smartphone – iMessage Security Exploit?

Our family has decided to add an extra phone line to our international students. I went to see our carrier and I added it without problem, so I was a bit confused when my sister came down and told me that she had a problem with her phone. My sister has an iPhone, but the language exchange student and I have an Android phone. I was able to conduct an SMS conversation with the foreign exchange student, very well. My sister was able to receive text messages from the student's Android phone in exchange for currency, but when she responded, the message was sent to another iPhone user who previously owned the phone number. this student's phone. We know it because another girl answered. I called Apple to solve the problem and they gave the student in currency exchange a link to remove her iMessage number. This seems to have solved the problem for us.

I'm afraid it does not really solve the problem. And if two people had met in a bar, one with a newly connected Android, the other with an iPhone, and the first thing exchanged was nude photos? What happens if one of them has just received a new number that remains connected to an iMessage account? The Android user would have his picture sent to the right person, but the iPhone user would have his picture sent to the person with the previous phone number of the Android user (this is This is how iMessage works). And what happens if an iPhone user receives text messages to the point of changing their phone number and not updating their iMessage account? The spammer can register a phone on this number and use it to intercept text messages sent to him by other iPhone users. This is obviously a security issue with iMessage, but would it be considered a security exploit?

Security IP and Mac Router

There was no power failure and the router was not unplugged, but the full history of Mac and IPv4 addresses was reset and no longer in the name of the computer. user and router password for your device at address 192.168.0.1.

  1. Has it been hacked or is there anything else that comes out of the ordinary other than a power outage or manual disconnection that would be causing it?

  2. Is it possible for me to retrieve the history, including the list of Mac addresses connected to the router?

Thank you

Does Swedish airport security check your phone?

We have heard of countries in which you should remove the PIN code from your phone when you pass the airport security. Does this also apply to Sweden?

GSA SECURITY

Hi, everyone, I have a Q and the problem that I have a gsa and I give it to my friend with the license key, he used it now I come back and I want to secure it. how it is possible to secure it that no other person can use it. i've seen in gsa there is an option in LOCK help. for what purpose is it,

security – What is the criticality of the Underscore.min.js, wp-auth-check.min.js, heartbeat.min.js and jquery.js files if they are blocked by CSP?

The loading of the following files is blocked when the following CSP is implemented.

Header set Content-Security-Policy default-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://maps.googleapis.com; frame-ancestors 'self'; block-all-mixed-content; form-action 'self'; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://secure.gravatar.com data:;

Blocked files

  • wp-includes / js / Underscore.min.js
  • wp-includes / js / wp-auth-check.min.js
  • wp-includes / js / heartbeat.min.js
  • wp-includes / js / jquery.js

If loading these files continues to be unloadable, what impact can it have on WordPress, including plugins, integrations such as WooCommerce and future upgrades?

Since WordPress continues to use eval() functions, the ability to further secure the site seems to be limited.

Assuming that files are essential to the functioning of WordPress, what alternatives exist to minimize the security risks associated with unsafe-eval?

There does not seem to have been any other changes compared to the last message from the main WordPress team 3 years ago – https://core.trac.wordpress.org/ticket/38695

tls – Attempt to understand the security of digital certificates and certificate authorities

I understand that digital certificates and trusted third parties help prevent man-type attacks in the middle during HTTPS connections. However, I am confused on some details.

Let's say we have a client Alice and Bob who has a server mapped to "bob.com".

When Bob (bob.com) asks a CA (for example, veriSign) to create a new certificate and sends him his public key to insert it into the certificate, which prevents an attacker from intercepting the request , exchanging the public key with their own, the certificate authority creating a fake certificate, then returning that fake certificate to Bob. Is the only protection here that Bob actually verifies that the public key of the returned certificate matches that which he had originally sent in his application to the certification authority? And then, I imagine he informs the CA that what he has recovered does not correspond to what he sent, so that the CA does not keep any forgeries recordings?

Assuming that the newly created certificate that Bob gets from veriSign is legitimate, let's say now that Alice will make a request to "bob.com" via the HTTPS protocol. Which prevents a dual-channel MITM attack when a hacker intercepts Bob's new certificate while he goes to Alice's, creates a new one, signs it with his own secret key (which was previously signed by verisign), but also intercepts Alice's request to veriSign when she requests the veriSign public key and disconnects it again with the corresponding public key to the malicious secret key. Now, when Alice tries to check the integrity of the fake certificate, she checks it because, although she thinks she's checking the signature with the veriSign public key, she's actually using the malicious public key?

Hardware – Are the security basics of a non-wifi router different from securing your desktop?

I've studied a lot about securing a workstation, which allows a particular firewall to browse the Internet safely. I also know that many steps can be taken to improve the security of wifi routers. But if I use a non-wifi router or a USB dongle with wifi disabled, can I take steps to secure this router? Or is a non-wifi router secure?

I've read about webcams that are vulnerable and can be hacked, so what about routers? Can you give me an introduction? How do I know if my router has vulnerabilities?

I get a message saying that this question seems subjective, so I'll tell you that, basically, I ask the question: how does the security of the router work?

security – How to dynamically create and assign user permissions for a group-based service

tldr: How to create a platform allowing users to create private groups and invite other people to these private groups? How to secure these groups?

I build a platform around private groups and communities. I'm not sure about the most appropriate model / mechanism for securing groups so that only invited people can read / write.

The technology is Okta and Spring Security.

Should I create groups and use the role claim in an oauth token? So when I create a new group, I have to create this group on the authentication server and add it to each guest user. I think it would work, but with Spring Security users had to log out and log back in to access the new group.

Are oscilloscopes another alternative? or should I use claims and each new group created would need the user to "authenticate" with the group?

Should I just limit / control access based on the groups the user profile has assigned to it? It sounds simple but does not seem the safest either.

I'm sure there is a fairly standard way to handle this, but I do not know what approach to take.

attacks – What is the impact of a security failure on a system?

In the context of safety critical systems, such as transport systems, it is important to check whether these systems meet / do not meet safety requirements.
ISO26262 expresses these requirements in the form of a maximum number of failures per hour of operation. It is usually of very small magnitude for the most critical components of a system, namely 10 ^ -9 failures per hour of operation at most.

As interconnected critical systems become more critical, the risk of such systems becoming the target of remote attackers increases. In this context, remote attackers can potentially control the system remotely (eg CarShark attack or Jeep Cherokee remote control). As a result, some cyber attacks can affect the security of the system (that is, threaten the system environment).

As a result, more and more work is being done on the integration of security and safety, so adding security countermeasures to a system can increase the overall security of the system. To the best of my knowledge, in the existing literature, no one takes into account the fact that security mechanisms can fail, just like all other components.

My question to you guys is: do you have any information on what could be the consequences of a failure of the security countermeasure on a component or the security of a system? Is it possible for example that, if an encryption mechanism fails, it topples a bit in a message that could cause (possibly) a denial of service (or anything else), which could lead to a catastrophic event (again, consider -the worst case)? Is there a discussion / paper on this?

What does "We could not check the ACL APIs" mean in the Magento Security Check Report?

We did the security scan of Magento.

A eu

Unknown ACL patch for patches We could not check the ACL API. Please check our security.
Best practices

What is it supposed to mean?