Lost+Found: SSL for DDoS, iOS internals, and Anonymous mad at Wikileaks
Too short for news, too good to lose; Lost+Found is a roundup of useful security news. This time: DDoS attacks on major banks, iOS6 at the Hack-in-the-Box security conference, where the "Limit Ad Tracking" setting in iOS is hiding, and Anonymous's anger at Wikileaks.
- The DDoS attacks on major US banks in late September and early October included targeted attacks on SSL. The attackers used tools such as Dirt Jumper.
- At the Hack-in-the-Box conference, Mark Dowd and Tarjei Mandt from Azimuth Security gave a presentation outlining new security features in the iOS 6 kernel. Many of these are apparently highly targeted against mechanisms used for jailbreaking. Dowd also presented new attack techniques and even demonstrated exploiting a vulnerability in the iOS 6 kernel to install and run Cydia on an iPhone 4S. He was originally planning to perform the demo on an iPhone 5, but they were sold out.
- And while we're on the subject, from the open source part of the iOS source code:
if (!PE_i_can_has_debugger(NULL))
return KERN_INVALID_HOST;I can has Jailbreak? Pleeze?
- The option to limit ad-tracking introduced in iOS 6 is found not under "Settings ➤ Privacy", but hidden away under "Settings ➤ General ➤ About ➤ Advertising", well concealed beneath the serial number and modem firmware version. In future iOS versions, it is believed that users will be expected to go to the cellar with a torch and find these options in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying "Beware of the tiger".
-
Apparently, the hacktivist collective Anonymous has declared war on Wikileaks over the site's new overlay page which asks users of the site to donate money. The hacker group says that it has been betrayed by the whistle-blower web site, adding that Wikileaks "has lost its biggest and most powerful supporter".
- Not directly related to security, but pretty cool nonetheless: a video by the Mozilla development team demonstrates the new command line for web developers in Firefox 16.
(crve)