Crazy iOS security flaw lets attackers crash any iPhone or iPad nearby

At the RSA Conference this week in San Francisco, researchers Yair Amit and Adi Sharabani disclosed a dangerous and scary new iOS hack which can cause targeted iPhones or iPads to enter a perpetual reboot loop, effectively rendering the devices all but useless.Amit and Sharabani, who both work for the mobile security firm Skycure, note that the security flaw exists in iOS 8 and can be triggered via manipulated SSL certificates sent to a device over a Wi-Fi network. What's more, a previous iOS bug disclosed by Skycure, dubbed WiFiGate, enables attackers to create their own Wi-Fi network and "force external devices to automatically connect to it." Taken together, attackers can effectively create what is referred to as a "No iOS Zone."To read this article in full or to leave a comment, please click here

Slightly fast and not furious: Lightweight car challenge brings out wicked cool prototypes

By the looks of it creativity in the concept car realm is alive and well. The Department of Energy’s Advanced Research Projects Agency-Energy (ARPA-E) this week announced the winner of its LIghtweighting Technologies Enabling Comprehensive Automotive Redesign (LITECAR) Challenge that featured 250 entries battling it out to develop some very cool fuel-efficient cars. +More on Network World: What advanced tech will dominate your car by 2025? IBM knows+ ARPA-E teamed with vehicle design firm Local Motors to run the LITECAR Challenge that looked to fast-track ground-breaking auto ideas by using novel materials, structural designs, energy absorbing materials and unique methods of manufacturing like 3D printing to reduce vehicle weight while maintaining current U.S. automotive safety standards.To read this article in full or to leave a comment, please click here

Google launches Project Fi, its combo cellular and Wi-Fi network

Google launched its own ambitious wireless network primarily in the U.S. on Wednesday in partnership with Sprint and T-Mobile. Calling it Project Fi, Google promised seamless wireless connections, initially for Nexus 6 smartphone users, whether they are within more than 1 million free and open Wi-Fi hotspots or within an LTE cellular network operated by Sprint or T-Mobile. In a blog, Google asked customers to sign up online to join an Early Access Program for the service. The service will initially be available on the Nexus 6 smartphone that Google builds with Motorola. Potential customers must request an invitation from Google on a separate site to get started.To read this article in full or to leave a comment, please click here

How to properly scope your PCI assessment

To scope or not to scope - the security leader’s dilemmaImage by ThinkstockPCI is both a globally recognized standard and a lightening rod for discussion. In recent weeks, I’ve engaged in conversations exploring the scope of PCI assessments. On twitter, the discussion focused on the need to include everything in scope, as a means to force companies to improve security. Contrast that with a recent column explaining the benefit to speed, price, and quality of properly scoping your PCI assessment (read it here).To read this article in full or to leave a comment, please click here

Man fires 8 gunshots into his Dell PC after Blue Screens of Death push him over edge

A Colorado man says he has no regrets after unloading eight rounds into his dysfunctional Dell desktop, though he faces a fine for doing so.“I just had it,” Lucas Hinch, 38, told The Smoking Gun (via Ars Technica). Apparently the PC had thrown up one too many blue screens of death in recent months, so Hinch took it into an alley, loaded up a 9mm Hi-Point pistol that he’d purchased on Craiglist, and let the bullets fly.“It was glorious,” Hinch told the Los Angeles Times. “Angels sung on high.”To read this article in full or to leave a comment, please click here

Controlling HP Moonshot with ipmitool

I've been driving the HP Moonshot environment over the network with ipmitool, and found it not altogether straightforward. One of the HP engineers told me:
Yeah, we had to jump through some hoops to extend IPMI’s single-system view of the world into our multi-node architecture.
That is exactly why it's confusing. Everything here works reasonably well, but users have to jump through all of the hoops that the product engineers lined up for us.

Compatibility
The build of ipmitool that ships with OS X (2.5b1) doesn't support the Moonshot's double-bridged topology, so I'm using the one that ships with macports (1.8.12). To check whether your version of ipmitool is compatible, run ipmitool -h and look to see whether it supports both the single-bridge (-b, -t) and double-bridge (-B, -T) command line options. If it does, then it's probably okay.

Bridging
Using IPMI over the network with a regular rack server is pretty straightforward. You specify the device by name or IP, the user credentials and the command/query you want to run. That's about it. Such a command might look like this:

 ipmitool —H <IPMI_IP> -U <user> —P <password> —I lanplus chassis identify force

The command above Continue reading

Malware used in White House and State Department hacks possibly linked to Russia

The group of attackers behind cyberintrusions at the White House and the Department of State last year used malware that bears strong similarities to cyberespionage tools suspected to be of Russian origin.Security researchers from Kaspersky Lab have dubbed the cyberespionage group CozyDuke and said that it has blatantly targeted high-profile victims since the second half of last year. Its toolset includes malware droppers, information-stealing programs and backdoors that have antivirus evasion capabilities and make use of cryptography, the researchers said Tuesday a blog post.To read this article in full or to leave a comment, please click here

Qualys devises a virtual patch to protect against vulnerabilities

If you can’t wait for that critical patch to secure your system from some just-discovered bug, IT security firm Qualys may have an answer, through new security software that can secure the trouble spot until the patch arrives.The feature, called virtual patching, comes with the newly released version 2 of the company’s Web Application Firewall, a set of software for securing Web applications against malicious behavior.Virtual patching can address one of the most thorny problems in enterprise IT security, that of protecting against a recently discovered software flaw. Sometimes attackers can start misusing a software bug as soon as it is discovered —- this is called a zero day flaw.To read this article in full or to leave a comment, please click here

SSL certificate flaw allows hackers to crash devices running iOS 8

A flaw in iOS 8 would allow attackers to render devices running the mobile OS useless if they’re within range of a fake wireless hotspot, according to researchers from security firm Skycure.The vulnerability exploits an issue in how iOS 8 handles SSL certificates. By manipulating the certificates, researchers found they were able to get apps running on iPads, iPhone and iPods as well as the OS to crash. In other instances, the researchers placed the devices in a constant reboot cycle.Yair Amit and Adi Sharabani, Skycure’s CTO and CEO, respectively, discussed the flaw, called “No iOS Zone,” Tuesday during a session at the RSA conference and talked about their findings in a blog post on Wednesday.To read this article in full or to leave a comment, please click here

Senate leader introduces bill to extend Patriot Act surveillance

The majority leader of the U.S. Senate has introduced a bill that would extend the surveillance provisions of the Patriot Act until 2020, instead of expiring on June 1.The bill, introduced by Senator Mitch McConnell Tuesday night, would extend section 215 of the Patriot Act, the controversial part of the law that the U.S. National Security Agency has used to collect U.S. telephone records in bulk. Many digital and civil rights groups have protested the NSA phone records collection program, saying it violates the Fourth Amendment of the U.S. Constitution protecting the country’s residents against unreasonable searches and seizures.To read this article in full or to leave a comment, please click here

The VPLS & MPLS IP VPN Buyers Field Guide

VPLS & MPLS IP VPN Procurement step by step – every IT Managers key area documented.

Author information

Sponsored Blog Posts

The Packet Pushers work with our vendors to present a limited number of sponsored blog posts to our community. This is one. If you're a vendor and think you have some blog content you'd like to sponsor, contact us via [email protected].

The post The VPLS & MPLS IP VPN Buyers Field Guide appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.

1 3,519 3,520 3,521 3,522 3,523 3,834