Posts Tagged ‘access’

Google discloses three severe vulnerabilities in Apple OS X – CNET

Friday, January 23rd, 2015

Google’s Project Zero security team revealed the existence this week of three vulnerabilities with high severity that have yet to be fixed in Apple’s OS X operating system.

Although each of the flaws requires an attacker to have access to a targeted Mac, they could all contribute to a successful attempt to elevate privilege levels and take over a machine.

The first flaw, “OS X networkd “effective_audit_token” XPC type confusion sandbox escape,” involves circumvention of commands in the network system and may be mitigated in OS X Yosemite, but there is no clear explanation of whether this is the case. The second vulnerability documents “OS X IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator.” The third one, “OS X IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice.” includes an exploit related to OS X’s kernel structure.

Each vulnerability, as with any disclosed by the Project Zero team, includes a proof-of-concept exploit.

The vulnerabilities were reported to Apple back in October but the flaws have not been fixed. After 90 days, details of vulnerabilities found by Project Zero are automatically released to the public — which is what happened this week.

Project Zero, which Google officially launched in mid-2014, tasks researchers with uncovering any software flaws that have the potential of leading to targeted attacks on people’s computers.

On Apple’s product security page, the company states: “For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.”

This isn’t the first time Google’s Project Zero has published vulnerabilities that are yet to be fixed. In the past several weeks, the tech giant’s security team has published information about three separate, unpatched security flaws in Microsoft’s Windows operating system.

via Google discloses three severe vulnerabilities in Apple OS X – CNET.

Reports: Google to Invest $1B in SpaceX |

Tuesday, January 20th, 2015

Google is on a mission to deliver Internet access to underserved areas, and it’s now reportedly looking to Elon Musk and his SpaceX team for help.

The Web giant is gearing up to make a huge investment in the rocket maker as part of an effort to develop satellites that could beam low-cost Internet to areas of the world that currently don’t have it, according to a new report from The Information, citing several unnamed people “familiar with the talks.”

“The price and terms Google and SpaceX are discussing couldn’t be learned although one person familiar with them said Google has agreed to value SpaceX north of $10 billion and that the size of the total round, which includes other investors, is very large,” the report notes.

The Wall Street Journal corroborated the rumor, and added that the investment could total roughly $1 billion. At this point, it’s still unclear what exact stake Google will wind up with in the rocket maker.

And the World Your Balloon

Google Drones

Satellite Strung From the Moon

Facebook Drones

The Space In Between


If the deal goes through, it wouldn’t be Google’s first effort to spread Internet access to unconnected areas of the world. The Silicon Valley giant over the past several years has been experimenting with using high-flying balloons and drones to help establish Internet access in areas that are very difficult to wire up, like jungles, archipelagos, and mountains.

With its Project Loon effort, Google is deploying large helium balloons equipped with antennas that offer 4G-like signals to homes and phones some 12 miles down below. Rival Facebook has similar ambitions, and is also looking at looking at drones, satellites, and lasers to assist in providing Internet access worldwide.

via Reports: Google to Invest $1B in SpaceX | News & Opinion |

Global Internet Authority ICANN Has Been Hacked

Monday, December 22nd, 2014

Internet Authority ICANN Has Been Hacked

The Internet Corporation for Assigned Names and Numbers (ICANN) has been hacked by unknown attackers that allowed them to gain administrative access to some of the organization’s systems, the organization confirmed.

The attackers used “spear phishing” campaign to target sensitive systems operated by ICANN and sent spoofed emails disguised as internal ICANN communications to its staff members. The link in the emails took the staff to bogus login page, where they provided their usernames and passwords with the keys to their work email accounts.

The data breach began in late November 2014 and was discovered a week later, ICANN, which oversees the Internet’s address system, said in a release published Tuesday. ICANN is the organization that manages the global top-level domain system.

“We believe a ‘spear phishing’ attack was initiated in late November 2014,” Tuesday’s press release stated. “It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff. The attack resulted in the compromise of the email credentials of several ICANN staff members.”

With those details, the hackers then successfully managed to access a number of systems within ICANN, including the Centralized Zone Data System (CZDS), the wiki pages of the ICANN Governmental Advisory Committee (GAC), the domain registration Whois portal, and the ICANN blog.

The CZDS is a service used by domain registries and other interested parties to request access to the DNS root zone files and sensitive data associated with users’ online accounts. This provided hackers access to zone files and sensitive information such as names, postal addresses, email addresses, fax and phone numbers, usernames and cryptographically hashed passwords of account holders who used those systems.

The zone files contain sensitive and valuable information, including domain names, the name server names associated with those domains and the IP addresses for the name servers.

