Trend Micro has announced several Internet security services for Sony's PlayStation Vita handheld. The services will include two products, "Trend Micro Kids Safety" and "Trend Micro Web Security." The latter option is based on the company's "web reputation" system that blocks users from accessing websites that may contain malicious content.
Microsoft's India web store (currently down) was hacked this weekend in a move that also just revealed how vulnerable its data was. As relayed to WPSauce, the page was originally overwritten with a page giving credit to the Chinese group Evil Shadow and merging images both of the classic Activision game Hacker and Anonymous' well-known Guy Fawkes mask. Anonymous hasn't taken any credit, suggesting the use of the mask was strictly an instance of riding on Anonymous' reputation.
Google quickly reacted to mounting Google Wallet security issues by putting a temporary freeze on new prepaid cards. While at least some existing users could keep paying with theirs, Google was preventing new uses as a "precaution" before it could get a surefire fix, Wallet VP Osama Bedier said in a post Saturday. He nonetheless insisted that Google Wallet had multiple security layers, ranging from its own PIN code requirement to an auto-wipe of local Wallet data if the phone is rooted after the Android app is installed.
A somewhat sensationalist press release from Russian forensic-cryptology company ElComSoft claims that it can "crack" passwords users put on documents created in Apple's iWork software (which comprises Pages, Numbers and Keynote). However, the company admits that the attack is just a variation on a brute-force cracking method that attempts to guess the password.
A new piece of Android malware is afflicting thousands of users. North Carolina State University professor Xuxian Jiang, who documented the nature and behavior of RootSmart last week, believes that between 10,000 to 30,000 user devices are connecting to a botnet without their knowledge everyday. Most of the affected users thus far are located in China and have installed the GingerBreak root access tool for Android 2.3 (Gingerbread).
Yet another Google Wallet vulnerability has been spotted, just one day after security researchers published details of a similar issue that only affects rooted devices. The latest vulnerability is claimed to affect all Android devices, however, including those running stock software.
A hacker group calling itself SwaggSec has published data from internal Foxconn servers that the group hacked into, including usernames and passwords for management officials right up to and including CEO Terry Gou. While initial analysis of the data hasn't turned up any other sensitive information, the security breach prompted company officials to shut down its servers to prevent fraudulent orders that could appear to be from Foxconn's clients using the passwords.
Researchers at security firm Zvelo have released details surrounding a Google Wallet vulnerability that is claimed to leave a user's PIN data exposed. Engineers were reportedly able to develop a crack that quickly determines a user's four-digit PIN, which serves as an essential security layer to prevent the NFC system from transmitting card data without authorization.
Swann has announced two miniature surveillance devices designed to look like everyday ballpoint pens. The HD PenCam and PenCam 4GB both capture videos and images onto digital media. The pen then plugs into a USB port to transfer the recorded shots onto a computer.
Smartphone app developer Path has apologized and fixed the tendency of its app to collect user's entire contact lists to its own servers when the app is first launched. The Android app was already fixed, and now, the developers have released an updated iOS app, version 2.0.6 (free, App Store) that won't upload the data without a user's permission. Dave Morin, Path's co-founder and CEO, also explained that the contacts were used only in the Add Friends features to notify users when their contacts log into the app.
Symantec has revealed that a hacker has followed through on a threat to release the source code for the company's pcAnywhere utility software. The hacker, known as YamaTough, took the action after negotiations via e-mail for a forced payment of $50,000 failed. The exchange, it has been revealed, was actually between the hacker and police in a sting.
The social networking app Path, which provides its own community along with the ability to share statuses and pictures to other popular public networks like Twitter and Facebook, has been discovered to be uploading users' entire address books to its own servers on first use. The undisclosed (and unauthorized) uploading was discovered by developer Arun Thampi and detailed in a blog post. The co-founder of Path responded by saying users would soon have an opt-in on the "feature," but did not explain why opt-in wasn't there from the beginning.
A flaw in the iMessage protocol that causes it to continue to route messages to an iPhone even after its SIM has been removed and deactivated has gotten the attention of Apple in a very direct way: a customer demand to be compensated for the problem, which the company has allegedly done. TheNextWeb reports that an unnamed customer who had her iPhone stolen but which continued to receive iMessages has now received an iPod Touch as compensation.
