A LOCK SCREEN VULNERABILITY IN THE NEW IOS 7 LEAVES USERS' E-MAIL, PHOTOS, TWITTER, AND OTHER APPS OPEN TO BEING USED WITHOUT PERMISSION

Hey guys, did you know that the passcode lock screen on iOS 7 suffers from a virus that allows anyone with direct access to the iPhone or iPad to bypass the lock screen and open apps?

It was discovered by Jose Rodriguez that if you hold the phone's sleep button, but instead of swiping to power down the phone, tap cancel and double-tap the home button to access the multitasking screen. From there, you can jump to the camera and share stored photos, which gives you access to the user's communication accounts such as e-mail, Flickr, Facebook, Twitter, and others.

And it has been tested successfully on iOS 7 when running on the iPhone 4S, 5, 5C, and 5S, and the most recent iPad model.

Rodriguez has an ability of finding iOS lock screen hacks. He found vulnerabilities in the iOS  6.2.3 lock screen and a lock screen in a beta version of iSO 7.

 Apple fixed both, but this is a new one that he found recently. Rodriguez released the hacks in a responsible manner, and he promised to figure out ways to break the new version of iOS.

Source: http://news.cnet.com/8301-1009_3-57603787-83/apple-promises-to-fix-ios-7-lock-screen-hack/  

 

REVEALED: HOW US AND UK SPY AGENCIES DEFEAT INTERNET PRIVACY AND SECURITY

 

Did you know that the spy agencies have inserted secret vulnerabilities into encryption software??

US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails.

 The National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.

The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – "the use of ubiquitous encryption across the internet".

Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with "brute force", and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.

Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.

 A GCHQ team has been working to develop ways into encrypted traffic on the "big four" service providers, named as Hotmail, Google, Yahoo and Facebook.

The agency proposed a system to identify encrypted traffic from its internet cable-tapping programs and decrypt what it could in near-real time.

Even if he NSA and GCHQ celebrated their success at 'defeating network security and privacy,  security experts  argues that attacking the internet itself and the privacy of all users is wrong.  

Please feel free to share your ideas on this debate.  

Source: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

 

 

 

Exploiting the iPhone

In the world of information security the new iPhone was recently released with vulnerability. Cell phones carry so much of our personal data; therefore, it is critical to secure individual’s information before releasing any device.

Evaluators decided to investigate how tough it would be for a remote adversary to compromise the private information stored on the iPhone. Within a short period of time, they had successfully discovered vulnerability; they created a tool chain for working with the iPhone's architecture and developed a proof-of-concept exploit capable of delivering files from the user's iPhone to a remote attacker. Once this was discovered, the evaluators notified Apple of the vulnerability and suggested a patch, but Apple resolved the issue on their own.

How the exploit works

The vulnerability is sent via a malicious web page opened in the Safari browser on the iPhone. There are several delivery vectors that an attacker might utilize to get a victim to open such a web page; For example, the iPhone learns access points by name (SSID); if a user ever gets near an attacker-controlled access point with the same name (and encryption type) as an access point previously trusted by the user, the iPhone will automatically use the malicious access point. This allows the attacker to add the exploit to any web page browsed by the user replacing the requested page with a page containing the exploit.

 If a web forum's software is not configured to prevent users from including sensitive data in their posts or web page, an attacker could cause the exploit to run in any phone browser that viewed the thread. For example,   Attacker could manipulate a user into opening a website that they control by sending the link via e-mail or SMS.

When the iPhone's version of Safari opens the malicious web page, illogical code rooted in the exploit is run with administrative privileges. In our proof of concept, this code reads the log of SMS messages, the address book, the call history, and the voicemail data. It then transmits all this information to the attacker. It could also send the user's mail passwords, text messages that sign the user up for pay services, or record audio that could be relayed to the attacker.

Even though Information Technology is ever increasing to ensure protection of our personal data there are still so many weak points and flaws that could bring harm to its users and potential lawsuits. I believe that evaluators are needed to expose flaws and vulnerability to ensure information security to users

Source: http://securityevaluators.com/content/case-studies/iphone/.

Privacy Fears Cause More to Cover Online Tracks

Currently, there is a developing fear about online surveillance and data theft. Americans are increasingly taking steps to remove or mask their digital footprints on the Internet.

Facts

It was reported by Pew Research Center that; 86 percent of US Internet users have taken some steps to avoid online surveillance by other people or organizations.

The survey found out that: 21% of online adults have had an email or social media account hijacked and 11% have had information like Social Security numbers or financial data stolen. 12 % of those using the Internet have been stalked or harassed online, and 6% have been the victim of an online scam and lost money.  6% reported to have had their reputation damaged because of something that happened online, and 4% were in physical danger because of something that happened online. 50 % of Internet users reported to be worried about the amount of their personal information that is online.  64% of online adults clear "cookies" which store information, or their browser history and 41% have disabled cookies.

Some delete material they have posted in the past, create usernames that are hard to tie to them, use public computers to browse, or give inaccurate information about themselves.

Approximately 14% of the user’s survey said they at times encrypt email and 14 % say they use services like virtual networks that allow them to browse without being tied to a specific Internet protocol address. 

Source: http://www.securityweek.com/privacy-fears-cause-more-cover-online-tracks-study  

 

Current Information Security Issues

Hi Everyone.

My name is Sajida Kamazima , currently working on my master’s degree in Management Information Systems, sybersecurity concentration at Bellevue University. I look forward to discussing current information security issues