iOS and OS X attacks are likely to get more frequent as the platform becomes a valuable attack target, just like Windows in the past.
via Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X • The Register.
Oh dear. You can’t even trust your photocopiers these days. Spot the difference.
The implications are huge. Imagine what happens if the following happens as a result of your copy getting messed up (excerpt from article):
- Incorrect invoices
- Construction plans with incorrect numbers (as will be shown later in the article) even though they look right
- Other incorrect construction plans, for example for bridges (danger of life may be the result!)
- Incorrect metering of medicine, even worse, I think.
Xerox scanners/photocopiers randomly alter numbers in scanned documents · D. Kriesel.
How not to release a security patch. Or, don’t take the security community for a fool.
Excellent analysis of the attack against github reported earlier. Great firewall demystified just a little.
Errata Security: Pin-pointing China's attack against GitHub.
Scary how easy it is to gain control over physical building systems.
Owning a Building: Exploiting Access Control and Facility Management Systems by Billy Rios – YouTube.
Very good analysis of the current DDoS attack that GitHub is facing, apparently over the hosting of github.com/greatfire and github.com/cn-nytimes, which is used to bypass censorship in China.
The hard truths – cloud is not always the answer.
Great comment from HN:
The reason why it is extremely hard to engineer robust large scale AWS cloud apps can be summarized under the umbrella of performance variance:
– machine latency varies more, you can’t control it
– network latency varies more
– storage latency varies more (S3, Redshift, etc.)
– machine outages are more frequent
How and Why Swiftype Moved from EC2 to Real Hardware – High Scalability –.
Good grief! Has no one learned from Sony’s rootkit incident yet? If you are a Lenovo owner, you may want to check if there’s a Superfish certificate in your certificate chain by running certmgr.msc. Other than injecting unwanted ads in your browser, in theory the adware could sniff on your banking transactions ‘cos it’s performing a MiTM on your HTTPS.
The greatest bank robbery of all times? Some says hundreds of millions have been stolen, some say up to 1 billion. Given the extent of attack, it could be hard to know the exact amount. But one thing is clear, we have come a long way since the playful days of prank worms and viruses. Cyber criminals are now extremely well-organized, funded and motivated by huge monetary rewards.
A stunning look at the extent some organizations would go to achieve its objectives. From a technical perspective, it’s brilliant. This will no doubt be used as a template for other state actors to follow, as some already did earlier.
How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last | Ars Technica.