Security

Lookout now blocks Dialer exploits

Android fragmentation affects security patches, too. Instead of waiting to see which devices have been protected against a Dialer app vulnerability discovered earlier this week, Lookout Mobile Security (download) has stepped into the breach with a patch for it today. So far, it's the only known Android security app to block the exploit, but even Lookout's patch requires initial user input.

The vulnerability allowed some Samsung phones to be remotely wiped from the Dialer app, the "phone" part of your smartphone. While Samsung pushed out a patch quickly, it's not clear if other phones have … Read more

ExploitShield appears to live up to its name

A new company called ZeroVulnerabilityLabs says that it has solved the Gordian knot of exploits, slicing through the complicated, Hydra-headed problem with a single stroke from a software weapon it calls ExploitShield.

Available exclusively today from Download.com, the first ExploitShield Browser Edition beta (download) appears to stop all manner of exploits, from those affecting browsers directly to browser plug-ins like PDF readers, Flash, and Java, to Microsoft Office components, to a handful of media players. The potential for raising the level of computer security here is huge, as a vast number of threats are actually mutations of malware, sold in kits like BlackHole, … Read more

Adobe to revoke code signing certificate

Adobe said today it will revoke a code signing certificate after discovering malware that was digitally signed with the certificate.

"Adobe is currently investigating what appears to be the inappropriate use of an Adobe code signing certificate for Windows," Brad Arkin, senior director of security at Adobe, wrote in a blog post. "We plan to revoke the impacted certificate on October 4, 2012 for all software code signed after July 10, 2012."

"The evidence we have seen has been limited to a single isolated discovery of two malicious utilities signed using the certificate and indicates … Read more

Avira kills its pop-up for 2013, sort of

The competition for the best free Windows security suite just got a lot more intense, as Avira returns to the field with its second major revamp in as many years of its flagship free antivirus and paid upgrades.

Available exclusively from Download.com today, Avira Free Antivirus 2013, along with the paid upgrades Avira Antivirus Premium 2013 and Avira Internet Security 2013, greatly expand the kinds of protection that Avira offers.

Avira wouldn't reveal a precise number of people who use the suite, but Opswat puts them at around 12.1 percent of the worldwide Windows market. Travis Witteveen, … Read more

Maker of smart-grid software discloses hack

Telvent Canada says someone sneaked past its internal firewall, installing malicious software and stealing files related to control software it makes that's used to manage the electric grid in various countries.

The company warned customers last week that it learned of a breach of its network on September 10, according to the KrebsOnSecurity blog. Project files associated with the firm's OASyS SCADA (supervisory control and data acquisition) software were stolen, the post says.

"Although we do not have any reason to believe that the intruder(s) acquired any information that would enable them to gain access to … Read more

New Java flaw could hit 1 billion users

It's just a proof of concept for now, but a newly revealed Java vulnerability could have very widespread repercussions.

Security research company Security Explorations has issued a description of a new critical security flaw in Java SE 5 build 1.5.0_22-b03, Java SE 6 build 1.6.0_35-b10, and the latest Java SE 7 build 1.7.0_07-b10. This error is caused by a discrepancy with how the Java virtual machine handles defined data types (a type-safety error) and in doing so violates a fundamental security constraint in the Java runtime, allowing a complete bypass of the Java … Read more

Vipre 2013 stays laser-focused on speed

Vipre has quietly made a name for itself as an effective security suite that can hold its own against the big boys. The latest update addresses issues with speed while simplifying some basic tasks, but its one killer extra may not be enough.

Available exclusively today from Download.com, Vipre Internet Security 2013 (download) and Vipre Antivirus 2013 (download) offer a solid set of Windows security tools. The most notable is a new feature only available in the premium Internet Security called Easy Update.

Easy Update streamlines the update process for your other programs. You won't have to accept … Read more

Google pays bug hunters for finding Windows flaw

You might think Microsoft would be the one handing out awards to those who report security vulnerabilities in Windows, but yesterday it was Google that paid $5,000 to a pair who found one such problem.

Along with the release of the final, stable version of Chrome 22, Google announced that it's paying the bug bounty to Eetu Luodemaa and Joni Vahamaki of Documill for finding a memory corruption issue in Windows.

The award is part of a revised Chrome bug bounty policy in which Google pays for more than just Chrome bugs. "Occasionally, we issue special rewards … Read more

Researcher says 100,000 passwords exposed on IEEE site

A computer scientist says he discovered that a server of the IEEE (Institute of Electrical and Electronics Engineers) had about 100,000 usernames and passwords stored in plaintext and publicly accessible.

Radu Dragusin, a computer scientist who works at FindZebra and is a teaching assistant at the University of Copenhagen, writes in a blog post that he discovered the problem last week and notified the IEEE about his findings, enabling them to "at least partially" fix the problem.

The data was publicly available on the IEEE FTP (File Transfer Protocol) server for at least a month, potentially exposing … Read more

How to lock down and find Android and Windows phones

Thieves love smartphones. They're easy to snatch, easy to conceal, and most importantly, easy to resell.

If you're the victim of a smartphone robbery, you have more to lose than the phone itself. The thief may attempt to use or sell the personal data stored on the device to make fraudulent purchases or otherwise steal your identity -- and maybe empty your bank account.

There are two things every smartphone user should do to minimize the damage resulting from loss of the device: lock the screen and activate a remote-location and remote-wipe service.

In a post from earlier this monthRead more