Can iOS Activation Lock Be Bypassed?
December 7, 2016 by admin
Filed under Around The Net
Comments Off on Can iOS Activation Lock Be Bypassed?
Two researchers report that they have discovered a way to bypass the activation lock feature in iOS that’s supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner.
The first report came Sunday from an Indian security researcher named Hemanth Joseph, who started investigating possible bypasses after being confronted with a locked iPad he acquired from eBay.
The activation lock gets enabled automatically when users turn on the Find My iPhone feature via iCloud. It links the device to their Apple IDs and prevents anyone else from accessing the device without entering the associated password.
One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.
The researcher claims that, after awhile, the screen froze, and he used the iPad smart cover sold by Apple to put the tablet to sleep and then reopen it. This is supposed to restore the state of the tablet from where it was left off, in this case, loading the WPA2 screen again with the long strings of characters filled in.
“After 20-25 seconds the Add Wifi Connection screen crashed to the iPad home screen, thereby bypassing the so-called Find My iPhone Activation Lock,” he said in a blog post.
Hemanth said he reported the issue to Apple on Nov. 4, and the company is investigating it. He tested the bypass on iOS 10.1, which was released on Oct. 24.
Last week, a researcher named Benjamin Kunz Mejri, from German outfit Vulnerability Lab, posted a video showing the same bypass, but on the newer iOS 10.1.1 version.
Kunz Mejri’s method is similar and also involves overflowing the Add Wi-Fi form fields with long strings of characters but also requires rotating the tablet’s screen in order to trigger the crash after the smart cover trick.
Apple has not yet confirmed that issue and did not immediately respond to a request for comment.
Source- http://www.thegurureview.net/mobile-category/researcher-prove-ios-activation-lock-can-be-bypassed.html
Does Qualcomm Need Apple?
June 30, 2016 by admin
Filed under Computing, Smartphones
Comments Off on Does Qualcomm Need Apple?
The fanboys aka the Apple Press has been running down Qualcomm since its favourite company announced it was buying chips from Intel, but there are good reasons why the American chipmaker should not care that much.
As we have been saying for ages, Jobs’ Mob is no longer exclusively going with Qualcomm to provide modem chips for the upcoming iPhone 7. The deal, while large, is tailored for some of Apple’s partnerships. Intel gets AT&T phones and Qualcomm remains the supplier for Verizon network phones and for China.
The press has been claiming that it is terrible news for Qualcomm. But it appears Qualcomm knew it was coming and had already factored in the loss of the business into its results. The reason Qualcomm is not losing any sleep over the deal is because the most Intel is going to get is a third of the iPhone modems. This is what in financial terms is considered a “pisser” but hardly a reason to jump off any buildings over.
Other good things are happening to Qualcomm which more than balance out what has been lost to Intel. Firstly its latest Snapdragons are selling extremely well and secondly the shine is starting to go off its number one rival MediaTek.
For a while, naysayers have been predicting that MediaTek was going to sink Qualcomm. In fact there was even a suggestion that Qualcomm should get out of chipmaking and become a patent troll.
MediaTek had been luring away Qualcomm customers with cheaper chips, which combined with Apple, Samsung and Huawei making their own chips was creating a perfect storm of doom.
Now there is a suggestion that MediaTek’s growth wagon might have stalled. MediaTek’s sales fell 9.4 per cent annually last quarter to $1.7 billion. Its operating margin halved from 16 per cent last year to eight per cent. The reason was due to higher expenses across the board. This meant that its net income fell to $136 million. MediaTek is still more profitable than Qualcomm’s chipmaking division has a wafer thin 5 per cent last quarter.
Analysts expect MediaTek to post double-digit sales growth fuelled by rising demand for 4G smartphone chips in China. But its margins are also expected to keep contracting due to tough competition from Qualcomm and Spreadtrum.
Another risk for MediaTek is its dependence on China. Taiwan just got rid of the pro-unification KMT party, which controlled the presidency for the past eight years, in favour of the pro-independence DPP party.
MediaTek needs direct investments from mainland China to fight off Qualcomm, but it is finding that the Taiwanese government is blocking that sort of investment cash.
All this is giving Qualcomm a fighting chance in the area where it makes a lot of its cash. Sure its margins might be lower, but it still making more money. Enough so that it does not have to worry about losing a small about of dosh to Intel.
Courtesy-Fud
Symantec Has Some Flaws With SEP
Symantec has warned of three serious vulnerabilities in its Endpoint Protection (SEP) software, and is advising users to update their systems.
The bugs affect all builds of the 12.1 version of the SEP software, with the first two flaws allowing authorised but low privilege users of the software to gain elevated and administrative access to the management console, which can be accessed either locally or through a web-based portal.
