View recently used documents.
  • Choose multiple photos or videos to upload from your phone.
  • Share your files and photos – send a link in email or in another app.
  • Open your SkyDrive files in other Android apps.
  • Manage your files – delete, or create new folders.
The official SkyDrive app is now available in the Google Play store. For more information and to download click here.






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Unveils Windows Phone 8 Codenamed “Apollo”

Posted by Avik Sarkar On 6/22/2012 01:19:00 am

Microsoft Unveils Windows Phone 8 Codenamed “Apollo”

Few days ago in a report we have said that Microsoft is expected to launch it's own tablet (Microsoft Surface) while aiming to compete with iPad. Redmond based software and hardware giant just unveiled the next big step in its mobile software, Windows Phone 8 codenamed “Apollo” Windows Phone 8 brings the platform in line with other mobile OSes by adding support for muti-core processors, higher screen resolutions and newer wireless technologies like near field communication (NFC). Importantly, Microsoft has re-coded Windows Phone from the ground up for the new version. Previous versions of Windows Phone were based on Microsoft’s old mobile OS, Windows CE, but now the platform will share the same source code as the company’s coming desktop OS, Windows 8. That has big consequences for developers and consumers. For developers, it will be extremely easy to create a Windows Phone app if they already have a Windows 8 app that runs in the Metro environment (and vice versa). For consumers, it means more apps and better hardware to run them. It also has the effect of rendering every current Windows Phone obsolete, since those phones won’t be able to run the new software. They will, however, get an upgrade to Windows Phone 7 to 8. Windows Phone 8 adds support for many new hardware features. The most anticipated is support for multi-core devices, which have become common on both Android and iOS platforms. There’s also support for better screen resolutions, including 720p and 1,280 x 768 (WXGA). That’s not quite retina, but it’s better than the 800 x 480 screen of the Nokia Lumia 900, one of the current leading Windows Phones.

New Features At a Glance :-
  • Support for multi-core processors. Existing support for single core has been a major concern for some high-end users wanting faster processing ability.
  • Two new high-definition screen resolutions for the coming OS. They are 1280 x 768 and 1280 x 720.
  • Removeable micro-SD support for the first time to allow expansion of base storage.
  • A busier start screen with room for more live tiles than in Windows Phone 7.5. Today's Windows Phones have room for up to eight live tiles and WP8 will have room for up to 32 live tiles, which can be sized differently.
  • IT support. Adminstrators will see some gaps in the existing OS filled, including support for encryption and secure boot in WP8, as well as the ability to allow IT to deploy apps without going through Windows Marketplace.
  • Built-in Nokia Navteq map technology, with turn-by-turn driving instructions in many countries.
  • Full Internet Explorer 10 support with more features of HTML 5 added. Belfiore said that Windows Phone 8 with IE10 will download Web pages slightly faster than three other popular smartphones on the market.
  • Native code support, a feature seen as useful to developers eager to move their apps from iOS or Android to Windows Phone. 


-Source (Mshable & CW)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search