Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Submission + - Apples Fixes Three Zero Days Used in Government Targeted Attack

Submitted by Trailrunner7
Trailrunner7 writes: Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone.

The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix them. The attack that set off the investigation into the vulnerabilities targeted Ahmed Mansoor, an activist living in the UAE. Earlier this month, he received a text message that included a link to what was supposedly new information on human rights abuses. Suspicious, Manor forwarded the link to researchers at the University of Toronto’s Citizen Lab, who recognized what they were looking at.

“On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based ‘cyber war’ company that sells Pegasus, a government-exclusive “lawful intercept” spyware product,” Citizen Lab said in a new report on the attack and iOS flaws.

Comment Re:What the frack (Score 1) 350

by pdclarry (#50755013) Attached to: Naval Academy Reinstates Teaching of Celestial Navigation

US Navy ships (and most commercial ships) have multiple backup systems. One is the shipboard inertial navigation system (SINS), which is entirely self contained once you tell it your current location. It is accurate enough to find Tokyo after leaving San Francisco if you lost GPS, LORAN and all other forms of electronic navigation. I recall reading that the current generation would be off by no more than a mile on this voyage. Since the 1940's there is the DRT (Ded Reckoning Tracer) [No, "ded" is not misspelled - it is a shortening of "deductive"]. This device was on US Navy ships during WW II; like SINS it needs a starting location, but it then monitors ship's motion to project the course on a chart. It is still carried as backup. The "ded reckoning" part is because it cannot account for currents, so errors will accumulate, and it needs to be recalibrated using either landmarks or celestial navigation. It also needs to be recalibrated when you go off the edge of the current map. There are also classified VLF systems, used mostly by submarines. The point is any military service needs multiple backups. In spite of sophisticated telephone and data systems on modern ships, they all still have point-to-point sound powered phones and voice tubes.

Comment Re:Dear Crystal author..... (Score 1) 229

by pdclarry (#50593717) Attached to: iOS Ad Blocker "Crystal" Will Let Companies Pay To Show You Ads

I guess we will have to write apps that modify the userAgent string. I assume there is a way to do that in ios...I don't develop for ios since I am a cheap bastard who doesn't want to pay for their developer license and tools.

You can't modify the userAgent string in the built-in Safari. But there are several browser apps in the App Store that give you control over it. The only issue is that Safari is always the default browser if you click on a link in an app, email or text.

Comment Re:Must be nice... (Score 1) 229

by pdclarry (#50593347) Attached to: iOS Ad Blocker "Crystal" Will Let Companies Pay To Show You Ads

I'd rather think of them as the arms dealer who sells to both sides.

Good analogy. Time to see or re-read George Bernard Shaw's "Major Barbara."

Except it's selling to all three sides. The consumer. The advertizer. The cellular carrier you pay for the bandwidth to download the ads. It's as bad as paying for incoming calls on a cell phone.

Submission + - Crystal ad blocker for iOS 9 will unblock for a fee

Submitted by pdclarry
pdclarry writes: Apple's iOS 9 now supports ad blockers. The most popular of these, Peace, was withdrawn after only a couple of days because the developer thought "it just doesn't feel good." Crystal then quickly rose to the top of the heap. But the developer of Crystal has announced that it will allow "acceptable ads" — for a fee from the advertiser. Crystal is a paid app; so you can now pay for the privilege of seeing ads. (In addition to paying for the bandwidth used by those ads.) The Awl asks Does Your Adblocker Think You're a Moron?

Comment Re:Uh, okay (Score 1) 142

by pdclarry (#50515879) Attached to: Ex-Ashley Madison CTO Threatens Libel Suit Against Journalist

Maybe he's hoping the emails would be inadmissible in court because they were stolen, and possibly also intending to claim that they might have been tampered with or falsified. I don't like his chances of making that work, but that's the play, isn't it? Deny everything, speak to your lawyer, consider your options.

The problem is that in the lawyer letter he acknowledges sending the email. Not the brightest lawyer in the world.

Submission + - Ashley-Madison cheater's site data purportedly published online

Submitted by pdclarry
pdclarry writes: Arstechnica reports that 10 GB of data stolen from AshleyMadison.com has been published online. The dump contains files with titles including "aminno_member_dump.gz," "aminno_member_email.dump.gz," "CreditCardTransactions7z," and "member_details.dump.gz," an indication that the download could contain highly personal details.

Assuming the download turns out to be authentic, people should remember that it was possible for anyone to create an account using the name and e-mail address of other individuals. That means an entry for a given individual doesn't automatically prove the person was behind it. Still, it would be harder for hoaxters to falsify credit card transactions and member profiles. As a result, the data could prove devastating if used by divorce attorneys, blackmailers, and others.

Submission + - Mobile Spy Software Maker mSpy Hacked, Customer Data Leaked

Submitted by pdclarry
pdclarry writes: mSpy sells a software-as-a-service package that claims to allow you to spy on iPhones. It is used by ~2 million people to spy on their children, partners, Exes, etc. The information gleaned is stored on mSpy's servers. Brian Krebs reports that mSpy has been hacked and their entire database of several hundred GB of their customer's data has been posted on the Dark Web. The trove includes Apple IDs and passwords, as well as the complete contents of phones that have mSpy installed. So much for keeping your children safe.

Submission + - Comcast & Time Warner merger died

Submitted by andyring
andyring writes: According to Bloomberg News, the Time Warner/Comcast merger of raw evil is dead. Comcast plans as early as tomorrow to withdraw the merger proposal, "after regulators decided that the deal wouldn’t help consumers, making approval unlikely" according to the story.

Slashdot Top Deals

Genetics explains why you look like your father, and if you don't, why you should.

Close