The third bug is in the sysplant driver and enables users to bypass the SEP’s security controls and run malware and other malicious code on a targeted client machines.
“Exploitation attempts of this type generally use known methods of trust exploitation requiring enticing a currently authenticated user to access a malicious link or open a malicious document in a context such as a website or in an email,” said the security firm.
There have been no recorded exploits of the flaws, so it would appear that Symantec has squashed the bugs before they became a real-world problem for its customers.
The first two bugs were discovered by security researcher Anatoly Katyushin from rival firm Kaspersky Labs, which is a little embarrassing. Discovery of the third bug was credited to the enSilo Research Team.
Symantec advises SEP users to update their software to the 12.1 RU6 MP4 version. It also recommends that users should take precautions and restrict remote access to the management console in order to prevent hackers from attacking client systems through the web portal.
While hackers can direct sophisticated malware at even the most robustly secured systems, exploiting flaws in software offers an easier route into machines and networks, providing hackers get in before the bugs are discovered and patched.
Recent examples can be seen with the discovery of iOS malware which threatens iPhones through an Apple DRM flaw, and an error on Code.org’s website which saw the emails of its volunteers exposed.
Courtesy-TheInq
Pawn Storm Hacking Develops New Tools For Cyberespionage
Comments Off on Pawn Storm Hacking Develops New Tools For Cyberespionage
A Russian cyberespionage group known as Pawn Storm has made use of new tools in an ongoing attack campaign against defense contractors with the goal of defeating network isolation policies.
Since August, the group has been engaged in an attack campaign focused on defense contractors, according to security researchers from Kaspersky Lab.
During this operation, the group has used a new version of a backdoor program called AZZY and a new set of data-stealing modules. One of those modules monitors for USB storage devices plugged into the computer and steals files from them based on rules defined by the attackers.
The Kaspersky Lab researchers believe that this module’s goal is to defeat so-called network air gaps, network segments where sensitive data is stored and which are not connected to the Internet to limit their risk of compromise.
However, it’s fairly common for employees in organizations that use such network isolation policies to move data from air-gapped computers to their workstations using USB thumb drives.
Pawn Storm joins other sophisticated cyberespionage groups, like Equation and Flame, that are known to have used malware designed to defeat network air gaps.
“Over the last year, the Sofacy group has increased its activity almost tenfold when compared to previous years, becoming one of the most prolific, agile and dynamic threat actors in the arena,” the Kaspersky researchers said in a blog post. “This activity spiked in July 2015, when the group dropped two completely new exploits, an Office and Java zero-day.”
Source- http://www.thegurureview.net/aroundnet-category/pawn-storm-hacking-group-develops-new-tools-for-cyberespionage.html
Stagefright 2.0 Exploits Android Vulnerabilities
Comments Off on Stagefright 2.0 Exploits Android Vulnerabilities
Newly found vulnerabilities in the way Android handles media files can allow attackers to compromise devices by tricking users into visiting maliciously crafted Web pages.
The vulnerabilities can lead to remote code execution on almost all devices that run Android, starting with version 1.0 of the OS released in 2008 to the latest 5.1.1, researchers from mobile security firm Zimperium said in a report published Thursday.
The flaws are in the way Android processes the metadata of MP3 audio files and MP4 video files, and they can be exploited when the Android system or another app that relies on Android’s media libraries previews such files.
The Zimperium researchers found similar multimedia processing flaws earlier this year in an Android library called Stagefright that could have been exploited by simply sending Android devices a maliciously crafted MMS message.
Those flaws triggered a coordinated patching effort from device manufacturers that Android’s lead security engineer, Adrian Ludwig, called the “single largest unified software update in the world.” It also contributed to Google, Samsung and LG committing to monthly security updates going forward.
One of the flaws newly discovered by Zimperium is located in a core Android library called libutils and affects almost all devices running Android versions older than 5.0 (Lollipop). The vulnerability can also be exploited in Android Lollipop (5.0 – 5.1.1) by combining it with another bug found in the Stagefright library.
The Zimperium researchers refer to the new attack as Stagefright 2.0 and believe that it affects more than 1 billion devices.
Since the previous attack vector of MMS was closed in newer versions of Google Hangouts and other messaging apps after the previous Stagefright flaws were found, the most straight-forward exploitation method for the latest vulnerabilities is through Web browsers, the Zimperium researchers said.
Zimperium reported the flaws to Google on Aug. 15 and plans to release proof-of-concept exploit code once a fix is released.
That fix will come on Oct. 5 as part of the new scheduled monthly Android security update, a Google representative said.
Source-http://www.thegurureview.net/mobile-category/stagefright-2-0-exploits-android-vulnerabilities.html
PC Sales Continue The Downward Trend
Gartner is reporting the biggest slump in PC sales for almost two years. The second quarter report saw 68.4 million units shifted in the three-month period, a year-on-year reduction of 9.4 percent, and the steepest drop in seven quarters.
What’s more, the prediction is that the next quarter will see a further reduction of 4.4 percent.
It seems that the dislike of Windows 8, coupled with the impending arrival of Windows 10, has battered the sales of new PCs.
The fact that most PC users will be entitled to a free upgrade, coupled with the fact that chip and RAM technology haven’t moved on at a spectacular pace this year, has created a perfect storm among consumers who are waiting it out for their machines to be born again on 29 July (or 30, or 31, or possibly 1 August).
If you’re reading this and thinking ‘It’s just a dying market’ you’re not wrong, but you have only to look at today’s IDC figures to see that this really is made of Microsoft.
IDC is even more pessimistic than Gartner, quoting 66.1 million units, down 11.8 percent year on year.
But more importantly, when drilled down to the OEMs, you can see where the real problem lies. Apple is the only company in the top five not rooted in the Windows ecosystem.
It is also the only manufacturer to see a rise in its market share, and is now the fourth biggest vendor in the world, up 16.1 percent. Acer at number five has seen its share plummet by 25.9 percent.
Things were a bit rosier this time last year, because businesses were migrating away from Windows XP (not all of them, mind). This year, there’s no ballast and a lot of hesitation to see exactly how Windows 10 does before big orders start being deployed in enterprises.
“The price hike of PCs became more apparent in some regions due to a sharp appreciation of the US dollar against local currencies,” said Mikako Kitagawa, principal analyst at Gartner.
“The worldwide PC market experienced unusually positive desk-based growth last year due to the end of Windows XP support. After the XP impact was phased out, there have not been any major growth drivers to stimulate a PC refresh.”
IDC’s Loren Loverde, VP of worldwide PC trackers and forecasting, said: “We’re expecting the Windows 10 launch to go relatively well, though many users will opt for a free OS upgrade rather than buying a new PC.
“Competition from 2-in-1 devices and phones remains an issue, but the economic environment has had a larger impact lately, and that should stabilize or improve going forward.”
Meanwhile, Apple, despite having a tiny market share for its OS X operating system at just 7.5 percent, according to this month’s Netmarketshare figures, has managed to avoid being the winner or loser OEM by being the referee, which is a nice trick if you can do it.
Both analyst firms see the top three remaining as Lenovo, HP and Dell. Nothing to see there.
Can MB Challenge Tesla?
June 22, 2015 by admin
Filed under Around The Net
Comments Off on Can MB Challenge Tesla?
On the heels of Tesla announcing a home and commercial battery product line, Mercedes-Benz unveiled its own brand of energy storage products for those with solar systems to store surplus power.
The Mercedes-Benz energy storage plants for private use are available for order now and are expected to ship in September.
The batteries were first developed for cars, but Mercedes-Benz said the energy storage units “meet the very highest safety and quality standards” for home use.
Up to eight battery modules with an energy capacity of 2.5 kWh can be combined into an energy storage plant with a capacity of 20 kWh.
“Households with their own photovoltaic systems can thus buffer surplus solar power virtually free of any losses,” the carmaker said in a statement.
What wasn’t announced by Mercedes-Benz was information about the size of or pricing for the new batteries.
In May, Tesla announced its Powerwall batteries for home use and its Powerpack batteries for commercial use. Today, Tesla CEO Elon Musk announced his company would double the power output of the Powerwall batteries but keep their prices the same.
Tesla’s Powerwall batteries will go from having a two-kilowatt (kW) steady power output and 3.3kW peak output to a 5kW steady output and 7kW peak output, Musk said. The price of the batteries will remain the same: $3,000 for the 7kW/hour (KWh) daily cycle version and $3,500 for the 10kWh backup UPS version. Total installation cost will run around $4,000, according to Musk.
Up to nine Powerwall battery units can be daisy-chained together on a wall to provide up to 90kWh of power.
The average U.S. household uses about 20 kWh to 25 kWh of power every day, according to GTM Research.
Tesla Energy’s new commercial-grade battery is called the Powerpack, and will sell in 100kWh modules for $25,000 each. Musk said the Powerpack can scale infinitely, even powering factories and small cities.
Mercedes-Benz’s batteries, being produced by subsidiary Deutsche Accumotive, are its first industrial-scale lithium-ion units, and they’ve already been tested “on the grid,” the company said.
