Silensec Newsletter

Top News

Another iPhone Change to Frustrate the Police

There seems to be another,significant, change with Apple's iOS which now requires a passcode before it establishes trust with another device.

In the current system, when you connect your phone to a computer, you're prompted with the question "Trust this computer?" and you can click yes or no. Now you have to enter in your passcode again.

That means if the police have an unlocked phone, they can scroll through the phone looking for things but they can't download all of the contents onto a another computer without also knowing the passcode.

This might be particularly consequential during border searches. The "border search" exception, which allows Customs and Border Protection to search anything going into the country, is a contentious issue when applied electronics.

The new iOS feature means that a Customs office can browse through a device -- a time limited exercise -- but not download the full contents.

Read more...

Optionsbleed vulnerability can cause Apache servers to leak memory data

Seurity researcher recently discovered a vulnerability, dubbed ‘Optionsbleed’ in Apache HTTP Server (httpd) that can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests.

He was analyzing HTTP methods when he noticed that requests with the OPTIONS method, which is normally used by a client to ask a server which HTTP methods it supports, were returning apparently corrupted data via the “Allow” header instead of the list of supported HTTP methods

(e.g. “Allow: GET, POST, OPTIONS, HEAD”).

Read more...

Read more...

Top News

Squeeze iPhone X to prevent theft, suggests Apple's Federighi

Craig Federighi, Apple's senior vice president of software engineering says there are two things you can do to stop nefarious actors from forcing you into FaceID.
According to Federighi, "If you don't stare at the phone, it won't unlock," & "If you grip the buttons on both sides of the phone when you hand it over, it will temporarily disable Face ID."
Clearly, iPhone X owners will have to practice their squeezing techniques.
It would be painful and costly to be held up and discover that you were squeezing it all wrong.

Read more...

Homeland Security hit with lawsuit over phone, laptop searches

The ACLU & the EFF recently sued the DHS for searching the phones and laptops of 11 plaintiffs at the US border without a warrant.

The group of plaintiffs includes 10 US citizens and one lawful permanent resident, several of whom are Muslims or people of color.

Among the group are journalists, a veteran and a NASA engineer.

All were reentering the US following business or personal travel.

Some plaintiffs had their devices confiscated for weeks or months.

None were accused of wrongdoing following the searches.

Read more...

Read more...

Top News

Equifax Hack Exposes Personal Info of 143 Million US Consumers

It's ironic-the company that offers credit monitoring and ID theft protection solutions has itself been compromised, exposing personal information of as many as 143M Americans; €”that's almost half the country.

Equifax, one of the largest credit reporting firm in the US, admitted today that it had suffered a massive data breach somewhere between mid-May and July, which was discovered on July 29.

However, it's unknown why Equifax waited 6 weeks before informing their millions of affected customers about the massive security breach.

Read more...

California Legislature Defangs Transparency Bill

The EFF has pulled its support of a state bill to strengthen the California Public Records Act.

This came about after the legislature gutted its most important reform: allowing courts to levy penalties against agencies that knowingly impede the public's right to access information.
A.B. 1479 had received near unanimous support when it was passed by the state Assembly and through the committee process in the Senate.

Read more...

Read more...

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed