Apple to fix iPhone Charging Hack

We are happy to report that Apple is working on fixing the issue that allows people to hack while you charge.

Apple’s next software update for its iPhones and iPads will fix a security flaw that allows hackers to engage in spying and cyber crimes when the victim connects the device to a fake charging station, the company said on Wednesday.

Apple’s devices are vulnerable to attacks until the company releases its iOS 7 software update, which is slated for this fall.

Three computer scientists (Billy Lau, a research scientist at the Georgia Institute of Technology, and graduate students Yeongjin Jang and Chengyu Song.), who alerted Apple to the problem earlier this year, demonstrated the security vulnerability at the Black Hat hacking convention in Las Vegas on Wednesday where some 7,000 security professionals are learning about the latest threats posed by computer hacking.

Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.

“We would like to thank the researchers for their valuable input,” Apple spokesman Tom Neumayr said.

Source

Hacking takes it to phones and SIM Cards have fallen

With all the malware and bad stuff your phone is susceptible to and the snoops that carriers have turned on there was one thing that was still virgin about your phone and that has fallen to evil.

German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud all in just three years of research.

Nohl, who will be presenting his findings at the Black Hat security conference in Las Vegas on July 31, says his is the first hack of its kind in a decade, and comes after he and his team tested close to 1,000 SIM cards for vulnerabilities, exploited by simply sending a hidden SMS. The two-part flaw, based on an old security standard and badly configured code, could allow hackers to remotely infect a SIM with a virus that sends premium text messages (draining a mobile phone bill), surreptitiously re-direct and record calls, and — with the right combination of bugs — carry out payment system fraud.

Complete Story

 

Creating a secure password

You should follow these guidelines any time you need to set up a new password. No matter how trivial or irrelevant it may seem, the need for a secure password is always of high importance.

Requirements

  • Your password must be at minimum 7 characters and must include at lease three characters from the groups below.
    • Lowercase letters – a, b, c,
    • Uppercase letters – A, B, C,
    • Numerals – 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
    • Non-alphanumeric (symbols) – ( ) ` ~ ! @ # $ % ^ & * - + = | \ { } [ ] : ; " ' < > , . ? /
  • Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess.
  • Must not be based on dictionary words
  • Do not use your birth date, SSN, pets name, child’s name or other words that can be easily guessed.
  • Do not keep you password written on a piece of paper under your keyboard, on your monitor or in your drawer. A good hacker can find clues that will eventually lead to him/her breaking most passwords within 5 feet of the computer.
  • Do not share your password with others. Everyone should be issued a password and should be using their own.
  • We strongly suggest using one password per site you have an account on, DO NOT reuse passwords. This is the #1 weakness with passwords.

Examples of Bad Passwords

johnd, dnhoj, johndjohnd, JOHND, ABC123D, The Close, 0123456789, xxxxxx, mouse, truck, lorry, me, you

Examples of Good Passwords

w@Ter55h00t, Si11yb0y

Using a Linux Command Line to auto generate passwords

If you are good at remembering passwords and have access to a Linux machine, you can use a command line utility called pwgen. You can specify the length of the password and the number of passwords you want to generate.

You can install it by typing:

sudo apt-get install pwgen

To generate passwords you type pwgen -y

pwgen -y 15 8

Which will generate 8 15 character passwords like:

eileiShookei@k1 heh)ee1Iofohs3p ueSh"i4rohw"e8v Yahqu;iecie9Thu Ieghus}oo$rua2B eeshoagh0veeR_i laic2oNei8Ae%tu fer&ah9PiShee]S
  • You can check your password here

For WiFi passwords, we suggest using a 64 character one with WPA2, something like:

Ooze6ophai'gh4Chahmo-Mapoh>ng0eeyoosh0soo>g8eerao~l*eide1iex1aex

Time To Crack:
58 quinquatrigintillion years

How do I remember all my passwords?

I use LastPass password manager…. It generates secure passwords and stores them for you so you don’t need to remember but one password, the master one..