Hack – 37'.news ¯\_(ツ)

August 23, 2018

T-Mobile Security Incident on August 20, 2018

On Thursday evening, T-Mobile sent messages to their customers regarding a security incident that might have exposed customers’ informations.

On August 20, our cyber-security team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities. None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised. However, you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).

At this point we do not know which information was taken. Just to err on the side of caution, T-Mobile customer should check their account and add/update Customer PIN/Passcode.

October 16, 2017October 16, 2017

WPA2 Wi-Fi Vulnerability

This just in.

From BleepingComputer:

Mathy Vanhoef, a researcher from the University of Leuven (KU Leuven), has discovered a severe flaw in the Wi-Fi Protected Access II (WPA2) protocol that secures all modern protected Wi-Fi networks.

The flaw affects the WPA2 protocol itself and is not specific to any software or hardware product.

Vanhoef has named his attack KRACK, which stands for Key Reinstallation Attack.

Yikes!

Also from BleepingComputer:

List of Firmware & Driver Updates for KRACK WPA2 Vulnerability

March 22, 2013

Apple ID Password reset site is back online

After taking down iforgot.apple.com following a serious vulnerability found earlier today. The security vulnerability allows Apple ID password to be reset with only email and birthdate. Accounts with two-step verification is not affected by this vulnerability. Apple took down its Apple ID password reset site to address the vulnerability.

Apple rolled out two-step verification for Apple ID on Thursday March 21, 2013.

July 31, 2009

Apple Releases SMS Fix Through iPhone Software 3.0.1.

Less than 24 hours after the demonstration of SMS Hack at Black Hat Technical Security Conference, Apple releases iPhone OS 3.0.1 with the promised fix. Apple was notified of the security flaw six weeks before the demonstrations of the flaw. Apple iPhone is not the only platform vulnerable to this exploit. Android and Windows Mobile platforms are also vulnerable.

iPhone OS 3.0.1 carries the build number 7A400.

iPhone1,1_3.0.1_7A400_Restore.ipsw 240.4 MB
iPhone1,2_3.0.1_7A400_Restore.ipsw 241.3 MB
iPhone2,1_3.0.1_7A400_Restore.ipsw 312.3 MB