Topic / Flaws & Vulnerabilities

Hacker finds encryption flaw in PS Vita

By on

And you would have thought Sony would have learnt from their security problems of the year – such as the PSN network and the constant attacks on Sony’s affiliates. Turns out, maybe not. A hacker has found a flaw in the PS Vita in how it encrypt data. SKFU – known for his attempts in trying to crack the PS Vita to allow users to play homebrew apps – found […]

Suspected LulzSec member arrested in UK as census data stolen

By on

A 19 year old British teenager has been arrested after being suspected in having connections with, and possibly participating in attacks by the hacking group LulzSec – known for their attacks on the CIA, Nintendo and Sony. The teenager, from Wickford, Essex, has been detained after a joint operation with the Metropolitan Police and the FBI. He currently remains in custody for questioning, and is being held under the Computer […]

Mark Zuckerberg’s page hacked, taken down

By on

Mark Zuckerberg's Page on Facebook hacked (Source: MG Siegler/TechCrunch) Well, turns out the owner of the website that holds your most valuable information (and ships it off to advertisers) is not immune from hacking. Yes, the CEO of Facebook, Mark Zuckerberg, found his Facebook page hacked and vandalised before Facebook shut it down. According to TechCrunch, among the variety of other sources around the web, the message left on his […]

Headache for Uni of Sydney as student data exposed on web

By on

Image: chispita_666/Flickr An investigation by the Sydney Morning Herald has revealed that information of its past and present students are available online. The breach is a flaw in how the university handles HECS – the Higher Education Contribution Scheme, which means that the Government pays for the university course taken and it is repaid by a person’s income via tax at no interest.

New Windows zero-day exploit bypasses UAC

By on

Microsoft has today confirmed that it has begun investigating a new zero-day exploit that allows a malicious attacker to bypass the User Account Control (UAC) on limited access accounts and execute code that could cause damage to the system. According to Prevx, the exploit is a weakness in the win32k.sys file, an important system file that connects the kernel of various Windows subsystems.

TECHGEEK Podcast 16: Limewire R.I.P

By on

It’s Halloween and we see the deaths of Limewire and the Walkman. The iPhone 4 White version is either dead or still kicking, and little hackers all over the place thanks to a little Firefox plugin. Yeah. It’s an absolute shambles episodes with only two hosts – with Terence and Stewart. After having a break of one week, James off on la-la land, Tom in Phillip Island and sick, and […]

TECHGEEK Podcast 5: Filter Us. We dare you!

By on

We are joined by Cupertino Loop‘s editor and (questionable) impressionist of Julia Gillard, James Wilson, for this week’s episode of the TECHGEEK Podcast – where we talk about the iOS 4 jailbreak, Apple no longer acting like a schoolgirl from high school, Liberals support for no filter and BlackBerry banned in UAE and Saudi Arabia. Sorry for the (if not apparent, disregard this) broken episode, mainly because James Wilson decided […]

Microsoft patches folder flaw from Win2000

By on

Microsoft has today pushed a critical update to its operating systems that will fix a vulnerability, acknowledged a few weeks ago, that has been present since Windows 2000. The fix itself, however, does not extend to those using Windows 2000, most likely because it is no longer covered by its Life Cycle policy. The vulnerability allowed attackers to control a computer, if not patched, through a weakness in how shortcut […]

Android bug in Motorola Droid lets you bypass locking system

By on

A bug in the Android OS version 2.0.1 can allow unauthorised access to your phone, bypassing the locking mechanism on the Motorola Droid (or Milestone in Europe and Australia), with a simple phone call to the device. The Android OS has a unique way of locking the device. Instead of a PIN, you have an 3×3 grid of circles and you create a pattern of 4 to 9 circles. According […]

Microsoft add-on leaves Firefox users exposed to critical hole

By on

A Microsoft add-on that was installed silently into Mozilla Firefox last February has now made Firefox, deemed to be one of the safer alternatives for Windows computers, open to an attack. The security hole also leaves Internet Explorer open to the same attack. The threat, according to its Security Research and Defence blog, is a “browse-and-get-owned” attack, with a user being lured to open a malicious website and exploits the […]

ALERT: WordPress blogs under attack, Users asked to upgrade to 2.8.4

By on

SECURITY BRIEF: Users using an older version of WordPress (that is, before the current version 2.8.4) have been asked to upgrade immediately to the latest version in order to avoid an ongoing attack to users self-hosting their own blog and could lock you out of your account. While blogs hosted on WordPress.com are not affected as they are upgraded as a new version comes out, the vulnerability is said to […]

Apple working on iPhone SMS security vulnerability

By on

Apple is working round the clock in fixing a security hole in the iPhone operating system that could allow an attacker to remotely have root access to the device and install and run unsigned software code that could potentially allow your iPhone to be part of a botnet. The new security hole was found by Charles Miller, security researcher and co-author of the Mac Hacker’s Handbook, at the SySan Conference […]

Blogger finds security flaw in Windows 7 UAC

By on

Blogger Long Zheng has found that a security flaw in Windows 7’s User Account Control (or UAC) that could allow anyone to change the setting of the UAC without any notification – even when disabling it. While it isn’t a big deal – it’s kind of important to show you what change you had made, or you could accidentally agree to something you don’t want to do. Zheng writes: “Of […]

Safari’s new vulnerability may leak personal information – affects both Macs and Windows

By on

Brian Mastenbrook, credited in finding several security vulnerabilities that Apple patched in its Security Updates, has found another one that could potentially allow a malicious website to read files on a user’s hard drive without the user’s consent. This would, effectively, give a person free control to access a lot of files on your computer, including e-mails, cookies, passwords and other sensitive information kept on the user’s hard drive. Basically, […]