A
Major Permissions Vulnerability
Found in Macs
There's
a constant debate over which
is most secure: Windows, Mac OS X, or Linux. While some have
argued
traditionally that Macs are much safer that Windows machines, that did
not
prove the case at a recent hackers' convention, where the Mac machine was
first exploited. Now a new
vulnerability has been detailed for machines
running OS X 10.4
(Tiger) and 10.5 (Leopard). By using the following
Applescript command:
osascript
-e 'tell app "ARDAgent" to do shell
script "whoami"';
The
command gives root to both
normal users and admins, assuming that they did not use fast user
switching. Of course you have to gain access to the terminal,
so a bit of social engineering
might be in order, but
this is still somewhat alarming. After all, gaining root is
the ultimate
goal of most serious attacks.
The
Thieves Among Us -- Those Who
Steal WiFi
More people "borrow" (aka steal) WiFi from their
neighbors, local business, and other sources than they would be
comfortable
admitting. In fact, over 53 percent of
people admitted, in a recent survey, to stealing
WiFi. And
stealing it is a crime. Last year a man from Cedar Springs,
Mich. was
fined $400 when a police officer spotted him pilfering someone's
wireless
connection from his car. With the struggles
of municipal WiFi, the long-promised "free"
internet, this
trend is likely to only increase. Simple configuration of
your routers
and home networks can easily prevent this, so if you don't want the
RIAA
knocking on your door, be attentive of your home networks.
Wiretapping
For Dummies
Ever
bore some curiosity as to how to wiretap someone's
phone? Or perhaps you are an innocent party, merely concerned
about your
own phone being wiretapped. Well turns out that
it’s "incredibly
easy" to set up a wiretap on your loved ones, acquaintances, and rivals
phone (though illegal of course) -- maybe that's why the NSA
and FBI are so prone to doing it! IT
Security, an
online blog, breaks down every aspect of the hows
and whys of wiretapping,
to help you watch for signs that you've been tapped.
Surprise!
Admins Snoop On You
A
new survey confirms what many users fear -- their
admins at work snoop on them.
Cyber-Ark, a security firm,
survey 300 senior IT managers. A third admitted to outright
secretly
snooping. Another 47 percent admitted to peeking at
information that was
not relevant to their role with the company.
Mark Fullbrook, Cyber-Ark's UK director states, "All you need is access
to
the right passwords or privileged accounts and you're privy to
everything
that's going on within your company."
Of course if you don't do personal business on work machines, you have
nothing
to worry about.
Sweden
Passes Law Allowing
Government To Snoop On User Traffic
Those
using Swedish internet or
routing through it beware, you are being watched. The Swedish
government passed a new surveillance law,
with a few minor
cosmetic changes. Pär Ström with The
Local, an English language
Swedish news site writes, "A monster with make-up is still a monster
and
"Swechelon", or Sweden's Echelon, must be stopped."
Unfortunately there is little hope of stopping the law now.
New
government agencies are already being created to aid in the
monitoring.
Sweden has been tightening is grip on the internet, which came into
public
notice when it leveled charges against the admins
of The
Pirate Bay, the world's largest torrent site.
With the new law on the books, and many others like it worldwide, how
does one
best protect themselves? This is the question posed, which
commenters are
seeking to answer in a lively
discussion on new aggregator Slashdot.
Internet Connected Coffee Machine Cracked To Do
Hackers Evil Bidding
Craig
Wright, a security manager with Risk Advisory Services, made a shocking
discovery.
The Jura F90 Coffee machine can be hacked by black hat users (or those
looking
to prank their friends and coworkers).
The product description sounds innocent enough, "Enable the Jura
Impressa
F90 to communicate with the Internet, via a PC. Download
parameters to
configure your espresso machine to your own personal taste.
If there's a
problem, the engineers can run diagnostic tests and advise on the
solution
without your machine ever leaving the kitchen."
Turns out that the remote access can be gained by malicious users as
well and
can be used to weaken (or strengthen) your coffee or to make a puddle
by
changing the amount of water settings. They can even break
your machine
by adding settings that don't work, making you have to take it in for
service.
However the worst (and most serious) part is that they can use the
portal to
gain access to the XP system the machine is running on at the user's
permission
level. For many users this would provide would-be hackers
with a free
pass to administrative rights.