Monday, August 8, 2011

A 10 years girl discovered a vulnerability in Mvila game

Defcon, the hacker security conference benevolent, non-profit making havoc, held in Las Vegas, has had an unprecedented speaker. This is a 10 year old girl, whose alias CyFi, who has discovered a vulnerability in mobile games with IOS and Android operating systems. Independent researchers have confirmed the veracity of the finding.

At Cnet, CyFi ensures that the discovered because he was bored of slow games where farms have to wait for the seed to grow. It was hard, he says, progress in these games because it was too long to wait for them to grow crops. Entoces thought to alter time. Benefiting from planting corn may take 10 hours.

He thought a solution was to force the clock in the phone or tablet and in this inquiry was when he discovered a vulnerability that allowed it. CyFi not given the names of the games involved. She found these systems to prevent manipulation but also discovered shortcuts obvious as turning off the wifi phone.

The session was held in the framework of the conference for the first time has opened a section for children, DefCon Kids, on the evidence of the hacker community is getting younger. One company, AllCrealID offers prizes in this section. Hacking by deception in the same conference, but with adult players, we performed an experiment to demonstrate the vulnerability of large companies due to the lack of information on computer security for their employees.

According to Reuters, the test proved how ridiculously easy it was to deceive employees of a company to provide information that compromised the security of their computers. In one case, he persuaded an employee to give information on configuring your computer, which can help you choose the most appropriate program for malicious intrusion.

This mechanism is even a name: social engineering. The famous former hacker Kevin Mitnick, for example, considered one of the main weapons for the assault computer. It tries to trick an employee to provide important data on the computer system. A classic example is to call a secretary on behalf of computer equipment course of the company, explaining that it is proceeding to change the passwords to enhance security system and ask your boss for this alleged purpose.

With incredible ease obtain the information sought. Among the companies that were tested include Oracle, Apple, AT & T Delta Air Lines, Symantec and Verizon.

No comments:

Post a Comment