Vulnerability | Cell Phone Tracking Blog

Posts Tagged ‘Vulnerability’

Adobe issues security update for Flash player, warns against IE exploit

Friday, May 4th, 2012

adobe flash player update internet

Internet Explorer associated with an exploit? Color us shocked. Facetiousness aside, it’s seriously about time you switched over to Chrome or Firefox (as a mitigation tool; not a foolproof solution), and if you’re a desktop user relying on Flash Player, well… it’s about time you updated that, too. Adobe has just released a security update for Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x. We’re told that these updates “address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system.” Adobe specifically mentions an exploit that targets Flash Player on Internet Explorer for Windows, where a user is duped into clicking on a malicious file delivered in an email message. Hit up the source link for more information on getting your system out of The Danger Zone. Which, conveniently, can be looped as you update with a click after the break.

[Thanks to everyone who sent this in]

Continue reading Adobe issues security update for Flash player, warns against IE exploit

Adobe issues security update for Flash player, warns against IE exploit originally appeared on Engadget on Sat, 05 May 2012 00:37:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceAdobe  | Email this | Comments

 Mail this post

Skype Investigating Vulnerability Which Reveals Users’ IP Adresses [Skype]

Tuesday, May 1st, 2012

Skype has announced that it is investigating a new tool which can be used to collect users’ IP addresses. The hack, which can provide the IP address of a targeted Skype user without even having to add them as a contact, has been circulating online since last Thursday. More »


 Mail this post

Microsoft finds Google bypassed Internet Explorer’s privacy settings too, but it’s not alone

Monday, February 20th, 2012

There was quite a stir sparked last week when it was revealed that Google was exploiting a loophole in a Apple’s Safari browser to track users through web ads, and that has now prompted a response from Microsoft’s Internet Explorer team, who unsurprisingly turned their attention to their own browser. In an official blog post today, they revealed that Google is indeed bypassing privacy settings in IE as well, although that’s only part of the story (more on that later). As Microsoft explains at some length, Google took advantage of what it describes as a “nuance” in the P3P specification, which effectively allowed it to bypass a user’s privacy settings and track them using cookies — a different method than that used in the case of Safari, but one that ultimately has the same goal. Microsoft says it’s contacted Google about the matter, but it’s offering a solution of its own in the meantime. It’ll require you to first upgrade to Internet Explorer 9 if you haven’t already, then install a Tracking Protection List that will completely block any such attempts by Google — details on can be found at the source link below.

As ZDNet’s Mary Jo Foley notes, however, Google isn’t the only company that was discovered to be taking advantage of the P3P loophole. Researchers from Carnegie Mellon University’s CyLab say they alerted Microsoft to the vulnerability in 2010, and just two days ago the director of the lab, Lorrie Faith Cranor, wrote about about the issue again on the TAP blog (sponsored by Microsoft, incidentally), detailing how Facebook and others also skirt IE’s ability to block cookies. Indeed, Facebook readily admits on its site does not have a P3P policy, explaining that the standard is “out of date and does not reflect technologies that are currently in use on the web,” and that “most websites” also don’t currently have P3P policies. On that matter, Microsoft said in a statement to Foley that the “IE team is looking into the reports about Facebook,” but that it has “no additional information to share at this time.”

Microsoft finds Google bypassed Internet Explorer’s privacy settings too, but it’s not alone originally appeared on Engadget on Mon, 20 Feb 2012 16:59:00 EDT. Please see our terms for use of feeds.

Permalink ZDNet  |  sourceIE Blog  | Email this | Comments

 Mail this post

PSA: Google Wallet vulnerable to ‘brute-force’ PIN attacks (video)

Thursday, February 9th, 2012

Security hounds over at zvelo have discovered a vulnerability in Google Wallet that means your precious PIN can be “easily revealed.” Digging through the app’s code and using Google’s open resources to reveal its contents, they uncovered a piratical treasure trove of data: unique user IDs, Google account information, and the PIN stored as a SHA256 hex-encoded string. Since this string is known to carry four digits, it only takes a “trivial” brute-force attack involving a maximum of 10,000 calculations to decode it. To prove their point, the researchers made a Wallet Cracker app — demoed after the break — that does the job quicker than you can say “unexpected overdraft.”

Google has been receptive to these findings, but its attempts at a fix have so far been hampered by the need to coordinate with the banks, since changing the way the PIN is stored could also change which agency is responsible for its security. In the meantime, zvelo advises that there are some measures users can take themselves, aside from putting a protective hand over their pockets: refrain from rooting your phone, enable your lock screen, disable USB debugging, enable Full Disk Encryption and keep your handset up-to-date.

[Thanks to everyone who sent this in.]

