A public proof-of-concept (PoC) exploit has been released for the Microsoft Azure Active Directory credentials brute-forcing flaw discovered by Secureworks and first reported by Ars. The exploit enables anyone to perform both username enumeration and password brute-forcing on vulnerable Azure servers. Although Microsoft had initially called the Autologon mechanism a "design" choice, it appears, the company is now working on a solution.
PoC script released on GitHub
Yesterday, a "password spraying" PoC exploit was published for the Azure Active Directory brute-forcing flaw on GitHub. The PowerShell script, just a little over 100 lines of code, is heavily based on previous work by Dr. Nestori Syynimaa, senior principal security researcher at Secureworks.
According to Secureworks' Counter Threat Unit (CTU), exploiting the flaw, as in confirming users' passwords via brute-forcing, is quite easy, as demonstrated by the PoC. But, organizations that use Conditional Access policies and multi-factor authentication (MFA) may benefit from blocking access to services via username/password authentication. "So, even when the threat actor is able to get [a] user's password, they may not be [able to] use it to access the organisation's data," Syynimaa told Ars in an email interview.
In einem zweiten Anlauf soll ein geänderter Bußgeldkatalog in Kraft treten. Höhere Bußgelder drohen auch auf Carsharing-Parkplätzen. (Elektroauto, RFID)
In einem zweiten Anlauf soll ein geänderter Bußgeldkatalog in Kraft treten. Höhere Bußgelder drohen auch auf Carsharing-Parkplätzen. (Elektroauto, RFID)
Bisher haben nur 10 Prozent der Haushalte in dem Bundesland FTTH. Flächendeckende gigabitfähige Infrastrukturen soll es statt 2025 aber erst 2030 geben. (Deutsche Glasfaser, Glasfaser)
Bisher haben nur 10 Prozent der Haushalte in dem Bundesland FTTH. Flächendeckende gigabitfähige Infrastrukturen soll es statt 2025 aber erst 2030 geben. (Deutsche Glasfaser, Glasfaser)
Die zeilenweise Aktualisierung von Bildschirmen erleben Nutzer täglich bei vielen Geräten – dass sie beim iPad Mini so auffällig ist, liegt an der Konstruktion. Von Tobias Költzsch (iPad Mini, Apple)
Die zeilenweise Aktualisierung von Bildschirmen erleben Nutzer täglich bei vielen Geräten - dass sie beim iPad Mini so auffällig ist, liegt an der Konstruktion. Von Tobias Költzsch (iPad Mini, Apple)
Die Ampere-Grafikkarte nutzt einen Triple-Slot-Kühler von Asus und zwei fast spaltlose Lüfter von Noctua in den typischen Farben. (Noctua, Grafikhardware)
Die Ampere-Grafikkarte nutzt einen Triple-Slot-Kühler von Asus und zwei fast spaltlose Lüfter von Noctua in den typischen Farben. (Noctua, Grafikhardware)
At first glance, you could easily mistake the Fairphone 4 for any modern mid-range Android smartphone. It has a 6.3 inch LCD display, a Qualcomm Snapdragon 750G processor, up to 8GB of RAM and 256GB of storage and a microSD card reader, but no headphone jack.
But unlike most phones, the Fairphone 4 is designed to last a long time.
It has a modular, repairable design that means not only can you remove and replace its battery, but also the speaker and camera modules, among other things.
At first glance, you could easily mistake the Fairphone 4 for any modern mid-range Android smartphone. It has a 6.3 inch LCD display, a Qualcomm Snapdragon 750G processor, up to 8GB of RAM and 256GB of storage and a microSD card reader, but no headphone jack.
But unlike most phones, the Fairphone 4 is designed to last a long time. It comes with a 5-year warranty, and Fairphone plans to continue offering software updates through at least the end of 2025, if not longer.
It has a modular, repairable design that means not only can you remove and replace its battery, but also the speaker and camera modules, among other things. So if part of the phone breaks down, you can replace it. And the company may even offer upgrade modules at some point (it’s happened before).
At a time when some Android phone makers are finally starting to deliver software updates for as long as five years, Fairphone is offering a 5-year hardware warranty. Like I said, this phone is meant to last.
Of course, most phone makers have some incentive to make phones that last so long: they want to sell you new models every few years. But Fairphone is unusual in that it’s a “social enterprise” rather than a standard company, which means that while the company aims to make a profit, that’s not Fairphone’s only consideration.
Fairphone’s story
The company’s first phone was designed to be made from ethically-sourced materials that didn’t come from conflict zones, and starting with the Fairphone 2, the company has also focused on sustainability by emphasizing modular, repairable designs for its products.
The Fairphone 3, which launched two years ago, is a mid-range phone with a Qualcomm Snapdragon 632 processor, 4GB of RAM, 64GB of storage, and a repairable design that allows you to pick up a spare screen, battery, camera, or other components from the Fairphone website to perform your own repairs.
