Security News Bites for Week Ending Sep 21, 2018
New Web Attack Will Crash Your iPhone, iPad or Mac
A new CSS-based web attack will crash and restart your i-device with just 15 lines of code. The code exploits a weakness in iOS’ web rendering engine WebKit, which Apple mandates all apps and browsers use. Anything that renders HTML on iOS is affected. That means anyone sending you a link on Facebook or Twitter, or if any webpage you visit includes the code, or anyone sending you an email. TechCrunch tested the exploit running on the most recent mobile software iOS 11.4.1, and confirm it crashes and restarts the phone. Source: Techcrunch
Ajit Pai Says California Net Neutrality Law Radical and Illegal
Ajit Pai, Chairman of the FCC and the guy who repealed the FCC net neutrality policy said that California’s new bill replacing that repealed FCC policy is illegal. Why? Because, he says, that it is preempted by Federal law. This is the same guy who said the FCC didn’t have the power to regulate net neutrality. Do they? Don’t they? Are you confused too?
If Pai intervenes, I am sure this will go all the way up to the Supreme Court – who may or may not hear the argument.
He said this at a talk conservative think thank in Portland. Maine, like about 30 other states, is in the process of creating its own net neutrality law. If he thought that the states would bow down to him when he repealed the FCC policy, apparently, he was wrong.
Also apparently, his beef is with zero rating, a practice where a carrier doesn’t charge you if you use their service or use a service that has paid them a lot of money, but does charge you to use a service who has not written them a big check. His theory, apparently, is that if poor people must (due to financial constraints) use only those services that write a carrier a big check, that will, somehow, promote an open and innovative Internet. Source: Motherboard
Another Day, Another Crypto Currency Exchange Hacked
Japanese crypto currency exchange Zaif was hacked to the tune of $60 Million of Bitcoin, Bitcoin Cash and Monacoin. About a third of that was owned by the exchange; the rest owned by customers.
For now, withdrawals and deposits have been halted, with no specified time when it might – or might not – resume. If ever.
The company says that they will compensate users who lost $40 million or so and have sold the majority of the company for $5 billion yen (roughly the amount of money not owned by them that was stolen).
Assuming that deal actually closes, they figure out how the attack happened and fix the problem … and, and, and. Japan’s financial regulator has stepped into the poop pile.
I assume that if and when customers actually get access to their money – the part that wasn’t stolen – they will find someplace else to store their crypto currency. That likely means the end of Zaif, no matter what.
In the mean time, they will just have to hang out and wait to see what happens. Source: Bloomberg.
3 Billion Malicious Logins Per Month This Year
According to Akamai, there were over 3 billion malicious logins per month between January and April and over 8 billion malicious logins during May and June at sites that they front end.
Many malicious login attempts come from the technique of credential stuffing where hackers take credentials exposed during hacks and try them on other web sites. For example, try the 3 billion exposed Yahoo passwords on Facebook or online banking sites. Even though we tell people not to reuse passwords, they do anyway.
According to Akamai, one large bank was experiencing 8,000 accounts being compromised per month.
One bank experienced over 8 million malicious login attempts in a single 48 hour period. I bet some of these attempts worked. A load like that will impact the bank’s ability to serve real customers. Source: Help Net Security.
by 