On April 28th, 2012 a vulnerability was discovered in TrueCaller, an iPhone application that as worldwide number search and spam filter on Apples iPhone platform. The path to rectifying this issue has reenforced doubts about Apple’s ecosystem (more on this below).
[video]
Research was released this past week of an new method attackers can use to clone the abilities of the software that RSA’s SecurID system uses to generate one-time passwords. Essentially, the threat is not new, but a proof of concept attack was released that shows how an attacker can exercise existing control over a user computer to clone the behaviour of the software despite security around the software. In essence, an attacker can get at chunks of data being returned by data protection application programing interface (DPAPI) to reverse engineer the software. This is true even when additional, optional protection called token binding is in place.
It is noted that this attack is currently limited to RSA’s soft token software found on desktop and laptop operating systems, and requires some level of control over the computer. However, given the prevalence of boy-nets and Trojan back-doors in the modern computer world, this is not the most difficult of criteria to meet. Software available for smartphones is likely similarly vulnerable but will probably require the phone to be rooted or jail-broken.
(via mydarkmood)
HijiNKS ENSUE: You Can Take The Convention Out Of The Library... -
Dallas Comic Con and I have always been at odds. I resent it for being so close to my home and yet such a poorly organized, terribly mismanaged convention, and it resents me for being alive apparently. In years past, Dallas Comic Con was held in a local library here in town. The artists alley…
Joel’s being nicer than Dallas Comic Con deserves. All the attendees were polite and I loved meeting my readers, but from a business point of view, it was abysmal. On the heavy foot traffic day my table was obscured by a line for the concession stand for four hours, easily.
DCC is a shitpile of poor planning. I won’t be back until they figure out what they’re doing. And while I’m pretty pissed about getting screwed on booth location ( seriously, DCC, that was NOT worth the price I paid), I feel bad for attendees - many of whom just seemed miserable. Also, the poor volunteers. Too few of them, and the ones they had were doing a job best handled by 5-6 people, not one volunteer.
Sometimes, I view posts like these and have an awful urge to compare the conventions discusses with Anime North. Then I get embarrassed. I get the feeling the people who organize these events specifically do so because they can never get their act together in order to go to more professional and well organized conventions. Unfortunately, that means they never really get an idea of the areas they fail in.
It then becomes a self perpetuating cycle. People who can make it to better planned events, do so, and then don’t come back. People who can’t, stay and are satisfied because they haven’t seen better. Then the attendees and the vendors who call for change quickly become a minority overwhelmed by the ego stroking platitudes of those who remain. (Yes it’s an awfully wide brush I am using here; there are exceptions as with everything.)
Tyrion, explained.
I love this picture.
[video]
(Source: animalsthatdopeoplethings)
Unwired: Twitter - 55,000+ user accounts leaked with passwords -
This morning several websites were reporting that over 55,000 twitter accounts have been compromised, and the username and passwords leaked. The accounts have been posted to PasteBin. According to AirDemon, accounts attributed to celebrities were attacked in the process.
The attack seems to have…
(Source: airdemon.net)
Unwired: Debug flag blunder exposes passwords system wide on OSX ... -
In the latest security update to OSX 10.7[.3], apple seems to have accidentally turned on a debug log function that stores it’s log outside of encrypted area. Among the various system-wide parameters logged in this file are passwords passing through the password entry subsystem, essentially most…
As an old school Macross fan, this made me smile. 30 year anniversary this year! Sorry if I just made you feel old.
Realistic Pikachus.