A small bug has been detected that allows hackers to run some javascript code in the background that could potentially uncover sensitive information about user and their facebook friends. The javascript code runs with various combinations of search queries that the hacker can decide on beforehand. Through these queries, the hacker can learn what pages a user has liked, the locations of photos that you’ve uploaded or been tagged in, whether you have islamic friends, whether you’ve posted anything on a timeline with certain keywords, and so on. What kind of damage could this do? Probably quite a lot of the keyword searches turn up any incriminating posts that could be used to blackmail a person.

https://thehackernews.com/2018/11/facebook-vulnerability-hack.html

There was a hacking competition held in Tokyo where hacker teams from around the word were encouraged to attempt to hack into wifi-connected mobile devices, such as the iPhone X, Samsung Galaxy s9, and Xiaomi Mi6. Every single device was hacked by at least one of the teams. For the iPhone X, a team was able to gain access to the phone through a Just in Time (JIT) attack, and ended up stealing a recently deleted photo on the phone. For the Samsung, a team exploited a memory heap overflow vulnerability. Many exploitations that I’ve read about involve exploiting the heap part of memory and either causing an overflow or a seg fault. Competitions like this are a great way for companies to gain awareness about the kinds of vulnerabilities faced by their devices.

https://thehackernews.com/2018/11/mobile-hacking-exploits.html

I guess there really are people out there who try really hard to find bugs in new software updates that come out for the iPhone and other major devices. Basically, the articles discusses how a hacker, within months of the new iOS software update’s release, figured out how someone could hack into a locked iPhone. I don’t really feel like this should make Apple look bad, though, and I don’t think there will be any repercussions for them. One of the first things you learn in computer science classes is that it’s impossible to make bug free code. There will always be edge cases where something unexpected or unintended will happen. So, should we celebrate people that try to find these bugs? Is it even worth it for Apple to spend the money to patch these bugs? There will always be more to be found.

https://thehackernews.com/2018/10/iphone-lock-passcode-bypass.html

This is not only hilarious, but pretty concerning. Would someone who has never used a computer understand the damage that a simple phishing attack can do to an organization, let alone a government? Probably not. This reminds me of a CEO that doesn’t have a grasp of the kinds of cyber threats facing her company. If Japan’s head of cybersecurity has never used a company, he won’t even be able to understand the executive summaries that we write for our assignments in this class. Pretty alarming. Moreover, while some can claim that as long as he is good at operating the organization, he will do a good job. However, if he doesn’t even know what metrics to look for, how can he judge the success of Japan’s cybersecurity measures? My guess is that he can’t and will be replaced at the first sign of trouble.

https://gizmodo.com/japans-new-head-of-cybersecurity-has-never-used-a-compu-1830460831