Subscribe to:

Subscribe to :: ::

Is The iPhone 5c Doing Well?

October 11, 2013 by  
Filed under Mobile

Last week a number of huge US retailers slashed the price of the iPhone 5C, prompting many observers to conclude that the apologetically plastic iPhone isn’t selling well. While this might be the case, it’s not uncommon for retailers to offer discounts even on new products and it’s no indication of soft demand.

Information is still sketchy and over the past few days we’ve read a number of conflicting reports on iPhone 5C sales. According to research firm Canaccord Genuity, the iPhone 5C is doing just fine, as it’s among the top three best selling phones on all four major US networks, while the iPhone 5S tops the rankings.
However, Pacific Crest analyst Andy Hargreaves reports that the iPhone 5C is not doing well in Asia. During his tour of China, he says he saw plenty of iPhone 5C inventory, while the 5S was a bit harder to find. So far, China seems to be loving the iPhone 5S a bit more.

Over the weekend said it was seeing a lot more demand for the iPhone 5S and even the venerable 4S than the new 5C. In fact, the good old iPhone 4S outsold the 5C by 30 percent since the new phone hit the UK market last month.

We checked iPhone 5S/5C availability in Europe as well, and as far as retail goes, the iPhone 5C is a lot easier to come by. It is available in dozens of shops and e-tail outfits, whereas the 5S is almost impossible to get if you’re not going for a carrier deal. What’s more, the old iPhone 5 still appears to be selling well, so it might be dragging iPhone 5C sales down.
Still, from a business perspective Apple should have no trouble making a pretty penny on the new iPhones. Both the 5C and 5S carry a slightly lower BOM than the iPhone 5 when it launched last year and as a result Apple’s margins should go up.


Apple’s New Fingerprint Scanner Already Hacked?

September 24, 2013 by  
Filed under Mobile

A group of German hackers claimed to have successfully breached the iPhone fingerprint scanner on Sunday, just two days after Apple Inc debuted the technology that it promises will better protect devices from criminals and snoopers seeking access.

If the claim is verified, it will be embarrassing for Apple which is betting on the scanner to set its smartphone apart from new models of Samsung Electronics Co Ltd and others running the Android operating system of Google Inc.

Two prominent iPhone security experts told Reuters that they believed the German group, known as the Chaos Computing Club, or CCC, had succeeded in defeating Apple’s Touch ID, though they had not personally replicated the work.

One of them, Charlie Miller, co-author of the iOS Hacker’s Handbook, described the work as “a complete break” of Touch ID security. “It certainly opens up a new possibility for attackers.”

Apple representatives did not respond to requests for comment.

CCC, one the world’s largest and most respected hacking groups, posted a video on its website that appeared to show somebody accessing an iPhone 5S with a fabricated print. The site described how members of its biometrics team had cracked the new fingerprint reader, one of the few major high-tech features added to the latest version of the iPhone.

The group said they targeted Touch ID to knock down reports about its “marvels,” which suggested it would be difficult to crack.

“Fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints,” a hacker named Starbug was quoted as saying on the CCC’s site.

The group said it defeated Touch ID by photographing the fingerprint of an iPhone’s user, then printing it on to a transparent sheet, which it used to create a mold for a “fake finger.”

CCC said similar processes have been used to crack “the vast majority” of fingerprint sensors on the market.

“I think it’s legit,” said Dino Dai Zovi,” another co-author of the iOS Hacker’s Handbook. “The CCC doesn’t fool around or over-hype, especially when they are trying to make a political point.”

Touch ID, which was only introduced on the top-of-the-line iPhone 5S, lets users unlock their devices or make purchases on iTunes by simply pressing their finger on the home button. It uses a sapphire crystal sensor embedded in the button.

Data used for verification is encrypted and stored in a secure enclave of the phone’s A7 processor chip.

Two security experts who sponsored an impromptu competition offering cash and other prizes to the first hackers who cracked the iPhone said they had reviewed the information posted on the CCC website, but wanted more documentation.

“We are simply awaiting a full video documentation and walk through of the process that they have claimed,” said mobile security researcher Nick DePetrillo, who started the contest with another security expert, Robert Graham. “When they deliver that video we will review it.”

The two of them each put up $100 toward a prize for the contest winner, then set up a website inviting others to contribute. While the booty now includes more than $13,000 in cash, it was not clear that the CCC would receive the full payout, even if DePetrillo and Graham declared them winners.



The U.S. Is Not The Worst Cyber Snooper

June 24, 2013 by  
Filed under Around The Net

The Indian government cyber snooping program is becoming so pervasive that it makes the US Prism operation look harmless. India is giving its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls without oversight by courts or parliament, several sources said.

The excuse is that the move will help safeguard national security, because that excuse is always trotted out when governments do evil things. The Central Monitoring System (CMS) was announced in 2011 but there has been no public debate and the government has said little about how it will work or how it will ensure that the system is not abused.

The government started to quietly roll the system out state by state in April this year, according to government officials. Eventually it will be able to target any of India’s 900 million landline and mobile phone subscribers and 120 million Internet users.

Cynthia Wong, an Internet researcher at New York-based Human Rights Watch said that if India doesn’t want to look like an authoritarian regime, it needs to be transparent about who will be authorized to collect data, what data will be collected, how it will be used, and how the right to privacy will be protected.


Chinese Hackers Appear To Be At It Again

May 22, 2013 by  
Filed under Around The Net

Three months after hackers working for a cyberunit of China’s People’s Liberation Army went silent they appear to have resumed their attacks using different techniques.

The Obama administration had bet that “naming and shaming” the groups, first in industry reports and then in the Pentagon’s own detailed survey of Chinese military capabilities, might prompt China’s new leadership to crack down on the military’s team of hackers. But it appears that Unit 6139 is back in business, according to American officials and security companies.

Mandiant, a private security company that helps companies and government agencies defend themselves from hackers, said the attacks had resumed but would not identify the targets. The victims were many of the same ones the unit had attacked before. Mandiant said that the Chinese hackers had stopped their attacks after they were exposed in February and removed their spying tools from the organisations they had infiltrated.

But in the last two months, they have begun attacking the same victims from new servers and have reinserted many of the tools that enable them to seek out data without detection. The subject of Chinese attacks is expected to be a central issue in an upcoming visit to China by President Obama’s national security adviser, Thomas Donilon. However little is expected to come of it, the Chinese have always denied that they have a hacked anyone, ever.


Anonymous Went After North Korea Again

April 16, 2013 by  
Filed under Around The Net

Anonymous has restarted its attack against North Korea and once again is using a North Korean Twitter account to announce website scalps.

The Twitter account @uriminzok was the scene of announcements about the hacked websites during the last stage of Op North Korea, and reports have tipped up there again.

The first wave of attacks saw a stream of websites defaced or altered with messages or images that were very much not in favour of the latest North Korean hereditary leader, Kim Jong-un.

They were supported by a Pastebin message signed by Anonymous that called for some calming of relations between North Korea and the US, and warned of cyber attacks in retaliation.

“Citizens of North Korea, South Korea, USA, and the world. Don’t allow your governments to separate you. We are all one. We are the people. Our enemies are the dictators and regimes, our goals are freedom and peace and democracy,” read the statement. “United as one, divided by zero, we can never be defeated!”

Before the attacks restarted, the last Twitter message promised that more was to come. It said, “OpNorthKorea is still to come. Another round of attack on N.Korea will begin soon.” Anonymous began delivering on that threat in the early hours this morning.

More of North Korean websites are in our hand. They will be brought down.

— uriminzokkiri (@uriminzok) April 15, 2013

We’ve counted nine websites downed, defacements and hacks, and judging by the stream of confirmations they happened over a two hour period. No new statement has been released other than the above.…

— uriminzokkiri (@uriminzok) April 15, 2013

Downed websites include the glorious, a North Korean news destination. However, when we tried it we had intermittent access.

Last time around the Anonymous hackers had taken control of North Korea’s Flickr account. This week we found the message, “This member is no longer active on Flickr.”


Anonymous Latest CyberAttack Fails

April 10, 2013 by  
Filed under Computing

A cyberattack campaign, dubbed #OpIsrael by hacking group Anonymous failed to bring down the Israeli government websites over the weekend.

Yitzhak Ben Yisrael, of the government’s National Cyber Bureau said that while the attack did take place, it did hardly any damage. Ben Yisrael said that Anonymous lacked the skills to damage the country’s vital infrastructure. And if that was its intention, then it wouldn’t have announced the attack before hand.

“It wants to create noise in the media about issues that are close to its heart,” he said, as quoted by the Associated Press news agency.

Posters using the name of the hacking group Anonymous had warned they would launch a massive attack on Israeli sites in a strike they called #OpIsrael starting April 7. Last week, a leading hacker going by the handle of “Anon Ghost” said that “the hacking teams have decided to unite against Israel as one entity…Israel should be getting prepared to be erased from the Internet,” according to Israeli media reports.

Israel’s Bureau of Statistics was down on Sunday morning but it was unclear if it was hacked. Defense and Education Ministry as well as banks had come under attack the night before but the security shrugged it off.
Anonymous did have a crakc at the stock market website and the Finance Ministry website but no one there noticed.

