Embed Size (px)
DESCRIPTION
News bytes September null OWASP G4H september meet
Citation preview
News ByteNull Bangalore September Meet
-Apoorva Giri
Index
• Android Browser Vulnerability
• Gmail Hacked
• iCloud Hacked
• iOS 8 released with security fixes
• Home depot breached
Android Browser Vulnerability:▫First published on http://
www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html
▫Bypasses Android browser’s SOP▫Caused by the improper handling of
nullbytes by url parser. ▫A metasploit exploit released.▫User’s running Android 4.4 not affected
Gmail Hacked• Published on a Russian website. • The passwords may be old.• It could be gained from other sources where users
used their gmail ids to register.• The official Google statement said- “We found that less
than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We've protected the affected accounts and have required those users to reset their passwords.”
• Check if you are affected on https://haveibeenpwned.com/
iCloud Hack
•Celebrities’ pictures released on 4chan•Some pictures were even deleted on the
phone long ago•Apple denied that there was any breach in
any of Apple’s systems including iCloud or Find my iPhone. It seems that the celebrities in question fell victim to targeted phishing and social engineering.
iOS 8 released with security fixes
•A series of kernel flaws, several WebKit bugs and a pair of vulnerabilities that allowed a user to install apps outside of the App Store have been patched in the new release.
•The major flaw patched in iOS 8 is a problem with the way the Operating System implemented 802.1x.
Home Depot breach• Hackers had access to 56 million credit and debit
cards.• Cybercriminals used malware to collect
customer information from in-store point-of-sale systems where credit and debit cards are swiped through readers.
• The PIN numbers were not disclosed but still cloned cards were used everywhere.
• The card data is for sale on the crime shop includes the legitimate cardholder’s full name and the city, state and ZIP of the Home Depot store from which the card was stolen.
• This data along with SSN numbers bought from the underworld gives you all the information needed to make a fake card and reset your PIN.
References
•Twitter•THN•iansresearch.com•www.net-security.org
Thank You!
