Lost+Found: cue readers, passcode stories, disadvantage prevention, trojan tales
Too brief for news, too good to lose; Lost+Found is a roundup of useful confidence news. This time: a new apparatus spits out Mac OS X passwords, mom “cracks” iPhone, Microsoft gives drifting programmers a slap on a wrist, researchers mangle out of VM and sandbox profiles, and a obvious confidence consultant publishes high tales.
- Root users are above it all, and that relates equally on Mac OS X. If a base user wants to entrance a specific file, there’s customarily a approach to do so. The open source keychaindump apparatus reads plaintext keychain passwords of logged-in users directly from memory.
- Thomas Roth recounts a good small story about how his mom apparently “hacked” a passcode for his iPhone – by simply looking on a behind and entering a series 0682 that was printed subsequent to a CE mark. His mother’s eyes contingency be a lot improved than ours.
- There are functions, such as strcpy, that do accurately what they’re ostensible to – though that should nonetheless be avoided, as they offer hackers an conflict aspect for aegis overflows. On a Security Blog, Microsoft has posted a reminder about a banned.h header file, that displays blunder messages when a developer uses one of these “banned” functions.
- In a blog post, confidence dilettante Vupen sum a arguable feat for a Xen disadvantage detected in Jun and takes a event to plead a credentials behind a attack.
- Researchers have discerned vulnerabilities in a sandbox profiles in SUSE and Ubuntu. Both distributions muster AppArmor, a path-based Mandatory Access Control (MAC) system, though embody profiles that leave most room for improvement.
- In further to director books such as Windows Sysinternals Administrator’s Reference, confidence consultant and Sysinternals tools author Mark Russinovich also wrote a cyber thriller entitled Zero Day. He has now once again total technical imagination and novella in his new novel called Trojan Horse.
- Cryptohaze has done rainbow tables for 8 impression MD5 and NTLM hashes (US charset) accessible to download around BitTorrent. The tables import in during about 1.5TB.