Apple is keeping typically tight-lipped about a remote code execution vulnerability it patched in its AirPort router firmware.
Last night, Apple released an advisory warning users of the AirPort Express, AirPort Extreme and AirPort Time Capsule base stations that a new firmware was available—AirPort Base Station Firmware Update 7.6.7 and 7.7.7—and should be applied immediately.
“A memory corruption issue existed in DNS data parsing,” Apple’s advisory reads. “This issue was addressed through improved bounds checking.”
In the movie Sneakers, a motley gang of security experts chase after a little black box that can crack any form of encryption. Though the idea of a digital skeleton key may seem like the stuff of Hollywood thrillers, there are researchers at the University of Michigan who've recently created just that. They've built a stealthy hardware back door that can be inserted into the blueprints of a computer chip to give intruders complete access to a system after executing an obscure series of commands.
Consider the implications: This kind of low-level attack is extremely difficult to detect and even more challenging to defend against. If a small group of university professors can successfully cook up their own little black box, imagine what an intelligence service with federal backing can do. William Binney, the National Security Agency's (NSA) former technical leader for intelligence, claims that with the NSA's budget of over $10 billion a year, "they have more resources to acquire your data than you can ever hope to defend against."
But it's not just the government that's watching us. IBM recently filed a patent for "monitoring individuals using distributed data sources," a stark reminder that much of what people do with their mobile devices is scooped up and stored in corporate data silos for later analysis. It's an inconvenient fact that Silicon Valley prefers to drown out with marketing pitches.
Citrix Systems is forcing all its GoToMyPC remote desktop access service customers to reset their passwords because of a “very sophisticated attack” that targeted the service over the weekend.
John Bennett, product line director for Citrix said the attack was a result of leaked passwords from other accounts used to crack open existing GoToMyPC accounts.
“Citrix can confirm the recent incident was a password reuse attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users,” Bennett told Threatpost in an email statement.
It's no big secret that Google's Chrome browser is a bit of a battery hog. The native browsers on both Windows and macOS (Edge and Safari) are widely reported to outlast Google's offering. In its latest campaign, Microsoft is quantifying this difference: in a test that cycles through some common sites including Facebook, YouTube, Wikipedia, and Amazon, Microsoft's latest browser lasted 7 hours and 22 minutes on a Surface Book system. Chrome lasted just 4 hours and 19 minutes.
Between these extremes were Firefox, at 5 hours and 9 minutes, and Opera in battery-saving mode, at 6 hours and 18 minutes.
Microsoft has gone a step beyond just measuring how long each system runs by measuring the power draw of the Wi-Fi, CPU, and GPU during its test workload. A task that drew 2.1W in Edge pulled 2.8W in Chrome, 3.1W in Opera, and 3.2W in Firefox. This lower draw translates to the longer battery life.
Backdoors into encrypted communications may soon be mandatory in Russia.
A new bill in the Russian Duma, the country's lower legislative house, proposes to make cryptographic backdoors mandatory in all messaging apps in the country so the Federal Security Service—the successor to the KGB—can obtain special access to all communications within the country.
Apps like WhatsApp, Viber, and Telegram, all of which offer varying levels of encrypted security for messages, are specifically targeted in the "anti-terrorism" bill, according to Russian-language media. Fines for offending companies could reach 1 million rubles or about $15,000.