Apple’s iPhone is more vulnerable to phishing attacks than users might realise because it can obscure the true addresses of the websites that phone owners are visiting.
Normally in the business of making others embarrassed, Nick Denton’s Gawker Media empire had some awkward explaining to do itself on Monday after hackers breached the database containing hundreds of thousands of usernames and passwords that people used to comment on the sites in the network.
Gawker executives, who had initially denied the breach, were forced to reverse course and apologise after the hackers posted a large batch of the passwords online. The intruders also took Gawker’s own source code and perused internal chats and employee e-mails, which in turn provided log-in credentials for Google Apps, taking a similar trajectory to the 2009 electronic break-in at Twitter that unearthed sensitive financial information.
A researcher on Thursday posted software tools that he said would enable widespread eavesdropping on calls made over GSM networks with less than $2,000 worth of equipment.
Speaking at the second day of the Black Hat technology security conference in Las Vegas, researcher Karsten Nohl, who had previously reported that he had cracked GSM encryption, said he was distributing the tools free in order to pressure carriers to make fairly simple changes to fix the vulnerability.