Information Security News
Developers in China have published what appears to be a reliable and malware-free jailbreak for most iPhones and iPads running the latest version of Apple's iOS. The release underscores how hard it is to keep such jailbreak exploits out of the public domain, since the code vulnerability that makes it possible appears to come from a highly secretive training class on iOS exploit development.
Jailbreaks allow iOS users to bypass Apple's iron-clad technical restrictions and install unauthorized third-party software that is not included in the App Store. The technique appeals to many users, but it also comes with significant risks. One is that the process could temporarily or possibly damage the device. Another is that jailbreak developers may bundle keyloggers or other types of malware inside the software that performs the operation, leaving users with a device that steals passwords, tracks geographic whereabouts, or performs other nefarious deeds. Neither of those risks appears to accompany the release this week of the PanGu jailbreak, but Ars hasn't verified its safety, security, or reliability. Readers who choose to run the program do so at their own risk.
The jailbreak, according to security researchers at Lacoon Mobile Security, uses a digital certificate Apple provides to enterprise customers to bypass restrictions on unauthorized apps. Apple makes them available so that customers can establish their own in-house source of apps instead of relying on the App Store. PanGu uses the certificate associated with "iPhone Distribution: Hefei Bo Fang communication technology co., LTD." At the moment, users must physically connect their iPhones or iDevices to a computer, but it's possible that PanGu could be refashioned to work remotely.
Posted by InfoSec News on Jun 25http://www.cnet.com/news/new-uk-cybersecurity-training-scheme-prepares-for-hackers/
Posted by InfoSec News on Jun 25http://www.washingtontimes.com/news/2014/jun/24/state-to-notify-13-million-of-computer-hacking/
Posted by InfoSec News on Jun 25http://www.informationweek.com/government/cybersecurity/sensitive-data-protection-bedevils-it-security-pros/d/d-id/1278796
Posted by InfoSec News on Jun 25http://www.smh.com.au/it-pro/security-it/cupid-media-exposed-254000-australian-lonely-hearts-20140625-zskua.html
Posted by InfoSec News on Jun 25http://arstechnica.com/security/2014/06/attackers-poison-legitimate-apps-to-infect-sensitive-industrial-control-systems/
InfoSec World 2015: Announces Date and Call for Papers
The Providence Journal
The 2015 InfoSec World conference will return to Disney's Contemporary Resort in Orlando, FL from March 23-25, 2015. We are putting together a dynamic lineup of practitioners and experienced speakers that will cover sessions and workshops dedicated to ...