Where Anonymous was successful was when it targeted small business. Some homepage messages were replaced with anti-Israel slogans, media said. Israeli hackers hit sites of radical Islamist groups and splashed them with pro-Israel messages.


Hackers Goes After Finland Over Pirate Bay

January 10, 2012 by  
Filed under Computing

Anonymous apparently has declared war on Finland after the country began blocking access to the filesharing web site Pirate Bay.

Yesterday we reported that the large Finnish ISP Elisa, had begun blocking the web site at the order of Finland’s High Court. This news was not taken well by Anonymous, which responded by hacking its ‘enemy’.

“TANGO DOWN Copyright Information & Anti-Piracy Centre In Finland | And We’ll keep it down as long as We want \o/,” wrote the Anon_Finland account on Twitter.

The cause caught the attention of the wider Anonymous hacktivist collective, and the Anonymous Finns got its support.

“Finland is apparently just begging for some sweet, sweet Anonymous action. We shall oblige them. #Elisagate ^_^” wrote Youanonnews.

Anonymous Sabu, one of the more vocal members of the group also took an interest. “Ladies and gents: today we will focus on Finland. and every country like it who has begun a campaign of censorship. First steps to Cyberwar,” he tweeted, adding, “To the Finnish government: Stop censorship or deal with the consequences.”

Elisa is appealing the decision and is calling its block a temporary one. It also said that it installed the block to avoid a fine. It added that it did not make the decision, but the High Court.


Stratfor Security Hit By Anonymous

December 29, 2011 by  
Filed under Computing

The Stratfor, security firm whose website was compromised over the weekend by members of the anarchic computer-hacking group Anonymous, has reported that victims of the attack have had their credit cards used again.

Victims of the attack, mostly employees of major companies or agencies which use Stratfor’s, learnt at Christmas that their names, addresses and credit card details had been published online. The cards were then used to make large donations to major charities.

Now it seems that Stratfor is warning that the cards were being used again if the victims complained to the press. On another webiste Anonymous used another website to mock victims who spoke to the Associated Press about their experience. Its said “We went ahead and ran up your card a bit.”

Stratfor, which is based in Texas, provides analysis that helps customers to reduce their exposure to risk. We would have thought it should have known better and failed to take basic steps to encrypt customer data.




Will Anonymous Retaliate If SOPA Is Passed?

December 23, 2011 by  
Filed under Computing

Anonymous has said it will respond if the controversial Stop Online Piracy Act (SOPA) is passed into law in the US.

The group has posted a statement in which it reiterated its attitude towards SOPA and its plans to create an internet police state.

“The goal of the so-called ‘Stop Online Piracy Act’ SOPA is to empower litigious U.S. corporations to police the internet, with the ability to act as judge, jury and executioner,” it says.

“SOPA tramples civil rights laws, fair use, freedom of press and freedom of speech. Under SOPA an average person could be arrested, fined, sued and spend time in a federal prison for so little as uploading a video to YouTube or even linking to one. This law further proves the reality of corporate rule and totalitarianism.”

The vote on SOPA has been delayed due to opposition, according to the post, and is not likely to happen until next year. However, the hacktivists suggest that it will be delayed only as long as it takes for the media to lose interest.

“In a democracy this should be enough to defeat the bill, however, in the U.S. it only means that the vote will get delayed until the media loses interest and the backing corporate lobbyists have enough time to ‘influence’ [read: bribe] the vote to their favour,” they warn.

“However, it has been clandestinely moved forward in an attempt to fast track the law under the radar of a culture drunk on materialistic obsession – as such The House Judiciary Committee is reconvening on the 21st of December. In short, we were lied to.”

The hacktivist group said that it would react to this, and react strongly. “Our reaction will not be little,” it warns.

Anonymous wants to spread awareness and increase opposition to SOPA while it is still up for debate, and called on fellow Anons are asked to carry out points of action, the first being to hack into and replace the front page of “every website we can” with a protest page.

“Encourage friends, businesses, organizations, social media to take a stand along side us in the same way,” it says. “Use/distribute the OpBlackOut material we’ve provided for this purpose, or make your own (but please try to be concise and indict SOPA specifically so the message is clear, unanimous and omnipresent). Get this image and message everywhere online. Plant the seeds of dissent where ever they can grow.”

As well as acting online, Anonymous said that supporters should physically protest through stickering and tagging billboards, signs and advertising.

“Get people talking. Put the truth not only where it can be seen, but where it cannot be avoided,” it adds. “This is something everyone can do. We are legion, this is our voice, people are listening, we will be heard.”



