IPhone security vulnerabilities ????

Similar Messages

• Java 1.4.2 Security Vulnerabilities

  Hello,
  I'm looking for a link that lists the security vulnerabilities of Java 1.4.2 and I am having trouble finding a comprehensive list. Our security officer doesn't want us using 1.4.2 because of security vulnerabilities and I want to confirm what they are. But, I have not seen any report of what these issues are. This relates specifically to our Java version in relation to our Discoverer Plus use. Does anyone have a link of known Java 1.4 security issues?
  Thanks!

  Check this
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1

• IPhone Security: How secure is the iPhone?

  We just purchased iPhones for our family. However, I have a question regarding cyber security on these devices.
  Specifically, we have the phones set up to access our MobileMe accounts, and thus the MobileMe password is part of our iPhones. This leads to two questions:
  1) If someone acquires our phones, can they easily reverse engineer the phone to determine our MobileMe passwords?
  2) When we use various free wireless services (for example, while travelling at airports), how secure is the password data as it is passed from our iPhones to MobileMe over the RF spectrum? Could someone easily “listen in” to the communication and sniff out the passwords?
  It’s not that crucial now since it is just our MobileMe account, but I would like to use my iPhone for work e-mail and am not sure if this is safe or not.
  In addition to these questions, any advice, comments, or other sources on iPhone security would be greatly appreciated.
  Thank you very much for sharing your expertise!!!

  CharPatton wrote:
  2) When we use various free wireless services (for example, while travelling at airports), how secure is the password data as it is passed from our iPhones to MobileMe over the RF spectrum? Could someone easily “listen in” to the communication and sniff out the passwords?
  It depends on what the website does, and the rules are the same as using a wifi laptop:
  A) If a site uses regular HTTP with no encryption, any text data can be intercepted.
  B) Using HTTPS encryption like banks do, data can be sniffed but cannot be read unless a sophisticated hacker can unencrypt the sniffed data.
  C) Using a secure VPN for your iPhone (like HotSpot Shield), you can encrypt traffic between the iPhone and the VPN service so that all your communications are secured regardless of what the website does.
  I don't have a MobileMe account, so I don't know whether they layer any encryption over the login, but if they're like many sites, they probably do. As for what happens after login, this article is not very encouraging if the info is still current. That is why I use a VPN.

• Oracle Security Vulnerabilities?

  Hi all,
  We're running many PHP 5.x applications in a distributed environment that use the OCI client to access Oracle 10g databases.
  Our server administration group is migrating to a new server and is refusing to install or support the OCI Instant client under Linux saying it's a security problem. Specifically, they say that the OCI Instant Client is exposed to buffer overflows and stack smashing. Their recommendation? Rewrite all our apps to use another database. Yeah, right.
  They provided me with two sources to explain the issues:
  http://www.dummies.com/WileyCDA/DummiesArticle/id-2900.html
  and
  Re: Problems with libclntsh.so.10.1 and PHP/Apache HTTPD
  Is this really a security problem? If so, what can be done to mitigate the risk?
  Thanks,
  John

  Hi all,
  I thought I’d jump in this thread with a few thoughts.
  Security flaws unfortunately affect software, both commercial and open source. I believe that what sets Oracle apart from many other vendors is the company’s commitment to security. Oracle Software Security Assurance (http://www.oracle.com/security/software-security-assurance.html) includes the most transparent vulnerability remediation policy in the industry. Furthermore, the Critical Patch Update (CPU) process (http://www.oracle.com/technology/deploy/security/alerts.htm) provides a predictable mechanism for the remediation of security vulnerabilities in Oracle software. By comparison, open source involves unpredictable releases of security fixes.
  Now, getting back to the discussion in this thread: as much as we try to prevent vulnerabilities during development, as is the case with all large software products, some make their way into released code. As vulnerabilities are discovered, Oracle fixes them in order of severity and release fixes for them through the Critical Patch Update.
  An attacker could attempt to exploit the unpatched vulnerabilities through OCI or other protocols providing access to the database (This is not specific to OCI). Oracle’s recommendation is therefore to remain current on the Critical Patch Update (the last one was issued on July 17, 2007). Keep in mind that the CPU is cumulative for the database, and applying the most recent CPU will bring you at current security patch level, and this will significantly contribute to improving your organization’s security posture.
  Do not hesitate to contact me if you have questions at [email protected]
  Sincerely
  Eric Maurice
  Manager – Oracle Software Security Assurance

