Kassel, Germany

Time filter

Source Type

News Article | December 2, 2016
Site: www.techtimes.com

Apple's activation lock feature for iOS makes it difficult for thieves or anyone other than the owner to unlock an iPhone or an iPad, wipe all the data inside it and essentially repurpose it as a new device. It's difficult, yes, but still possible. Two bugs have recently been discovered that could potentially make it feasible for someone to circumvent Apple's activation lock security feature. One of the bugs affects iOS 10.1, and the other affects the latest version of Apple's operating system, iOS 10.1.1. The first of the two bugs was discovered by Hemanth Joseph, a security researcher in India. Joseph bought an unlocked iPad Air running iOS 10.1 from eBay for a friend last month but found out that the device was locked. Relatively new to iOS, Joseph scoured the internet for methods on how to unlock the iPad Air, to no avail. He booted up the device again and went through Apple's preliminary setup process until he got to the activation lock screen. Asked to choose a Wi-Fi network, Joseph tapped "other network." When it came to the name and the WPA2 enterprise key fields, he filled both with thousands of characters. He kept copying and pasting countless characters in the field until the device froze. To make sure the device was still responding, Joseph pressed the lock button, which took him back to the Welcome screen. Joseph continued to figure out how to purposely fail the setup process for him to end up on the home screen. Pressing the sleep/wake button clearly wasn't the right method, since doing so only restarted the setup wizard, but with the help of Apple's Smart Cover and precise timing, Joseph successfully landed on the iPad's home screen. Joseph uploaded the entire process on Google Drive. The other bug was discovered by Vulnerability Lab, a group of researchers who monitor possible vulnerabilities or exploits in popular manufacturer products. The group, like Joseph's handiwork, typed in a surfeit of characters on the setup fields and also used the smart cover trick. Both demonstrations have shown that the home screen appears only for a brief period before disappearing. But Benjamin Kunz-Mejri, founder of Vulnerability Labs, told Security Week that quickly pressing the sleep/wake button maintained access to the iPad's home screen. If Apple's activation lock feature continues to yield to these relatively simple methods of bypassing, then it's easy to imagine that individuals, even without any hacking experience, could potentially find ways to wipe the device clean and sell it anew. Even more alarming is that a user's personal information can now be more easily accessible. Personal information such as photos, contacts and conversations, among others, may fall into the wrong hands and spell disastrous results. Fortunately, the bug Joseph discovered has reportedly been fixed by Apple via an update last Nov. 16. The second bug, however, remains unfixed, but the impending arrival of iOS 10.2 should iron that out eventually. © 2017 Tech Times, All rights reserved. Do not reproduce without permission.


Raffa M.,University of Monastir | Atig F.,University of Monastir | Mhalla A.,Vulnerability Lab | Mhalla A.,University of Monastir | And 3 more authors.
BMC Psychiatry | Year: 2011

Background: The aim of this study was to determine glutathione levels and antioxidant enzyme activities in the drug-naive first-episode patients with schizophrenia in comparison with healthy control subjects.Methods: It was a case-controlled study carried on twenty-three patients (20 men and 3 women, mean age = 29.3 ± 7.5 years) recruited in their first-episode of schizophrenia and 40 healthy control subjects (36 men and 9 women, mean age = 29.6 ± 6.2 years). In patients, the blood samples were obtained prior to the initiation of neuroleptic treatments. Glutathione levels: total glutathione (GSHt), reduced glutathione (GSHr) and oxidized glutathione (GSSG) and antioxidant enzyme activities: superoxide dismutase (SOD), glutathione peroxidase (GPx), catalase (CAT) were determined by spectrophotometry.Results: GSHt and reduced GSHr were significantly lower in patients than in controls, whereas GSSG was significantly higher in patients. GPx activity was significantly higher in patients compared to control subjects. CAT activity was significantly lower in patients, whereas the SOD activity was comparable to that of controls.Conclusion: This is a report of decreased plasma levels of GSHt and GSHr, and impaired antioxidant enzyme activities in drug-naive first-episode patients with schizophrenia. The GSH deficit seems to be implicated in psychosis, and may be an important indirect biomarker of oxidative stress in schizophrenia early in the course of illness. Finally, our results provide support for further studies of the possible role of antioxidants as neuroprotective therapeutic strategies for schizophrenia from early stages. © 2011 Raffa et al; licensee BioMed Central Ltd.


