Posts Tagged ‘vulnerability’

Netflix, Foursquare, and LinkedIn Android apps expose your password

June 10th, 2011 jedwan

Here’s a little tip for app developers: encrypt everything , especially passwords. Security firm viaForensics fed some popular iPhone and Android apps through its appWatchdog tool and found that Netflix, LinkedIn, and Foursquare all stored account passwords unencrypted. Since the results were first published on the 6th, Foursquare has updated its app to obscure users’ passwords, but other data (such as search history) is still vulnerable. While those three were the worst offenders, other apps also earned a big fat “fail,” such as the iOS edition of Square which stores signatures, transaction amounts, and the last four digits of credit card numbers unencrypted. Most of this data would take some effort to steal, but it’s not impossible for a bunch of ne’er-do-wells to create a piece malware that can harvest it. Let’s just hope Netflix and LinkedIn patch this hole quickly — last thing we need is someone discovering our secret obsession with Meg Ryan movies. Netflix, Foursquare, and LinkedIn Android apps expose your password originally appeared on Engadget on Thu, 09 Jun 2011 19:38:00 EST. Please see our terms for use of feeds . Permalink

Posted in engadget Tags: , , , , , , , , , , No Comments »

HTC Surround users getting NoDo, Samsung Omnia 7 and Focus owners sticking to scissors and glue

May 4th, 2011 jedwan

Despite Microsoft overcoming some initial hurdles with NoDo’s rollout, its latest round of updates suggest Windows Phone is taking one step forward (and two steps back) with delivering copy / paste functionality to everyone. As encouragement, the company began delivering NoDo for HTC’s Surround today — which we’re really hoping doesn’t necessitate a follow-up story. Meanwhile, rollouts to Samsung’s Omnia 7 are on hold due to technical issues, and some Focus owners aren’t receiving the update properly, supposedly due to different supplies of flash memory. In both cases, MS insists it’s working on a solution. Lastly — just when you’d thought we’d covered all the Windows Phone news fit to publish — Microsoft is releasing an important security update which corrects digital certificates that may be used to spoof provider content. Let’s just hope the vulnerability can be fixed without that much fanfare. HTC Surround users getting NoDo, Samsung Omnia 7 and Focus owners sticking to scissors and glue originally appeared on Engadget Mobile on Wed, 04 May 2011 00:23:00 EST. Please see our terms for use of feeds . Permalink

Posted in engadget, htc Tags: , , , , , , , , , , , No Comments »

Skype acknowledges Android privacy vulnerability, says it’s ‘working quickly’ on a fix

April 16th, 2011 jedwan

The results were certainly tough to deny, and now Skype has come forward and acknowledged that there is indeed a rather serious vulnerability in Skype for Android that could let malicious third-party applications access your personal information. Unfortunately, it’s not offering much else in the way of help just yet, with it saying only that it is “working quickly” to protect folks from the vulnerability, and that they should simply be cautious of third-party apps in the meantime. Skype acknowledges Android privacy vulnerability, says it’s ‘working quickly’ on a fix originally appeared on Engadget on Fri, 15 Apr 2011 15:39:00 EST. Please see our terms for use of feeds . Permalink

Posted in engadget Tags: , , , , , , , , , , No Comments »

Skype for Android vulnerable to hack that compromises personal info

April 15th, 2011 jedwan

If you didn’t already have enough potential app privacy leaks to worry about, here’s one more — Android Police discovered that that Skype’s Android client leaves your personal data wide open to assault. The publication reports that the app has SQLite3 databases where all your info and chat logs are stored, and that Skype forgot to encrypt the files or enforce permissions, which seems to be a decision akin to leaving keys hanging out of the door. Basically, that means a rogue app could grab all your data and phone home — an app much like Skypwned. That’s a test program Android Police built to prove the vulnerability exists, and boy, oh boy does it work — despite only asking for basic Android storage and phone permissions, it instantly displayed our full name, phone number, email addresses and a list of all our contacts without requiring so much as a username to figure it out. Android Police says Skype is investigating the issue now, but if you want to give the VoIP company an extra little push we’re sure it couldn’t hurt. Skype for Android vulnerable to hack that compromises personal info originally appeared on Engadget on Thu, 14 Apr 2011 22:02:00 EST. Please see our terms for use of feeds . Permalink

Posted in engadget Tags: , , , , , , , , , No Comments »

GSM Cell Phone Encryption is Cracked – Interception of Cell Calls …

December 30th, 2009 admin

In 2004, a similar vulnerability (in A5/2, a different algorithm) caused cell phone companies to replace base stations in 3 continents to remediate the problem and took over 18 months to complete. Assuming the same action is taken, …

