Chaos Computer Club breaks Apple TouchID

Posted in アップル, ハッキング, 指紋認証 by shiro on 2013年9月25日

Unlocking TouchID with fake fingerprint. | YouTube

Chaos Computer Club breaks Apple TouchID | CCC

Chaos Computer Club Bypasses Apple’s Touch ID System (With Copy of Original Fingerprint) | Mac Rumors

Chaos Computer Club hackers trick Apple’s TouchID security feature | Ars Technica

Here’s what you need to know about the Apple TouchID “hack” | GigaOM

@timbray Pre-Touch ID, your … | Twitter / gruber

Why I Hacked Apple’s TouchID, And Still Think It Is Awesome. | The Official Lookout Blog

Marc Rogers:

Touch ID is not a “strong” security control. It is a “convenient” security control. Today just over 50 percent of users have a PIN on their smartphones at all, and the number one reason people give for not using the PIN is that it’s inconvenient. TouchID is strong enough to protect users from casual or opportunistic attackers (with one concern I will cover later on) and it is substantially better than nothing.

On the Effective Security of Touch ID | Daring Fireball

Clearly Touch ID is better than no passcode at all — which Apple claims is how the majority of iPhone users (and smartphone owners in general) have their devices configured. Further, I think it’s better than a 4-digit PIN. It seems far easier to me to spy on someone entering their PIN than it would be to capture a high-resolution fingerprint (from their correct finger) and reproduce it in way that works to fool Touch ID.

(The new lock screen PIN entry UI in iOS 7 might even make it easier than before to snoop someone’s PIN.)

Bypassing TouchID was “no challenge at all,” hacker tells Ars | Ars Technica

iPhone Super-Hacker Comex, Let Go From Apple, Goes To Work For Google

Posted in ひと, アップル, ハッキング by shiro on 2013年4月25日

The near impossible battle against hackers everywhere

Posted in サイバー攻撃, セキュリティ, ハッキング by shiro on 2013年2月25日
Tagged with: ,

Microsoft hacked

Posted in サイバー攻撃, ハッキング by shiro on 2013年2月23日


Microsoft hacked | The Loop

The world’s largest software company said the security intrusion was “similar” to recent ones reported by Apple Inc (NSQ:AAPL) and Facebook Inc (FB.O).

Recent Cyberattacks | MSRC

Microsoft suffers from same hacking attack as Apple, Facebook, small number of computers infected | The Next Web

Tagged with: , ,

We’ve been hacked

Posted in サイバー攻撃, ハッキング by shiro on 2013年2月23日


Posted in アップル, ハッキング by shiro on 2013年2月20日


One Site May Be Responsible for Recent Hacks | AllThingsD

The site is called iPhonedevSdk, according to sources close to the Facebook hacking investigation. After Facebook employees visited the mobile development site in recent weeks, malicious code injected into the HTML of the site used an exploit in Oracle’s Java plugin to infect employee laptops, as the company divulged last Friday. […]

Of note: Do not visit this site, as it may continue to be compromised. While it’s potentially risky to publicize the web site, AllThingsD is providing the name to inform readers, mobile developers and organizations interested in mobile development in order to keep them from becoming infected.

iPhoneDevSDK | Daring Fireball

Malware Attack on Apple Said to Come From Eastern Europe | Bloomberg

Facebook, Apple employees likely visited iPhoneDevSDK, where their computers were compromised by Java exploit | The Next Web

Facebook, Apple employee Java exploits were reportedly from visiting iPhoneDevSDK |

After hack, Apple releases Java security update for Mac users | 9to5Mac

ハッカー攻撃を受けたアップル | maclalala2

Dev site behind Apple, Facebook hacks didn’t know it was booby-trapped | Ars Technica

iPhoneDevSDK — the site apparently responsible for the hacks at Facebook, Apple, and Twitter — says it was not aware it was being used to attack visitors until it read press reports this week. In a news post (do not click if you’re wary of security breaches) on Wednesday, site admins said they had no knowledge of the breach and were not contacted by any of the affected companies. Though, iPhoneDevSDK is now working with Facebook’s security team in order to share information about what happened.

iPhoneDevSDK Admins Didn’t Know Site Was Booby-Trapped | Daring Fireball

《Update:ワナが仕掛けられたことを知らなかった管理人》 | maclalala2

Apple attacked by hackers

Posted in アップル, ハッキング by shiro on 2013年2月20日

The Apple logo hangs in a glass enclosure above the 5th Ave Apple Store in New York

Exclusive: Apple, Macs hit by hackers who targeted Facebook | Reuters

Apple, which is working with law enforcement to track down the hackers, told Reuters that only a small number of its employees’ Macintosh computers were breached, but “there was no evidence that any data left Apple.”

The iPhone and iPad maker said it would release a software tool later on Tuesday to protect customers against the malicious software used in the attacks.

Reuters: Apple Hit by Hackers Who Targeted Facebook Last Week | Daring Fireball

Apple attacked by hackers | The Loop

Apple comments on hacker attack | The Loop

Apple confirms cyber attack, releases Java update and malware removal tool | Macworld

Java for Mac OS X 10.6 Update 13 | Apple

ハッカー攻撃を受けたアップル | maclalala2

Unit 61398: The Computer-Hacking Division of China’s Military

Posted in セキュリティ, ハッキング, 中国 by shiro on 2013年2月20日


China’s Army Is Seen as Tied to Hacking Against U.S. |

An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.

“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”

Chinese cyber-attacks: Hello, Unit 61398 | The Economist

China Lashes Back at Hacking Claims |

Unit 61398: The Computer-Hacking Division of China’s Military | Daring Fireball

US prepares economic countermeasures in light of recent cyberattacks | The Verge

Mandiant: Chinese Military Unit Behind Sustained Cyber Attacks |

米へのサイバー攻撃、「中国軍が黒幕」=米セキュリティー会社 | 大紀元

Twitter Got Hacked. Expect More Companies to Follow.

Posted in セキュリティ, ハッキング by shiro on 2013年2月3日


Twitter Got Hacked. Expect More Companies to Follow. | AllThingsD

“Who’s next?” you may be thinking. But the question to ask isn’t “Who’s next?” The question is, “Who will admit it next?”

Or even scarier: Perhaps these companies aren’t aware they’ve been hacked in the first place.

“I truly believe we’re going to see quite a bit more of these annoucements as companies start to get smarter and look more closely at their systems,” Soltani said. “It’s not a matter of whether or not you’ve been compromised. It’s whether you have the expertise to tell.”

Even the New York Times wasn’t aware of hacks that had occurred on its network for months on end; the company’s security software, provided by Symantec, failed to identify all but one of the 45 separate pieces of custom malicious software over a period of three months.

Anonymous posts over 4000 U.S. bank executive credentials | ZDNet

ツイッターの攻撃も中国なの?:NYT, WSJ, Post and Twitter? US Media under Attack from Chinese Hackers | Long Tail World

Tagged with: , , ,