Mechri A.,Vulnerability Lab | Mechri A.,University of Monastir | Kerkeni N.,Vulnerability Lab | Touati I.,Vulnerability Lab | And 2 more authors.
Journal of Affective Disorders | Year: 2011

Background: Recent studies have suggested that clinicians may under diagnose bipolarity in a substantial proportion of depressive patients, and proposed that affective temperaments particularly cyclothymic temperament (CT), may predict bipolarity in these patients. The objectives of this study were to assess CT in patients with recurrent depressive disorder (RDD) and to explore its associations with clinical predictors of bipolarity. Methods: 98 patients (43 men and 55 women, mean age = 46.8 ± 9.9 years), followed for RDD according to DSM-IV-TR criteria, were recruited. CT was assessed using the Tunisian version of the TEMPS cyclothymic subscale with the threshold score of 10/21. Results: The mean score of CT was 6.5 ± 5.2. One-third of patients (33.7%) had a CT score ≥ 10. These patients with high CT scores had significantly early age at onset of first depressive episode and high number of previous depressive episodes, and had more psychotic and melancholic features and suicidal ideations and attempts during the last depressive episode compared to patients with low CT scores. The multiple regression analysis showed an association between CT scores and psychotic, melancholic and atypical features and suicide attempts during the last depressive episode. Limitations: This is a cross-sectional study with a relatively small number of patients. The Tunisian version of the CT subscale was not yet validated. Conclusions: CT was associated with some clinical predictive factors of bipolarity. These results suggest the relevance of the CT screening in RDD, considering the change of polarity risk and misdiagnosis of unipolar depression. © 2011 Elsevier B.V. All rights reserved.


PubMed | University of Monastir and Vulnerability Lab
Type: | Journal: Annals of general psychiatry | Year: 2016

There have been many studies on psychiatric disorders, but very little is known about the biology of suicide with schizophrenia. In the present study, we are looking for a possible connection between altered lipid profile and suicidal behavior in schizophrenic Tunisian patients.Assay of total cholesterol (TC), high-density lipoprotein cholesterol (HDL-c), low-density lipoprotein cholesterol (LDL-c), and triglycerides (TG) has been done for 126 schizophrenic patients with and without suicide attempts and 131 healthy controlsrecruited in the University Hospital of Monastir.TC and LDL-c levels were significantly higher in schizophrenic patients compared to controls. TC was significantly lower in schizophrenic patients with suicide attempt compared to those without suicide attempt. Depending to the sonority of suicide attempt, TC was significantly lower in patients with recent suicide attempt compared to those with lifetime suicide attempt and without suicide attempt (Results of this study showed that TC levels in schizophrenic patients after a recent suicide attempt are significantly lower than in patients without suicide attempt and with lifetime suicide attempts. TC can be one of biological markers defined suicidal risk for schizophrenic patients.


PubMed | University of Monastir and Vulnerability Lab
Type: Comparative Study | Journal: Annales de cardiologie et d'angeiologie | Year: 2016

Smoking is one of the main risk factors for cardiovascular disease (CVD). The mechanism(s) of the effects of smoking on CVD are not clearly understood; however, a number of atherogenic characteristics, such as insulin resistance have been reported. We aim to investigate the effects of cigarette smoking on insulin resistance and to determine the correlation between this parameter with smoking status characteristics.This study was conducted on 138non-smokers and 162smokers aged respectively 35.616.0and 38.521.9years. All subjects are not diabetic.Fasting glucose was determined by enzymatic methods and insulin by chemiluminescence method. Insulin resistance (IR) was estimated using the Homeostasis Model of Assessment equation: HOMA-IR=[fasting insulin (mU/L)fasting glucose (mmol/L)]/22.5. IR was defined as the upper quartile of HOMA-IR. Values above 2.5were taken as abnormal and reflect insulin resistance.Compared to non-smokers, smokers had significantly higher levels of fasting glucose, fasting insulin and HOMA-IR index. These associations remained significant after adjustment for confounding factors (age, gender, BMI and alcohol consumption). A statistically significant association was noted between the smoking status parameters, including both the number of cigarettes smoked/day and the duration of smoking, and fasting insulin levels as well for HOMA-IR index. Among smokers, we noted a positive correlation between HOMA-IR index and both plasma thiocyanates and urinary cotinine.Our results show that smokers have a high risk to developing an insulin resistance and hyperinsulinemia, compared with a matched group of non-smokers, and may help to explain the high risk of cardiovascular diseases in smokers.


Mechri A.,Vulnerability Lab | Gassab L.,Vulnerability Lab | Slama H.,Vulnerability Lab | Gaha L.,Vulnerability Lab | And 2 more authors.
Psychiatry Research | Year: 2010

The objectives were to determine the neurological soft signs (NSS) scores in unaffected siblings of patients with schizophrenia compared with healthy controls and to examine their relationships with schizotypal dimensions. Participants comprised 31 unaffected siblings of patients with schizophrenia and 60 healthy controls matched according to age, gender and school level who were assessed by the Schizotypal Personality Questionnaire (SPQ) and the Krebs et al. NSS Scale. Higher NSS total scores and sub-scores were found in the unaffected siblings compared with the controls. The SPQ total score was significantly higher in unaffected siblings compared with control subjects. The NSS total score was positively correlated with the SPQ total score and the SPQ disorganization sub-score in unaffected siblings of patients with schizophrenia. Additionally, in unaffected siblings, motor coordination and integration abnormalities were positively correlated with the SPQ total score and the cognitive-perceptual sub-score. Motor integration abnormalities were also correlated with the SPQ disorganization sub-score. These results reveal that NSS, especially motor signs, are associated with some schizotypal dimensions in siblings of patients with schizophrenia, suggesting the value of using both assessments to study high risk populations. © 2008 Elsevier Ireland Ltd. All rights reserved.