In an email sent to every CZDS user, ICANN has warned that “the attacker obtained administrative access to all files in the CZDS including copies of the zone files in the system. The information you provided as a CZDS user might have been downloaded by the attacker. This may have included your name, postal address, email address, fax and telephone numbers, and your username and password.”

via Global Internet Authority ICANN Has Been Hacked – Hacker News.

EBay owned. 145 million ACCTS need new passwords!

Friday, May 23rd, 2014

BOSTON: EBay Inc said that hackers raided its network three months ago, accessing some 145 million user records in what is poised to go down as one of the biggest data breaches in history, based on the number of accounts compromised.

It advised customers to change their passwords immediately, saying they were among the pieces of data stolen by cyber criminals who carried out the attack between late February and early March.

EBay spokeswoman Amanda Miller told Reuters late on Wednesday that those passwords were encrypted and that the company had no reason to believe the hackers had broken the code that scrambled them.

“There is no evidence of impact on any eBay customers,” Miller said. “We don’t know that they decrypted the passwords because it would not be easy to do.”

FCC’s Latest Network Neutrality Proposal Not Fair to Consumers

Wednesday, May 14th, 2014

The Federal Communications Commission (FCC) is proposing new rules for the Internet that have significant implications for how all of us access and pay for content online. Under the FCC’s proposal, Internet Service Providers (ISPs) would be allowed to negotiate with content providers to collect a fee for faster delivery.

For instance, popular movie service Netflix recently agreed to pay Comcast (the largest ISP in the U.S.) for faster delivery of its video stream. Netflix has since complained to the FCC that its arrangement with Comcast (and a similar one it reached with Verizon) goes against the principle of network neutrality.

Advocates for network neutrality believe that all Internet content, no matter the type (video, text, etc.) or who created it, should be treated the same in the transfer process. This means that there is a single market for ISPs in which subscribers pay for access (and varying levels of speed), and those subscribers can then access any lawful content or service available online.

However, the FCC’s recent proposal gives ISPs like Comcast what they’ve wanted for awhile — a two-sided market — as content providers (like Netflix) would also pay ISPs to reach costumers faster on the “last mile” of the connection that the ISP provides. So even if you (the customer) pay your ISP for the maximum speed possible, if the content you want doesn’t pay the same ISP for preferential treatment it gets put into a slow lane no matter how much you are paying for service or speed.

via FCC’s Latest Network Neutrality Proposal Not Fair to Consumers.

GM Rolls Out Pricing 4G LTE Service – ($5.00/day!)

Monday, May 12th, 2014


The 2015 Chevrolet Malibu will be the first 4G LTE-equipped GM vehicle starting June. AP

General Motors Co. GM is rolling out an a-la-carte pricing menu, betting consumers are willing to pay a little extra to turn their cars into a Wi-Fi hot spot.

For $5 a day, GM vehicle owners can access 4G LTE high-speed connectivity allowing their occupants to do everything from access the Internet to download movies. GM will offer the feature through its OnStar service, although it is AT&T Inc. T +0.14% that will handle the connection. Both companies would share in the revenue.

It is a big gamble for the auto maker, especially since most Americans already use smartphones or iPads to connect to the Internet while riding in vehicles. Skeptics have also questioned why people would pay for yet another wireless service.

“It’s a bit of a trial and error to see what sticks with consumers,” said Thilo Koslowski, an analyst at Gartner Group IT -0.23% who follows connected-car developments. “Companies will initially face a consumer reaction of ‘I already have a data plan with my phone.’ That means that the in-vehicle experience has to be better, faster and more robust. If that is not strong enough, prices will have to drop.”

via GM Rolls Out Pricing 4G LTE Service –

Chrome Remote Desktop app – Google Help

Saturday, April 19th, 2014

Chrome Remote Desktop app

Chrome Remote Desktop allows you to set up your computer for secure remote access. This includes setting up your computer so that you can access it later from another machine; or you can also use the app to let a friend remotely access your computer temporarily, perfect for times when you need help solving a computer problem.

Add the Chrome Remote Desktop app to Chrome

Install the Chrome Remote Desktop app on every computer you want to access remotely and every computer you’d like to connect from.

  1. Visit the Chrome Remote Desktop app page in the Chrome Web Store.
  2. Click Add to Chrome to install the app.
  3. When the confirmation dialog appears, click Add.
  4. A new tab will open and the app’s icon Chrome Remote Desktop App will appear in the Apps section of the page.

If you’re using a Chrome device, you can find the app in the apps list.

via Chrome Remote Desktop app – Chrome Help.