With tens of thousands camped in line today waiting for the Apple iPhone 5, hackers have already had their hands on the core iOS 6 operating system for some time. Two Dutch hackers managed to successfully beat Apple’s sturdy protections in place, and this week at the EUSecWest conference in Amsterdam presented the first successful hack of a patched iPhone 4S with an exploit that will also work against the new device.
Two security researchers have already chipped the armor of the new iPhone, scheduled for release tomorrow.Joost Pol and Daan Keuper won the mobile Pwn2Own contest yesterday at EUSecWest event in Amsterdam by compromising a fully patched iPhone 4S device and stealing contacts, browsing history, photos and videos from the phone.
There is a widening gulf between application developers and security decision makers inside the enterprise, and it’s starting to cost companies serious money.
There is a serious vulnerability in the authentication protocol used by some Oracle databases, a flaw that could enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user’s password. The attacker could then log on as an authenticated user and take unauthorized actions on the database. The researcher who discovered the bug has a tool that can crack some simple passwords in about five hours on a normal PC.
Microsoft announced last night it would issue an out-of-band patch on Friday for a zero-day Internet Explorer vulnerability disclosed earlier this week. In the meantime, Microsoft made a FixIt available on Wednesday that would temporarily mitigate the threat posed by active exploits found in the wild.The out-of-band patch will be available by 1 p.m. ET on Friday, said Yunsun Wee, director of Trustworthy Computing for Microsoft.
A Sprint spokeswoman today responded to a software developer’s claim that millions of Virgin Mobile users are vulnerable to attacks due to inadequate authentication mechanisms.In an email sent to Computerworld, Stephanie Vinge Walsh said Virgin Mobile, a subsidiary of Sprint, has multiple safeguards to prevent someone from tampering with users’ accounts.
Massachusetts Eye and Ear Infirmary, a Boston-based hospital, agreed to pay $1.5 million to the U.S. Department of Health and Human Services (HSS) earlier this week, settling a HIPAA violation stemming from a 2010 incident.
It’s been a rough couple of years for the security of fundamental Internet infrastructure technologies such the domain name system (DNS), SSL and digital certificates. Hackers are taking aim at these core technologies at the heart of ecommerce and online communication, and are more often than not, hitting their mark with devastating accuracy.
People in the security industry often criticize the federal government for being woefully behind the times on information security, not understanding the current threat landscape and not having enough trained law enforcement agents who can handle sophisticated computer crimes. Steven Chabinsky doesn’t want to hear it. A longtime FBI lawyer and former chief of the bureau’s Cyber Intelligence Section, Chabinsky believes that the government is doing a better job at security than ever before, as is the private sector. But, he also believes the attackers are still gaining ground every day.
With Internet Explorer users still exposed to as many as four active exploits of a zero-day vulnerability in the browser, Microsoft Tuesday night said it will release a FixIt in the next couple of days that will address the issue.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