Continue reading PSA: Google Wallet vulnerable to ‘brute-force’ PIN attacks (video)

PSA: Google Wallet vulnerable to ‘brute-force’ PIN attacks (video) originally appeared on Engadget on Thu, 09 Feb 2012 05:07:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourcezvelo  | Email this | Comments

 Mail this post

HTC acknowledges long-running WiFi security flaw, says it deliberately kept it quiet

Friday, February 3rd, 2012

As far back as September, security researchers discovered a “critical” bug in many HTC Android handsets that exposed users’ WiFi credentials to any hacker who cared to look. The flaw affected recent devices like the Thunderbolt and EVO 4G all the way back to the Desire HD. The researchers promptly notified HTC, but the manufacturer waited a full five months before acknowledging the flaw publicly a few days ago. Sounds shady, perhaps, but HTC sent us a statement clarifying that this is standard policy to protect customers. It says it waited to develop a fix before it alerted the big bad world to the vulnerability. Most newer devices have already received their fix OTA, but owners of some older phones — we’ll update this post when we know exactly which ones — will need to check the HTC Support site for a manual update next week. Meanwhile, in manufacturer’s defense, the guys at the Open1X group who discovered the bug say that HTC was “very responsive and good to work with.” Here’s HTC’s statement to us:

“HTC takes customer data security very seriously. If there is a known breach of sensitive customer data, our priority is customer notification along with corrective actions. It is our policy, and industry standard procedure, to protect customers, which sometimes necessitates not increasing data security risks by disclosing minor breach issues where no malicious applications are detected. In those cases, premature disclosure of vulnerabilities could spur creation of malicious apps to take advantage of any vulnerability before it is fixed. For this specific WiFi bug issue, we worked closely with Google and the security researchers from the date of notification and throughout this process to ensure that the majority of affected HTC phones had already received the fix prior to the vulnerability being made public.”

HTC acknowledges long-running WiFi security flaw, says it deliberately kept it quiet originally appeared on Engadget on Fri, 03 Feb 2012 05:13:00 EDT. Please see our terms for use of feeds.

Permalink TheNextWeb  |  sourceMy War with Entropy, HTC Support  | Email this | Comments

 Mail this post

HTC issues statement on Sense security flaw, says patch coming soon

Tuesday, October 4th, 2011

HTC has issued a new statement addressing concerns over a security flaw recently discovered on several of its Android-powered smartphones. The vulnerability could allow third-party apps to access and steal private data including SMS messages, contact data, system logs, location information and more. ”HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws.” HTC says that it has not yet received any reports of malware exploiting the security flaw, and it recommends using caution when installing or updating applications from untrusted sources until a patch is issued in the near future. HTC’s full statement follows below (emphasis added by HTC).

HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.

HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.

 Mail this post

Charlie Miller finds MacBook battery security hole, plans to fill with Caulkgun

Friday, July 22nd, 2011

Those batteries have probably met a worse fate than the white MacBook line they came from. According to Forbes, Charlie Miller’s managed to render seven of them useless after gaining total access to their micro-controllers’ firmware via a security hole. Evidently, the Li-on packs for the line of lappies — including Airs and Pros — are accessible with two passwords he dug up from an ’09 software update. Chuck mentions that someone could “use them to do something really bad,” including faulting charge-levels and thermal read-outs to possibly even making them explode. He also thinks hard-to-spot malware could be installed directly within the battery, repeatedly infecting a computer unless removed. Come August, he’ll reportedly be detailing the vulnerability at the Black Hat security conference along with a fix he’s dubbed Caulkgun, which only has the mild side-effect of locking-out updates by Apple. Worth being safe these days, though. Right? Full story in the links below.

Charlie Miller finds MacBook battery security hole, plans to fill with Caulkgun originally appeared on Engadget on Fri, 22 Jul 2011 23:59:00 EDT. Please see our terms for use of feeds.

Permalink Electronista  |  sourceForbes  | Email this | Comments

 Mail this post

iOS 4.3.4 Has Been Jailbroken [Jailbreak]

Saturday, July 16th, 2011

Google to patch Android credentials vulnerability

Wednesday, May 18th, 2011

Well that didn’t take long. Yesterday, we told you about an Android vulnerability found in ClientAuth that could have serious security ramifications. Using a dummy open access-point, a nefarious third party could passively — via Wi-Fi — collect authentication tokens to password protected services such as Facebook, Twitter, and Google Calendar stored on affected Android devices. Speaking with Mobilized’s Ina Fried, the Android-maker has stated that it is taking action, and fast. “Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts,” Google told the publication. “This fix requires no action from users and will roll out globally over the next few days.” The vulnerability will still be present in the company’s Picasa online photo offering, but Google stated that it is working to patch that service as well.

Read

 Mail this post

Skype acknowledges Android vulnerability, user data at risk [video]

Friday, April 15th, 2011

The detectives over at Android Police have found an interesting weakness in Skype for Android. The site has discovered that the popular VoIP chat client stores contact details, conversation logs, and a host of other information in a series of unprotected squlite3 databases. “Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them,” reads the article. “Not only are they accessible, but completely unencrypted.” The vulnerability was initially found in the recently-leaked Skype build for Verizon’s HTC ThunderBolt, but upon further review the current build of the software was also found to have the issue. The article’s author has even provided a proof-of-concept application that can leverage the databases’ weakness. Skype has published an official response saying that the company takes privacy very seriously and is “working quickly to protect users from this vulnerability.” Hit the jump to see a video of the proof-of-concept in action.

