KevLar's Space

my little space on the interwebs

A Text Message Can Crash An iPhone and Force It To Reboot

DavidGilbert99 writes with news that a bug in iOS has made it so anyone can crash an iPhone by simply sending it a text message containing certain characters. “When the text message is displayed by a banner alert or notification on the lockscreen, the system attempts to abbreviate the text with an ellipsis. If the ellipsis is placed in the middle of a set of non-Latin script characters, including Arabic, Marathi and Chinese, it causes the system to crash and the phone to reboot.” The text string is specific enough that it’s unlikely to happen by accident, and users can disable text notification banners to protect themselves from being affected. However, if a user receives the crash-inducing text, they won’t be able to access the Messages app without causing another crash. A similar bug crashed applications in OS X a few years ago.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1dxtUqW

Insurer Won’t Pay Out For Security Breach Because of Lax Security

chicksdaddy writes: In what may become a trend, an insurance company is denying a claim from a California healthcare provider following the leak of data on more than 32,000 patients. The insurer, Columbia Casualty, charges that Cottage Health System did an inadequate job of protecting patient data. In a complaint filed in U.S. District Court in California, Columbia alleges that the breach occurred because Cottage and a third party vendor, INSYNC Computer Solution, Inc. failed to follow “minimum required practices,” as spelled out in the policy. Among other things, Cottage “stored medical records on a system that was fully accessible to the internet but failed to install encryption or take other security measures to protect patient information from becoming available to anyone who ‘surfed’ the Internet,” the complaint alleges. Disputes like this may become more common, as insurers anxious to get into a cyber insurance market that’s growing by about 40% annually use liberally written exclusions to hedge against “known unknowns” like lax IT practices, pre-existing conditions (like compromises) and so on.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1PMHEis

IRS: Personal Info of 100,000 Taxpayers Accessed Illegally

An anonymous reader writes: The Associated Press reports that an online service provided by the IRS was used to gather the personal information of more than 100,000 taxpayers. Criminals were able to scrape the “Get Transcript” system to acquire tax return information. They already had a significant amount of information about these taxpayers, though — the system required a security check that included knowledge of a person’s social security number, date of birth, and filing status. The system has been shut down while the IRS investigates and implements better security, and they’re notifying the taxpayers whose information was accessed.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1AwBFr5

Linux/Moose Worm Targets Routers, Modems, and Embedded Systems

An anonymous reader writes: Security firm ESET has published a report on new malware that targets Linux-based communication devices (modems, routers, and other internet-connected systems) to create a giant proxy network for manipulating social media. It’s also capable of hijacking DNS settings. The people controlling the system use it for selling “follows,” “likes,” and so forth on social media sites like Twitter, Instagram, Vine, Facebook, and Google+. Affected router manufacturers include: Actiontec, Hik Vision, Netgear, Synology, TP-Link, ZyXEL, and Zhone. The researchers found that even some medical devices were vulnerable to the worm, though it wasn’t designed specifically to work with them.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1F8PDee

Hyundai Now Offers an Android Car, Even For Current Owners

An anonymous reader writes: Looking more like a computer company than a car company, Hyundai ships Android Auto on 2015 Sonatas and unlocks it for owners of the 2015 Sonata with a software update. Says the article: To enable Android Auto, existing 2015 Hyundai Sonata owners outfitted with the Navigation feature can download an update to a USB drive, plug it into the car’s USB port, and rewrite the software installed in the factory on the head-unit. When the smartphone is plugged into the head-unit with a USB cable, the user is prompted to download Android Auto along with mobile apps. Android Auto requires Android 5.0 or above.

That sounds like a good description of how I’d like my car’s head unit to work — and for that matter, I’d like access to all of the software.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1J2PFu2

Exploit Kit Delivers Pharming Attacks Against SOHO Routers

msm1267 writes: For the first time, DNS redirection attacks against small office and home office routers are being delivered via exploit kits. French security researcher Kafeine said an offshoot of the Sweet Orange kit has been finding success in driving traffic from compromised routers to the attackers’ infrastructure.The risk to users is substantial he said, ranging from financial loss, to click-fraud, man-in-the-middle attacks and phishing.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1AvRA8S

Attackers Use Email Spam To Infect Point-of-Sale Terminals

jfruh writes: Point-of-sale software has meant that in many cases where once you’d have seen a cash register, you now see a general-purpose PC running point-of-sale (PoS) software. Unfortunately, those PCs have all the usual vulnerabilities, and when you run software on it that processes credit card payments, they become a tempting target for hackers. One of the latest attacks on PoS software comes in the form of malicious Word macros downloaded from spam emails.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1dubSpx

Sniffing and Tracking Wearable Tech and Smartphones

An anonymous reader writes: Senior researcher Scott Lester at Context Information Security has shown how someone can easily monitor and record Bluetooth Low Energy signals transmitted by many mobile phones, fitness monitors, and iBeacons. The findings have raised concerns about the privacy and confidentiality wearable devices may provide. “Many people wearing fitness devices don’t realize that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device,” said Scott says. “Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device – that may belong to a celebrity, politician or senior business executive – within 100 meters in the open air. This information could be used for social engineering as part of a planned cyber attack or for physical crime by knowing peoples’ movements.” The researchers have even developed an Android app that scans, detects and logs wearable devices.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1er8uM1

Researchers Devise Voting System That Seems Secure, But Is Hard To Use

An anonymous reader writes: According to an article in ReadWrite, a team of British and American researchers have developed a hacker resistant process for online voting called Du-Vote. It uses a credit card-sized device that helps to divide the security-sensitive tasks between your computer and the device in a way that neither your computer nor the device learns how you voted (PDF). If a hacker managed to control the computer and the Du-Vote token, he still can’t change the votes without being detected.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1F2H7h2

Hacker Warns Starbucks of Security Flaw, Gets Accused of Fraud

Andy Smith writes: Here’s another company that just doesn’t get security research. White hat hacker Egor Homakov found a security flaw in Starbucks gift cards which allowed people to steal money from the company. He reported the flaw to Starbucks, but rather than thank him, the company accused him of fraud and said he had been acting maliciously.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1HBgCpF

Follow

Get every new post delivered to your Inbox.