Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×

Submission + - 'Extremely critical' OS X keychain vulnerability steals passwords via SMS-> 1

Mark Wilson writes: Two security researchers have discovered a serious vulnerability in OS X that could allow an attacker to steal passwords and other credentials in an almost invisible way. Antoine Vincent Jebara and Raja Rahbani — two of the team behind the myki identity management security software — found that a series of terminal commands can be used to extract a range of stored credentials.

What is particularly worrying about the vulnerability is that it requires virtually no interaction from the victim; simulated mouse clicks can be used to click on hidden buttons to grant permission to access the keychain. Apple has been informed of the issue, but a fix is yet to be issued. The attack, known as brokenchain, is disturbingly easy to execute.

Link to Original Source

Comment Courts are... (Score 1) 456

Too many forget that courts are a contest between "story tellers" arbitrated
by compliance to rules but not facts.

Some of us watch fictional movies and suspend normal belief systems
to allow the story to unfold without distraction.

This suspension of disbelief is critical. If you disbelieve because one fact fails
and that fact cracks the illusion for you the show or book can bomb (if it does not
fit you must acquit' ).

Some communities are so imbued with a point of view that nothing cracks the bias or fiction.
This can be very polarizing and can cause civil unrest or be the anchor for humor.

Consider HC and her email server. For some no story or fact can crack the POV that she is
smarmy. Same for BO, Same for ....
This is sadly what we are seeing now... we are being subjected to the setup for a punch line.

Watch out for the ad hominem attacks and other attempts to crack the story being told
by the other side.

Courts are the worst context to discover science.

Comment Re: What does Science have to say about this? (Score 1) 587

I was able to light my grandparents well water coming out of the tap 40 years ago. This isn't new.

Correct.... not new.
The fracking issue mostly is simply some historic issue looking for deep pockets to dig into.
Energy companies drilling for oil and mining coal.
Attorneys looking for deep pockets to dig money out of.

I said mostly... there are some troubles in paradise but fracking is not the issue
to pay attention to.

Comment Re:What does Science have to say about this? (Score 1) 587

The most serious conundrum is RF is so ubiquitous that litigation of and changes in the school
will not solve this if it was real. All the new phones worthy of buying have dual band WIFI hardware, bluetooth,
and a gazillion cell service bands.

Unknown and rejected by the tinfoil hats is the reality that more and closser Cell, WiFi towers and
routers is the only way to enable dynamic systems to operate at lower power levels. The further
away a modern router is the more power a phone or laptop must use to hold up the near end
of transmission pair.

WiFi inside of aircraft... WiFi in coffee shops, WiFi in grocery stores so the stock clerks can
scan and check a gazillon items an hour and via wifi send the data back to the home office three
time zones away. WiFi in an aircraft is interesting... the aircraft would reflect in inside the cabin
and even at low antenna power the RF noise could be a thing.

My guess is the parents of this child put their cell phone in the kids stroller...
and continue to use their devices in the automobile and more.

I would love this to go to court and the judge slam the heck out of the first plaintiff attorney
that flips open a laptop and connect to the courthouse WiFi in the presence of the child.

If their child has a true problem and they have not moved to one of the rare almost RF free
locations the parents need to be relieved of the child by child protective services.

I worry about this too but the risk of a broken leg after tripping over yet another wire
is a bigger risk AFAICT.

Comment Re:Very sad - but let's get legislation in place N (Score 1) 706

not changing anything about how corporations have to secure data, or even (god forbid!) be punished for having sloppy security.

And why should it? For the sake of argument do you think the government should tell you that you MUST install a home security system, ................... .

This is almost interesting -- if we look at the Pile of Stuff that is WindowZ the need to install patches is astounding. The need to run an anti virus add on is too obvious.
One dog in the yard called Windows 10 may act like a government forcing a home security update process on ya.
We can debate what could go wrong but for the vast farms of attack bots assembled around the globe and under
control of random bad and "good" guys the move we are seeing with Windows 10 may help.

Nothing keeps companies and agencies like the State Department from doing bad things. There is a hook to allow
a company to take charge of the update flow....

But yes, we are mandating health care in the US and via proxy software vaccinations.

Comment Udderly offensive. (Score 1) 1

This is udderly offensive.
Ya know that such ridiculous actions cut both ways.
Milk adulterated with vit-D should be marked as adulterated.

I am a fan of adding Vit-D but truth in marking counts and calling
milk from a cow with no added substances imitation is folly.

Kafka... is giggling.

Comment At one instant the no fly list was... (Score 1) 264

At one instant in time the no fly list was intended to be a list of
people that posed a risk while flying.

Now it is a list to restrict the free movement of individuals.

Persons that pose a national security risk do so sitting at home.
I am not sure this list continues to provide a service. It does
deny components of life, liberty and the pursuit of happyness.
It does so without due process...

Comment Re:automatically install firmware updates (Score 1) 278

I guess nothing would go wrong with "automatically installing firmware updates".

Well we know the folly of letting customers update firmware and pass words.

I almost dislike this but the more I learn about flaws and blunders hidden in
routers and other devices the more I lean to the update me camp.

I would like a hardware gate that gives me absolute control
but a handful of security folk at Google do have a clue and
do take security seriously.

One might ask why Google security gets the attention and the budget they have -- well
they have a lot of value in the data they collect and own. That valued data is their business and
they are serious about protecting the business they are in.

I have been shopping for a new generation router... I will have to see what this one brings.
The price is higher than I want but I will still look hard at this. I have decent hardware now
so I can watch and evaluate the reviews.

Comment Nice... which TLA wanted this... (Score 2) 294

Simply hovering --
Now my system will connect to things I would elect to not connect to.
It is clear that network connections and data in a cache are no
longer valid in a court of law.

With such a feature there is no reasonable expectation that anyone
looked at or was in fact interested in anything.
The good news is web sites that count will see their hit count
jump for joy... Ponder an email with

Comment Re:What is old is new again (Score 1) 220

Perhaps millions of compromised systems will be recovered.

And update servers will be compromised...

Valid concern...
Of interest to some might be the p2p bandwidth enhancements.
If MS got the digital signature technology correct MS will be able to
push patches out quick enough that zero day exploits will be less
and less an issue. By the time hackers can run differences and discover the
bug to exploit vastly more machines will be updated.

Skepticism applies but it appears that they have a plan.
Last year there was no visibility of a plan.

Now off to shop for a better firewall... I want gig in and gig out
and low cost.

Comment Re:What is old is new again (Score 4, Interesting) 220

Look up "letters of marque and reprisal", and perhaps "privateering", too.

Yes and look deeper at history to see how badly that turned out. Law outside of the
law is not a solution.

The one missing executive order that could help internet security is that
all federal TLA class agencies report defects to vendors. Some will elect
to use a proxy... but defects are serious trouble and need to be squashed.

Follow that with failure to act legislation...

Of all the parts in Windows 10 the update policy may prove to be the
most important policy decision they made. Because the update is free
to the globe many bot systems will be eliminated. Perhaps millions of
compromised systems will be recovered.

Comment It challenges all P2P filters. (Score 2) 5

This move challenges all P2P ISP filters.
It does allow vastly faster downloads than almost any other solution
as Bit-torrent users already know.

Torrents and meshes are the best way to improve the service bandwidth
on the world wide web and also side step ISP centralization. P2P is seen
by many as subversive... now it is main stream.

"More software projects have gone awry for lack of calendar time than for all other causes combined." -- Fred Brooks, Jr., _The Mythical Man Month_