Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Sunday, 22 September 2013

How secure is iPhone 5S fingerprint

Prints in the cloud? Some observers have wondered aloud on Twitter and elsewhere whether Apple, armed with a potential database of millions of thumbprints, might turn over some customers' prints to the National Security Agency (NSA) if ordered to by the government. After all, Apple was reported to have been a partner in the NSA's PRISM surveillance program and has acknowledged it hands over user data when mandated by the government. But Apple has said users' fingerprint information will be encrypted and stored securely inside the phone's new A7 processor chip instead of on Apple's servers or backed up to iCloud, the company's Web-based storage service. Apple also has said it's not allowing third-party applications to access the scanner -- at least not yet. That's good news for users' privacy, experts say -- even amid news reports that the NSA can spy on smartphones. "Your iPhone knows who you call. It knows where you are. And in the newest versions, it will know your thumbprint. Given revelations about how the NSA can access Apple devices, should you be worried about it having that biometric data? No. No no no no no no. Come on. No," writes Philip Bump in The Atlantic. "Your fingerprint ... isn't traveling anywhere. Is it possible that the NSA could ask Apple to upload a user's fingerprint from the phone so that it can be transmitted to the agency? Sure. But that likely wouldn't be a request that comes through PRISM; it would probably require a separate warrant. Not impossible, but, given the burden of demonstrating need for a warrant, not as easy as a few keystrokes." Fingerprint hacks Then there's the question of hackers replicating fingerprints to break into phones. "Fingerprints are not private, you leave them lying around everywhere, and if someone has enough incentive -- and the resources available to them -- they may try to defeat any security system that you trust your fingerprint to unlock," writes noted security researcher Graham Cluley on his blog. "One thing is for sure. With the launch of the iPhone 5S, more people will be using fingerprint sensors as part of their daily security than ever before -- and the hackers will be certainly intrigued to see how they might circumvent it," Cluley adds. Dino Dai Zovi, co-author of "The iOS Hacker's Handbook," told CNNMoney that if he were trying to hack an iPhone 5S, he would first try to lift prints from elsewhere on the device "and figure out how to replay those to the sensor to log in to the person's phone." This is not as hard as it might sound. A decade ago, a Japanese cryptographer demonstrated how to fool fingerprint-recognition systems by transferring latent prints to a "finger" made from gelatin, the ingredient found in Jell-O and other sweets. It was informally known as the "Gummi bear hack." But Apple's new Touch ID technology is presumably more sophisticated than those old systems. In addition, latent prints may not provide enough of an overlapping match to unlock a phone, says digital-security expert Robert Graham. "You use a different part of your finger to touch the iPhone sensor than what you use to touch other things," writes Graham on the Errata Security blog. "That means while hackers may be able to lift your thumbprint from you holding other objects, or from other parts of the phone itself, they probably can't get the tip print needed to do bad things on your iPhone. "This means the fingerprint databases held by the NSA, FBI, and border security are largely useless at unlocking your phone: they don't cover the same parts of your fingers," Graham adds. But there is another potential vulnerability in the iPhone 5S's fingerprint scans. The Touch ID system also can be used as a secure way to approve purchases from iTunes or the App Store, which makes some security experts uncomfortable. "If Apple is right that fingerprints never leave the device, that means the new iPhones will be sending some sort of authentication token to Apple servers to verify that the end user has produced a valid print," writes Dan Goodin in Ars Technica, a content partner. "If attackers figure out a way to capture and replay users' valid tokens, it could lead to new ways for criminals to hijack user accounts."
Source: CNN and HBH
You might also like:facebook chat codes

Tuesday, 3 September 2013

Cyber awarness for beginners

Hello everyone and welcome to my first article. First off, as the title states, this is for beginners, not you experienced computer users out there. Second, I am not anywhere near being good at hacking, I just find computers enjoyable and this article mainly reflects on situations that I have found are the most common after being asked dozens of times by friends and family for help. Now let’s get down to business! #1The most obvious problem with most people’s computer security is their password(s). People oftenleave their passwords written onpieces of paper, or on Word documents. Others just make their passwords based solely on how easy it is to memorize them.The problem with this is that they are often very generic or easy to guess, perhaps their last name and a 1 or something of the sort. Unfortunately, the most common password isn’t love, sex,secret, or god (high five if you get this), the most common password from one study was “123456”, with others such as “qwerty”, “abc123”, and the ingenious “Password” also high up on the list. Come on people; come up with a password that no one will ever be able to guess.Also, using dictionary words is not a great idea because it can make the password very easy to crack. Making the letters upper and lower case can slow the crack quite a bit, but having a random password will always be the best. Maybe use some combination of letters and numbers that is an abbreviation for something important to you, or just memorize some crazy jumbles of numbers and letters, whatever works for you.
#2The second most common security problem that I have seenhappening to people is someone “hacking” their account on somesocial network site such as Facebook. And no, they were not attacked by an actual hacker. They just left their computer logged into their account and walked away for a minute. This isthe most absurd problem on this list in my opinion because it doesn’t matter how insanely difficult that your password is, how good your programming skills are, or how many anti-virus programs that you have on your computer, your “friends” who are standing there can just zip right in and screw with your settings. This doesn’t only apply to social networking sites either, this can apply to an actual machine or network, etc. Whenever I step away from my computer, I lock it, log out of whatever I am on, whatever needs to be done to ensure that my computer is safe from prying eyes. Sure it may be a hassle logging back in every time, but I would rather have to type my password a few extra times thanhave to fix whatever problems might occur on my unattended machine. Besides, I don’t know about you but I cringe at the thought of someone getting their paws all over my computer.
#3The third thing that I want to discuss is the most common problem that I see people having when they have an infected computer. When I go in to help them, I find that there are numerous settings that are out of whack, random files on their drives, things shifted around anditems that just plain don’t function. They often tell me that these things have been going on for oh, maybe a week or so. Theylet the problem get way out of hand. They don’t notice that theirsettings have been changed, filesmoved, etc. until it is being done to such a degree that it is impossible to ignore. When usinga computer, you should be takingnote when you tweak settings, what the default settings are for different controls, and when you change them (just have a generalidea, you don’t need specific dates and times). This way you know that when things start acting differently, you can check to make sure that it wasn’t just some setting you changed the day before interfering with whatever you are doing now. This allows you detect whatever bug you might have before any major damage is done.