Chat with us, powered by LiveChat
Hackers Find Security Vulnerability With Apple Pay

Hackers Find Security Vulnerability With Apple Pay

Do you have an iPhone? Do you make use of the Apple Pay service? If so there is a security issue you need to be aware of. Researchers have discovered a means by which fraudulent payments can be made from a locked iPhone. Two conditions must be true for the flaw to be exploited. The user must have a Visa card in their digital wallet and they must have express mode enabled. Essentially the flaw amounts to digital pick-pocketing. It can be performed even if the owner of the phone has it tucked away in a bag or pocket. Even worse is the fact that there is no transaction limit. This issue was apparently created when the company attempted to solve a separate issue. Apple users had been complaining that Apple Pay was sometimes cumbersome to use because it required the user to unlock the phone with a password, Touch ID, or Face ID. In order to improve the overall user experience the company added an Express Mode to the service allowing transactions to be completed without the phone being unlocked. When users enable this option in Apple Pay they get a notification that reads as follows: “The card you select will work automatically without requiring your Touch ID or your passcode. Just hold iPhone near a supported transit reader.” The researchers were able to emulate a ticket-barrier transaction of the kind you’d find in a mass transit station by using a Proxmark device which acted as a card reader. This device communicated with the target iPhone with an NFC chip that communicated with a payment terminal. It’s easy...
Google Is The Most Popular Search Result On Bing

Google Is The Most Popular Search Result On Bing

It’s good to be the King and in the world of search Google is the undisputed King. That fact has made the tech giant something of a target however. Google has been sued repeatedly and investigated by both the US Congress and the EU’s General Court owing to its dominant position in the realm of search. Many of the court cases the company is involved in hinge on the notion that Google is leveraging its dominant position to take unfair advantage. Recently the company has hit upon a novel way of defending itself. A lawyer for Google presented evidence to the EU’s General Court that the most popular search term on the Bing search engine is, in fact “Google.” Thus, the company argues it has nothing to do with them unfairly leveraging their dominant position. The simple fact is that search engine users themselves are searching for Google because they simply prefer it. Alfonso Lamadrid is one of the lawyers for Google’s parent company named Alphabet. Lamadrid had this to say about the recent discovery: “We have submitted evidence showing that the most common search query on Bing is by far Google. People use Google because they choose to, not because they are forced to. Google’s market share in general search is consistent with consumer surveys showing that 95 percent of users prefer Google to rival search engines.” The company makes a compelling case that’s awfully hard to argue against. If users on a different search engine go out of their way to search for Google that’s got nothing to do with the company. Save for the fact that...
With Upcoming Release, You Can Sync Excel And Quickbooks

With Upcoming Release, You Can Sync Excel And Quickbooks

Are you a QuickBooks user? If so you’re going to be thrilled by the company’s recent announcement that Excel integration is coming soon. You read that correctly. Soon you will be able to sync QuickBooks and Excel which should simplify your life a great deal. This is but the latest in a long line of similar moves Intuit QuickBooks has made. Over the past few years the company has integrated their wildly popular software with a variety of other platforms like Bill.com, HubSpot, LeanLaw and DocuSign. Alex Chriss is QuickBook’s Executive VP and General Manager. He had this to say about the recent announcement: “Further reducing complex workflows through automation, coupled with powerful customization capabilities, will enhance performance and scalability and allow businesses at a critical point in their journey to reach a new level of growth… Customers will be able to sync data between Excel and QuickBooks Online Advanced automatically. This much-requested capability will help businesses save time and further streamline data syncing at critical points in their business journey, whether they’re adopting accounting software or seeking enhanced reporting that delivers greater visibility into their operations. Customers will be able to build custom reports, in a tool they already use, without compromising on convenience or accuracy of data.” If you run a business of any size this is great news indeed. If you aren’t currently using QuickBooks and your current accounting software is leaving you underwhelmed now is a great time to give QuickBooks a try. It is a solution hundreds of thousands of business owners rely on. Given the large and growing number of integrations available it’s...
DDOS Attackers Are Targeting VoIP Providers

DDOS Attackers Are Targeting VoIP Providers

Hackers around the world are flexing their muscles. For reasons that aren’t yet clear they have been launching distributed denial of service (DDOS) attacks against Voice over Internet Protocol (VoIP) providers and it is leading to widespread voice outages. VoIP provider Bandwidth.com is the latest company to fall victim to these attacks. On the afternoon of September 25th the company began reporting a series of unexpected failures in their voice and messaging services. When the problem first began the company posted a notice on their status page that read as follows: “Bandwidth is investigating an incident impacting Voice and Messaging Services. Calls and Messages may experience unexpected failures. All teams are actively engaged.” In short order the teams leading the investigated uncovered the root cause. Threat actors were conducting a DDOS attack against them hoping to pressure the company into paying a Bitcoin ransom to make the attacks stop. The company opted not to pay and fought back to protect their network. For now at least it seems that Bandwidth.com has won. However there is no guarantee that the attacks won’t increase in their intensity. David Morken is the CEO of Bandwidth.com. Morken published the following on the company’s blog as the attack began to abate: “Bandwidth and a number of critical communications service providers have been targeted by a rolling DDoS attack. While we have mitigated much intended harm, we know some of you have been significantly impacted by this event. For that I am truly sorry. You trust us with your mission-critical communications. There is nothing this team takes more seriously. We are working around the clock...
Zero Day Bug Found In MacOS

Zero Day Bug Found In MacOS

A new Zero Day vulnerability in macOS has been discovered. The flaw impacts all macOS versions up to the latest release Big Sur. The bug was found by Park Minchan an independent security researcher and is tied to the way that macOS processes inteloc files. The processing methodology allows an attacker to embed malicious commands which the system will execute without any warnings or prompts visible to the user of the targeted machine. Interloc is short for “internet location files” and have the extension “*.interloc” A recently published SSD Secure Disclosure advisory had this to say about the newly discovered flaw: “A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands. These files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user.” In this particular instance Apple botched the fix quietly patching the issue without assigning it a CVE identification number. Unfortunately the fix was only partial and at present the bug can still be exploited in some instances as described below: “Newer versions of macOS (from Big Sur) have blocked the file:// prefix (in the com.apple.generic-internet-location) however they did a case matching causing File:// or fIle:// to bypass the check. We have notified Apple that FiLe:// (just mangling the value) doesn’t appear to be blocked, but have not received any response from them since the report has been made. As far as we know, at the moment, the vulnerability has not been patched.” Park Minchan developed a proof of concept that demonstrates how the bug...
Youtube Video Downloads May Be Coming To Computers

Youtube Video Downloads May Be Coming To Computers

If you use the YouTube app on your phone and you’re a premium subscriber you’ve currently got the ability to download videos from the service. As of this date however those are the only people who have the ability to download videos. Even if you’ve subscribed to the premium service there is no download function. That’s even if you access your account from your PC. Recently YouTube decided to change that by adding the download function to the desktop experience so that it mirrors the app-based experience. The new feature is already in place. So if you are a premium subscriber all you’ve got to do is to click on the share options below the video. Another option is alongside the “three dot” menu and you’ll see the new download option. Any videos you download from YouTube will be stored in your offline library where you can organize and sort them as you see fit. Note that you’ll also be able to specify the resolution of the downloaded video and choose between 144p to 1080p. Significantly there is no 4k download option available. The good news is that there doesn’t appear to be any file size limitations beyond the available space you have on your hard drive. The new feature is not browser specific. So whatever browser you use you should be able to download YouTube videos without difficulty. Again assuming that you’re a premium subscriber. It may not be a feature you use terribly often but it is handy and convenient and when you need it you’ll probably really need it. Kudos to Google for continuing the good...