A vulnerability in Verizon’s site has exposed customers to SIM swap risk.
Cybersecurity researcher Joseph Harris discovered a way to brute-force Verizon customers’ PINs on the Internet, potentially giving them the ability to hack user accounts.
The problem was that the Verizon website did not limit the number of simultaneous PIN requests, and only recorded one attempt. Many sites are set up to block such password guessing attempts after multiple incorrect requests. However, in this case, the hackers could have unlimited possibilities.
“Using this single page, I can disclose any Verizon customer account number, as well as access the PIN. Quite a serious mistake, ”the expert explained to Motherboard.
According to Harris, an attacker can use the client’s PIN to request a SIM change. An attack called SIM swapping (SIM swapping) allows a hacker to redirect text messages to himself in order to hack other accounts. Attackers could also add a new phone number to the target’s account or read the user’s text messages.
“Race conditions could have allowed me to take control of my Verizon account. You could view messages on vtext.com, ”added Harris.
Harris uploaded a video to YouTube showing PoC code for exploiting the vulnerability. The researcher informed Verizon of the problem and the company disabled the vulnerable pages.
Nvidia lost. LHR mining protection is also hacked under Linux. This was done by NBMiner developers
Two days have passed since the NiceHash developers cracked the Nvidia LHR protection, as the NBMiner team also pleased their users with the same news. Only this time we are talking about software for Linux.
Thus, Nvidia’s protection completely fell for both Windows and Linux. Unfortunately, both programs are closed source, so it’s not clear what mechanisms the developers used to hack.
Whether the loss of Nvidia will affect the availability and prices of video cards is still difficult to say. At the moment, the cryptocurrency market continues to fall, but sooner or later it will turn around, and gamers may again face shortages and overpriced graphics cards.
Xiaomi has released a profitable set of security camera and smart door locksmart door lock
Xiaomi has introduced a new kit with an outdoor video surveillance camera and a smart door lock, which includes Mi Outdoor camera and Mi Smart Door Lock 1S.
The bundle is priced at around $237, which is a great deal as these devices cost $20 more individually.
Mi Smart Door Lock 1S supports 7 unlocking methods, including fingerprint, password, temporary password, Bluetooth, HomeKit, NFC or regular key unlock. Compared to the first generation, the new lock supports both the Mijia app and Apple HomeKit.
As for the rechargeable version of Xiaomi Outdoor Camera, this is Xiaomi’s first outdoor wireless camera. It has an independent design and can be installed without connecting the mains cable or power cable. It has a wide viewing angle of 130°, 1080p resolution and supports WDR technology.
In addition, the battery version of the Xiaomi Outdoor Camera offers night vision up to 7 meters and people detection function. It is IP65 rated and has a long battery life of up to 90 days.
“These are machines for sucking out personal data.” Prayer and mental health apps have poor security
Mental health apps have worse privacy protection than most other types of apps, according to a new analysis by Mozilla. We are talking about the entire category as a whole. In addition, things are also bad for prayer applications.
The vast majority of mental health and prayer apps are exceptionally creepy. They track a variety of data, share and capitalize on users’ most intimate personal thoughts and feelings, such as mood, mental state, and biometric data.
The team analyzed 32 mental health and prayer apps. Of these apps, 29 received a Privacy not included warning, indicating that the team is concerned about how the app manages user data.
These applications collect large amounts of personal data in accordance with vague privacy policies. Most applications have also been found to have poor security practices that allow users to create accounts with weak passwords. Considering how much personal information such programs can contain, this is a bad feature.
The list of the worst programs according to the specified criteria included Better Help, Youper, Woebot, Better Stop Suicide, Pray.com and Talkspace. In particular, the Woebot chatbot claims to collect information about users and shares this data for advertising purposes, and Talkspace collects transcripts of user chats.
They work like data-sucking machines with the look and feel of a mental health app. In other words: wolves in sheep’s clothing
A $250 smartphone with 10x optical zoom? In China, such a device will allegedly be released under the NZone brand.
In China, an inexpensive smartphone with a 10x optical zoom can. NZone S7 ProThe operator China Mobile under the NZone...
Apple wants to use E Ink screens in the iPhone and iPad. The company is testing similar displays as auxiliary displays for flexible models.
Apple may start using E Ink screens in its devices. Well-known analyst Ming-Chi Kuo spoke about this. Apple is testing...
A new era in the Windows mobile game console market. GPD has already received the Ryzen 7 6800U APU for the Win Max 2 console
With the release of Ryzen 6000 mobile processors, equipped with very powerful iGPUs, a new era of Windows handheld game...
Nvidia unexpectedly updated the drivers for the “abandoned” GeForce GTX 600 and GTX 700 (Kepler). Users are advised to install the update
Nvidia has stopped updating Game Ready drivers for the GeForce GTX 600 and GTX 700 (Kepler family) since version 470,...
Electric Cars6 days ago
Geely competes with Tesla and Rivian: the company will produce Radar electric pickups
Gaming7 days ago
Few people need PlayStaiton 5 without exclusives or is it just a shortage? Console sales plummeted
Electric Cars6 days ago
Europe is completely switching to electricity. European Union plans to register only electric vehicles from 2035
Components7 days ago
This is what photorealistic games can look like on Unreal Engine 5. Train station demo can run on GeForce RTX 2080