spoof

A French hacker is playing "tell and show" with a security flaw in iOS and how the iPhone handles SMS.

Last week, "Pod2g" released details of the vulnerability, which is still present in the latest beta of iOS 6, that could make iPhones a bit more exposed to spoofed texts or phishing scams. The missive included a plea to Apple to fix the security hole before the final release of iOS 6.

Until that happens, however, the same hacker is apparently quite happy to help others exploit the fact that iOS shows the "reply-to" … Read more

iOS 5 users, beware a security flaw in Safari that can be used to trick you into visiting potentially malicious Web sites.

Discovered earlier this month by Germany security firm MajorSecurity, the vulnerability could allow cybercriminals to spoof the URL displayed in the browser, trapping users at the wrong sites.

"The weakness is caused due to an error within the handling of URLs when using javascript's window.open() method," explained David Vieira-Kurz of MajorSecurity. "This can be exploited to potentially trick users into supplying sensitive information to a malicious Web site, because information displayed in the … Read more

The New York Times is now saying that a believed-to-be bogus e-mail that told millions of subscribers that their subscriptions had been canceled actually did come from the newspaper company. But the e-mail, which was meant for only 300 recipients, was instead sent to more than 8 million subscribers, a tweet from Amy Chozick, a media reporter for the Times states.

This morning millions of New York Times subscribers received an e-mail informing them that their subscription had been canceled and then went on to … Read more

There was a time, not that long ago, when Microsoft mastered so many different things it tried, not the least of which was the executive spoof video.

But a new video, created for a recent sales conference in Denver, shows how far the mighty have fallen. It's a remarkably unfunny production, featuring four of the company's top executives bantering on their carpool to work.

(By the afternoon, the video had been removed from Vimeo. It had been posted by the user, Buttercuts Editorial. Casey Chinn, who founded Buttercuts according to its Vimeo page, said in a telephone call … Read more

British tabloid News of the World said today it is closing down over a phone hacking scandal in which workers for the Rupert Murdoch-owned newspaper allegedly snooped on voice mail messages left on the mobile phones of murder victims, as well as celebrities, politicians, and the British royal family.

If unethical journalists can do it chances are anyone can, right?

To test my theory I called up Kevin Mitnick, who wrote about the hacking and social engineering that landed him in jail in a fascinating book coming out this summer, "Ghost in the Wires," and who serves as a security consultant, helping clients protect against privacy breaches such as this.

Phone hacking, also known as "phreaking," is easy to do, Mitnick said, adding that he could demonstrate it on my phone if I wanted proof. So I gave him permission to access my voice mail and told him my mobile phone number.

He called me right back on a conference call so I could hear what was going on. First he dialed a number to a system he uses for such demonstration purposes and entered a PIN. Then he was prompted to enter the area code and phone number that he wanted to call (mine) and the number he wanted to be identified as calling from (again mine). Next thing I know I'm listening to a voice message a friend of mine left me last night that I hadn't erased.

"See how easy it is?!" Mitnick says as my jaw drops. … Read more

I have a feeling that there will be more than one reader of these pages who will be gaming in the nude this weekend.

It is not merely that the weather has warmed up a little. It is a lifestyle choice.

I can imagine that clutching one's console wearing nothing in which it can get snagged is one of the more liberating experiences for the tense and the troubled.

So when I discovered that there were naked gaming parties in New York City, I thought to myself: Where else? Here is a place where everyone wants to expose their … Read more

Update, Wednesday at 11:45 a.m. PT: Google has issued a fix that forces the affected Google apps to connect via the secure protocol HTTPS. As long as you update your apps when the fix is pushed out, this public Wi-Fi vulnerability won't affect you. Until then, it's best to use public Wi-Fi with extreme caution or follow the instructions below.

Android phones and tablets running version 2.3.3 and earlier suffer from a calendar and contact information vulnerability on public Wi-Fi networks, according to a new report. However, there are some concrete steps you can take to protect yourself.

Here's how it works. The vulnerability is in the ClientLogin Protocol API, which streamlines how the Google app talks to Google's servers. Applications request access by sending an account name and password via secure connection, and the access is valid for up to two weeks. If the authentication is sent over unencrypted HTTP, an attacker could use network-sniffing software to steal it over a legitimate public network, or spoof the network entirely using a public network with a common name, such as "airport" or "library." While this won't work in Android 2.3.4 or above, including Honeycomb 3.0, that only covers 1 percent of in-use devices.

Of course, the safest solution is to avoid using public, unencrypted Wi-Fi networks by switching to mobile 3G and 4G networks whenever possible. But that's not always an option, especially for Wi-Fi-only tablet owners or those on tight data plans. … Read more

It's our annual scare-the-bejesus out of ourselves episode, wherein we discuss all of the scary things that were announced and demonstrated at DefCon this year. Seriously, DefCon is way past phone phreaking and seriously into national security right now. Yikes. Also, new Apple jailbreaks are available, the BlackBerry doesn't pass Middle Eastern muster, and we've got the ultimate solution to Internet privacy concerns: data locavores.

The DNSSEC initiative to embed security at the heart of the Internet by preventing URL spoofing and other attacks has passed an important milestone.

The secure domain name server (DNS) protocol DNSSEC guarantees the authenticity of the mechanism that converts human-friendly Internet addresses to the Internet Protocol numeric address system. DNSSEC--short for Domain Name System Security Extensions--uses digital signatures to assure name servers that the DNS data they receive has not been intercepted or tampered with.

The organization responsible for managing the assignment of IP addresses and domain names, ICANN, published on Thursday the root zone trust anchor. This allows … Read more