Posted in att, Cell Phone, LG Tags: , , , , , , , , , No Comments »

Verizon Wireless Rolls Out New Phone And Painful Pricing Scheme …

September 8th, 2009 admin

Samsung’s TouchWiz-toting touch phone — the Rogue — went on sale today with Verizon Wireless . This feature-laden phone only costs about $100, but it is the first feature phone (non-smartphone) to require a minimum monthly data plan …

Posted in att, LG, Wireless Phone Tags: , , , , , , , , , , No Comments »

SMS vulnerability on iPhone to be revealed today, still isn’t patched

July 30th, 2009 jedwan

Filed under: Software , Apple , iPhone OS Remember that alleged SMS-based security hole on the iPhone allowing evil-doers to execute arbitrary code and do all sorts of nasty crap like create an army of mobile zombies ready and willing to execute a DoS attack? The guy who found it, security expert Charlie Miller, said that he’d reveal the details of it at Black Hat — and Black Hat’s this week. Sure enough, Miller and his cohorts plan to unleash details of the hack today, and while they claim they informed Apple of the problem over a month ago, Cupertino’s yet to make a move. We’d stop short of suggesting iPhone owners all turn off their handsets and take themselves firmly off the grid and into a completely disconnected underground bunker the moment the attack becomes public, but if it’s as serious as Miller claims, it definitely bumps up the pressure on Apple to get a fix out on the double — preferably before 3.1 drops. SMS vulnerability on iPhone to be revealed today, still isn’t patched originally appeared on Engadget Mobile on Thu, 30 Jul 2009 03:29:00 EST. Please see our terms for use of feeds . Read  |  Permalink  |  Email this  |  Comments

Posted in att, engadget, htc, LG Tags: , , , , , , , , , , , , , , No Comments »

Oh, by the way: July 14, 2009

July 15th, 2009 jedwan

Filed under: Software , HTC , LG , Windows Mobile , GSM , EDGE , HSDPA , UMTS , CDMA , Android Here’s some of the other stuff that happened in the wide world of mobile for Tuesday, July 14th, 2009: Windows Mobile 6.5 Standard — yes, Standard, not Professional — has been spied on video running on an HTC S710 . What does it look like? Pretty much the same as 6.1 with a few tweaks. A security dude has discovered a Bluetooth “vulnerability” of sorts in HTC devices running Windows Mobile 6.0 and 6.1 that allows unfettered access to the phone’s file system when file sharing is enabled, but here’s the catch: you’ve got to pair with an untrusted phone for it to really be an issue, which might explain why HTC doesn’t seem to concerned about it. Prison directors from 26 states have come together to sign a petition asking for FCC petition to jam cellphone signals on their premises. Something tells us the CTIA isn’t really cool with that . [Via Phone Scoop ] Remember that rebranded Mobinnova Ice hacked to run Android in Russia? Yeah, well, it’s totally real, and mail.ru has a unit to prove it. Canada’s Koodo Mobile is now offering the LG 5500 flip for CAD $175 (about $154). The VGA camera isn’t going to inspire any deep romantic love, but the lack of a contract just might. [Via MobileSyrup ] Oh, by the way: July 14, 2009 originally appeared on Engadget Mobile on Wed, 15 Jul 2009 04:02:00 EST. Please see our terms for use of feeds . Permalink  |  Email this  |  Comments

Posted in att, engadget, htc, LG Tags: , , , , , , , , , , , , , , No Comments »

Apple to Patch iPhone's SMS Vulnerability

July 3rd, 2009 jedwan

At the SyScan conference in Singapore, Mr. Miller disclosed a hole that would allow attackers to “run software code on the phone that is sent by SMS over a mobile operator’s network in order to monitor the location of the phone using …

Posted in att, Cell Phone, engadget, htc Tags: , , , , , , , , , , , No Comments »

Apple patching nasty iPhone SMS vulnerability

July 2nd, 2009 jedwan

Filed under: Handsets , GSM , EDGE , HSDPA , Apple , iPhone OS Given the hype surrounding Apple’s iPhone, we’re actually surprised that we haven’t seen more holes to plug over the years. In fact, the last major iPhone exploit to take the world by storm happened right around this time two years ago , and now — thanks to OS X security expert Charlie Miller — we’re seeing yet another come to light. Over at the SyScan conference in Singapore, Mr

Posted in engadget Tags: , , , , , , , , , , , , No Comments »
Twitter Delicious Facebook Digg Stumbleupon Favorites More