Apple's New MacBook Disconnects Microphone "Physically" When Lid is Closed

Posted by on
 October 31, 2018  Mohit Kumar Apple introduces a new privacy feature for all new MacBooks that "at some extent" will prevent hackers and malicious applications from eavesdropping on your conversations. Apple's custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook's built-in microphone whenever the user closes the lid, the company revealed yesterday at its event at the Brooklyn Academy of Music in New York. Though the new T2 chip is already present in the 2018 MacBook Pro models launched earlier this year, this new feature got unveiled when Apple launched the new Retina MacBook Air and published a full security guide for T2 Chip yesterday. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,...

Hacker News was hacked? Characters Vulnerability found

Posted by on
Today I discovered an interesting vulnerability in the Ycombinator’s Hacker News website.
For those of you who don’t know what’s all about this website, below I added a short description of it:
Hacker News is a social news website focusing on computer science and entrepreneurship. It is run by Paul Graham’s investment fund and startup incubator, Y Combinator. In general, content that can be submitted is defined as “anything that gratifies one’s intellectual curiosity”.
So, if you know Digg and Reddit, you know how the Hacker News works. It’s a community driven website. One with useful information and 0 ads. Now let’s talk about the hack that I discovered.
In the images below you will see exactly what I saw at the first:
hacker-news-hacked-1
hacker-news-hacked-2
hacker-news-hacked-3
hacker-news-hacked-4
So I was thinking, wow, Hacker News was hacked. Nice :) , but after three more seconds I saw the “Security” page in the footer and I decided to do a good thing. I reported the incident to the Hacker News security team. But while I was writing the email, I thought that I am reporting a vulnerability and I don’t know if the problem is real, I was thinking that maibe it’s a Firefox Bug. I opened Chrome and those characters were still there. So yes, this was a real vulnerability that I discovered, and no, it wasn’t Mozilla (sorry for blaming you from the first).
I am a programmer and I have Firebug installed on my web browser. For those of you that don’t know what Firebug is, please follow this link: http://getfirebug.com/
I opened Firebug and I removed the entire body content. Interesting fact was that the characters disappeared. So the vulnerability was coming from one of the articles. I removed articles html blocks one by one until I found the article that profited from Hacker News’s vulnerability. This was the article:
hacker-news-hacked-5
It was a simple HN internal question. At least, that’s what I was thinking. Once I entered it, I found this:
hacker-news-hacked-6
You can see that some users posted comments regarding the strange characters that appeared, but they haven’t thought about the vulnerability.
I have sent an email to the Hacker News Security team an hour ago, but the article wasn’t removed.
hacker-news-hacked-7
Maybe I’m not such an influencer, that’s why I haven’t received an email response, so I decied to post the article url here, so you can see the vulnerability by yourself. The article url is: https://news.ycombinator.com/item?id=11391980
Also, the characters that the attacker used are:









ส้้้้้้้้้้้้้้้้้้้้ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็ส้้้้้้้้้้้้้้้้้้้้ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็ส้้้้้้้้้้้้้้้้้้้้ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็ส้้้้้้้้้้้้้้้้้้้้ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็ส้้้้้้้้้้้้้้้้้้้้ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็ส้้้้้้้้้้้้้้้้้้้้ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็ส้้้้้้้้้้้้้้้้้้้้ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็ส้้้้้้้้้้้้้้้้้้้้ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็
I’m waiting for your opinions. This is an interesting topic. Why I’m posting the characters too? Because everybody should see them and be able to protect against them, I’m sure that not only the Hacker News website is vulnerable to this characters. Have anyone thought about Reddit? or even other top 10 websites..
I’m sure that lots of websites are vulnerable to this characters. They will break your website design for sure. I wrote the article and posted the characters, they also messed up the design on my blog. Please inspect the code above the characters and you’ll see how I fixed the design. But what will happen when the characters are used in the title? You know the answer, look at the Hacker News website how it looks.