security researcher
Latest
Over 267 million Facebook users reportedly had data exposed online
More than 267 million Facebook users allegedly had their user IDs, phone numbers and names exposed online, according to a report from Comparitech and security researcher Bob Diachenko. That info was found in a database that could be accessed without a password or any other authentication, and the researchers believe it was gathered as part of an illegal scraping operation or Facebook API abuse.
Iowa asked researchers to break into a courthouse, then it arrested them
Ransomware attacks have cost cities like Atlanta and Baltimore millions of dollars and made it clear that state and municipal governments need to protect themselves against cyberthreats. With that in mind, the state of Iowa hired cybersecurity firm Coalfire to conduct a penetration test. The state asked the company to try to break into servers and physical buildings to see if it could gain access to sensitive data or equipment. When two Coalfire employees successfully broke into one Iowa courthouse, they were arrested, and the charges have not yet been dropped.
iPhone exploit could allow permanent jailbreak for millions of devices
Jailbreaks seemed to be a thing of the past, but last month, a security research released the first free, public iPhone jailbreak in years. Now, another security researcher has discovered an exploit that could make it possible to permanently jailbreak any iPhone from the 2011 4S to the 2017 iPhone X and 8/Plus.
Hackers make jailbreaking iPhones a thing again
In the iPhone's early days, hackers would "jailbreak" the iPhone in order to install third-party apps that weren't available through the App Store. It's been a while since anyone seriously needed to jailbreak their iPhone, as there are plenty of apps and more customizable operating systems to choose from. But this weekend, hackers dusted off their jailbreaking skills when a vulnerability was discovered in iOS 12.4. Security researcher Pwn20wnd released the first free public jailbreak for a fully updated iPhone in years.
Charlie Miller's latest iOS hack gets into the App Store, gets him tossed out (video)
This isn't the first brush Apple's iOS platform has had with apps that exploit security holes to run unsigned code, but according to the developer of InstaStock, this may be the first to get a security researcher booted from its developer program. Charlie Miller shared his discovery with Forbes earlier today, showing off an app which successfully made it through Apple's approval process despite packing the ability to download and run unsigned code. That could allow a malicious app to access user data or activate hardware features remotely. Apple pulled the app after the findings were published, and according to Miller, revoked his developer access shortly afterward for what seems to be a clear violation of the guidelines. He told CNET that he alerted Apple to the exploit three weeks ago, however it's unknown whether or not a fix for the problem is included in the new 5.0.1 version of iOS that's currently in testing. He'll be explaining his method in more detail next week at SysCan, but until the hole is confirmed closed we'd probably keep a tight leash on our app store browsing. [Thanks to everyone who sent this in]
Charlie Miller discusses iOS security and MacBook battery hacking with Tom's Hardware
Charlie Miller is a household name for those interested in Mac and iOS security. He was the first to hack the iPhone back in 2007, is a Pwn2Own veteran, and recently uncovered a battery firmware hack he'll discuss at the upcoming Black Hat 2011 Conference. Miller recently sat down with Tom's Hardware and talked about security, cloud computing, hardware hacks and more. It's a six-page interview, so get a hot cup of coffee, lean back in that lounger and prepare for a nice long read.
