Forgot your password?
typodupeerror

Comment: My own security award for twitter (Score 1) 63

by OneInEveryCrowd (#28906321) Attached to: Linux, Twitter, and Red Hat "Win" Big At Pwnie Awards

Earlier this week twitter advised people who had used a certain app to change their passwords because the app may have been insecure. Then I went to the update password page and noticed that the new password is passed to twitter using http, not https like they do for the regular login.

Security

Linux, Twitter, and Red Hat "Win" Big At Pwnie Awards 63

Posted by Soulskill
from the i'd-like-to-thank-the-academy dept.
hugmeplz writes "The third annual Pwnie Awards took place last night at Black Hat in Las Vegas, and a full list of the winners has been posted. 'Most Epic Fail' honors went to the notorious Twitter/Google Apps hack from earlier this month that raised all sorts of questions about cloud computing security. Red Hat got skewered with the 'Mass 0wnage' award, also known as the 'Pwnie for Breaking the Internet,' for issuing a version of OpenSSH that left a backdoor open to hackers. The Linux development team earned 'Lamest Vendor Response' recognition for 'continually assuming that all kernel memory corruption bugs are only Denial-of-Service.' Naturally, Microsoft didn't slip past judges' eyes. Its vulnerability that enabled the Conficker worm to do its thing earned honors as the 'Most Overhyped Bug.' On the more positive side, the Pwnie Awards recognized security pros Wei Yongjun, sgrakkyu, Sebastian Kramer and Bernhard Mueller for accomplishments such as discovering bugs and demonstrating exploits. The Pwnie for Best Song went to Doctor Braid for his song Nice Report. Solar Designer snagged the Lifetime Achievement Award, for among other things, being the first to demonstrate heap buffer overflow exploitation, according to the Pwnie Awards Web site."
Cellphones

Apple Says iPhone Jailbreaking Could Hurt Cell Towers 495

Posted by Soulskill
from the think-of-the-towers dept.
AHuxley writes "Apple suggests that the nation's cellphone networks could be open to 'potentially catastrophic' cyberattacks by iPhone-using hackers at home and abroad if iPhone owners are permitted to legally jailbreak their wireless devices. The Copyright Office is currently considering a request by the Electronic Frontier Foundation to legalize the widespread practice of jailbreaking. Apple has responded to the request by saying that if the 'baseband processor' software — which enables a connection to cell phone towers — is exposed, then a user could crash the tower software, or use the Exclusive Chip Identification number to make calls anonymously. Apple also thinks its closed business model is what made the iPhone a success. The Vodafone scandal from a few years back showed how a network could be compromised, but that was from within. So, what do you think? Is Apple playing the 'evil genius' hacker card or can 'anyone' with a smartphone and a genius friend pop a US cell tower?"

Good salesmen and good repairmen will never go hungry. -- R.E. Schenk

Working...