recentpopularlog in


« earlier   
GreyKey iPhone Unlocker - Schneier on Security
Some details about the iPhone unlocker from the US company Greyshift, with photos.
Little is known about Grayshift or its sales model at this point. We don't know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it's highly likely that these devices will ultimately end up in the hands of agents of an oppressive regime, whether directly from Grayshift or indirectly through the black market.
It's also entirely possible, based on the history of the IP-Box, that Grayshift devices will end up being available to anyone who wants them and can find a way to purchase them, perhaps by being reverse-engineered and reproduced by an enterprising hacker, then sold for a couple hundred bucks on eBay.
iphone  privacy  security  USB  encryption  police  hack 
22 hours ago by rgl7194
Police Can Now Access iPhone Data Using a Secretive Piece of Hardware - SecureMac
For several years now, a fierce debate has raged over how much access law enforcement organizations (LEOs) should be able to have to the mobile devices of those suspected of a crime. The issue made nationwide headlines after the San Bernardino attacks in 2015, when the FBI grappled with how to break into an iPhone used by one of the perpetrators. While the FBI did eventually retrieve device data by utilizing an unknown group to gain access to the phone’s encrypted contents, law enforcement agencies, in general, have maintained that they must have a “backdoor” to access info secured by your iPhone passcode. Apple has steadfastly refused to give in to such demands, but it appears that for now, those refusals don’t matter: LEOs can now use a pricey piece of hardware called GrayKey.
Developed and maintained by a very small Georgia-based company called Greyshift LLC, apparently led by a former engineer for Apple, GrayKey is a small black box with two Lightning cables for connecting suspect iPhones. After a few minutes of connection to the GrayKey box, one simply has to disconnect the cables and wait for the software to work.
iphone  privacy  security  USB  encryption  police  hack 
22 hours ago by rgl7194
Apple confirms security lockdown of Lightning port in iOS 12 | iLounge News
Apple has confirmed plans to tighten security in iOS 12 to block the use of external hacking devices such as Grayshift’s GrayKey box by locking down the Lightning port on iOS devices, Reuters reports. A feature recently discovered in iOS 11.4 was designed to prevent the Lightning port from accepting USB device connections when nothing had been connected in seven days, and after the first iOS 12 beta came out, it was discovered that the feature had been adjusted to reduce the time limit down to a mere one hour — meaning that when connecting a USB device to an iPhone running iOS 12, users will be prompted to unlock their iPhone unless a USB device has already been connected in the past hour. While Apple had previously been silent on the issue, this week an Apple spokesperson confirmed to Reuters that the feature is being implemented, but clarified that the move is being undertaken to protect all customers, and not specifically to thwart law enforcement efforts, as some have suggested.
encryption  ios12  iphone  privacy  security  USB 
yesterday by rgl7194
New iPhone OS May Include Device-Unlocking Security - Schneier on Security
iOS 12, the next release of Apple's iPhone operating system, may include features to prevent someone from unlocking your phone without your permission:
The feature essentially forces users to unlock the iPhone with the passcode when connecting it to a USB accessory everytime the phone has not been unlocked for one hour. That includes the iPhone unlocking devices that companies such as Cellebrite or GrayShift make, which police departments all over the world use to hack into seized iPhones.
"That pretty much kills [GrayShift's product] GrayKey and Cellebrite," Ryan Duff, a security researcher who has studied iPhone and is Director of Cyber Solutions at Point3 Security, told Motherboard in an online chat. "If it actually does what it says and doesn't let ANY type of data connection happen until it's unlocked, then yes. You can't exploit the device if you can't communicate with it."
encryption  ios12  iphone  privacy  security  USB 
yesterday by rgl7194
Best practices for securely storing API keys – freeCodeCamp
In the past, I’ve seen many people use Git repositories to store sensitive information related to their projects. Lately, I’ve been seeing some people announce that they’re storing API keys on their…
docker  heroku  bruno_pedro  projects  security  git  github  encryption 
yesterday by mreinbold
Reminder: macOS still leaks secrets stored on encrypted drives | Ars Technica
Thumbnails from encrypted drives live on long after the drives are disconnected.
apple  security  encryption 
yesterday by pankkake
Apple macOS Bug Reveals Passwords for APFS Encrypted Volumes in Plaintext
A severe programming bug has been found in APFS file system for macOS High Sierra operating system that exposes passwords of encrypted external drives in plain text.
Introduced two years ago, APFS (Apple File System) is an optimized file system for flash and SSD-based storage solutions running MacOS, iOS, tvOS or WatchOS, and promises strong encryption and better performance.
Discovered by forensic analyst Sarah Edwards, the bug leaves encryption password for a newly created APFS volume (e.g., encrypting USB drive using Disk Utility) in the unified logs in plaintext, as well as while encrypting previously created but unencrypted volumes.
"Why is this a big deal? Well, passwords stored in plaintext can be discovered by anyone with unauthorized access to your machine, and malware can collect log files as well and send them off to someone with malicious intent," Edwards said.
10.13  APFS  bug  encryption  macOS  passwords  privacy  security 
yesterday by rgl7194
e2e post-quantum MQTT for m2m IoT? Normally hype-tastic, but it's got real security pros. Are MQTT topics encrypted too?
MQTT  e2e  encryption  security  PQE  M2M  post-quantum  IoT 
2 days ago by asteroza

Copy this bookmark:

to read