Apple blocks pesky lock-screen intruders with iOS 7.0.2 update
Remember that bug that lets you dig into the camera and photos of a locked iPhone, and even send stuff to the owner’s email and social accounts? Well, Apple raced to lock it down with the 7.0.2 update available Thursday.
We tested the trick on three iPhones running iOS 7, and two of them allowed us entry, including a brand new iPhone 5S. We’re happy — well, maybe “relieved” is a better word — to report that the 5S in question, now updated, is no longer vulnerable to that kind of invasion. That is, you can no longer trick the locked iPhone into showing you the multitask screen.
Read the rest here.
America’s Leading Cybersecurity Companies to Come Together to Mentor the Nation Around Cybersecurity
Students Across the USA to Live a Day in the Life of the Nation’s Cybersecurity Leaders
BALTIMORE, MD–(Marketwired – Sep 24, 2013) – America’s leading cybersecurity companies, agencies and organizations will join together with leading educators in Baltimore, Maryland on October 8, 2013 at 3:30pm to kick off Cybersecurity Ideation Day at CyberMaryland 2013. Cyber Ideation is a web-based interactive classroom experience where schools enable their students to “test drive” future careers in cybersecurity by living a day in the life of the nation’s cybersecurity leaders.
America’s LifeJourney Mentors will join teachers, principals and students on stage for the kick off of the Cyber Generation Session hosted by Rick Geritz, LifeJourney’s CEO, and keynoted by UMBC’s President Dr. Freeman Hrabowski. DHS’s Branch Chief of National Cybersecurity Education Montana Williams will hand out the nation’s first Cyber Resume as the nation’s youth begin to take their Cyber LifeJourneys.
Students will choose from 100 different cybersecurity LifeJourneys (e.g., Digital Forensic Analyst, CTO, Threat Manager, CISO, Data Scientist, SCIF Designer, etc.) led by leading companies like RSA, CyberPoint, Symantec, COPT, BAE, Lockheed Martin, Damballa, SafeNet, Kaspersky Lab, Tripwire, KEYW, KoolSpan, Hexis Cyber Solutions, General Dynamics Advanced Information Systems, Convergence Technologies, Sourcefire, AMP Tech Solutions, TechGuard Security, and numerous others, enabling them to “test drive” cyber careers and then understand the journey they will need to take in order to achieve an internship and a future job. Students receive detailed reports on the skills they will need to achieve their intended goals, including a fully updated Cyber Resume that illustrates each step on their future journey.
About the 2013 CyberMaryland Conference
The CyberMaryland Conference 2013, creating the cyber generation, brings together educators, business leaders and agencies to address how cybersecurity plays a major role in America’s STEM education mission to produce the minds needed to compete in a global market.
About LifeJourney
LifeJourney™ is a classroom experience that enables students to live a day in the life of America’s STEM and Cyber leaders. Students will choose from over 100 LifeJourneys by America’s leading companies to inspire and motivate over 40 million students nationwide to test drive their future.
CONTACT INFORMATION
Contact: Kimberly Paradise Kim@lifejourney.us
Chaos Computer Club claims to have “cracked” the iPhone 5s fingerprint sensor
A posting from Naked Security about Iphone 5s fingerprint sensor:
The biometrics team of Germany’s well-known Chaos Computer Club (CCC) claims it has“cracked” Apple’s Touch ID system.
Touch ID is the fingerprint sensor and the associated software that provides a biometric lock for the brand new iPhone 5s.
Fingerprint readers have been common add-ons to laptops for many years, but never really caught on.
Here’s why.
Firstly, fingerprints aren’t secret.
All of us inadvertently leave good-quality prints on many surfaces, such as glass, metal and hard plastics.
Additionally (in many countries in the post-9/11 world) many of us deliberately, often unavoidably, have allowed the authorities, our employers and even businesses such as banks to take high-quality copies of our prints, and to keep them pretty much for ever.
To read more click here:
3 Steps To Keep Down Security’s False-Positive Workload
A posting from Dark reading on Steps To Keep Down Security’s False-Positive Workload:
Security needs to be better automated, but while detecting attackers is great, all too often automation means that security teams are left with chasing down a list of security events that turn out not to be an attack but unexpected system, network, or user behavior.
These “false positives” are the bane of most machine-learning systems: valid e-mail messages blocked by anti-spam systems, unexploitable software defects flagged by software analysis systems, and normal application traffic identified as potentially malicious by an intrusion detection system. First-generation security information and event management (SIEM) systems, for example, would often deliver lists of potential “offenses” to security teams, leading to a lot of work in wild goose chases, says Jay Bretzmann, market segment manager for security intelligence at IBM Security Systems.
To read more click here:
Cisco Releases Security Advisory for Cisco Prime Data Center Network Manager (DCNM)
Original release date: September 22, 2013 | Last revised: September 23, 2013
Cisco has released three security advisories to address multiple vulnerabilities affecting various components of Cisco Prime Data Center Network Manager (DCNM). These vulnerabilities may allow an unauthenticated, remote attacker to disclose file components and access text files on an affected device. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others.
Cisco has released software updates to address the following vulnerabilities:
- Cisco Prime DCNM Information Disclosure Vulnerability
- Cisco Prime DCNM Remote Command Execution Vulnerabilities
- Cisco Prime DCNM XML External Entity Injection Vulnerability
US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply any necessary updates to help mitigate the risk.
BDPA Orlando Presents: CyberSecurity in Health Care
On Saturday, October 5, 2013 at 10:00 AM to 12:00 PM, BDPA Orlando will have a meetup discussing cyber security in health care at Valencia College -West Campus located 1800 South Kirkman Road, Orlando, FL (map).
Speaking will be Ray Payano, an Information Security Architect and member of the AHS Data Security Office will be our presenter. Ray works at Adventist Health System (Florida Hospital). The presentation/discussion will center on Patient Health, HIPAA, PCI, Population Health, Mobile Devices, EHR.
