Google Exposes 14 Long-Hidden Exploits in iOS

August 30, 2019 by Paul Spoerry Leave a Comment

According to one blog post, the 14 vulnerabilities were a part of five unique iPhone exploit chains that covered almost every version of Apple’s mobile operating system from iOS 10 to the latest version of iOS 12, indicating that the hackers were working hard to exploit the security flaws.

Half of the iPhone vulnerabilities were discovered in Apple’s Safari browser, five in the kernel, and hackers also used two separate sandbox escapes to access data outside the permissions of an app or a process.

The attack had such deep access to iPhone systems that hackers could even read or eavesdrop the messages of victims on encrypted communications services like WhatsApp, iMessage, and ProtonMail.

“There was no target discrimination,” Ian Beer, a Google hacker and member of the company’s Project Zero team, wrote in a blog. “Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant.”

There’s also a chance that the attackers have acquired access tokens from the Apple victims, which they could use to log into social media and communications accounts.

You can read the in-depth posts on Google’s Project Zero blog.

Hacked! Protect Your Password From Predators

April 17, 2013 by Paul Spoerry Leave a Comment

Guest post by Jennifer Morris

In this digital age when everything from banking accounts to photo albums are online, people are left wondering just how safe the Internet age is. While the risks are real, staying protected is possible. Being aware and taking the right measures can help you avoid being a target. Jennifer Morris tells you how.

[Read more…]

CISPA is Back – The Internet Needs Your Help

February 19, 2013 by Paul Spoerry 1 Comment

CISPA, the Cyber Intelligence Sharing and Protection Act was reintroduced in the House of Representatives yesterday. CISPA is the contentious bill civil liberties advocates fought last year, which would provide a poorly-defined “cybersecurity” exception to existing privacy law. CISPA offers broad immunities to companies who choose to share data with government agencies (including the private communications of users) in the name of cybersecurity. It also creates avenues for companies to share data with any federal agencies, including military intelligence agencies like the National Security Agency (NSA).

We killed CISPA once before. We will kill CISPA again. It only works if you take part.

[Read more…]

Worst Password List of 2012 – 123456, Jesus, and Ninja

October 24, 2012 by Paul Spoerry Leave a Comment

Despite many high profile breaches Internet users are still using most of the same weak password reported to be in use last year. Using files containing millions of stolen passwords that were posted online by hackers, SplashData compiled 2012’s ’25 Worst Passwords of the Year’. Most of the regular entries were represented but ‘Jesus’, ‘ninja’, and ‘welcome’ moved into the top 25.

[Read more…]

Google Authenticator Makes 2-step Verification Even Easier

September 28, 2012 by Paul Spoerry 1 Comment

Google Authenticator was updated today with the ability to turn on two-step authentication without having to scan a QR code or re-enter your password on the device. You have no more excuses for not using 2-step verification. [Read more…]