• OSX Security Vulnerabilities - 20 found according to this article

  Via Gizmodo, here is an article about a guy finding 20 zero-day security holes in OSX. Zero-day threats refer to security vulnerabilities which do not yet have a fix. At present, Macs are highly resistant but not immune to viruses, but this article does raise a few red flags. Thoughts?
  Article: http://www.h-online.com/security/news/item/Mac-OS-X-safer-but-less-secure-Update -957981.html

  I've reposted this message in the "Using Mac OS X 10.6 Snow Leopard" forum. I posted here out of habit. I could not see how to delete the message, so please refer to this thread instead:
  http://discussions.apple.com/thread.jspa?threadID=2371811&tstart=0

• OSX Security Vulnerabilities - 20 found according to article

  Via Gizmodo, here is an article about a guy finding 20 zero-day security holes in OSX. Zero-day threats refer to security vulnerabilities which do not yet have a fix. At present, Macs are highly resistant but not immune to viruses, but this article does raise a few red flags. Thoughts?
  Article: http://www.h-online.com/security/news/item/Mac-OS-X-safer-but-less-secure-Update -957981.html

  Usually these "security bulletin" type postings are completely bogus. The guy is trying to make a living finding exploits. So, he finds 20 in Mac OS X, and then goes to the media so he can make a name for himself. Most people will say "Wow, 20 exploits! That is a lot, maybe we should be worried. Maybe OS X is not as secure as we think it is."
  But, what is totally missing here that is completely necessary to make a conclusion like that is any semblance of detail. The comments on Giz nailed it already. Are these "exploits" in the core OS, or are they in Flash? Etc. Most importantly, are these "holes" able to be exploited remotely? If I had to guess I would have to say most are not remotely exploitable. So, if this is true, are they really something to worry about? Absolutely not.
  So, the guy holds back the details so that he can get some interest from some company that makes security software. Pay him a nice royalty to provide that information. Or maybe, he's fishing for Apple to hire him so that they can patch those holes. Either way, I'm not sure I can take him seriously.
  And honestly:
  Macs are highly resistant but not immune to viruses
  This statement is false and reads like a journalist trying to cover their bases when they really don't know what they're talking about. OS X is currently immune from viruses by the definition of the word. Of course, there are a couple "trojans" around, but those require you to type in your admin password and install yourself. So, they aren't really a threat at all, at least compared to what we see on Windows.
  --Travis

• Are Security Vulnerabilities fixed by applying Oracle Server Patchsets

  Hi,
  I would like to know whether by applying Oracle Server Patchsets or by upgrading the Oracle Server from one version to another do we overcome the Security Vulnerabilities highlighted in the previous patchset or Oracle Server Version.
  For example if I have an Oracle Server 9.2.0.1 and I apply server patchest 9.2.0.8 do I overcome all the security vulnerabilities highlighted for version 9.2.0.1 and all other intervening versions. Similarly, if I upgrade my Oracle Server 9.2.0.6 to say Oracle Server 10g 10.2.0.3 do I overcome all security vulnerabilites highlighted fro 9.2.0.6 and all other intervening releases.
  Best Regards
  Syed Zaib ul Qamar

  Is there a link; or where can I go to find the types of and/or categories for the security vulnerabilities associated with (past and present) versions of Oracle? I work with a very large team of developers and some are DBAs that perform mainly custom coding in C++ and a little in Ada. I would like to ensure that our team is continually aware of the both past and current Oracle vulnerabilities when developing applications/scripts (designing, coding, reviewing, building, etc.), testing (including security) , quality assurance, packaging, and etc.
  Perhaps, this is a lot to ask; but, this at least a good palce to start.

• HT201303 For added security how do you change the iphone security number to stop hacking

  For added security how do you change the iphone security number to stop hacking

  Forgotten security questions - https://discussions.apple.com/message/18402551
  More involved forgotten question issues - https://discussions.apple.com/thread/3961813

