FlexBeta

New on MIT Technology Review

Mozilla’s Mobile Firefox OS Raises Security Questions

Posted by Gsurface on March 2, 2013 No comments

Firefox’s new Web-centric OS will let users run apps from the Web, raising concerns over how to stop malicious software.

Mozilla’s new Firefox OS for low-end smartphones—aimed initially at Eastern European and South American markets—will face challenges protecting users from the malicious mobile apps that are a growing problem around the world.

Safari blocking outdated Flash plug-ins due to security holes

Posted by Gsurface on March 1, 2013 No comments

Adobe recently issued a security update for Flash Player which patches an exploit that gave hackers the ability to take over a vulnerable system. Not leaving things to chance, Apple is now rolling out a hotfix for Safari that blocks outdated versions of the tainted web plug-in. If your system hasn’t been patched yet, you may receive a notification when attempting to access Flash-based content. The prompt will then advise that a new software version is available. If you’re running OS X 10.6 (Snow Leopard) or higher and Safari is your browser of choice, you may want to nab this update from Adobe. Otherwise the next time you go online, the internet might be a far cry from what you’re used to seeing.

Filed under: Internet, Software

Comments

Via: The Loop, MacRumors

Source: Apple

Engadget RSS Feed

Dell unveils Latitude 10 Enhanced Security tablet

Posted by Gsurface on February 27, 2013 No comments

Dell‘s Latitude 10 was originally launched back in October 2012. A few months later, we saw the Essentials configuration pop up at CES 2013, with Dell aiming the device at schools and small businesses. Now the company has unveiled a new iteration of the tablet, this one aimed at the government, law enforcement, and banks

Samsung amps up business push with Knox security software

Posted by Gsurface on February 24, 2013 No comments

Samsung is considering embedding KNOX into its flagship mobile products for the first half. [Read more]

CNET News

HTC settles security issue with the FTC

Posted by Gsurface on February 23, 2013 No comments

HTC was slapped by the FTC over a security issue that left users’ information vulnerable. This was the result of the company altering the OS on its smartphones and tablets in such a way that the additional features implemented left information open to collection by malicious programs. Just a bit ago, the FTC announced that

HTC settles with FTC over security issues in tablets, smartphones

Posted by Gsurface on February 22, 2013 No comments

The U.S. Federal Trade Commission has reached a settlement with HTC America over security holes in the company's smartphone and tablet software that left millions of users' personal information at risk.
Computerworld News

Toronto-based SaaS Enterprise Safety Company Field ID Acquired By Security Hardware Maker Master Lock

Posted by Gsurface on February 21, 2013 No comments

Master Lock has acquired Toronto-based software-as-a-service enterprise security solution provider Field ID in a deal the terms of which weren’t disclosed. We’ve heard the deal involving the five year-old startup was in the tens of millions, however, and that the company’s angel investors were very pleased with the arrangement. The purchase nets Master Lock an entry into the software market, something it’s been looking for according to Field ID CEO Somen Mondal.
TechCrunch

Security Firm Mandiant Says China’s Army Runs Hacking Group APT1

Posted by Gsurface on February 19, 2013 No comments

judgecorp writes “The Chinese government has been accused of backing the APT1 hacking group, which appears to be part of the Chinese People’s Liberation Army (PLA), according to the security firm which worked with the New York Times when it fell victim to an attack. The firm, Mandiant, says that APT1 is government sponsored, and seems to operate from the same location as PLA Unit 61398.” Unsurprisingly, this claim is denied by Chinese officials.

Read more of this story at Slashdot.

Facebook security reveals zero-day Java attack

Posted by Gsurface on February 16, 2013 No comments

It’s never good when you have to make an official report to the public about a hacker attack your multi-billion dollar social network has had. That’s what’s happened this week as Facebook’s Chief Security Officer Joe Sullivan lets it be known that several engineers on staff with Facebook had been the subject of a zero-day

New iOS 6.1 Security Flaw Grants Limited Access To Phone App, Photos, Email, Messages, FaceTime

Posted by Gsurface on February 14, 2013 No comments

With just a few quick steps, it’s easy to open the phone app on any locked iPhone running iOS 6.1. From there a person has full access to the photo library, can edit contacts, send emails, text messages or even make a FaceTime call. It’s so easy that it’s downright silly.

As shown in the video here, the process involves holding down the power button and aborting an emergency call. It worked for me although the timing is tricky.
TechCrunch

Scout security system monitors your pad without compromising your feng shui (video)

Posted by Gsurface on February 14, 2013 No comments

While home security systems are definitely making strides towards modernization, we haven’t seen many that look the part. However, Sandbox Industries’ Scout might be the first home protection option that manages to gel with even the most swanky digs. Available in three stylish trims (black, white and wood), this wireless setup uses a base receiver that communicates with its security sensor panels by way of your home’s network. Like most home protection systems, Scout offers remote control and monitoring via computer or mobile device, but the big draw here is its aesthetically pleasing equipment and simplified installation process.

Set to ship in August, packages start at $ 120 with additional à la carte purchase options depending on your household’s needs. For those of you looking to further secure your bunker, Scout’s hardware packs backup batteries in the event of a power outage as well as an optional 3G-powered monitoring service with plans starting at $ 10 per month. Of course, if you’re not feeling such a high-tech setup, you could always place toy cars and Christmas ornaments beneath your doorways and window seals. Hey, it worked for Kevin McCallister.

Filed under: Household, Wireless

Comments

Via: TechCrunch

Source: Scout

New on MIT Technology Review

Obama cybersecurity order lacks bite, security experts say

Posted by Gsurface on February 13, 2013 No comments

President Barack Obama’s cybersecurity executive order elicited guarded praise from several quarters even as it revived calls for more comprehensive bipartisan legislation to address long-term security threats.
Computerworld News

McAfee updates business security management tools

Posted by Gsurface on February 12, 2013 No comments

McAfee is enhancing its business security platform by adding near real-time querying capabilities to its ePolicy Orchestrator software and by integrating it with its security information and event management product to automatically initiate endpoint security policy changes.
Computerworld News

Security concerns to bring back CISPA, trigger move by Obama, say reports

Posted by Gsurface on February 9, 2013 No comments

Legislators plan to bring back the controversial Cyber Intelligence Sharing and Protection Act next week, and President Obama is planning to issue an executive order on cybersecurity, according to reports. [Read more]

CNET News

DNA Data, Security, and You

Posted by Gsurface on February 9, 2013 No comments

One day you’ll be handed an electronic copy of your sequenced genome on a flash drive, maybe a phone app. You’ll need to know how to keep it safe.

We’re hurtling towards a future in which our DNA data will be cheaply generated and routinely summoned. Preparing for that, a UC Irvine team has created an app that can store a digital copy of a fully sequenced genome on a smartphone.

Security fears to bring back CISPA, trigger move by Obama, say reports

Posted by Gsurface on February 9, 2013 No comments

Oracle pushes out new Java update to patch security holes

Posted by Gsurface on February 4, 2013 No comments

Released Friday, the latest critical patch update contains fixes for 50 different security flaws. [Read more]

CNET News

HP to scale up TippingPoint network security with SDN

Posted by Gsurface on February 2, 2013 No comments

Hewlett-Packard plans to use its recently announced SDN controller to distribute its TippingPoint intrusion prevention system across networks, overcoming the scale limitations of dedicated appliances.
Computerworld News

RSA brings big data analytics to security threat management

Posted by Gsurface on January 31, 2013 No comments

RSA has unveiled a new tool designed to let enterprises detect security threats more quickly than current technologies permit by combining big data management and analytics approaches with traditional network monitoring and threat detection.
Computerworld News

DB Networks Raises $4.5M From Khosla Ventures For Database Security To Protect Against Malware

Posted by Gsurface on January 29, 2013 No comments

DB Networks has raised $ 4.5 million in Series B funding from Khosla Ventures for its database security equipment.

DB Networks has developed a security platform for real-time advanced database attack detection.
TechCrunch

58,000 Security Camera Systems Critically Vulnerable To Attackers

Posted by Gsurface on January 29, 2013 No comments

Sparrowvsrevolution writes with news of some particularly insecure security cameras. From the article: “Eighteen brands of security camera digital video recorders are vulnerable to an attack that would allow a hacker to remotely gain control of the devices to watch, copy, delete or alter video streams at will, as well as to use the machines as jumping-off points to access other computers behind a company’s firewall, according to tests by two security researchers. And 58,000 of the hackable video boxes, all of which use firmware provided by the Guangdong, China-based firm Ray Sharp, are accessible via the Internet. Early last week a hacker who uses the handle someLuser found that commands sent to a Swann DVR via port 9000 were accepted without any authentication. That trick would allow anyone to retrieve the login credentials for the DVR’s web-based control panel. To compound the problem, the DVRs automatically make themselves visible to external connections using a protocol known as Universal Plug And Play, (UPnP) which maps the devices’ location to any local router that has UPnP enabled — a common default setting. …Neither Ray Sharp nor any of the eighteen firms have yet released a firmware fix.”