PubMed | Vulnerability Lab
Type: | Journal: Psychiatry research | Year: 2016

Neurological Soft Signs (NSS) are endophenotypic markers widely studied in schizophrenia and remain poorly evaluated in bipolar disorder. The aims of this paper were to determine the prevalence and scores of NSS in bipolar I patients, compared to healthy siblings and controls and to explore correlations with socio-demographic and clinical features of patients. This was a case-control study comparing 92 euthymic bipolar I patients, 44 of their healthy siblings and 60 control subjects. The neurological assessment was performed through the NSS scale validated by Krebs et al. (2000). Bipolar I patients were also assessed with the Bech-Rafaelsen Mania Scale (MAS), the Hamilton Depression Rating Scale (HDRS) and the Global Assessment of Functioning (GAF). The raters were not blinded to groups. The prevalence and the total score of NSS were significantly higher in bipolar I patients compared to their healthy siblings and controls. The sibling group had significantly higher NSS prevalence and total score than controls. No correlation was found between NSS total score and socio-demographic and clinical features of patients, except a negative correlation with the school level and the GAF score. In conclusion, bipolar I patients have motor and sensory signs, which are unrelated to their clinical features.


News Article | February 25, 2013
Site: venturebeat.com

The iOS 6.1 lockscreen hack from earlier this month isn’t the only security vulnerability in Apple’s latest mobile OS. Benjamin Kunz Mejri, the chief executive of the security firm Vulnerability Lab, detailed yet another iOS 6.1 hack last week in the Full Disclosure mailing list. The hack enables attackers bypass your iPhone’s lockscreen password, giving them access to your phone’s contacts, photos, voicemails, and more. Judging from Mejri’s description, the new hack seems related to the earlier iOS 6.1 lockscreen exploit. Both involve using the iPhone’s emergency call function, cancelling it immediately, and then trying to make a screenshot. But the newer attack takes advantage of a slightly different method to make the iPhone vulnerable (basically, pressing the power, home, and emergency call buttons all at once). Apple acknowledged the previous iOS 6.1 security flaw and quickly issued a fix to developers with the second iOS 6.1.3 beta. That update hasn’t yet trickled down to iPhone owners, and it’s unclear if it also fixes Mejri’s exploit. Here’s how Mejri describes the exploit in his e-mail to Full Disclosure: The vulnerability is located in the main login module of the mobile iOS device (iphone or ipad) when processing to use the screenshot function in combination with the emegerncy call and power (standby) button. The vulnerability allows the local attacker to bypass the code lock in iTunes and via USB when a black screen bug occurs. The vulnerability can be exploited by local attackers with physical device access without privileged iOS account or required user interaction. Successful exploitation of the vulnerability results in unauthorized device access and information disclosure. Check out a video of the exploit below:


News Article | June 22, 2015
Site: www.zdnet.com

EBay has patched three serious security vulnerabilities recently discovered within the firm's e-commerce system Magento, the heart of the eBay platform. Revealed late last week by security researcher Hadji Samir from Vulnerability Lab, three vulnerabilities, now patched, were found within the Magento open-source e-commerce platform, now fully owned and used by eBay to support online shopping and transactions. The researcher posted the Magento security advisories on Full Disclosure and Vulnerability Lab. The researcher's advisories reveal the vulnerabilities ranked as "medium" flaws. The first, a client-side Cross-Site Request Forgery (CSRF) flaw, was discovered within the official Magento Commerce Premium Theme front-end web application. The XSS vulnerability allows remote attackers to inject scripts into the application-side of the online service module, which in turn allows hackers to conduct "client-side account theft by hijacking, client-side phishing, client-side external redirects and the non-persistent manipulation of affected or connected service modules," according to Samir. The second vulnerability relates to input validation, and can be exploited by hackers with low privilege user accounts on the application side. The third security issue, a client-side CSRF vulnerability, was found within the Magento application's messages module. Remote attackers with low privilege user accounts are able to delete the internal Magento messages of other users without consent, and man-in-the-middle (MITM) attacks can be launched to intercept user sessions and delete existing messages. According to Samir, this vulnerability was disclosed "some years ago." The vulnerabilities were submitted to the eBay security team through the company's Bug Bounty program in March. EBay's team responded in the following month and a patch was issued to fix the security flaws in May.

Loading Vulnerability Lab collaborators
Loading Vulnerability Lab collaborators