Hackers Break Into The US Chamber of Commerce Systems

December 21, 2011 by  
Filed under Computing

Chinese hackers have broken into the US Chamber of Commerce computer systems and gained access to information about its three million members.

According to the Wall Street Journal, people familiar with the matter said that the hackers might have broken into the business lobbying group’s network more than a year before they were discovered. The attack, which involved at least 300 email addresses, was cut off in May 2010 and quietly closed down, the paper said.

Officials think that one of the people responsible for the hack was connected to the Chinese government. The hackers stole six weeks of emails belonging to four employees who focused on Asia policy.

The Chamber moved to shut down the operation by unplugging and destroying some computers and overhauling its security system.

The group timed the clamp down for a 36-hour period over one weekend when the hackers were expected to be off duty.

Chamber staff did not report any sign of harm to the group or its members.





Romanian Hackers Charged

December 9, 2011 by  
Filed under Computing

Romanian hackers have been charged with breaking into the card processing systems of 150 Subway sandwich shops and 50 other unnamed retailers.

Wired said that hackers nicked the credit-card data of more than 80,000 customers and used the data to make millions of dollars of unauthorised purchases between 2008 until May 2011. The hackers broke into 200 point-of-sale (POS) systems in order to install a keystroke logger and other sniffing software that would steal customer credit, debit and gift-card numbers. They also placed backdoors on the systems to provide ongoing access.

They found the vulnerable POS systems by scanning on the internet for devices with remote desktop software installed on them. They then used the software to log into the targeted POS system, either by guessing the passwords or using password-cracking software programs. Adrian-Tiberiu Oprea, 27, Iulian Dolan, 27, Cezar Iulian Butu, 26, and Florin Radu, 23, were charged in the District of New Hampshire with four counts, including conspiracy to commit computer fraud, wire fraud and access device fraud.

Oprea was arrested last week in Romania and is in custody there. Dolan and Butu were arrested upon entering the U.S. last August. Coppers have not found Radu yet. Also named in the suit is Computer World, a Louisiana-based retailer, which sold and maintained Radiant’s Aloha POS system.

Apparently Computer World’s technicians installed the remote-access program PCAnywhere on the systems to allow its technicians to fix technical problems from off-site. However they forgot to secure the program or update it. The default login was “administrator” and the
password was “computer.”




Hackers Plan To Go After Fox News

November 1, 2011 by  
Filed under Computing

Anonymous plans to take out the Fox news network because of its coverage of the Wall Street Protests.

Dubbed “Operation Fox Hunt”, Anonymous announced the plans on YouTube to attack the Fox News website on the anniversary of Guy Fawkes Day. Anonymous is also planning to target former Fox News personality Glenn Beck as well as current Fox News representative Sean Hannity and Bill O’Reilly during “Operation Fox Hunt”.

Anonymous said that it has had a gutsful of “right wing conservative propaganda” and “belittling the occupiers” of the Occupy Wall Street demonstrations. Anonymous recently a distributed denial-of-service attack against the Oakland police department’s website after a 24-year-old wounded Marine home from serving two tours in Iraq was critically injured in the Occupy Oakland protest. Police allegedly threw an object that fractured the marine’s skull landing him in the hospital.

Inspiration for Anonymous members, Guy Fawkes is most commonly known as the only person to enter Parliament with an honest intention. He wanted to blow up the House of Lords on November 5 in the year 1605 as part of a Catholic uprising.




Stuxnet Computer Worm Sibling (DuQu) Is Out In The Wild

October 19, 2011 by  
Filed under Around The Net

The STUXNET computer worm that crippled an Iranian nuclear fuel plant last year now has a sibling called Duqu that’s already in place on European computers, according to a detailed report by an anonymous research lab.

The virus, named after the DQ prefix it adds to files it creates, is reportedly “very similar to Stuxnet”, according to security firm Symantec, which gained access to the report and samples of the virus. “Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose. Duqu is essentially the precursor to a future Stuxnet-like attack.”

Symantec revealed that the the Duqu virus is designed to gather industrial control system data, including keystrokes from engineers, in an effort to compile information for a possible further attack some time in the future.

The difference between Duqu and Stuxnet is that the former is mainly a remote access trojan, designed to steal information, and the virus does not self-replicate. Stuxnet, however, affects industrial control systems much more directly, so much so that it can alter their operations in an effort to cause extreme damage, which many experts believe is what happened to Iran’s nuclear fuel enrichment systems.

“The creators of Duqu had access to the source code of Stuxnet,” Symantec said, according to Reuters. It is widely believed that the US or Israel was behind development of the Stuxnet worm, which means that this could be a follow-up monitoring attempt or perhaps a response from Iran to try to find a rival target to sabotage.