• Oracle XDK Java removing security vulnerabilities

  Hi All,
  I am looking for removing security vulnerabilities that may be associated with XML parsers.
  I am looking which version of Oracle XDK Java has removed security vulnerabilities associated with XML Parsing.
  Also what is the latest version Oracle XDK Java is present in market.
  Also is new version are backward compatible. Do we need to see is any change in API level occurs.
  Currently we are using Oracle XDK Java 10.2.0.2.
  Just a description of security vulnerabilities that may be associated with XML parsers are
  "The vulnerabilities are related to the parsing of XML elements with unexpected byte values and recursive parentheses, which cause the program to access memory out of bounds, or to loop indefinitely. The effects of the vulnerabilities include denial of service and potentially code execution. The vulnerabilities can be exploited by enticing a user to open a specially modified file, or by submitting it to a server that handles XML content.:
  Regards
  Atul Parti

  Which JVM is the security tool complaining about (what is the directory path, for example)?
  My guess is that the tool is complaining about the older JVM that Oracle installs in order to run the Oracle Universal Installer and the other Java-based installation tools.  If that's the case, those JVMs do not generally represent a security issue because they are not running anything on a day-to-day basis.  They're only used by things like the OUI which only get invoked when someone wants to do something like install new software.  Ideally, you'd be able to have the conversation with the security folks and explain that those older JVMs exist only for the limited purpose of running the OUI and the other configuration tools. 
  If the security folks want you to upgrade the Java version (as opposed to just installing patches to the older JVMs), that has a decent probability of breaking the various installation and configuration tools.  That may not have much impact on a day-to-day basis but may make administration tasks in the future more challenging. 
  Justin

• Nearly 200 security vulnerabilities. iPad 1 ...

  ...  doesn't get an update. Can't be used for web surfing anymore. This is unreal. Any news on fixing the security holes? I.e. iOS 5.1.2?
  Or at least release a free boot loader so a fixable OS can be installed, like Android. I can't believe to have paid 600 bucks and can throw that away now, just after 2 years.
  As soon as my MBA late 2010 or my wife's MacBook Pro die, we'll substitute with generic Ultrabooks/Ultrathins. I'm not at all satisfied with Apple anymore.

  Ups, just forgotten to add the "proof" that there is a real security threat without an update: Apple lists around 200 security vulnerabilities in iOS5, which are fixed within iOS6.
  http://support.apple.com/kb/HT5503
  So if you're doing some product search and buy online with the iPad 1, the risk that you get hacked and robbed rises every hour without update. Thus the iPad 1 can't be used for web surfing anymore - the only thing I bought it for. And I was wrong, I even paid 700 bucks for it (3G, 32GB). That was stupid. Intelligence dictates not to repeat such a horrible mistake again.

• So called iPhone Security glitch?

  OK I just read on yahoo  about the so called iPhone security glitch. Seems to indicate something about usingiCloud and how if you use one account other family members can get or see your stuff. Doesnt sound like a security glitch to me.
  But anyway
  I have an iPhone 4s. The wife has an iPhone 4.
  We use the same apple ID for the app store and iTunes so we can use the same apps or songs on our respective phones
  But I'm thinking we do not use icloud.
  When I go to Settings>iCloud
  It shows the same apple ID that we have for iTunes and the app store.
  But it is not signed in or has ever been signed into
  So is it safe to say that we have not set us up on iCloud??

  If you are not signed in then you have not used iCloud. It just shows that apple id since thats the one on the iPhone. But there is no iCloud security glitch.
  Its just saying that if you share an apple id for iCloud, everyone that uses that apple id for iCloud will have the same info.
  Lets say you have pictures and contacts on iCloud, and your friend use that same icloud account, he will see you contcts and pictures on his phone and same with you, will will see his info. It basically connects the two devices, somewhat. That why, it is advised that you do not use the same apple id for icloud. 

• Kerberos Pre-Authentication - Security Vulnerabilities

  I have an issue with some Java applets locking out AD accounts, or prompting for a password.
  The solutions I have, and work, is to check the "Do not require Kerberos preauthentication" located in the user account of Active Directory Users and Computers, or to create a registry DWORD key called allowtgtsessionkey with a value of 1. 
  This key is located in
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters.
  Can you advise by enabling this option or creating the reg key, does this open any security vulnerabilities?  I have read on another forum that creating the key on a PC where a users has local admin rights, will be an issue, but was very vague.
  Many thanks
  Larry

