Oct. 14th, 2015

thewayne: (Cyranose)
First, if you've upgraded to the latest iOS, v9, go to Settings/Cellular, and scroll all the way down. You'll see an option called Wi-Fi Assist. You'll probably want to turn it off. Last week I received a text that I was 3/4ths through my 10 gig monthly data plan, and I couldn't remember doing anything that could account for a huge spike in my plan usage. It was quite likely this option.

Obviously this only affects iPhone users and not iPad users, though it might if you have a cellular-enabled iPad.


The next is two bona fide malware packages for iPhones from China. It involves falling for porn banner ads that add a certificate manager that bypasses Apple's heretofore strong walled garden. The interesting thing about this particular exploit was that you didn't have to had jailbroken your phone for it to be vulnerable! Phones running iOS 8.3 or older are most vulnerable.

But that's just one of the two. And if you limit your porn viewing to browser-based sites, you're probably fine.

The second one is a lot more serious: some people found a way to hack the Xcode development system which is used to write most iOS programs. The issue is mainly Chinese: because of poor international internet speeds, lots of Chinese developers download the free Xcode development system from Chinese servers rather than from Apple direct, and those copies have been subverted.

Currently the tainted applications have been purged from the app store, and Apple is setting up more servers in China to better control the distribution of the Xcode system, which will improve things.

There was little that could be done to avoid this particular attack because the apps passed inspection by Apple and were allowed in to the app store. So the normal prohibition of only installing apps from trusted sources was subverted in a very clever way, and now defenses are being ramped up to prevent a similar exploit again.

But the perpetual problem is that it's not too difficult to defend against previous attacks. It's the next attack coming that's going to get through at least once.

http://www.wired.com/2015/10/iphone-malware-hitting-china-lets-not-next/
thewayne: (Cyranose)
"I trust Bernie Sanders with my tax dollars like I trust a North Korean chef with my Labrador!"
—Mike Huckabee live-tweeting the Dem debate

Not as scary as Trump and Carson, but still up there. I can't figure if he's sincerely running or just promoting his show/book brand. At least with Bernie you know your tax dollars wouldn't be going straight to defense and rich people's tax cuts.

I've heard an interesting concept that Fox wants the Dems to win next year's election so they'll have 4 or 8 more years of bitching about the government.
thewayne: (Cyranose)
He was arrested in Italy and extradited to the US and faces up to 30 years if convicted.

He did a lot of nasty things to Krebs, perhaps the ultimate was mailing him heroin. He took up a Bitcoin collection on a cybercrime forum and bought a small quantity on the Silk Road. He apparently was unaware that Krebs and others had access to the forum and saw what was going on. Krebs contacts the authorities and told them what was about to happen, when the package arrived he called them again and they picked it up: high-grade stuff was in the package.

After his arrest, he sent a letter to Krebs apologizing for his activities and later sent a holiday postcard. Krebs thinks it might be part of a 12-step program, an early step being to apologize to those whom you've hurt.

Interesting stuff.

http://krebsonsecurity.com/2015/10/hacker-who-sent-me-heroin-faces-charges-in-u-s/

August 2025

S M T W T F S
     12
34 56789
10111213 141516
17181920212223
24252627282930
31      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 18th, 2025 05:49 am
Powered by Dreamwidth Studios