...and yet the government still claims it is
secure.
Aadhaar
Security Failure: Government Webpages Provide Unsecured Access To
Demographic Authentication
Aria Thaker reports:
In another exposure of Aadhaar’s cybersecurity weaknesses, over 70 subdomains under a Government of India website are providing access to demographic-authentication services without requiring identity verification from the requester. The websites allow users to access an application programming interface, or API, in which anyone can enter a person’s Aadhaar number, name, gender and date of birth, and be directed to a page that either reads “yes” or displays an error message, indicating whether or not the information corresponds to a valid entry in the Aadhaar database. Providing such unrestricted access to this API raises major concerns of privacy, and may be exploited by hackers seeking to uncover people’s Aadhaar numbers. It also violates the Aadhaar Act, the law governing India’s nationwide digital-identity programme.
Two security researchers—Srinivas Kodali and Karan Saini—independently found the vulnerability and reported it to relevant authorities.
Read more on Caravan
Magazine.
And for the time being, the hackers pull ahead.
A hacker
figured out how to brute force iPhone passcodes
A security researcher has figured out how to brute
force a passcode on any up-to-date iPhone
or iPad, bypassing the software's security mechanisms.
Since iOS 8 rolled
out in 2014, all iPhones and iPads have come with device
encryption. Often protected by a four- or six-digit passcode, a
hardware and software combination has made it nearly impossible to
break into an iPhone or iPad without cooperation from the device
owner.
And if the wrong passcode is entered too many
times, the device gets wiped.
But Matthew
Hickey, a security researcher and co-founder of cybersecurity
firm Hacker House,
found a way to bypass the 10-time limit and enter as many codes as he
wants -- even on iOS
11.3.
"An attacker just needs a turned on, locked
phone and a Lightning cable," Hickey told ZDNet.
… He explained that when an iPhone or iPad is
plugged in and a would-be-hacker sends keyboard inputs, it triggers
an interrupt request, which takes priority over anything else on the
device.
"Instead of sending passcodes one at a time
and waiting, send them all in one go," he said.
Hickey
posted a
demonstration video of his attack online.
An attacker can send all the passcodes in one go
by enumerating each code from 0000 to 9999 in one string with no
spaces.
They could probably do this faster if the used
computers.
Justin Hemmings of Alston & Bird writes:
The FBI recently published its 2017 Internet Crime Report highlighting trends and statistics compiled by the FBI’s Internet Crime Complaint Center (“IC3”) during 2017. The report compiles data from a total of 301,580 complaints which reported losses of over $1.4 billion. In addition to an explanation of the IC3’s history and operations, the report includes five “hot topics” from 2017: business email compromise (“BEC”), ransomware, tech support fraud, extortion, and the Justice Department’s Elder Justice Initiative.
Read more on Privacy
& Data Security Blog.
A glimmer of hope?
Cellphone
Tracking: A Win for Privacy Advocates!
Today, in Carpenter v. United States,
the Supreme Court ruled, in a 5-4 decision, that police need the
warrant to search your phone when digging for cellphone tracking
information.
Chief Justice John Roberts noted that a phone is
basically “a feature of human anatomy.” We’re finally
seeing this come to fruition in the court system.
… For even more details check out:
https://apnews.com/3b59408315b14893b0b26bb505ce933d
(Related) On the other hand...
The latest
Supreme Court decision is being hailed as a big victory for digital
privacy. It’s not.
… Whatever it’s other
flaws, the Roberts Court thus seems to understand electronic
privacy’s importance.
But there are a couple of
things to know before toasting the Court’s high regard for privacy
in the digital age. The Roberts Court, building on what the
preceding Rehnquist Court did, has created an infrastructure for
Fourth Amendment law that makes it exceptionally easy for police to
do a search, even when a warrant is required. The law also makes it
exceptionally difficult for citizens to obtain close judicial
oversight, even when the police have violated the Constitution. As a
result of these background rules, even a decision as seemingly
important as Carpenter is unlikely to have any dramatic
effect on police practices.
It’s not just that our
digital privacy is insufficiently protected, in other words. It’s
that our Fourth Amendment rights and remedies in general have been
eroded.
We’re on break now, so all my students should be
reading!
Global
Grey (Web): Free eBook Series and Collections
You probably know that classic books are available
for free on sites like Project
Gutenberg. But Aisha goes the extra mile. She collects some of
the best book series in collections that you’ll find easy to
download and read. Go to “Series” section on Global Grey and
you’ll get an endless reading of free ebooks in collections.
(Related) How I organize my ebooks.
Calibre might not be the most polished app in the
world, but it’s definitely the best software for managing
your ebook collection.
It ticks all the right boxes: it’s
free, there aren’t any ads, and it boasts a vast number
of powerful features.
1. Merge and Split EPUB Ebooks
3. Turn Calibre Into a Sharing Server
If several members of your household have a
Kindle, or if you own multiple Kindles, continually syncing your data
manually quickly becomes tedious.
Instead, why not turn your Calibre app into a
content server? By doing so, you can make your entire Calibre library
available on all your devices. You can even upload new content to
your Calibre library from those devices.
5. Remove DRM From Ebooks
Calibre lets your wrestle back control of your
ebooks by offering a way to remove the DRM from titles you’ve
bought from Amazon
and other online stores.
We covered the process in detail when we explained
how
to remove the DRM on every ebook you own. So we recommend reading
that article for the full scoop.
6. Automatically Download Ebook Metadata
7. Put Your Ebook Library in the Cloud
1 comment:
This is really a good source of information, I will often follow it to know more information and expand my knowledge, I think everyone should know it, thanks. Best social media hackers for hire service provider.
Post a Comment