5 Reasons to Jailbreak Your iPhone - and 5 Reasons Not
Jailbreaking your iPhone has never been simpler with the latest release of JailbreakMe. Instead of the previous method of hacking into the iPhone through your PC, JailbreakMe.com exploits a flaw in the Safari Web browser's PDF viewer that grants instantaneous freedom from Apple's notoriously locked-down policies. Even before jailbreakme,
READ MORE:http://www.pcworld.com/article/202441/5_reasons_to_jailbreak_your_iphone_and_5_reasons_not.html
10 free software downloads for your laptop
Have a laptop or netbook and want to get more out of it? You’re not alone. We’ve experienced the frustration of trying to keep data or bookmarks on a portable synchronised with those of a desktop PC or other laptops. We’ve struggled with diminishing battery life. We’ve needed assistance getting connected at hotspots or staying safe once online. And we’ve wondered how to take full advantage of USB flash drives.
Facebook is preparing to release simple privacy settings following a meeting last week with its staff.
Hacker created 250,000-strong botnet army
A hacker faces 60 years in prison and a $1.75m fine after pleading guilty to infecting hundreds of thousands of computers with malware in order to steal money from Paypal accounts. John Schiefer, 26, admitted that he and some associates developed malware that allowed them to create botnet armies of as many as 250,000 computers. Schiefer was able to collect information sent from the infected computers, including usernames and passwords for Paypal accounts. He and his associates were then able to make purchases using the Paypal accounts. They also shared the password information with others. Read more..
PayPal and eBay are easily the most common brands used in online scams, a PhishTank report reveals.
The report – based on the end-user submission of almost 300,000 emails believed to be phishes – shows PayPal and its parent eBay served as the lure in 63,437 verified phishing emails.
The report – based on the end-user submission of almost 300,000 emails believed to be phishes – shows PayPal and its parent eBay served as the lure in 63,437 verified phishing emails.
Your car can be hacked via wireless tire sensors .
Be afraid, be very afraid. Researchers at Rutgers University and the University of South Carolina have been experimenting with how easy it is to hack a car. The result? It’s very easy, so easy in fact you can do it wirelessly.
The key to hacking a modern car is the presence of mandatory wireless tire pressure sensors (on cars sold in the U.S. from 2008). Gaining control of these sensors apparently only requires $1,500 of equipment. After which, you can setup a makeshift tracking system, but also feed the car’s on-board systems false information.
The extent of the hacking through this method seems to be making the electronic control unit on a car crash, or getting the dashboard to light up. In a scene you’d expect to see during a movie, it’s possible to drive up alongside an unsuspecting vehicle, perform the hack, then have your wicked way with its sensors and control systems.
Will car sales rooms of the future be advertising anti-malware for your new car?
Read more at Ars Technica
Matthew’s Opinion
This is only going to get worse. We are adding more and more sensors and electronic systems to our motor vehicles. We need to, to make them more efficient and safer to drive, but also because they are getting more complicated with the addition of batteries, energy recovery systems, and multi-fuel management monitors.
Where there’s a system, there’s a hacker waiting to try and gain entry to it. While drive-by hacking in a literal sense sounds cool, and may be amusing to think about, in reality it could cause some dangerous accidents. Even flashing the lights on a dashboard could be enough to distract someone and cause a crash.
Car manufacturers need to be on the ball when it comes to security. If you’re adding a sensor to a car, make sure it is secure. Got lots of sensors? Then implement a management system with security built-in.
Important Lessons to Learn from the Black Hat ATM Hack
A security researcher named Barnaby Jack amazed attendees at the Black Hat security conference by hacking ATM machines in a session titled "Jackpotting Automated Teller Machines Redux". There are some important lessons to be learned from the hacks Jack demonstrated, and they apply to more than just ATM machines.
Jack's exploits--one involving physical access to the ATM machine using a master key available online, and the other dialing in remotely to gain access--focused on ATM machines from Triton and Tranax. However, the issue is not necessarily limited to these two. Jack explained to his audience that he has yet to find an ATM machine that he couldn't crack and retrieve cash from.
It's an impressive hack. Who wouldn't like to just walk up to an ATM machine and cause it to spew money as if you'd hit the jackpot on a Vegas slot machine? But, most businesses don't own ATM machines, so why should IT admins care about the ATM hack?
The answer is that it's not just about ATM machines. The ATM machine is just one sensational example of poor physical security combined with poor digital security on a legacy or niche platform. Computers are everywhere, but many of them are not monitored for security issues or updated on a regular basis to protect them.
Toralv Dirro, a security researcher with McAfee, explained in a blog post "Most people tend to ignore the fact that a lot of today's devices and machines are running fairly standard computers and operating systems internally. ATM machines, cars, medical devices, even your TV may have such a computer inside, allowing updates over a network. Software unfortunately has flaws."
Dirro goes on to explain that the more complex the system is, the more likely it is to have flaws that can be discovered and exploited given enough time. Many of these systems--particularly systems such as the software running the ATM machine at the corner gas station--are fairly complex and need to be periodically updated to ensure they are secure and protected.
There are also national security implications. Many of the utilities like water and electricity, chemical processing plants, manufacturing facilities, trains and subways, and other elements of the critical infrastructure that form the backbone of productivity, commerce and security for the country rely on archaic, legacy systems that are not frequently updated, yet likely have exploitable holes for an attacker that looks hard enough.
To make matters worse, many of these systems were originally standalone, but have been connected to the Internet over time, making it possible to access and exploit them remotely. The ATM machine hack demonstrates the need to provide better security for these systems.
It is unrealistic to expect these legacy and niche systems to be constantly updated. Running firewalls or common antimalware protection is also highly impractical. However, as Dirro points out, "the future is in using Application Control, Configuration Control and Change Control to lock down those systems, so you can still make authorized updates and changes but not run unauthorized code from an attacker."
Read more...
