Cryptography


iHacked: Jailbroken iPhones Compromised, $5 Ransom Demanded

Yesterday, a “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your phone right now!” message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup.  Read the full story [Dancho Danchev/ZDNet]

Free Microsoft Tool Hardens Programs Against Attack

Microsoft has released
a free tool for retroactively hardening applications against known
attacks, without recompiling the program with a special compiler flag.
The Enhanced Mitigation Evaluation Toolkit
(EMET) allows developers and administrators to activate specific
protection mechanisms in compiled binaries without requiring access to
the source code. The tool is currently able to prevent or impede four
attack techniques. Read the full story [The H Online]  See Microsoft blog post on EMET [technet.com]


The U.S. Computer Emergency Readiness Team warned BlackBerry users on Tuesday about a new program called PhoneSnoop that allows someone to remotely eavesdrop on phone conversations.The PhoneSnoop application must be installed on the phone by someone who has physical access to it or by tricking the user into downloading it, the CERT advisory said. Read the full story [CNET/Elinor Mills]

Guest editorial by Paul Roberts  In a weird kind of synchronicity, two stories recently have raised the specter of discarded (not merely misplaced) hard drives as the source of considerable consternation and legal wrangling. In the most serious incident, the Inspector General of the National Archives and Records Administration (NARA) launched an investigation into a potential data breach that could expose the personal information and health records of up to 70 million veterans.

Full-disk encryption is often heralded as a panacea to the huge problems of data breaches and laptop thefts, and with good reason. Making the data on a laptop or other device unreadable makes the machine far less attractive or valuable to a thief. However, researchers are showing that this solution has its share of weaknesses, too.

PayPal suspended the account of a white-hat hacker on Tuesday, a day after someone used his research into website authentication to publish a counterfeit certificate for the online payment processor.

“Under the Acceptable Use Policy, PayPal may not be used to send or receive payments for items that show the personal information of third parties in violation of applicable law,” company representatives wrote in an email sent to the hacker, Moxie Marlinspike. “Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience.”  Read the full story [Dan Goodin/The Register]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.