The US Department of Homeland Security said that it is aware of the virus, has issued a public alert, and is working to analyze the worm.




Will Anonymous Join The Wall Street Protest?

October 4, 2011 by  
Filed under Around The Net

Anonymous has said that it is joining in the anti-Wall Street Protests in New York.

Despite low press coverage the Occupy Wall Street protests gaining traction around the US and now the hacking collective known as Anonymous issued a statement about a planned attack for the financial district. It said that it would specifically target the New York Stock Exchange on October 10 and claims to “erase” the NYSE from the Internet on that day.

Operation Invade Wall Street is likely to be a Distributed Denial of Service (DDoS) attack on the New York Stock Exchange website. The message was included in a video uploaded to YouTube that’s designed to recruit more hackers to the Operation Invade Wall Street cause.

A one-day DDoS attack would be a nuisance for the officials of the NYSE, it’s unlikely to cause any significant damage. However, there are fears that Anonymous will attack to disrupt the exchange and attempt to harm trading on October 10.

So far Anonymous targets the New York City police department which has been doing its best to kill off any good will it might have gained during September 11, by battering harmless protesters and innocent bystanders. Anonymous has released personal information in regards to the officer using the pepper spray such including his phone number, home address and names of relatives.





Hackers went after CIA, MI6 and Mossad

September 6, 2011 by  
Filed under Uncategorized

Diginotar released a list of over 500 fraudulent certificates issued by the hackers who broke into the company’s infrastructure last month. Some of them are for the domains of the CIA, Mossad and the British Secret Intelligence Service (SIS).

The Diginotar breach was discovered a week ago when a rogue * certificate issued by the certificate authority (CA) was used in attacks against Gmail users in Iran. The company admitted suffering an intrusion back in July which resulted in fraudulent certificates being issued for a number of domains.

The browser vendors reacted promptly by removing the Diginotar CA root certificate from their products, but kept the one for Diginotar’s PKIoverheid sub-CA, which was used to sign Dutch government certificates.

The investigation into the incident is ongoing, but the security lapses identified are so serious that the Dutch minister of internal affairs announced in an urgent press conference at 1:15am on Saturday that the PKIoverheid sub-CA should no longer be trusted either.

Ever since the company’s first public statement about the incident, the security community has wondered how many rogue certificates were issued and what domains were targeted. The Dutch government has now shed some light on this by releasing a list of 531 fraudulent certificates associated with Diginotar.

From the looks of it, the hackers didn’t just target big internet services from Google, Yahoo, Facebook, Microsoft, and so on, but intelligence agencies as well, with, and, allegedly being among the targeted domains.

Furthermore, the hackers tried to use their access to issue rogue root certificates for other CAs like Comodo, Equifax, Verisign and Thawte. These certificates would have allowed them to bypass security features like certificate pinning.

Certificate pinning is built into Chrome and restricts the number of CAs that can sign a certificate for a particular domain. For example, only Gmail certificates signed by a couple of CAs will be trusted by the web browser.

The hackers also managed to issue what are known as wildcard certificates for *.*.com and *.*.org. This would have allowed them to spoof any SSL-protected second-level domain under those TLDs.

They probably failed to issue certs for *.com and *.org directly due to restrictions built into the system. But even so, the *.*.com one would have allowed spoofing successfully, for example.

The implications of this attack are huge and will probably lead to changes in the way public key infrastructure (PKI) works in the long run. It’s clear at this point that the CA-based model is flawed and the compromise of a single CA can have too much of an impact on online trust.

“The attack on Diginotar doesn’t rival Stuxnet in terms of sophistication or coordination. However, the consequences of the attack on Diginotar will far outweigh those of Stuxnet. The attack on Diginotar will put cyberwar on or near the top of the political agenda of Western governments,” said Roel Schouwenberg, senior antivirus researcher at Kaspersky labs.

Mozilla has already announced that it will also remove PKIoverheid from the list of trusted certificates following the Dutch government’s assessment. It also stressed that the removal of all Diginotar root certificates is final and not temporary. Other browser vendors are taking a similar stance, so this most likely means the end for the company in the SSL CA business.

It seems that Diginotar’s biggest mistake was its failure to communicate with vendors and affected parties immediately after learning about the compromise. “The integrity of the SSL system cannot be maintained in secrecy. Incidents like this one demonstrate the need for active, immediate and comprehensive communication between CAs and software vendors to keep our collective users safe online,” said Johnathan Nightingale, Mozilla’s director of Firefox engineering.


Courtesy-TheInq by Lucian Constantin

Next Page »