Android Security Update May 2016: What you need to know

The Android Security Update for May 2016 includes a number of critical issues. Jack Wallen has the highlights, and shows how to find out if your device is up to date.


DailyDirt: GMO, GMO, Wherefore Art Thou, GMO?

Genetically modifying animals and plants is a growing concern — with some people totally against the idea. And there are now a variety of biotech tools that make defining GMOs a bit less clear-cut for the general public. Taking a gene from a sea animal and putting into a pig sounds extremely unnatural, but does simply removing a gene sound as bad? Or what if farmers used traditional breeding techniques to get to a particular genetic end goal that was discovered by less “natural” genetic experimentation?

After you’ve finished checking out those links, take a look at our Daily Deals for cool gadgets and other awesome stuff.

Permalink | Comments | Email This Story

Remember, It Was A ‘Lawful Access’ Tool That Enabled iCloud Hacker To Download Celebrity Nudes

You may have heard, recently, that the guy who was apparently behind the celebrity nudes hacking scandal (sometimes called “Celebgate” in certain circles, and the much more terrible “The Fappening” in other circles) recently pled guilty to the hacks, admitting that he used phishing techniques to get passwords to their iCloud accounts. But… that’s not all that he apparently used. He also used “lawful access” technologies to help him grab everything he could once he got in.

We keep hearing from people who think that just “giving law enforcement only” access to encrypted data is something that’s easy to do. It’s not. Over and over again, security experts keep explaining that opening up a hole for law enforcement means opening up a hole for many others as well, including those with malicious intent. ACLU technologist Chris Soghoian reminds us of this by pointing to an earlier article about how the guy used a “lawful access” forensics tool designed for police to get access to such data (warning, link may ask ask you to pay and/or disable adblocker):

On the web forum Anon-IB, one of the most popular anonymous image boards for posting stolen nude selfies, hackers openly discuss using a piece of software called EPPB or Elcomsoft Phone Password Breaker to download their victims’ data from iCloud backups. That software is sold by Moscow-based forensics firm Elcomsoft and intended for government agency customers. In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud released on Github over the weekend, EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on And as of Tuesday, it was still being used to steal revealing photos and post them on Anon-IB’s forum.

Obviously, the situation with encryption on the iPhone is a bit different, but the same basic principle applies. Opening up a door is, by definition, opening up a vulnerability. And we should be very, very, very wary about opening up any kind of vulnerability. It’s tough enough to find and close vulnerabilities. Deliberately opening one can be catastrophic.

Permalink | Comments | Email This Story