Read more of this story at Slashdot.

Java: How to fix your biggest Internet security risk

Posted by Gsurface on January 26, 2013 No comments

The weekly — sometimes daily — security scares that occur with Java may remind you of the old whack-a-mole arcade game. Here’s how to stay safe.

FOX News

Lookout security app for Android can now photograph thief, email the image

Posted by Gsurface on January 26, 2013 No comments

Lookout has updated its security and antivirus app for Android to include a new feature called Lock Cam. If the user’s phone is stolen or an incorrect passcode or pattern is entered too many times, the app will take a picture of the assailant using the front-facing camera. The picture will then be emailed to

Oracle’s Java security head: We will ‘fix Java,’ communicate better

Posted by Gsurface on January 26, 2013 No comments

Computerworld News

Security researchers cripple Virut botnet

Posted by Gsurface on January 21, 2013 No comments

Many of the domain names used by a cybercriminal gang to control computers infected with the Virut malware were disabled last week in a coordinated takedown effort, Spamhaus, an organization dedicated to fighting spam, announced Saturday.
Computerworld News

Verizon Galaxy Note II gets Exynos security hole fix today

Posted by Gsurface on January 20, 2013 No comments

This week the folks at Verizon are pushing forth a software update to their own unique hardware for the Samsung Galaxy Note II. This update is goes by the name LL4, if you’re following along with that code-name, and doesn’t include a whole heck of a lot of information outside the basics for what else

Microsoft bombs another security test

Posted by Gsurface on January 16, 2013 No comments

AV-Test.org’s latest security suite efficacy test fails Microsoft Security Essentials — for the second time in a row. This round, though, it’s not alone. [Read more]

CNET News

Homeland Security still advises disabling Java, even after update

Posted by Gsurface on January 15, 2013 No comments

DHS says an unpatched vulnerability may still put Web browsers using the plugin at risk of remote attack. [Read more]

CNET News

Homeland Security still warns against Java use despite fix

Posted by Gsurface on January 14, 2013 No comments

Well that didn’t last very long: this morning Oracle released a fix for a Java vulnerability that had the government suggesting users turn off the software. As it turns out, The Department of Homeland Security is still saying that Java poses a risk, despite the fix. The Department said in an updated security note this

Oracle patches Java exploits, toughens its default security levels

Posted by Gsurface on January 14, 2013 No comments

Oracle hasn’t had a great start to 2013. It’s barely into the new year, and Apple and Mozilla are already putting up roadblocks to some Java versions after discoveries of significant browser-based exploits. The company has been quick to respond, however, and already has a patched-up version ready to go. The Java update goes one step further to minimize repeat incidents, as well — it makes the “high” setting the default and asks permission before it lauches any applet that wasn’t officially signed. If you’ve been skittish about running a Java plugin ever since the latest exploits became public, hit the source to (potentially) calm your nerves.

[Thanks, Trevor]

Filed under: Internet, Software, Apple

Comments

Via: Reuters

Source: Oracle

Users advised to disable Java due to security weakness

Posted by Gsurface on January 12, 2013 No comments

Yesterday, the Department of Homeland Security issued a warning regarding Java, advising users to disable it in their web browsers. Following this was a Critical Patch Update Pre-Release Announcement from Oracle, which suggests that users temporarily disable it because of security issues. Says the advisement, Java leaves the computer open to attack. The warning was

Oracle Knew of Latest Java 0-Day Security Hole In August

Posted by Gsurface on January 12, 2013 No comments

An anonymous reader writes “After news broke on Thursday that a new Java 0-day vulnerability had been discovered, and was already being included in multiple popular exploit kits, two new important tidbits have come in on Friday. Firstly, this whole fiasco could have been avoided if Oracle had properly patched a previous vulnerability. Furthermore, not only is the vulnerability being exploited in the wild, but it is being used to push ransomware.” Meanwhile, writes reader Beeftopia, the U.S. Department of Homeland Security is getting in on the action, and “has warned users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaw.”

