In-app purchases flaw exposes developers to costly hacks

By

appstore

Photo: PhotoAtelier/Flickr

Sloppy coding in some popular iOS games allows hackers to give themselves and others thousands of dollars’ worth of in-app purchases for free.

The hole was discovered by developers at DigiDNA, creator of a backup tool called iMazing that allows iPhone and iPad users to access their devices’ hidden file systems. The developers found that the app backup/restore feature in iMazing 1.3 exposes weaknesses in the way games like Angry Birds 2 and Tetris Free handle in-app purchases.

To demonstrate how easy it is to hack in-app purchases using this method, the DigiDNA team tweaked Angry Birds 2 to start the game with 999,999,999 gems — the equivalent of $10,000 of in-game credits.

Serious OS X vulnerability isn’t fixed after all

By

Tim Cook addresses the White House Summit on Cybersecurity and Consumer Protection. Photo: White House
Tim Cook addresses the White House Summit on Cybersecurity and Consumer Protection. Photo: White House

A significant security flaw affecting OS X Yosemite hasn’t been fixed as previously thought, according to a former NSA staffer.

The flaw, known as Rootpipe, is said to have existed since 2011, and could allow an attacker to gain full control of another user’s Mac without requiring authentication.

Why you really want to update iOS now (it’s not emojis)

By

Artist's impression of the people potentially behind iOS vulnerability. Photo: Hackers, United Artists
Artist's impression of the people potentially behind iOS vulnerability. Photo: Hackers, United Artists

With reports that it can break elements of Touch ID, there are plenty of reasons to consider not upgrading to iOS 8.3, the latest version of Apple’s mobile OS.

But here’s a very good reason to: according to security researchers, the update fixes a vulnerability which has the potential to render your iPhone almost useless.

1Password Proves It Can Stand Up To Password Crackers

By

1Password goes head-to-head with password cracker and shows why complex passwords are important.
1Password goes head-to-head with a password cracker and shows why complex passwords are important.

 

1Password by AgileBits is a an incredible tool for keeping your data safe. More than just a password manager, 1Password allows you to encrypt and organize a wide range of data (website passwords, non-web digital accounts, credit/debit card numbers and financial account details, software licenses, and files containing confidential information.

Those features are all well and good, but the biggest feature is 1Password’s ability to keep all that data secure in the face of brute force attacks – the kind of attacks where a piece of software simply tries combination after combination of possible passwords. Password cracking software that rely on such attacks can easily try thousands of potential passwords each second.

To find out whether or not 1Password can withstand such attacks, AgileBits tested one 1Password against John the Ripper, one of the most well-known password cracking tools.