Pierluigi Paganini
December 15, 2013
Researchers at Kaspersky Lab discovered Apple Safari browser stores previous secure session data unencrypted in a hidden folder. Apple’s Safari browser stores session information including authentication credentials used in previous HTTPS sessions to implement the feature “Reopen All Windows from Last Session”. Safari stores in a plain text XML file called Property list, or plist, […]
Pierluigi Paganini
December 08, 2013
NSS Labs issued the report titled “The Known Unknowns” to explain dynamics behind the market of zero-day exploits. Last week I discussed about the necessity to define a model for “cyber conflict” to qualify the principal issues related to the use of cyber tools and cyber weapons in an Information Warfare context, today I decided […]
Pierluigi Paganini
October 30, 2013
Wi-Fi HTTP Request Hijacking attack against iOS – the researchers at Skycure have demonstrated a new technique that menaces mobile users. I’m not surprised for trust given by Internet users to public Wi-Fi networks that are notoriously insecure, wrong habits on the open networks could expose our identity to serious risks, one on all the identity theft. […]
Pierluigi Paganini
October 19, 2013
Quarkslab researchers Cyril Cattiaux has revealed Apple lied when it claimed it could not intercept iMessages sent by its users. Quarkslab researchers Cyril Cattiaux revealed that it is possible to break encryption implemented in Apple’s iMessage application due the presence of a weakness in the key management process. The announcement was made during the Hack in the Box conference […]
Pierluigi Paganini
October 08, 2013
Researcher Daniel Pistelli demonstrated how to exploit Mac internally encryption mechanism to create an undetectable Mac OS X Malware. During the last couple of years the number of cyber threats that targeted Mac is increased significantly, the main reasons are the wide diffusion of Apple devices and lack of awareness of Apple users. In particular the number […]
Pierluigi Paganini
September 26, 2013
A fake Apple iMessage app for Android OS has been published on official Google Play app store for around one month and totaling at least 10000 downloads. A fake Apple iMessage app for Android platform is concerning mobile developers and security experts. The app was initially published on the Google Play store but it isn’t the Android version […]
Pierluigi Paganini
September 22, 2013
A second iOS 7 Lockscreen vulnerability has been found a few days the first one was fixed by Apple. This time attackers can makes call from a locked iPhone. A new iOS 7 Lockscreen vulnerability has been discovered, the flow allows attackers with physical access to the phone to make calls, including international calls and calls to […]
Pierluigi Paganini
August 08, 2013
Security Researcher Mohamed Osman Saeed has found a long series of critical vulnerabilities in major websites but he could not participate to any bounty program because he lives in the sanction country Sudan. Security Researcher Mohamed Osman Saeed has found a long series of vulnerabilities in major websites. He declared to have found an XSS flaw in 2 IBM Site’s ( […]
Pierluigi Paganini
July 23, 2013
After a weekend of outage and various mysterious password reset emails Apple has revealed that the iOS Developer Center was hacked. After 3 days of absolute silence of the voice of a possible hack to the IOS Developer Center, Apple has just confirmed that it was the victim of a cyber attack. The iOS Developer Center web […]
Pierluigi Paganini
June 21, 2013
US law enforcers suggest a kill switch for mobile devices to principal manufactures and Apple adapts. The idea of US law enforcers is the realization of a kill switch on mobile devices that would be used in case of theft. New York’s top prosecutor, State Attorney General Eric Schneiderman, and San Francisco District Attorney George Gascón promoted […]