Symantec Uncovers Advanced Spying Malware
Comments Off on Symantec Uncovers Advanced Spying Malware
An advanced malicious software application has been discovered that since 2008 was used to spy on private companies, governments, research institutes and individuals in 10 countries, anti virus software maker Symantec Corp said in a report on Sunday.
The Mountain View, California-based maker of Norton anti virus products said its research showed that a “nation state” was likely the developer of the malware called Regin, or Backdoor. Regin, but Symantec did not identify any countries or victims.
Symantec said Regin’s design “makes it highly suited for persistent, long-term surveillance operations against targets,” and was withdrawn in 2011 but resurfaced from 2013 onward.
The malware uses several “stealth” features “and even when its presence is detected, it is very difficult to ascertain what it is doing,” according to Symantec. It said “many components of Regin remain undiscovered and additional functionality and versions may exist.”
Almost half of all infections occurred at addresses of Internet service providers, the report said. It said the targets were customers of the companies rather than the companies themselves. About 28 percent of targets were in telecoms while other victims were in the energy, airline, hospitality and research sectors, Symantec said.
Symantec described the malware as having five stages, each “hidden and encrypted, with the exception of the first stage.” It said “each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.”
Regin also uses what is called a modular approach that allows it to load custom features tailored to targets, the same method applied in other malware, such as Flamer and Weevil (The Mask), the anti virus company said. Some of its features were also similar to Duqu malware, uncovered in September 2011 and related to a computer worm called Stuxnet, discovered the previous year.
Symantec said Russia and Saudi Arabia accounted for about half of the confirmed infections of the Regin malware and the other countries were Mexico, Ireland, India, Iran,Afghanistan, Belgium, Austria and Pakistan.
MDM Coming To Office 365
November 10, 2014 by admin
Filed under Smartphones
Comments Off on MDM Coming To Office 365
Microsoft will rollout mobile device management (MDM) capabilities to Office 365 in 2015, making it easier for firms to manage corporate data across a range of mobile devices, including those running iOS and Android as well as Windows.
Microsoft unveiled the updates coming to its Office 365 cloud-delivered productivity suite in 2015 at its TechEd Europe conference.
These will enable customers to apply security policies against devices that connect to Office 365 to ensure that email and documents can be accessed only by approved devices, plus the ability to remotely wipe Office 365 data if necessary.
Julia White, Microsoft general manager for Office 365, said that the updates will enable customers to offer “conditional access” to Office documents and email, such as ensuring that any device used by employees has not been jailbroken or rooted, which could potentially pose a security risk.
Administrators will be able to set policies directly from the Office 365 administration portal, and enforce the use of a Pin to secure access to the device. Any wipe of Office 365 content will not affect the user’s personal data, White added.
These MDM features coming to Office 365 are actually powered by Microsoft’s Intune cloud-based management service and are a subset of Intune’s capabilities, the firm disclosed.
Intune itself is also getting some upgrades that will enable customers to benefit from additional security features if they also subscribe to Intune.
These will include data leak prevention measures that enable policies to be applied against managed applications, preventing users from copying and pasting data from an Office 365 app to another, for example, or copying files from Office 365 to elsewhere on the device.
While these capabilities are built in to Office 365, Microsoft will also enable this to be extended to other applications using Intune app wrapper functionality, White said.
White also confirmed that Microsoft is working on an Android version of the Office for iPad suite of mobile productivity tools that the firm announced for Apple’s tablet platform earlier this year.
Microsoft’s Office announcement comes amid speculation that the firm will release Office for Android next month.
Google Moves into Conerencing
February 18, 2014 by admin
Filed under Around The Net
Comments Off on Google Moves into Conerencing
Google Inc introduced a videoconferencing system for businesses on Thursday, the Internet search company’s latest attempt to generate revenue from corporate customers.
Google said it was partnering with Asus, Hewlett-Packard Co and Dell to offer a specialized version of its Chromebox PC that comes with videoconferencing gear, including a video camera and speakers.
The first Chromebox for meetings to be available is made by Asus and goes on sale in the U.S. on Thursday for $999, Google said. Customers can also pay a $250 annual service and management fee, though the first year is included in the product’s sales price.
The product uses Google’s free Hangouts video chat technology to connect up to 15 separate video streams from users in different locations.
The product will put Google in competition against Cisco Systems Inc and Polycom Inc, which make the video conferencing systems used by many corporations.
The world’s largest Internet search engine, Google makes the vast majority of its revenue from advertising. But Google also sells services to corporate customers, including special versions of its online apps such as email and word processing, as well as Chromebook laptops aimed at business users.