A problem with the previous 2012-001 Security Update posted for users of Snow Leopard (client and server) that caused Rosetta-based apps to misbehave or fail entirely has been corrected, and the company is pushing a "v1.1" edition of the update through its Software Update servers (support web page not yet updated). Over the next 24 hours, users who installed the previous security patch for 10.6.8 systems should see the update available.
The hacking group Anonymous has intercepted a 15-minute call between the FBI and the British police's cybercrime investigators, according to a Friday report. Available to download, the conference call ironically focused on how to track and prosecute the very group of hackers. The FBI has launched an investigation into how Anonymous able to attain the recording, which has some names of the suspects edited out.
A handful of new tips have hinted that the US government's custom Android work is going beyond just military use. After soldiers, federal agencies and contractors would get the devices, CNN heard. The platform would be locked down enough only to store the documents at first, but it could be cleared send them over the cellular network in a matter of a "few months" if the sources were right.
The separate Security Update 2012-001 download for Snow Leopard users is breaking apps that depend on Rosetta, according to complaints. Rosetta allows PowerPC-based apps to operate within Snow Leopard. Programs such as Eudora 6, Acrobat Pro 7, Quicken 2007, and Office 2004 will reportedly crash, freeze, or exhibit other unexpected behavior, such as failing to print documents.
Google's Android engineering VP Hiroshi Lockheimer has detailed a process of screening for malware at Android Market that it has quietly been running for the past year. Known as Bouncer, it automatically scans both incoming and existing apps for recognizable malicious code. The routine also runs the apps themselves and checks for hostile behavior in practice, hoping to catch apps with suspicious behavior.
The Wi-Fi security flaw present in some Android-powered HTC smartphones has been acknowledged by the manufacturer on its support page. When connected to Wi-Fi networks, hackers can take advantage of the flaw to gain security access credentials. The flaw was discovered by researchers Chris Hessing and Bret Jordan and would allow the details to be sent to a remote server on the Internet.
Passware, a forensic software developer whose Windows-only product is aimed at law enforcement agencies and other data-recovery specialists has noted that its software can decrypt Apple's FileVault encryption technology by extracting the login credentials from live system memory on a Mac using a Firewire connection. The company says that if the credentials are still in RAM, the process will take no more than 40 minutes regardless of password strength, CNet reports.
Today's release of Mac OS X 10.7.3 also incorporates Apple's first Security Update of 2012, addressing vulnerabilities in components throughout the OS and its components. The update is also available as a separate download for Snow Leopard users, and while none of the issues have been reported in the wild, the update is recommended for all users of Mac OS X 10.6 and 10.7, and closes potential issues in programs ranging from Apache to QuickTime.
RIM said Wednesday that BlackBerry 7- and 7.1-powered devices have earned a coveted FIPS 140-2 certification. The standard means they can now be used by the US and Canadian governments, as they meet stringent security stipulations as outlined by the Federal Information Security Management Act of 2002 (FISMA). The current devices that comply include the Bold 9900, 9930, and 9790; the Torch 9850, 9860, and 9810; and the Curve 9350, 9360, 9370, and 9380.
IBM today announced an agreement to acquire Worklight, a privately-held Israel-based app development studio, along with bringing Endpoint Manager for Mobile Devices out of beta. The new app will leverage its existing BigFix infrastructure to integrate security and management of mobile devices using the same controls that are already in use for desktops and notebooks. The moves are expected to help IBM expand its mobile credentials in the enterprise market.
Norton has begun a beta of a new cloud-based security service, Identify Safe. The technology is meant to save and sync private web form data across multiple browsers and devices, primarily logins and credit card information. So far the only computer platform to support the Identify Safe client is Windows, but test apps are already available for iOS and Android.
Orbicule has released Witness 2, a major upgrade of the company's Mac-based security software. The app uses webcams connected to a Mac as motion sensors, and pushes out any photos or video out to a web app, as well as an optional iOS app. The v2 update adds two key iOS-related features, such as the ability to watch live images from any Mac in an alarm system. The other is auto-activation, in which an iOS device will automatically arm or disarm Witness based on proximity.
CoSoSys has updated their portable data security solution EasyLock to version 2.0, bringing with it cross-platform support for Mac, Windows and openSUSE and Ubuntu flavors of Linux. The program uses 256-bit AES encryption (CBC-mode) to turn any mobile drive into a secure data vault. Version 2 also sports a re-written user interface focusing on ease of use. The program can run off the USB or portable drive itself, requiring no installation or admin password.
