Major Permissions Vulnerability
Found in Macs
a constant debate over which
is most secure: Windows, Mac OS X, or Linux. While some have
traditionally that Macs are much safer that Windows machines, that did
prove the case at a recent hackers' convention, where the Mac machine was
first exploited. Now a new
vulnerability has been detailed for machines
running OS X 10.4
(Tiger) and 10.5 (Leopard). By using the following
-e 'tell app "ARDAgent" to do shell
command gives root to both
normal users and admins, assuming that they did not use fast user
switching. Of course you have to gain access to the terminal,
so a bit of social engineering
might be in order, but
this is still somewhat alarming. After all, gaining root is
goal of most serious attacks.
Thieves Among Us -- Those Who
More people "borrow" (aka steal) WiFi from their
neighbors, local business, and other sources than they would be
admitting. In fact, over 53 percent of
people admitted, in a recent survey, to stealing
stealing it is a crime. Last year a man from Cedar Springs,
fined $400 when a police officer spotted him pilfering someone's
connection from his car. With the struggles
of municipal WiFi, the long-promised "free"
trend is likely to only increase. Simple configuration of
and home networks can easily prevent this, so if you don't want the
knocking on your door, be attentive of your home networks.
bore some curiosity as to how to wiretap someone's
phone? Or perhaps you are an innocent party, merely concerned
own phone being wiretapped. Well turns out that
easy" to set up a wiretap on your loved ones, acquaintances, and rivals
phone (though illegal of course) -- maybe that's why the NSA
and FBI are so prone to doing it! IT
online blog, breaks down every aspect of the hows
and whys of wiretapping,
to help you watch for signs that you've been tapped.
Admins Snoop On You
new survey confirms what many users fear -- their
admins at work snoop on them.
Cyber-Ark, a security firm,
survey 300 senior IT managers. A third admitted to outright
snooping. Another 47 percent admitted to peeking at
information that was
not relevant to their role with the company.
Mark Fullbrook, Cyber-Ark's UK director states, "All you need is access
the right passwords or privileged accounts and you're privy to
that's going on within your company."
Of course if you don't do personal business on work machines, you have
to worry about.
Passes Law Allowing
Government To Snoop On User Traffic
using Swedish internet or
routing through it beware, you are being watched. The Swedish
government passed a new surveillance law,
with a few minor
cosmetic changes. Pär Ström with The
Local, an English language
Swedish news site writes, "A monster with make-up is still a monster
"Swechelon", or Sweden's Echelon, must be stopped."
Unfortunately there is little hope of stopping the law now.
government agencies are already being created to aid in the
Sweden has been tightening is grip on the internet, which came into
notice when it leveled charges against the admins
Pirate Bay, the world's largest torrent site.
With the new law on the books, and many others like it worldwide, how
best protect themselves? This is the question posed, which
seeking to answer in a lively
discussion on new aggregator Slashdot.
Internet Connected Coffee Machine Cracked To Do
Hackers Evil Bidding
Wright, a security manager with Risk Advisory Services, made a shocking
The Jura F90 Coffee machine can be hacked by black hat users (or those
to prank their friends and coworkers).
The product description sounds innocent enough, "Enable the Jura
F90 to communicate with the Internet, via a PC. Download
configure your espresso machine to your own personal taste.
If there's a
problem, the engineers can run diagnostic tests and advise on the
without your machine ever leaving the kitchen."
Turns out that the remote access can be gained by malicious users as
can be used to weaken (or strengthen) your coffee or to make a puddle
changing the amount of water settings. They can even break
by adding settings that don't work, making you have to take it in for
However the worst (and most serious) part is that they can use the
gain access to the XP system the machine is running on at the user's
level. For many users this would provide would-be hackers
with a free
pass to administrative rights.