security

Apple has finally fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.

The flaw arose because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store, meaning an attacker can hijack the connection. In addition to a security flaw, the unencrypted connections also created a privacy vulnerability because the complete list of applications installed on the device are disclosed over Wi-Fi.

It also allows the installation of apps, including extremely expensive ones that top out at … Read more

Windows users will get the usual round of security patches from Microsoft next Tuesday.

Among the seven fixes due to roll out March 12, four are rated critical, which means they address flaws that could let an attacker execute malware on a remote PC by steering a user to a malicious Web site or e-mail link.

The patch for Internet Explorer is designed to shore up all versions from IE6 to IE10 across all iterations of Windows from XP to Windows 8 and RT. The patch for Microsoft's Silverlight, a browser plug-in that can display online videos and other … Read more

The next time you're looking for your misplaced Android smartphone, check the freezer. It's possible, however unlikely, that someone is trying to hack into your data using a new FROST attack method.

Researchers at Friedrich-Alexander University in Germany have learned that it is possible to access personal information on Android 4.0 smartphones using a chilling technique.

Called FROST, or forensic recovery of scrambled telephones, it amounts to placing the phone in temperatures of -15 Celsius for roughly 1 hour. After removing from a freezer, you must repeatedly power on and off the phone and hold down the … Read more

The U.S. House of Representatives voted yesterday to require the Defense Department to disclose whether military drones are being operated domestically to conduct surveillance on American citizens.

A requirement buried in a lengthy appropriations bill calls on newly confirmed Defense Secretary Chuck Hagel to disclose to Congress what "policies and procedures" are in place "governing the use" of military drones or other unmanned aerial vehicles (UAVs) domestically. The report is due no later than 90 days after the bill is signed into law.

The vote on the bill, which was overwhelmingly supported by Republicans and … Read more

Apple marketing chief Phil Schiller has been a semi-regular Twitter user since 2008, though mostly tweets about things like music, movies and sports.

But that changed earlier today with a post linking to F-Secure Labs' latest quarterly Mobile Threat report, with a casual mention to "be safe out there."

The 29-page report's (PDF) key finding is that malware on Google's Android is getting worse, in part because of the platform's brisk growth and a new variant of malware that spread using SMS.

"Android malware has been strengthening its position in the mobile threat scene,&… Read more

Following closely on the heels of a Samsung Galaxy Note 2 security vulnerability, another Samsung user has found that the bug affects other models.

Unlike the Samsung Galaxy Note 2 flaw, the bug allows for full access to the Samsung Galaxy S3. The method is similar in that it requires a fleet-fingered user to hop through a number of screens.

As discovered by Sean McMillian, the smartphone can be manipulated by tapping through the emergency call, emergency contacts, home screen, and then the power button twice. McMillian admits that the bug isn't consistent -- sometimes, he said, it works … Read more

If you are considering security software for your Mac there are a number of options out there, including those from popular companies like Sophos, Symantec, and Intego. There are both free tools and paid subscriptions to choose from.

A while ago I gave Intego's SecurityBarrier X6 suite a spin, which in testing has been found to be one of the better-performing anti-malware tools for OS X; however, the software did require a bit of a technical approach that was not too appealing to the average user.

In order to cater to a broader range of people, with its 2013 security suite … Read more

Security researchers at MWR Labs have won a $100,000 prize at the Pwn2Own hacking competition in Vancouver.

The researchers showed off their hack yesterday as they took a fully patched version of the Google Chrome browser, hacked it, and then took control of Windows 7. According to the researchers, when a Chrome user visits a malicious Web page, it's possible for the page's creator to exploit a vulnerability that allows for code execution in the sandboxed renderer process. From there, the team exploited a kernel vulnerability in Windows 7 to gain elevated privileges and execute commands.

Here's what the researchers were able to achieve:… Read more

The United States' top arms control official thinks the public can play a vital role in helping to combat international arms control violations and threats.

At South by Southwest (SXSW) in Austin, Texas, this Friday, Acting Undersecretary of State for Arms Control and International Security Rose Gottemoeller will take part in a session, to be moderated by CNET reporter Daniel Terdiman, in which she will talk about the U.S. State Department's plans to develop initiatives that utilize technology and public participation in tackling some of the thorniest security problems the United States and its allies face today.

During … Read more