O2 UK has quietly solved or at least mitigated a major security breach on Wednesday. Following a discovery by Lewis Peckover that O2 was sending mobile subscribers' phone numbers in the clear through their web browser user agent, O2 claimed that it was cleared up. The company explained that it normally sent phone number information to "certain trusted partners" for age verifications and carrier billing, but this information had started going out to other sites by accident.
Tipping Point's Pwn2Own security contest is changing its methodology in a way that could break from "sensationalist" headlines, the company's security team lead Aaron Portnoy explained. When it takes place at CanSecWest in March, the hacking competition as explained to PC Advisor would partly switch to an on-the-spot contest where teams didn't have to have ready-made hack by the time they got to the show. It would become a form of "spectator sport" and reward teams based on the speed it takes at Pwn2Own itself, scoring based on the frequency of hacks each day.
Web security firm Dasient confirmed late Monday that it had been bought by Twitter. The young startup is best known for curbing malware and spam in ads on major ad networks. Terms of the deal weren't given out, but Dasient would be closing its existing business in the switch.
Hacker developer Nick Frey is now offering a utility forjailbroken iPhone 4S models that extends Siri slightly, allowing users to speak commands beginning with "open" or "launch" to allow Siri to launch programs (even "webclips") or execute system commands such as "unlock" (if password protection isn't on) and "reboot." The program can open both first- and third-party programs and relies on the recently-released Absinthe program for jailbreaking.
Colorado federal Judge Robert Blackburn on Monday set a precedent with an order requiring that a woman decrypt data on the hard drive of her Toshiba Satellite M305 notebook by February 21. The official dismissed a defense by Ramonia Fricosu's attorneys that argued it would violate the Fifth Amendment's rule against self-incrimination, CNET said. The All Writs Act of 1789, which had already been used to compel phone companies in surveillance requests, was also valid with locked down storage.
Google+ will begin allowing users to be known by their nickname or alternative names. Through a Google+ update, the company's Brad Horowitz has advised the social network's members that it will soon let them add a name such as a nickname, maiden name, or name in another non-Latin script alongside the common name that they require as part of an individual's profile. The change is not immediate, but the company advises it will take place over the next week.
While Apple screens submitted apps for "reliability, technical, content and design criteria" according to its own developer page, the company does not yet seem to have found a foolproof way to prevent "counterfeit" apps from gaining approval. Recently a copycat version of Tap Tap Tap's Camera+ was spotted at the App Store, though it was pulled after being reported to Apple. The issue has also been seen on the Android platform on a larger scale.
Software maker SubRosaSoft is now offering the latest version of its Mac-based forensic analysis tool, MacForensicsLab 4.0. The company says it has re-written the app to take full advantage of built-in Mac OS X technologies such as Core Data, redesigned main window navigation, improved its bookmark management and auditing function and now offers a new search function. The new version now requires a USB authorization device to work.
Sprint has confirmed that it is set to release over-the-air updates for Samsung's Epic 4G handset and HTC's Evo 4G and Evo Design 4G models. The updates primarily focus on removing Carrier IQ's controversial tracking software, though the company suggests it has also "bundled up a few other fixes."
The Mac platform saw a modest increase in malware outbreaks in 2011 over years past, but still "a small fraction" when compared to Windows, said security firm F-Secure. It added that while malware attacks were increasing, the rate of increase was not commensurate with the growth of the platform, suggesting that most exploits tend to come from programs rather than flaws in the OS itself. In all, the company identified 58 separate threats in 2011, most stemming from a handful of vulnerabilities.
One of the lesser-known iPhone "teams" dedicated to hacking and modifying iOS devices has released Whited00r 5.1, a heavily customized and modified version of iOS 3.1.3 that brings the look and feel of iOS 5 to all iOS devices, all the way back to the original first-generation iPhone and iPod Touch. The team have added features from iOS 4 and iOS 5 such as folders, custom backgrounds and reminders and made them work under the "iOS 5" style v3.1.3.
On the heels of a discovery that an update to the Evo 3D pulled Carrier IQ, HTC has confirmed in a statement that all of its Android phones on Sprint will have the controversial diagnostic tool removed. It promised The Verge "maintenance releases" starting this month that would drop Carrier IQ at the same time as they provided security fixes and overall updates. How long it would take to update every phone wasn't mentioned.
