vulnerable

Android gives 'no permissions' apps access to sensitive info

Thanks in large part to Android's history of lax app policing, Google's mobile operating system has been criticized as insecure.

But now it appears that apps with no permissions pose a new threat, gaining access to sensitive personal information without authorization. Leviathan Security Group researcher Paul Brodeur explained in a blog post earlier this week that he created a proof-of-concept to demonstrate that "no permissions" apps still have access to the device's SD card, handset identification data, and files stored by other apps.

On the SD card, Brodeur's app yielded a list of all … Read more

Acrobat and Reader updates close security vulnerabilities

The default options for viewing PDF documents in OS X are Apple's built-in rendering technologies available in Safari and Preview; however, there are times when some documents will not display properly in these programs. In these instances, you can use Adobe Reader and its accompanying Web plug-in to usually view these documents with success.

For those who use Adobe's Reader and Acrobat programs, Adobe has issued an update that fixes a couple of security holes in the program that could cause the program to crash and allow arbitrary execution of code. While this reasoning has been regularly issued … Read more

Flashback the largest Mac malware threat yet, experts say

Unless you've been living under a rock for the past week, you've probably heard about Flashback, a piece of malware targeting users of Apple's Mac OS X that's now estimated to be quietly running on more than 600,000 machines around the world.

That number, which came from Russian antivirus company Dr. Web earlier this week, was confirmed today by security firm Kaspersky. More than 98 percent of the affected computers were running Mac OS X, the firm said.

That's certainly a big number, but how does it stack up to past threats?

"It'… Read more

DHS: Cybersecurity plays into online voting

As the 2012 presidential election revs up, 33 states now permit some form of Internet ballot casting. However, a senior cybersecurity adviser at the U.S. Department of Homeland Security warned today that online voting programs make the country's election process vulnerable to cyberattacks.

"It is premature to deploy Internet voting in real elections at this time," DHS cybersecurity adviser Bruce McConnell said at a meeting of the Election Verification Network, which is a group that works to ensure every vote is counted. He explained that all voting systems are susceptible to attacks and bringing in Internet … Read more

Anti-abortion Anonymous hacker arrested in U.K.

Shortly after hacking into Britain's biggest abortion provider's Web site and stealing 10,000 database records of women registered with the service, self-proclaimed member of Anonymous James Jeffery proudly touted his triumph on Twitter.

It was this misstep that quickly led to his arrest, court hearing, admission of guilt, and impending sentence, according to the Guardian.

It all started on Thursday when the British Pregnancy Advisory Service reported that there were 26,000 attempted break-ins to its Web site over a six-hour period. According to the Guardian, the site was also defaced with the Anonymous logo and a … Read more

Danish firm outlines two unpatched Safari vulnerabilities

The Danish IT security firm Secunia has released an advisory today regarding two unpatched vulnerabilities in Apple's Safari 5 Web browser. These vulnerabilities are so far are not known to be actively exploited; however, if done, they could allow an attacker to run malicious software and conduct spoofing attacks on those using the browser.

The first vulnerability is in Safari's plug-in handling system, where in some instances when interacting with the plug-in (such as by accessing its settings or contextual menus), if you navigate to a new page, the plug-in may be unloaded in a way that allows … Read more

Space station control codes on stolen NASA laptop

A laptop stolen from NASA last year contained command codes used to control the International Space Station, an internal investigation has found.

The laptop, which was not encrypted, was among dozens of mobile devices lost or stolen in recent years that contained sensitive information, the space agency's inspector general told Congress today in testimony highlighting NASA's security challenges.

"The March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station," NASA Inspector General Paul K. Martin said in written testimony (PDF). Another … Read more

McAfee to plug 'spammer' hole this week

McAfee will release a fix this week for a bug in its SaaS for Total Protection anti-malware service that scammers were using to distribute spam, the company said today.

The problem came to light after McAfee customers reported in blog posts and forum sites that spammers were using a hole in McAfee's RumorServer relay service to secretly send spam from their machines. The customers said they noticed the problem after their e-mails were blocked by e-mail providers and their IP addresses appeared on blacklists.

The problem is isolated to the SaaS Total Protection service, according to David Marcus, director … Read more

Adobe to release zero-day fixes for Reader and Acrobat

In early December, Adobe issued a security bulletin regarding new zero-day PDF-based attacks that took advantage of flaws in its Reader and Acrobat programs, allowing a hacker to crash the program and take control of the system.

The flaw was initially found to be in Reader and Acrobat versions 9.4.6 and X (10.1.1) on all supported platforms, with a similar flaw later being found in Adobe's Flash Player, though in its security bulletin Adobe claims this is not the same issue as those in Reader and Acrobat.

Despite it being present in multiple platforms and … Read more