  Hi,
  If the issue persists, please:
  Find out from which machine/device bad password attempts are generated.
  Locate any services/scheduled tasks/disconnected remote desktop connections/scripts/mapped drives which could be storing credentials, then clear stored credentials.
  More information for you:
  Troubleshooting Account Lockout
  https://technet.microsoft.com/en-us/library/cc773155%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
  Account getting locked out
  https://social.technet.microsoft.com/Forums/en-US/92454597-b414-4840-82fd-16dd92a1706d/account-getting-locked-out
  Account Locked - Event 4771 Failure Code 0x18
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/6187d7e2-d38a-4ecd-bf80-12ce3589c8e1/account-locked-event-4771-failure-code-0x18?forum=winserversecurity
  Error for Active Directory
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/4923356c-1820-4626-83f2-8a57a7c48ccc/error-for-active-directory?forum=winserverDS
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Security Vulnerabilities on CPUCMS

  Hi All
  Could someone assist me please?
  We running a demo version of CPUCMS at a customer and the System administrator has advised that there are
  security vulnerabilities on the server that runs CPUCMS and he would like to do the following:
  1) Locate file C:\PROGRA~1\CSCOpx\MDC\Apache\conf\httpd.conf
  Remove      -    SSLCipherSuite ALL:!ADH:!EXPORT56:!EXPORT40:!LOW:RC4+RSA:+HIGH:+MEDIUM:!SSLv2:!EXP:!eNULL
  Add below:-
  SSLHonorCipherOrder On
        SSLCipherSuite RC4-SHA:HIGH:!ADH
  2.)    Disable remote service rexec  , rlogin and rsh
  Please advise if anyone has done this and also the impact it might cause on the application?
  Many thanks
  Shabeer

  Hi All
  Could someone assist me please?
  We running a demo version of CPUCMS at a customer and the System administrator has advised that there are
  security vulnerabilities on the server that runs CPUCMS and he would like to do the following:
  1) Locate file C:\PROGRA~1\CSCOpx\MDC\Apache\conf\httpd.conf
  Remove      -    SSLCipherSuite ALL:!ADH:!EXPORT56:!EXPORT40:!LOW:RC4+RSA:+HIGH:+MEDIUM:!SSLv2:!EXP:!eNULL
  Add below:-
  SSLHonorCipherOrder On
        SSLCipherSuite RC4-SHA:HIGH:!ADH
  2.)    Disable remote service rexec  , rlogin and rsh
  Please advise if anyone has done this and also the impact it might cause on the application?
  Many thanks
  Shabeer

• Security Vulnerabilities

  Hi List,
  Similar to like Bug Toolkit, Does Cisco have a tool which can provide a list of Security Vulnerabilities based on the IOS version you specify ?
  Bug Toolkit gives the list of all bugs, most of them are related to the functionality rather than Security. Filtering Security bugs is a difficult task.
  Cisco publishes security advisories, which gives the list of affected IOS versions.
  But, my requirement is to get the list of vulnerabilities after provision of IOS version.
  Was just wondering what is the best way to achieve this.
  Thanks,

  Cisco has a security advisory site. There is also a product alert tool here. I belive this is what you are looking for.
  http://www.cisco.com/en/US/products/products_security_advisories_listing.html
  Hope this helps.
  Steve

• Security vulnerabilities in apache that comes with oracle database.

  Hi,
  We are having a QA database in Oracle enterprise version 9.2.0.4 on OS : OSF1.
  Recently our security team ran a test and found that the apache1.3 that comes as component of Oracle database is prone to security vulnerabilities. Also they suggested to remove the apache or upgrade to latest as remedy.
  When contacted to Oracle support, Oracle team replied apache upgrade should not be done instead latest apache seprately can be installed as reverse proxy. But when asked for steps/document there is no reply. Anyone faced this problem can provide any help/suggestion in this regard.
  I am attaching some of the threads identified by our Security Team for reference.
  1. Apache 1.3 HTTP Server Expect Header Cross-Site Scripting XXXX and YYYYYY ports 7782, 4889, 3339.
  2. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
  3. Keep-Alive: timeout=15, max=100
  Connection: Keep-Alive
  Transfer-Encoding: chunked
  Content-Type: text/html; charset=iso-8859-1
  <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  <HTML><HEAD>
  <TITLE>417 Expectation Failed</TITLE>
  </HEAD><BODY>
  <H1>Expectation Failed</H1>
  The expectation given in the Expect request-header
  field could not be met by this server.<P>
  The client sent<PRE>
  Expect: <script>alert(document.domain)</script>
  </PRE>
  but we only allow the 100-continue expectation.
  -CR

  I dont know how to find which components are using the apache. Help me if there is any way to find it. Only information i can say you is there is no other software installed that in that server other than oracle Database.