Read [Android Police] Read [Skype]

 Mail this post

iOS, BlackBerry OS fall at Pwn2Own

Saturday, March 12th, 2011

Add Apple’s iOS and Research In Motion’s BlackBerry OS to the list of victims at this year’s Pwn2Own challenge. Conference veteran Charlie Miller, along with Dion Blazakis, deployed an exploit to iOS 4.2.1 through a vulnerability in Safari. By navigating to a custom-made webpage, the duo were able to execute remote code and gain access to the iOS address book. Vincenzo Iozzo, Willem Pinckaers, and Ralf Philipp Weinmann also utilized a WebKit-based vulnerability to take down a BlackBerry Torch running BlackBerry OS 6.0.0.246. The three researchers noted that the exploit used on the BlackBerry’s mobile OS was difficult to craft due to the lack of documentation, software tools, and resources available. They also noted that most of the operating systems security was achieved via obscurity, and stated that the company was “way behind the iPhone at the moment, from a security perspective.” No conference participants have yet to challenge Google’s Android or Microsoft’s Windows Phone 7 operating systems.

Read

 Mail this post

Microsoft releases patch to address Windows shortcut exploit

Monday, August 2nd, 2010

Today, Microsoft released an out-of-band patch for the Windows .lnk extension exploit that was announced several weeks ago. The exploit can allow unauthorized users to execute arbitrary code if an “icon of a specially crafted shortcut is displayed.” Microsoft said: “An attacker could disseminate a USB or other removable drive with a malicious shortcut file on it and when the target victim opens the drive in Windows Explorer or any other application that parses the icon of the shortcut, the malicious code would execute on the victim’s computer. An attacker could also embed malware in a malicious Web site, a remote network share, or in a Microsoft Word document.” Lately, the .lnk exploit, which is actually a vulnerability found in the Windows Shell, has been spreading via the Sality.AT virus, according to a Microsoft blog post. Regardless, the patch is out there and the bug is present in virtually all versions of Windows, if you’re a Windows user, we highly suggest you install it now.

Read

 Mail this post

Researcher will enable hackers to take over millions of home routers

Wednesday, July 21st, 2010
WRT54G

Cisco and company, you’ve got approximately seven days before a security researcher rains down exploits on your web-based home router parade. Seismic’s Craig Heffner claims he’s got a tool that can hack “millions” of gateways using a new spin on the age-old DNS rebinding vulnerability, and plans to release it into the wild at the Black Hat 2010 conference next week. He’s already tested his hack on thirty different models, of which more than half were vulnerable, including two versions of the ubiquitous Linksys WRT54G (pictured above) and devices running certain DD-WRT and OpenWRT Linux-based firmware. To combat the hack, the usual precautions apply — for the love of Mitnick, change your default password! — but Heffner believes the only real fix will come by prodding manufacturers into action. See a list of easily compromised routers at the more coverage link.

Researcher will enable hackers to take over millions of home routers originally appeared on Engadget on Wed, 21 Jul 2010 06:33:00 EDT. Please see our terms for use of feeds.

Permalink Forbes, Ars Technica  |  sourceBlack Hat 2010  | Email this | Comments

 Mail this post

The Pirate Bay hacked, 4 million user names, email adresses, and IPs accessed

Thursday, July 8th, 2010

TPB SQL Hack

Argentinian researcher Ch Russo and his gang of merry men have successfully hacked The Pirate Bay. Speaking with security blog Krebs On Security, Russo proved to have the “user names, e-mail and Internet addresses of more than 4 million Pirate Bay users.” The hack was executed through several SQL exploits which gave Russo access to “create, delete, modify or view all user information, including the number and name of file trackers or torrents uploaded by users.” Russo, who also has the usernames and MD5 hashed passwords of TPB’s administrators, said he has no interest in selling this information (although, he did say that he had: “briefly considered how much this access and information would be worth to anti-piracy companies employed by entertainment industry lobbying groups like the Recording Industry Association of America and the Motion Picture Association of America”). The Pirate Bay seems to have since plugged the site’s SQL vulnerability but has yet to release a statement or comment about the matter. More on this as it develops.

Read

 Mail this post

YouTube hit with cross-site scripting vulnerability, Justin Bieber videos targeted

Monday, July 5th, 2010

youtube_logo-600

Sunday, users of Google’s video service YouTube were exposed to a cross-site scripting vulnerability that put the cookies of those visiting affected video pages at risk. Those employing the scripting vulnerability targeted videos of popular teen singer Justin Bieber, as some visitors saw: “tasteless messages pop up about the teen star, and were also redirected to external sites with adult content,” according to blog NetworkWorld. Google released a statement saying: “Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future.” Google was also quick to point out that the compromised YouTube cookies did not provide unauthorized third-parties with access to users Google Accounts. Read

 Mail this post