Building Malaysia's Cyber Security Defense Foundations
World-class Infosec training in Asia continues 21 October – 2 November with SANS October Singapore. This event offers five hands-on immersion style courses including auditing, forensics, penetration testing, and network security. Featured is the brand ...

and more »
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Germany's Chaos Computing Club claim to have tricked Apple's new TouchID security feature this weekend. In a blog post on the breakthrough, the CCC writes they bypassed the fingerprint-reader by simply starting with "the fingerprint of the phone user photographed from a glass surface."

The entire process is documented by hacker Starbug in the video above, and the club outlines it in a how-to. For this particular initiative, the CCC started by photographing a fingerprint with 2400 dpi. Next the image was inverted and laser printed at 1200 dpi. To create the fingerprint mask Starbug finally used, latex milk was poured into the pattern, eventually lifted, breathed on (for moisture), and pushed onto the sensor to unlock the phone. In this sense, it's hard to definitively state the hackers "broke" the TouchID precautions, because they did not circumvent the security measure without access to the fingerprint. (TouchID could similarly be cleared with a GTA V-like strategy of knocking the phone user unconscious and pressing finger-to-sensor.) However, the CCC did successfully trick TouchID into working as advertised for an individual who wasn't the phone user.

The CCC and Starbug in particular are well-known critics of biometric security systems. Back in 2008, Starbug even cloned the fingerprint of a German politician who advocated for collecting citizens' unique physical characteristics as a means of preventing terrorism.

Read 3 remaining paragraphs | Comments


When you leave the doors unlocked and shut off the security cameras your business will be burglarized like the music industry has been, and often all that is left is the bubble gum under the desks.Mar 10 08:49 AM| pandora bracelets


Charlatan hijacks iPhone 5S fingerprint hack contest, fools press
Since their friends in the infosec community had the same "let's break it better" urge about the new premium offering from Apple, and so Depetrillo and Graham made the istouchidhackedyet.com website. Once the 'pot' turned into a bounty, we reported on ...
iPhone 5S TouchID Fingerprint System Hacked – That Was QuickSiliconANGLE (blog)

all 323 news articles »

Dropbox takes a peek at files
InfoWorld (blog)
Dropbox's behavior was detected using HoneyDocs, a new Web-based service that creates a log showing when and where a document was opened, according to a blog post at WNC InfoSec. The experiment involved uploading to Dropbox ".zip" HoneyDocs ...

and more »
Microsoft executives last week came the closest yet to saying that the company will release Office on iPads and Android tablets, but stopped short of specifics.
Internet Storm Center Infocon Status