A member of the Chronic Dev Team has taken the exploit that allowed for an "untethered" jailbreak of iOS 5.0.1 on A4 devices and made it work on A5 devices, as demonstrated by a video showing an iPhone 4S running the stock operating system rebooting with its jailbroken apps (including Cydia and iFile) intact, reports hacker pod2g. The new technique is planned for a public release in the near future, though pod2g was not specific about when.
The Obama administration in a direct response on Saturday hinted it would veto any version of the Stop Online Piracy Act (SOPA), and by extension the Protect IP Act (PIPA), that included domain name blocking. The White House statement said that any proposal had to be narrowly focused on clearly criminal activity and "must not tamper" with the DNS system that translates web domains to IP addresses. Officials wanted "sound legisltation," but saw a bill like SOPA as compromising Internet security efforts like DNSSEC without solving the real problem.
Researchers from the Intrepidus Group, a provider of mobile application and device security services, has identified a potential security breach with the RIM BlackBerry PlayBook tablet. The problem exists in the BlackBerry Bridge operation between the PlayBook and a BlackBerry smartphone. The exploit could allow an attacker to listen in on communications between the devices and intercept e-mail, calendar events, and other transmitted sensitive information.
Secure storage-and-sharing USB key iTwin has been upgraded to allow users to share files stored on a computer with multiple people simultaneously, providing an end-to-end encrypted solution for mirroring files that are on one part of the two-part USB key instantly to its mates. The free update lets multiple iTwin keys "belong" to each other, making transfer of data easy without the constraints of e-mail, the technical complication of VPN or the ongoing fees of cloud services.
Samsung has announced that its Galaxy S II smartphone, Galaxy Tab 10.1 Wi-Fi edition and Galaxy Tab 10.1 4G LTE have received Federal Information Processing Standard 140-2 (FIPS) certification from the US National Institute of Standards and Technology (NIST). The certification means that government agencies and regulated industries, such as financial and health care institutions, can use the global version of the devices to handle certain types of secure data. Samsung has also given the devices its own proprietary SAFE (Samsung Approved for Enterprise) enterprise security certification.
Motorola has unveiled the 4Home Connected Gateway. With it, a homeowner can remotely access and control many devices, ranging from lighting and appliances to the door locks. They can also monitor camera feeds and control their security systems.
While other travellers should not expect the same treatment, a Canadian man was allowed into the United States without his passport after showing customs officers a scanned copy of the document and his driver's license stored on an iPad. Normally, any facsimile of a genuine travel document is not accepted. Martin Reisch was briefly detained while the veracity of his scans and background were checked, but he was otherwise allowed through without restrictions.
Pirate app haven Apptrackr revealed in an update for its Installous app installer that Apple has been cracking down on its bootlegs. "Huge" volumes of takedown requests have made it move servers to areas with looser copyright laws and impose Captcha checks to avoid the legal ramifications of direct links. New hosts were also coming to diminish the impact.
On Wednesday, the US Computer Emergency Readiness Team (US-CERT) warned that Wi-Fi routers which used WPS (Wi-Fi Protected Setup) PINs during setup might be vulnerable to a security flaw that exposed the devices to brute-force attacks by hackers. If successful, a hacker could take control of the router and have access to all devices connected to it. Now comes word that an open-source tool, Reaver, has been posted by a security company to facilitate exploiting the vulnerability (link).
Microsoft is reportedly testing a bug fix that aims to resolve a security vulnerability affecting Windows Phone devices. The individual who discovered the bug, Khaled Salameh, suggests Microsoft's security team has confirmed the exploit and determined the root cause, according to a Twitter post.
Dell's Venue Android smartphone has followed in the footsteps of the discontinued Streak 5 tablet from the company in earning US government approval for use by the Defense Information Systems Agency (DISA). It has thus become the first Android phone to get the honor following RIM's BlackBerry devices, as revealed by a DISA document. Department of Defense employees will get limited access to the device's features however, with no access to the Android Market and web browsing done only through a DoD proxy server.
A stolen iPad was ultimately responsible for recovering the Christmas gifts of two California families this weekend, the LA County Sheriff's office says. In Westlake Village, a man was reportedly woken up by a noise at 3:30AM on Christmas Day, only to discover it was a burglar in his home stealing gifts. The man chased the criminal, but quickly lost sight of him; a search by deputies yielded no results.
