21st Century Learning and Teaching
586.1K views | +0 today
21st Century Learning and Teaching
Education
Related articles to 21st Century Learning and Teaching as also tools...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...

Popular Tags

Current selected tag: 'Backdoor'. Clear
Backdoor 3
Education 3
Education 3.0 3
Education-Evolution 3
Government 3
Learning basics of Cyber-Security 3
Learning IT-Security 3
Professional Development 3
Cybersecurity 2
English 2
IT-Security 2
Learning basics of Cybersecurity 2
2013 1
600 MIO iOS devices compromised? 1
Angreifer kaperten schon hunderte Apache 1
Apache-Server gehackt 1
Apple 1
Apple-Insecurity 1
BYOD 1
BYOD-Policy 1
BYOD-Risks 1
BYOD-Security 1
Cyberespionage 1
Deutsch 1
Human Rights 1
Hundreds of Thousands of Ready-Made Back 1
IT-Admin 1
Linux 1
Linux vulnerabilities 1
Nobody is perfect 1
Privacy 1
Privacy at danger! 1
suspicious 'back doors' running on every 1
Scooped by Gust MEES
Scoop.it!

Forensic scientist identifies suspicious 'back doors' running on every iOS device | Privacy | Cyberespionage

Forensic scientist identifies suspicious 'back doors' running on every iOS device | Privacy | Cyberespionage | 21st Century Learning and Teaching | Scoop.it
From www.zdnet.com - July 21, 2014 9:26 AM
During his talk at HOPE/X Jonathan Zdziarski detailed several undocumented services (with names like 'lockdownd,' 'pcapd,' 'mobile.file_relay,' and 'house_arrest') that run in the background on over 600 million iOS devices.


Zdziarski's questions for Apple include:

  • Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
  • Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
  • Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
  • Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?

... and his last slide (page 57 of the PDF) sums it up nicely: 


  • Apple is dishing out a lot of data behind our backs
  • It’s a violation of the customer’s trust and privacy to bypass backup encryption
  • There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
  • Much of this data simply should never come off the phone, even during a backup.
  • Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
  • Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

Learn more:



Gust MEES's insight:
  • Apple is dishing out a lot of data behind our backs
  • It’s a violation of the customer’s trust and privacy to bypass backup encryption
  • There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
  • Much of this data simply should never come off the phone, even during a backup.
  • Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
  • Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

more...
Gust MEES's curator insight, July 21, 2014 9:31 AM
During his talk at HOPE/X Jonathan Zdziarski detailed several undocumented services (with names like 'lockdownd,' 'pcapd,' 'mobile.file_relay,' and 'house_arrest') that run in the background on over 600 million iOS devices.


Zdziarski's questions for Apple include:

  • Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
  • Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
  • Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
  • Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?

... and his last slide (page 57 of the PDF) sums it up nicely: 


  • Apple is dishing out a lot of data behind our backs
  • It’s a violation of the customer’s trust and privacy to bypass backup encryption
  • There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
  • Much of this data simply should never come off the phone, even during a backup.
  • Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
  • Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

Learn more:
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Backdoor entdeckt: Angreifer kaperten schon hunderte Apache-Server

Backdoor entdeckt: Angreifer kaperten schon hunderte Apache-Server | 21st Century Learning and Teaching | Scoop.it
From www.itespresso.de - April 30, 2013 6:15 AM
Bösartige Angreifer kapern Apache-Webserver und leiten deren Besucher auf Schad-Websites um. Die Tarnung der Malware ist fast perfekt.

 

Eine Hintertür, die von Administratoren nur schwer bemerkt werden kann, sorgt dafür, dass Internet-Anfragen an Apache-Server nicht in Logs aufgenommen werden. Die gesendeten http-Anfragen, die in Wirklichkeit einen Trojaner steuern, sind nicht ersichtlich. Der Rest des Angriffs läuft im Speicher ab, Bugfixes gibt es noch nicht.

 

29. April 2013 von Manfred Kohlen 0


Die Malware Linux/Cdorked.A ist eine raffinierte Hintertür, die alles tut, um den Internetverkehr auf schädliche Webseiten umzuleiten, schreibt Sicherheitsanbieter Eset in einer aktuellen Warnung.   Der Schädling sei so gut, dass er laut eigener Analysen schon hunderte von Webservern unter seine Kontrolle gebracht habe.

 

Gust MEES's insight:

 

Learn more:

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Apache-vulnerabilities

 

more...
Scooped by Gust MEES
Scoop.it!

Internet-Wide Scan Finds Hundreds of Thousands of Ready-Made Backdoors | MIT Technology Review

Internet-Wide Scan Finds Hundreds of Thousands of Ready-Made Backdoors | MIT Technology Review | 21st Century Learning and Teaching | Scoop.it
From www.technologyreview.com - July 5, 2013 6:07 PM
Many poorly-secured company servers are exposed online, offering attackers ready made backdoors to wipe or steal data

 

Moore’s scan found 308,000 BMCs that used the problem protocol identified by Farmer. A total of 53,000 of them were configured in a way that allows access without a password; 195,000 stored passwords and other credentials unencrypted; 99,000 exposed encoded passwords that could be cracked by an attacker (Moore says that he unscrambled 10 percent in a preliminary test); 35,000 had vulnerabilities in the Universal Plug and Play protocol that Moore’s previous Internet scan highlighted.

Gust MEES's insight:

 

Moore’s scan found 308,000 BMCs that used the problem protocol identified by Farmer. A total of 53,000 of them were configured in a way that allows access without a password; 195,000 stored passwords and other credentials unencrypted; 99,000 exposed encoded passwords that could be cracked by an attacker (Moore says that he unscrambled 10 percent in a preliminary test); 35,000 had vulnerabilities in the Universal Plug and Play protocol that Moore’s previous Internet scan highlighted.


more...
Gust MEES's curator insight, July 5, 2013 6:09 PM

 

Moore’s scan found 308,000 BMCs that used the problem protocol identified by Farmer. A total of 53,000 of them were configured in a way that allows access without a password; 195,000 stored passwords and other credentials unencrypted; 99,000 exposed encoded passwords that could be cracked by an attacker (Moore says that he unscrambled 10 percent in a preliminary test); 35,000 had vulnerabilities in the Universal Plug and Play protocol that Moore’s previous Internet scan highlighted.

 
Jason Toy's curator insight, July 6, 2013 11:24 AM

This really should not surprise anyone given the current state of "security" that we have seen as of late.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn