Flawed visitor check-in systems let anyone steal guest logs and sneak into buildings


This post is by Zack Whittaker from iPad – TechCrunch


Click here to view on the original site: Original Post




Security researchers at IBM have found, reported and disclosed 19 vulnerabilities in five popular visitor management systems, which they say can be used to steal data about visitors — or even sneak into sensitive and off-limit areas of office buildings.

You’ve probably seen one of these visitor check-in systems — they’re often found in lobbies or reception areas of office buildings to check staff and visitors onto the work floor. Visitors check in with their name and who they’re meeting using the touch-screen display or tablet, and a name badge is either printed or issued.

But the IBM researchers say flaws in these systems provided “a false sense of security.”

The researchers examined five of the most popular systems: Lobby Track Desktop, built by Jolly Technologies, had seven vulnerabilities; eVisitorPass, recently rebranded as Threshold Security, had five vulnerabilities; EasyLobby Solo, built by HID Global, had four vulnerabilities; Envoy’s flagship Continue reading "Flawed visitor check-in systems let anyone steal guest logs and sneak into buildings"

Apple to compensate teenager who found Group FaceTime eavesdrop bug


This post is by Zack Whittaker from iPad – TechCrunch


Click here to view on the original site: Original Post




Apple has said it will compensate the teenager who first found a security bug in Group FaceTime that allowed users to eavesdrop before a call was picked up.

The bug was initially reported to Apple by 14-year-old Grant Thompson and his mother, but the family struggled getting in contact with the company before the bug was discovered elsewhere and went viral on social media.

The payout will fall under Apple’s bug bounty, which incentivizes security researchers to claim a reward for privately submitting security bugs and vulnerabilities to the company. Apple will also offer an unspecified additional gift to Thompson’s education.

“In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security, an Apple spokesperson told TechCrunch. “This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. Continue reading "Apple to compensate teenager who found Group FaceTime eavesdrop bug"

Google sat on a Chromecast bug for years, now hackers could wreak havoc


This post is by Zack Whittaker from iPad – TechCrunch


Click here to view on the original site: Original Post




Google was warned of a bug in its Chromecast media streaming stick years ago, but did not fix it. Now, hackers are exploiting the bug — and security researchers say things could get even worse.

A hacker, known as Hacker Giraffe, has become the latest person to figure out how to trick Google’s media streamer into playing any YouTube video they want — including videos that are custom-made. This time around, the hacker hijacked thousands of Chromecasts, forcing them to display a pop-up notice that’s viewable on the connected TV, warning the user that their misconfigured router is exposing their Chromecast and smart TV to hackers like himself.

Not one to waste an opportunity, the hacker also asks that you subscribe to PewDiePie, an awful internet person with a popular YouTube following. (He’s the same hacker who tricked thousands of exposed printers into printing support for PewDiePie.)

The

Continue reading "Google sat on a Chromecast bug for years, now hackers could wreak havoc"

A new ‘smart firewall’ iPhone app promises to put your privacy before profits


This post is by Zack Whittaker from iPad – TechCrunch


Click here to view on the original site: Original Post




For weeks, a small team of security researchers and developers have been putting the finishing touches on a new privacy app, which its founder says can nix some of the hidden threats that mobile users face — often without realizing.

Phones track your location, apps siphon off our data, and aggressive ads try to grab your attention. Your phone has long been a beacon of data, broadcasting to ad networks and data trackers, trying to build up profiles on you wherever you go to sell you things you’ll never want.

Will Strafach knows that all too well. A security researcher and former iPhone jailbreaker, Strafach has shifted his time digging into apps for insecure, suspicious and unethical behavior. Last year, he found AccuWeather was secretly sending precise location data without a user’s permission. And just a few months ago, he revealed a list of dozens of apps that were sneakily

Continue reading "A new ‘smart firewall’ iPhone app promises to put your privacy before profits"

Twitter now puts live broadcasts at the top of your timeline


This post is by Zack Whittaker from iPad – TechCrunch


Click here to view on the original site: Original Post




Twitter will now put live streams and broadcasts started by accounts you follow at the top of your timeline, making it easier to see what they’re doing in realtime.

In a tweet, Twitter said that that the new feature will include breaking news, personalities and sports.

The social networking giant included the new feature in its iOS and Android apps, updated this week. Among the updates, Twitter said it’s now also supporting audio-only live broadcasts, as well as through its sister broadcast service Periscope.

Last month, Twitter discontinued its app for iOS 9 and lower versions, which according to Apple’s own data still harbors some 5 percent of all iPhone and iPad users.

A new CSS-based web attack will crash and restart your iPhone


This post is by Zack Whittaker from iPad – TechCrunch


Click here to view on the original site: Original Post




A security researcher has found a new way to crash and restart any iPhone — with just a few lines of code.

Sabri Haddouche tweeted a proof-of-concept webpage with just 15 lines of code which, if visited, will crash and restart an iPhone or iPad. Those on macOS may also see Safari freeze when opening the link.

The code exploits a weakness in iOS’ web rendering engine WebKit, which Apple mandates all apps and browsers use, Haddouche told TechCrunch. He explained that nesting a ton of elements — such as <div> tags — inside a backdrop filter property in CSS, you can use up all of the device’s resources and cause a kernel panic, which shuts down and restarts the operating system to prevent damage.

“Anything that renders HTML on iOS is affected,” he said. That means anyone sending you a link on Facebook or Twitter, or if any webpage you

?
Continue reading "A new CSS-based web attack will crash and restart your iPhone"