In association with heise online

07 September 2012, 15:24

Lost+Found: password readers, passcode stories, vulnerability prevention, trojan tales

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom The Lost+Found eye test - can you spot where the passcode is?
Too short for news, too good to lose; Lost+Found is a roundup of useful security news. This time: a new tool spits out Mac OS X passwords, mother "cracks" iPhone, Microsoft gives careless programmers a slap on the wrist, researchers break out of VM and sandbox profiles, and a well-known security expert publishes tall tales.

  • Root users are above it all, and that applies equally on Mac OS X. If a root user wants to access a specific file, there's usually a way to do so. The open source keychaindump tool reads plaintext keychain passwords of logged-in users directly from memory.

  • Thomas Roth recounts a nice little story about how his mother apparently "hacked" the passcode for his iPhone – by simply looking on the back and entering the number 0682 which was printed next to the CE mark. His mother's eyes must be a lot better than ours.

  • There are functions, such as strcpy, that do exactly what they're supposed to – but which should nonetheless be avoided, as they offer hackers an attack surface for buffer overflows. On its Security Blog, Microsoft has posted a reminder about its banned.h header file, which displays error messages when a developer uses one of these "banned" functions.

  • In a blog post, security specialist Vupen details a reliable exploit for a Xen vulnerability discovered in June and takes the opportunity to discuss the background behind the attack.

  • Researchers have discerned vulnerabilities in the sandbox profiles in SUSE and Ubuntu. Both distributions deploy AppArmor, a path-based Mandatory Access Control (MAC) system, but include profiles which leave much room for improvement.

  • Cryptohaze has made rainbow tables for 8 character MD5 and NTLM hashes (US charset) available to download via BitTorrent. The tables weigh in at about 1.5TB.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit