Latest Security News of Monday, July 22, 2013

Posted: July 22, 2013 in IT Security News
Tags: , , , , , ,

Security NewsThe website of Apple developers has been hacked

The American company Apple was forced to disable a service for application developers because of a hacker attack, according to the company’s website.

In a statement, the company stated that the attack on the site started last Thursday, and was likely to intruders personal information of registered users of the resource.

“Confidential information are stored in encrypted form, and access to it was closed, but we do not exclude the possibility that the names, addresses and e-mail addresses of some users might fall into the wrong hands,” – said in a statement.

At the moment our specialists are working on strengthening security, software update and restore databases. The exact start time of the resource is not reported.

In SIM-cards found dangerous vulnerability

Security experts from the company Security Research Labs discovered in a SIM-cards used in mobile devices, the vulnerability. Using it, hackers can intercept text messages, make payments or make a copy of the SIM-card.

According to Carsten Zero, founder of Security Research Labs, on hack takes about two minutes, as the equipment used by an ordinary computer.

The vulnerability has been found in the encryption algorithm DES (Data Encryption Standard), which is widely used (and still used) to create SIM-cards. According to estimates Zero, today in use around three billion units of such identification, 750 million of them have described a “hole” in security. Triple DES algorithm and AES (Advanced Encryption Standard) of the vulnerability spared.

To get access to the mobile device of the victim, the attacker sends a message that mimics SMS from the operating company. The handset automatically sends a response that contains the security key, which consists of 56 digits. It allows to gain remote access to the SIM-card and modify the chip, as well as to gain control of a mobile device.

Carsten Zero GSM Association has already informed his discovery, reports The New York Times. That, in turn, has held talks with the producers of SIM-cards and other companies in order to find the best way out of this situation.

The official forum of the Ubuntu project has been compromised

Supported by Canonical’s official support forum Ubuntu Linux – has been disabled due to the detection of forced entry. Details of committing attacks are not reported, but it is known that the attackers gained access to the user database offline, containing the names, passwords, and email addresses.

The degree of reliability of the methods used at the site of hashing passwords are not reported, only mentioned that the password is stored in clear text. All users who registered on the forum of the Ubuntu project and uses the same password on other sites, it is recommended to change the password immediately. According to the company Canonical, hackers were able to gain control over the server only providing the forum. Ubuntu One, Launchpad, and other services of the project is not affected.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s