Twitch security breach, Jailbroken iPhone, Unauthorized certificates issued for several Google domains, and more.

Here are some news that you missed about Twitch, iPhone, and Google domains.

Twitch has been breached. That’s the nice way of saying Twitch was hacked, well nothing is nice when your security is broken.

“The team behind the Twitch streaming service is announcing that it has detected an unauthorized access attempt to some account information associated with its users and that it has decided to take the relatively radical measure of forcing all those who are using the site to change the passwords on their accounts in order to make sure that their data is secure.

All accounts have also been disconnected from both Twitter and YouTube and the company is also saying that all those who use their passwords for other accounts should change it everywhere.”

continue reading it here.

Jailbroken iPhones Unlocked with software brute-force tool 14 hours. No hardware device needed, PINs entered every 5 seconds using the TransLock is a bruteforce utility for iOS 4-digit passcode. TransLock utility is ready to run on a jailbroken device.

And yes there is a Apple iOS Hardware Assisted Screenlock bruteforce called IP Box, you can read that story here.

“A software-based method has been developed for learning the security passcode for iPhone devices that are jailbroken, allowing an individual to unlock them in a maximum of 14 hours.

Depending on the defined code, the time required for learning the protective 4 digits can be lower than this, though.”

continue reading it here.

Unauthorized Certificates Issued for Several Google Domains.

“Abundant trust in an intermediate certificate authority caused certs for several Google domains, trusted by almost all operating systems and web browsers, to be issued without authorization.

It is likely that other fraudulent TLS certificates for other websites also exist, causing the risk of being misused for impersonation and thus decrypting secure communication between a client and the server through a man-in-the-middle (MitM) attack.”

continue reading it here.

This is the most interesting story today. Air-gapped computers can communicate through heat.

“Researchers at the Ben Gurion University in Israel have demonstrated that two computers in close proximity to each other can communicate using heat emissions and built-in thermal sensors.

In an experimental scenario involving two devices placed at up to 15 inches from each other, researchers have managed to transmit up to 8 bits of data per hour, which is enough for exfiltrating sensitive data such as passwords and secret keys, and for sending commands. This novel attack method has been dubbed BitWhisper.

It is not uncommon for organizations that handle highly sensitive information to isolate certain computers in order to protect valuable assets. Air-gap security is often used for industrial control systems (ICS) and military networks. However, as it has been demonstrated before, such as in the case of the notorious Stuxnet worm which targeted Iranian nuclear facilities, air-gap security can be breached.”

continue reading it here.