Read more of this story at Slashdot.

Firefox adds built-in HTML5-based PDF viewer to improve security

Posted by Gsurface on January 11, 2013 No comments

A built-in PDF viewer component based on JavaScript and HTML5 Web technologies has been added to the beta version of Firefox 19, Mozilla said Friday.
Computerworld News

Disruptive Web Security Startup Shape Security Nabs $20M From Venrock, Google Ventures, Kleiner, Eric Schmidt

Posted by Gsurface on January 7, 2013 No comments

Shape Security, a company that wants to disrupt web security technology, has raised $ 20 million in Series B financing round led by Venrock, with participation from Kleiner Perkins Caufield & Byers, Allegis Capital, Google Ventures, Google Executive Chairman Eric Schmidt’s TomorrowVentures and former Symantec CEO Enrique Salem. The new funding brings Shape’s total amount raised to $ 26 million.
TechCrunch

Samsung rolling out Exynos security patch to UK Galaxy S III owners

Posted by Gsurface on January 4, 2013 No comments

A few weeks back a security exploit was discovered that left owners of select Exynos-powered Samsung devices feeling uneasy. While an independent developer quickly cooked up a fix, Samsung soon acknowledged the issue and pledged that an official patch was in the works. UK Galaxy S III owners can now breathe a sigh of relief, as Sammy has made good on its word and is now issuing an over-the-air update that addresses this potential security flaw. While we’re happy to see Samsung actively working on this issue, there’s still no word of when the company will release this fix to other devices and additional regions. Hopefully the software’s ongoing European tour is a sign of things to come globally.

Filed under: Software, Mobile, Samsung

Comments

Via: Android Central

Source: XDA-Developers

Software update reportedly fixes Samsung’s Exynos security hole

Posted by Gsurface on January 4, 2013 No comments

Update being rolled out to owners in the U.K. addresses vulnerability in select Samsung devices that allowed access to user data. [Read more]

CNET News

Security Firm Predicts “Murder By Internet-Connected Devices”

Posted by Gsurface on January 3, 2013 No comments

Curseyoukhan writes “Infosec vendor IID (Internet Identity) probably hopes that by the time 2014 rolls around no one will remember the prediction it just made. That is the year it says we will see the first murder via internet connected device. The ability to do this has been around for quite some time but the company won’t say why it hasn’t happened yet. Probably because that would have screwed up their fear marketing. CIO blogger challenges them to a $ 10K bet over their claim.”

Read more of this story at Slashdot.

Box’s Gameplan For 2013: A Third-Party App Economy; Expanding Security And More

Posted by Gsurface on December 27, 2012 No comments

As you talk to Aaron Levie, the co-founder of fast growing cloud storage company Box, it’s hard not to notice his incredible energy when he talks about enterprise storage possibilities. Six years in, Levie is still as passionate about what he is trying to build as he was back in Mike Arrington’s backyard pitching VCs on Box in 2006. Box has had a big year, and one that many could call a turning point for the company. After raising $ 125 million in new funding a reported $ 1.2 billion valuation in July, the company is finishing off 2012 by nearly tripling revenue from last year, and preparing the company to possibly enter the public markets in 2013 or 2014. We sat down with Levie to talk about Box’s gameplan for 2013, his education in being a leader and CEO, and more.
TechCrunch

Security Loophole In Facebook’s Camera App Allowed Hackers To Hijack Accounts Over WiFi

Posted by Gsurface on December 24, 2012 No comments

PSA to all Facebook Camera users on iOS: If you haven’t update you app in the past few days, update it now. The older version of the app, pre-1.1.2 and released before December 21, has a security loophole. When used over WiFi networks, malicious hackers can tap the network and hijack Camera users’ accounts, picking up information like email addresses and passwords in the process. The white-hat hacker who ID’d the problem is Mohamed Ramadan, an Egypt-based security researcher and trainer with Attack-Secure who has also found and reported vulnerabilities for Apple, Google, and Etsy — which apparently also had the same loophole in its iOS app. Ramadan tells us that the issue lied in the Camera app’s Secure Sockets Layer certification, which was too open. As he puts it, “The problem is the app accepts any SSL certification from any source, even evil SSL certifications and this enables any attacker to perform Man in The Middle Attack against anyone uses Facebook Camera App for IPhone. This means that the application doesn’t warn the user if someone in the same [WiFi network] trying to hijack his Facebook account.” Testing his theory by using a proxy to listen in on a WiFi network, he was able to type in his username and password into the Camera app, and then see that information appear via the proxy. Ramadan notes that he’s tested all Facebook apps and the rest appear to protect from this similar vulnerability. We’ve reached out to Facebook for comment but haven’t received a response.
TechCrunch

