ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Week 05: System and User Enumeration

Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext

by Leave a Comment

https://thehackernews.com/2017/09/macos-high-sierra-keychain.html

Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext

This article talks about the following: Apple rolled out a new version of its macOS operation system and a few hours before a hack publicly disclosed the details of critical vulnerability that affects Sierra as well as all earlier versions of macOS, Patrick Wardle the hacker found a critical zero-day vulnerability in macOS that allows any installed application to steal usernames and plaintext password of online accounts stored in the macOS Keychain, macOS Keychain is a build-in password management system that allows users to securely store username and passwords for online application, servers, websites, and credit card information, there is a flaw where malicious non-privileged code in app could programmatically access the Keychain and dump all this data including your plain text passwords, finally Patrick Wardle has release a proof of concept video that demonstrated how the hack can be used to exhilarate every single plaintext password from Keychain.

If you interested on the video -> https://vimeo.com/235313957

Behind-the-Scenes Cryptocurrency Mining Discovered on Showtime Sites

by 1 Comment

https://www.technewsworld.com/story/84838.html

Behind-the-Scenes Cryptocurrency Mining Discovered on Showtime Sites

This article talks about the following: Showtime is a premium television network that operates under CBS, Showtime networks has mined the websites of online viewers using the same Coinhive technology that the pirate bay recently used in test run site, Coinhive JavaScript miner was being used to hijack the CPU of site visitors, Showtime was mining the emerging cryptocurrency Monero, it is unclear whether ShowTime was aware or involved in planting the Coinhive mining technology into its source code, in addition source code found on the site appeared to be lined to the web analytics firm New Relic, the JavaScript miner targets compromised websites and uses social engineering to lures and make users pay for illegitimate tech support, cryptocurrencies like Bitcoin, Monero, and LiteCoin are operating in a kind of wild west environment where the rules are still not quite settled, and finally companies like Showtime and Pirate Bay are seeing what they can get away with.

It will be interesting to see how things unfold in the future. Most importantly, what the future holds for cryptocurrencies, will they continue to go up? Also, once they do will they be regulated by the government? Finally, will cryptocurrencies start to compete with the big banks?