15yearold

now browsing by tag

 
 

A #15-year-old #hacked the #secure Ledger #crypto #wallet

A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs before or after the device was shipped. The holes, which Rashid described on his blog, allowed for both a “supply chain attack” – meaning a hack that could compromise the device before it was shipped to the customer – and another attack that could allow a hacker to steal private keys after the device was initialized.

Rashid is not affiliated directly with any Ledger competitors although there was some suggestion that he did some work on Trezor and other competing hardware wallets. His response:

15-year-old Unpatched Root Access Bug found in Apple’s macOS

Source: National Cyber Security – Produced By Gregory Evans

After a disastrous 2017, where Apple faced all sorts of security-related issues and complaints, the company is in trouble again right from the first day of the New Year! On the very first day of 2018 (or the last day of 2017, depending on your location and region), a security researcher having immense expertise in hacking Apple’s iOS has posted details of an unpatched security flaw present in macOS operating system.

“One tiny, ugly bug. Fifteen years. Full system compromise” wrote the researcher, who uses the alias Siguza (s1guza).

The researcher stated that the flaw can be exploited by cyber-crooks to gain full control of the computer. The unpatched zero-day vulnerability is claimed to be 15 years old. The researcher has also posted a proof-of-concept exploit code, which can be reviewed on GitHub.

Siguza, who also calls himself Hobbyist Hacker, noted that this is a dangerous local privilege escalation (LPE) flaw, which allows anyone (even an unprivileged attacker) to obtain root access on the targeted computer so as to execute malicious code. This LPE flaw affects the kernel extension IOHIDFamily, which was designed for HID (human interface device) like touchscreen or buttons.

Furthermore, the malware that has been designed to exploit this 0-day vulnerability can install itself deep into the system and cybercriminals can target Apple’s critical security programs like the System Integrity Protection (SIP) and Apple Mobile File Integrity (AMFI).

In order to successfully carry out the exploitation of the system, cybercriminals need to get users logged out from the system, which is likely to alert most of the users. However, to evade detection, cybercriminals can attack when the system is shut down or restarted.

The flaw was discovered when Siguza was trying to identify flaws that would allow him to hack the iOS kernel. While doing so Siguze noticed that some of the extension’s components including the IOHIDSystem existed solely on macOS. This discovery led to the identification of the critical zero-day vulnerability in the operating system. Siguza wrote in his post:

“Needs to be running on the host already (nothing remote), achieves full system compromise by itself, but logs you out in the process.”

“Can wait for logout though and is fast enough to run on shutdown/reboot until 10.13.1. On 10.13.2 it takes a fair bit longer (maybe half a minute) after logging out, so if your OS logs you out unexpectedly… maybe pull the plug?” explained Siguza.

The vulnerability is found only in macOS and not in other Apple products such as the iOS but it affects all versions of macOS. Although the flaw is not too serious and concerning it does show that Apple needs to enhance the security of its software. The proof-of-concept created by Siguza is applicable on macOS High Sierra 10.13.1 and earlier versions but he believes that the exploit can be tweaked to become effective on a new version of macOS 10.13.2 released on Dec 6.

Siguza further added that the reason why he publicly announced his findings instead of informing Apple secretly is that the flaw was not remotely exploitable and Apple’s bug bounty program also didn’t cover macOS. Apple, on the other hand, hasn’t responded to the news or released any statement in relation to the findings of Siguza. We will update the article when Apple responds.

The post 15-year-old Unpatched Root Access Bug found in Apple’s macOS appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

15-Year-Old Arrested After Shooting Inside Boston School District Headquarters

ROXBURY (CBS) — A 15-year-old boy was arrested Wednesday morning after police say he fired a gun during a struggle in the lobby of the Boston School District headquarters building in Dudley Square.

Boston Police said the shooting took place around 9:20 a.m. at the Washington Street building, where students sign up for classes.

Prep School Rape Case Becomes a Reality Show & 15-Year-Old Victim Gets Lost in the Crowd

You’ve probably heard about a New Hampshire prep school making headlines for something other than academics. Owen Labrie, 19, was charged with raping a 15-year-old girl as part of a disgusting senior tradition — and if that doesn’t shock you, the number of people who came to watch the courtroom drama should.

The fact that this court had a “standing-room-only” section to accommodate all the people trying to pile in is mind-blowing. Then again, we live in a society that thrives on being entertained by a media circus.

Do people not realize this isn’t an episode of Law & Order:

Read More

The post Prep School Rape Case Becomes a Reality Show & 15-Year-Old Victim Gets Lost in the Crowd appeared first on Parent Security Online.

View full post on Parent Security Online

Documents: Arizona couple arrested, accused of having sex with 15-year-old girl

PHOENIX – A Phoenix couple is behind bars for allegedly having sex and doing drugs with a 15-year-old girl numerous times over four months.

Alonso Caufield, 25, and his girlfriend, Chelsea Coratolo, 23, were arrested Monday at their home near 19th Avenue and Cactus Road.

According to a police report, Coratolo asked the 15-year-old girl to “pleasure” her boyfriend because she was having her menstrual cycle and couldn’t. This arrangement lasted from October 2014 to February 2015.

Authorities said the victim told a counselor about the incident, who then notified police.

The victim told police the suspects gave her methamphetamine and marijuana and they would all take the drugs together.

Read More

The post Documents: Arizona couple arrested, accused of having sex with 15-year-old girl appeared first on Parent Security Online.

View full post on Parent Security Online

15-year-old girl injured in drive-by BB gun shooting at Broomfield High

BROOMFIELD, Colo. –- Broomfield police are looking for suspects after a 15-year-old girl was struck in a drive-by BB gun shooting at Broomfield High School on Thursday afternoon.

The girl was sitting on the southwest corner of the school about 2:45 p.m. when a white four-door hatchback drove toward her southbound on Daphne Street, the Broomfield Police Department said.

The girl heard a sound similar to an air gun, then felt pain in her abdomen. One of the males in the vehicle then yelled a profanity at her and drove off, police say.

The girl reported the shooting to school administrators, who contacted police.

Read More

The post 15-year-old girl injured in drive-by BB gun shooting at Broomfield High appeared first on Parent Security Online.

View full post on Parent Security Online