Poor SCADA security will keep attackers and researchers busy in 2013

Posted by Gsurface on December 21, 2012 No comments

An increasing number of vulnerability researchers will focus their attention on industrial control systems (ICS) in the year to come, but so will cyberattackers, security experts believe.
Computerworld News

Four security trends defined 2012, will impact 2013

Posted by Gsurface on December 21, 2012 No comments

Mobile and Mac malware burbles noxiously, data breaches and data mining will cause more havoc with your privacy, and the Web will continue to suffer the ignominy of poorly-written, Swiss-cheesed code as security experts predict lessons from 2012 go unlearned in 2013. [Read more]

CNET News

FCC offers security advice to smartphone users

Posted by Gsurface on December 20, 2012 No comments

The U.S. Federal Communications Commission is advising smartphone users on how to protect their mobile devices and data from mobile security threats.
Computerworld News

Zscaler adds IE version of HTTPS Everywhere security tool

Posted by Gsurface on December 20, 2012 No comments

Cloud-based security services provider Zscaler has released an implementation for Internet Explorer of the HTTPS Everywhere browser security extension.
Computerworld News

vivint Home Automation and Security System Review

Posted by Gsurface on December 18, 2012 No comments

Home security and automation is many a geek’s dream and many a DIY enthusiast’s nightmare. Ambitious plans for interconnected security, HVAC (heating, ventilation and air-conditioning) and automation systems can easily descend into a chaos of poorly-compatible hardware and unreliable stability. The alarm system that trips every other night is the system that gets turned off

Multi-deal Monday: Ultrabooks, security software, games, and more!

Posted by Gsurface on December 17, 2012 No comments

Among the highlights: free games for iOS, cheap games for PC, and free shipping for all. [Read more]

CNET News

Suspected security hole found in many Samsung devices

Posted by Gsurface on December 17, 2012 No comments

Developer finds vulnerability in Exynos 4-powered devices, including the Galaxy S2 and Galaxy Note, that bypasses system permissions, allowing data to be extracted from the RAM or a malicious code to be injected. [Read more]

CNET News

Huge Security Hole In Recent Samsung Devices

Posted by Gsurface on December 16, 2012 No comments

An anonymous reader writes “A huge security hole has been discovered in recent Samsung devices including phones like the Galaxy S2 and S3. It is possible for every user to obtain root due to a custom faulty memory device created by Samsung.” The problem affects phones with the Exynos System-on-Chip.

Read more of this story at Slashdot.

Security exploit opens Samsung Galaxy S III, Note II to attack, could let apps from Google Play write to Kernel

Posted by Gsurface on December 16, 2012 No comments

Amid the XDA community’s ongoing quest to root every Android handset it comes across, one forum user appears to have found a serious exploit that affects certain Exynos devices. While fiddling with his Galaxy S III, XDA user Alephzain discovered a way to obtain root without flashing with Odin. The Samsung kernel apparently allows read / write access to all physical memory on the device, including the kernel itself. This makes for an easy root, Alephzain writes, but leaves devices open to attack — allowing Kernel code injections and RAM dumps from malware-laden apps from the Google Play store.

It isn’t the only avenue for attack on an Android handset, but it is an exceedingly easy attack. Luckily, a community fostered fix seems pretty simple too — XDA user RyanZA has already created a patch to modify write permissions on affected devices — though Galaxy S III users are reporting that the fix cripples the phone’s camera app. So far, Alephzain has confirmed that the Galaxy S II, III, Note II and the Meizu MX are at risk, but notes that the exploit might work on any device running a Exynos 4210 or 4412 processor. Samsung has not yet made a comment about the vulnerability, but forum members say that the issue has been reported. As for the exploit’s lasting implications? Head on over to the XDA forums to join the discussion.

Filed under: Cellphones, Misc, Mobile

Comments

Via: The Next Web

Source: XDA-Developers (1), (2)