Last year the company introduced the Fairphone 3+ which is basically the same phone, but with an upgraded camera. It’s a small upgrade and certainly not worth buying a whole new phone for… but if you already have a Fairphone 3 you can effectively turn it into a Fairphone 3+ by purchasing just the new camera module.
Fairphone also has a history of providing long-term software updates… sometimes even for phones with hardware that has been abandoned by other device makers. The Fairphone 2, for example, may be the only smartphone with a Qualcomm Snapdragon 801 to receive an official Android 9 update from its manufacturer. Qualcomm never officially supported Android 9 for that processor, but the Fairphone team released a custom build of Android based on the open source LineageOS to make it happen.
Fairphone’s devices also have unlocked bootloaders for folks that want to try their hands at installing custom ROMS or even mobile Linux distributions like Ubuntu Touch.
If there’s one down side to Fairphone’s previous phones though, it’s availability – the phones are only sold in Europe and have limited support for cellular networks outside of that region.
Fairphone 4
The Fairphone 4 is a brand new device, so there’s no way to upgrade an earlier model to turn it into a version of the company’s 4th-gen smartphone. But like the company’s previous models, it’s designed to be repairable and potentially upgradeable.
As part of its emphasis on sustainability, Fairphone is promising that purchases of a Fairphone 4 will be “electronic waste neutral.” The company says it will do that “by responsibly recycling one phone (or an equal amount of small electronic waste) for every Fairphone 4 sold.” Customers can also send in their own old phones to Fairphone to have them refurbished.
And the company is continuing its use of ethically-sourced materials, now using gold, aluminum, and tungsten from fair trade certified vendors and recycled tin, plastic, and rare earth minerals. The back cover of the Fairphone 4 is made entirely from 100% post-consumer recycled polycarbonate. That’s not to say that every material used in the phone comes from sources that pay living wages and meet other conditions necessary to meet the company’s standards for sustainable and “ethically-sourced” materials, but Fairphone says it’s getting closer.
The Fairphone 4 will ship with Android 11 at launch, but Fairphone is promising guaranteed software updates through the end of 2025, the company plans to offer Android 12 and Android 13 updates in the future. The company is also hoping to be able to continue supporting the phone even after that, with Android 14 and 15 updates coming by the end of 2027, but right now that’s an ambition rather than a promise.
The Fairphone 4 is up for pre-order in Europe starting today for €579 (~$670) and up, and it’s set to begin shipping October 25, 2021. Unfortunately, like the company’s previous phones, there appear to be no plans to make a model for North America.
Here’s a roundup of the phone’s key specs:
Fairphone 4 specs
Display
6.3 inch, 2340 x 1080 pixels
IPS LCD
410 ppi
Corning Gorilla Glass 5
Processor
Qualcomm Snapdragon 750G
RAM
6GB or 8GB
Storage
128GB or 256GB
microSDXC (up to 1TB)
Cameras (rear)
48MP primary
48MP wide-angle (120 degree)
Camera (front)
25MP with autofocus and HDR support
Battery
3,905 mAh
Ports
USB Type-C
Wireless
WiFi 5
Bluetooth 5.1
NFC
GPS
5G
Dual SIM (nano SIM and eSIM)
Gespeicherte Bilder aus dem Nachrichten-Chat verschwinden unter iOS 15, wenn die dazugehörige Konversation gelöscht und ein Backup angefertigt wird. (Apple, iPhone)
Gespeicherte Bilder aus dem Nachrichten-Chat verschwinden unter iOS 15, wenn die dazugehörige Konversation gelöscht und ein Backup angefertigt wird. (Apple, iPhone)
In einem zweiten Anlauf soll ein geänderter Bußgeldkatalog in Kraft treten. Höhere Bußgelder drohen auch auf Carsharing-Parkplätzen. (
Bisher haben nur 10 Prozent der Haushalte in dem Bundesland FTTH. Flächendeckende gigabitfähige Infrastrukturen soll es statt 2025 aber erst 2030 geben. (
Die zeilenweise Aktualisierung von Bildschirmen erleben Nutzer täglich bei vielen Geräten - dass sie beim iPad Mini so auffällig ist, liegt an der Konstruktion. Von Tobias Költzsch (
Die Ampere-Grafikkarte nutzt einen Triple-Slot-Kühler von Asus und zwei fast spaltlose Lüfter von Noctua in den typischen Farben. (
Google verteilt ein bislang nur in den USA verfügbares Feature weltweit und zeigt in Google Maps künftig Waldbrände an. (
Gespeicherte Bilder aus dem Nachrichten-Chat verschwinden unter iOS 15, wenn die dazugehörige Konversation gelöscht und ein Backup angefertigt wird. (
Die ANC-Stöpsel von Technics unterstützen zwei parallele Bluetooth-Verbindungen - eine Ausnahme in dieser Geräteklasse. (
You must be logged in to post a comment.