Most sites or programs now show some kind of meter trying to tell you if the password you are entering is secure. Turns out that many are wrong and there?s not a lot of consistency in rating them. No way ?Password1? is strong! Many password stre...
53 minutes ago Brute-Forcing iPhone PINsSchneier blog View Synopsis+1
This is a clever attack, using a black box that attaches to the iPhone via USB:As you know, an iPhone keeps a count of how many wrong PINs have been entered, in case you have turned on the Erase Data option on the Settings | Touch ID & Passcode screen.
That's a highly-recommended option, because it wipes your device after 10 passcode mistakes.
Even if you only set a 4-digit PIN, that gives a crook who steals your phone just a 10 in 10,000 chance, or 0.1%, of guessing your unlock code in time.
But this Black Box has a trick up its cable.
Apparently, the device uses a light sensor to work out, from the change in screen intensity, when it has got the right PIN.
In other words, it also knows when it gets the PIN wrong, as it will most of the time, so it can kill the power to your iPhone when that happens.
And the power-down happens quickly enough (it seems you need to open up the iPhone and bypass the battery so you can power the device entirely via the USB cable) that your iPhone doesn't have time to subtract one from the "PIN guesses remaining" counter stored on the device.
Because every set of wrong guesses requires a reboot, the process takes about five days. Still, a very clever attack.
5 hours ago Unlimited stolen Uber accounts flogged for $5The Register View Synopsis+1
Accounts 100 percent valid, fraudsters claim
Fraudsters are flogging an 'unlimited' number of stolen Uber accounts containing personal details and limited credit card data for less than $5.
4 hours ago New .bank Domains For Sale SoonForbes View Synopsis+1
Sitting on the sofa in my house sipping coffee this morning and reading the news I saw a gem that leapt of the screen at me. First off, remember the good old days when we just had domains that were .com, .org and .net? Yeah, good times. Now, there is [...]
Outlook autocomplete SNAFU sees world leaders' particulars leaked during G20 summit
Last week, Australia passed mandatory metadata retention laws, over objections that personal data should only be accessible by a very small number of people under very secure circumstances because it is is bound to leak and cause embarrassment.
A a new document sheds light on the backstory behind the development of the government's zero-day policy and offers some insight into the motivations for establishing it.
The post US Used Zero-Day Exploits Before It Had Policies for Them appeared first on WIRED.
HTTP hijacking is being used to redirect Baidu search engine traffic into a massive DDoS.
Are you getting threat intel -- or just antivirus software? A government-backed report designs a framework for threat intelligence that can be scaled to different sectors, sizes of organization, and organizational goals.
A recent Verizon study found that regular testing of security systems was a compliance weak point for merchants.
4 hours ago PCI Issues Penetration Test GuidanceInfoRiskToday View Synopsis+1
Experts Debate Whether Advice Goes Far EnoughExperts debate the value of new PCI guidance for how businesses should use penetration testing to identify network vulnerabilities that could be exploited for malicious activity. Does the new advice go far enough?
Users unwittingly add to chronic traffic congestion
GitHub's servers are being hammered by web traffic from an army of unwitting cyber-foot-soldiers.
Security Mailer v15#13
3 hours ago Surveillance And The Encryption BoogeymanForbes View Synopsis+1
In January of this year, British Prime Minister David CameronÂ let it be known that he intended to dumb down encryption so that law enforcement could monitor all of the information streaming across the country. A direct attempt to capitalize on the Paris attacks. This was an unfortunate overture against encryption [...]
Online screenshot-sharing service Puush is warning its users to change their passwords after it emerged that the platform had been infected with malware.
It's only rock and roll but hackers like it
The Eurovision Song Contest has been targeted by obsessed hackers who stuffed the voting ballots during the final qualifier song performance.
7 hours ago Jailed Brit con phishes prison, gets bailThe Register View Synopsis+1
'Hi this is < name > please release < prisoner >'
A convicted British fraudster used a fake Web site and and fake identities to trick prison officers into releasing him.
The European agency says tracking and monitoring terrorist suspects is increasingly difficult in a world where encryption is becoming commonplace.