Lost+Found: Demonic daemons, a bag of crap and Bill Shocker
Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar this week. In this edition: a demonic SSH daemon, Woot.com sends out a bag of crap in the nicest possible way, the Bill Shocker malware, iOS 6.1 jailbreak, and The Onion decides to be proactive.
- A demonic SSH daemon has been discovered by the security researchers at Sucuri : it includes a backdoor and also logs usernames and passwords used for logins.
- When reporting security holes in a company's web site, one never knows what is going to happen. Possible reactions range from no reaction at all, through an email filled with thanks, to being threatened with prosecution. The Woot.com online store sent the discoverer of a critical CSRF hole a "bag of crap" (B.O.C.) – consisting of shirts, toothbrushes, a shower head, and other goodies.
- Anti-virus company NQ Mobile has found Android malware that does its name justice. The Bill Shocker program will inflate mobile phone bills with premium rate text messages.
- iOS hacker MuscleNerd says it is now possible to completely circumvent the security measures on iOS 6.1 devices. A jailbreak using the technique has been announced for the weekend. This would be a first for the relatively new iPhone 5 and iPad mini.
- Chinese hackers seem to enjoy almost unlimited access to newspapers in the US. After the New York Times and the Wall Street Journal were hacked, The Onion decided to be proactive and nip the problem in the bud. In a gesture of cooperation with the Chinese officials, it announced that it had voluntarily given its employee's passwords to the Chinese.
(fab)