Microsoft’s monthly Patch Tuesday is upon us and this time, Windows users are in store for a much larger batch of fixes than usual. A recent post on Technet highlights the fact that tomorrow’s update will address 57 different security vulnerabilities that will require 12 individual updates to repair.
Updates this month will target a number of different applications including Windows itself, Windows Server, Exchange, Office, Internet Explorer and the .net Framework. We are told that five of the 12 patches are classified as critical in nature. This means that they will fix vulnerabilities that could allow a hacker to execute malicious code on a user’s computer.
Last Updated on Tuesday, 12 February 2013 18:03
There are two significant takeaways here: First, iOS 6 has been jailbroken — but second, and more importantly, this is the first jailbreak that works with the new Apple A6 SoC found in the iPhone 5 and iPad 4. The A6 SoC will eventually find its way into future versions of the iPad (Mini), iPhone (Lite), and iPod, meaning the Evasi0n jailbreak lays the groundwork for a few more generations of jailbroken iDevices. Viva la consumer!
As for how iOS 6 and the A6 SoC were actually jailbroken, we sadly know very little. Evad3rs, the team of (in)famous iOS hackers who created Evasi0n, refuses to give up any details, for fear that it will help Apple plug the hole. What we do know is that the Evad3rs will have found an exploit in iOS 6, and then they will have found a hole in the various layers of hardware protection provided by the A6 SoC. (See: How hackers will jailbreak the iPhone 5.) This second step was probably no mean feat, as the A6 was custom-made by Apple and quite a departure from its A5 predecessor.
Last Updated on Tuesday, 05 February 2013 13:36
Members of the loose knit hacker collective Anonymous have published a spreadsheet that claims to contain personal information on more than 4,000 US bank executives as part of an ongoing campaign called Operation Last Resort. The group’s latest efforts are designed to provoke computer crime law reform following the suicide of Internet activist Aaron Swartz last month.
Anonymous reportedly hacked into the Alabama Criminal Justice Information Center’s website over the weekend and used the site to host the spreadsheet. The document in question contains the names, phone numbers, computer login credentials and IP addresses of bank executives across the country. ZDNet says the names in the dump match those of current executives at community banks and credit unions.
Last Updated on Tuesday, 05 February 2013 13:30
Oracle has rushed out a new Java security patch designed to plug up a range of holes in the software.
The February Critical Patch Update for Java SE addresses 50 security vulnerabilities, 44 of which affect the use of Java as a plug-in for Web browers, according to an Oracle blog posted Friday. If not properly patched, the plug-in could open the door for attackers to remotely execute code on a PC or Mac by directing users to malicious Web sites.
"The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is OS-independent, makes Java an attractive target for malicious hackers," Eric Maurice, director for Oracle's Software Security Assurance, said in the blog.
Last Updated on Monday, 04 February 2013 14:25
Twitter has been hacked. If you have a Twitter account (and who doesn't these days), it's probably a good idea to make sure everything is in order and/or reset your password with something strong. Twitter says that approximately 250,000 users may have been affected by the hack, with the hackers gaining access to usernames, email addresses, session tokens and encrypted version of passwords. Not good.
Twitter discovered "unusual access patterns" this past week that led it to identify unauthorized access attempts to Twitter accounts. They shut one live attack down but discovered that around 250,000 users may have been compromised. Twitter says:
Last Updated on Sunday, 03 February 2013 10:21