CVE-2020-13995

U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable sBuffer leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DESinfo or imageinfo...

[SECURITY] Fedora 31 Update: ipmitool-1.8.18-19.fc31

This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel...

[SECURITY] Fedora 30 Update: ipmitool-1.8.18-19.fc30

This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel...

Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners

UPDATE Amazon’s Ring Doorbell app for Android is a nexus for data-harvesting, according to an investigation by the Electronic Frontier Foundation EFF. Privacy advocates allege Ring goes so far as to silently deliver updates on Ring customer usage to Facebook, even if the Ring owner doesn’t have a...

Google Android Framework Information Disclosure Vulnerability (CNVD-2019-44271)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA, of which Framework is a component of the Android framework. A security vulnerability exists in Framework in Google Android versions 10 and 9. An attacker could exploit the vulnerability with a...

Calibration Attack Drills Down on iPhone, Pixel Users

A proof-of-concept for a new type of privacy attack, dubbed “calibration fingerprinting,” uses data from Apple iPhone sensors to construct a globally unique fingerprint for any given mobile user. Researchers said that this provides an unusually effective means to track people as they browse acros...

Fingerprinting iPhones

This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors. We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the...

Google Play Removes Malicious Malware-Ridden Apps

Google Play has removed two malicious apps that were infecting devices with a notorious banking malware bent on scooping up victim’s credentials. The two apps, Currency Converter and BatterySaverMobo, purported to be useful mobile tools that help users calculate currency and optimize mobile batte...

Tracking People Without GPS

Interesting research: The trick in accurately tracking a person with this method is finding out what kind of activity they're performing. Whether they're walking, driving a car, or riding in a train or airplane, it's pretty easy to figure out when you know what you're looking for. The sensors can...

Applying Lean to Information Risk Management

Lean Manufacturing brings significant benefits to industry, including cost reduction, quality improvement, reduced cycle time, and greater customer satisfaction See “The Machine that Changed the World”, Womak, J., Jones, D., and Roos, D., Free, Press, 1990 for the groundbreaking analysis of...

Apple's FaceID

This is a good interview with Apple's SVP of Software Engineering about FaceID. Honestly, I don't know what to think. I am confident that Apple is not collecting a photo database, but not optimistic that it can't be hacked with fake faces. I dislike the fact that the police can point the phone at...

Stealing Browsing History Using Your Phone's Ambient Light Sensor

There has been a flurry of research into using the various sensors on your phone to steal data in surprising ways. Here's another: using the phone's ambient light sensor to detect what's on the screen. It's a proof of concept, but the paper's general conclusions are correct: There is a lesson her...

Phone Hack Uses Sensors To Steal PINs

University researchers have created a method to steal a smartphone user’s PIN by leveraging sensor data generated by the targeted phone. Researchers say the method has a 74 percent success rate when it comes to accurately determining four-digit PIN data inputted by a phone’s owner. Researchers fr...

Hackers Can Steal Your Passwords Just by Monitoring SmartPhone Sensors

Do you know how many kinds of sensors your smartphone has inbuilt? And what data they gather about your physical and digital activities? An average smartphone these days is packed with a wide array of sensors such as GPS, Camera, microphone, accelerometer, magnetometer, proximity, gyroscope,...

Activating mobile malware with Music and Light Sensors

Researchers at the University of Alabama at Birmingham UAB presented the research that it is possible to trigger malware hidden in mobile devices using music, lighting, or vibration. In a research paper titled "Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices", th...

Activating mobile malware with Music and Light Sensors

Researchers at the University of Alabama at Birmingham UAB presented the research that it is possible to trigger malware hidden in mobile devices using music, lighting, or vibration. In a research paper titled “Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices”, th...

[SECURITY] Fedora 19 Update: gpsd-3.9-1.fc19

gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. With gpsd, multiple GPS client applications such as...

Low: Red Hat Security Advisory: OpenIPMI security, bug fix, and enhancement update

Updated OpenIPMI packages that fix one security issue, multiple bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which give...

[SECURITY] Fedora 15 Update: ipmitool-1.8.11-7.fc15

This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel...