Spyware, Viruses, & Security forum


NEWS - January 21, 2013

by Carol~ Forum moderator / January 21, 2013 2:09 AM PST
Google Prepares to Leave the Password Behind

Tech juggernaut Google seems to be preparing to move away from passwords, which have long been a weak point of digital security, in favor of dedicated devices. But first it just has to convince the rest of the Internet to go along with their scheme.

According to Wired, next month's edition of the journal IEEE Security & Privacy Magazine will carry a report by Google's VP of security Eric Grosse and engineer Mayank Upadhyay that outline their vision for a world without passwords.

The authors reportedly describe a scenario where a single device is used to seamlessly confirm users' identity. In their experiments, Grosse and Upadhyay used a tiny cryptographic USB card called a YubiKey with a modified version of Google Chrome. However, they hope to take the technology wireless and perhaps integrate with devices users already have—such as mobile phones.

Continued : http://securitywatch.pcmag.com/none/307160-google-prepares-to-leave-the-password-behind

Google Looking Into Hardware to Help Kill the Password
Google's password proposal: One ring to rule them all
Post a reply
Discussion is locked
You are posting a reply to: NEWS - January 21, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 21, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Student checks software for critical bug, gets expelled..
by Carol~ Forum moderator / January 21, 2013 3:46 AM PST
... from college

When 20-year-old Ahmed Al-Khabaz, a computer science student at Montreal's Dawson College, discovered a critical flaw in his college's student web portal, he decided it was his "moral duty" to share the discovery with the institution's leaders so that the bug can be fixed before doing serious harm.

But what he probably could not have imagined at the time is that this - for all intents and purposes - honorable decision will ultimately lead to his expulsion from college.

Al-Khabaz, who was also a member of the college's software development club, and fellow student Ovidiu Mija were working on a mobile app that would facilitate the students' access to their account on the portal in question, when they discovered that the web application's "sloppy coding" allows anyone with a basic knowledge of computers to access all of the student's accounts and the information contained in it: personal information (including Social Security numbers), grades, class schedule, and more.

Continued : http://www.net-security.org/secworld.php?id=14274

Computer science student first praised, then expelled for poking around
Canadian Student Expelled After Finding Critical Flaw in Software Used by Colleges
Collapse -
Fake Plants vs Zombies and other Android games infiltrate..
by Carol~ Forum moderator / January 21, 2013 3:46 AM PST
... Google Play store, make money for fraudsters

Is Google doing a good enough job of policing apps in the official Android app store?

It seems not, judging by the number of bogus apps that continue to be made available for public download from Google Play, exploiting the name and reputation of legitimate games in an attempt to make money for fraudsters.

For instance, take a look (but I suggest you don't install) the apps made available by an Android app developer called "abbaradon": [Screenshot]

There are some pretty well known games listed there, including "Plants vs Zombies" and "PES 2012" (Pro Evolution Soccer). [Screenshot]

The real Android version of "Plants vs Zombies", developed by Electronic Arts, costs a few dollars, and has had thousands of reviews.

However, Abbaradon's version is free, and has some fine print tucked away at the end of its description in the Google Play store:

Continued : http://nakedsecurity.sophos.com/2013/01/21/fake-plants-vs-zombies-android-game/
Collapse -
Comparative review: Opera leads in browser anti-phishing..
by Carol~ Forum moderator / January 21, 2013 3:47 AM PST
... protection

According to the most recently released comparative review by av-comparatives.org, Opera leads competing browsers in anti-phishing protection. Should you make the switch? Not so fast!

The comparative review used 294 phishing URLs and tested the following browsers:

• Apple Safari
• Google Chrome 23.0.1271.97 m
• Microsoft Internet Explorer 9.0.9112.16421 / 9.0.12
• Mozilla Firefox 17.0.1
• Opera 12.11.1661

It produced the following results:

• Opera - 94,2% detection rate of the phishing URLs used in the test
• Internet Explorer - 82,0% detection rate for the phishing URLs used in the test
• Google Chrome - 72,4% detection rate for the phishing URLs used in the test
• Apple Safari - 65,6% detection rate for the phishing URLs used in the test
• Mozilla Firefox - 54,8% detection rate for the phishing URLs used in the test

None of the browsers triggered a "false phishing alarm". What kind of conclusions we can draw based on the these results, and what should decision makers keep in mind when considering a company-wide browser switch?

Continued : http://www.zdnet.com/comparative-review-opera-leads-in-browser-anti-phishing-protection-7000010039/
Collapse -
Android.Exprespam Potentially Infects Thousands of Devices
by Carol~ Forum moderator / January 21, 2013 6:18 AM PST

From the Symantec Security Response blog:

Android.Exprespam was discovered at the beginning of January and has only been around for about two weeks, but the scammers seem to be having a lot of success with the malware already. Symantec has acquired some data that has allowed us to get an idea of how successful Exprespam may be in scamming Android users into providing personal data. The data obtained, which is only a portion of the complete data, indicates that the fake market called Android Express's Play has drawn well over 3,000 visits in a period of a week from January 13 to January 20.

Based on several sources*, I calculated that the scammers may have stolen between 75,000 and 450,000 pieces of personal information. [Screenshot: Potential amount of stolen information]

The scam has only been around for about two weeks so I am sure that this is just the beginning for the scammers and the amount of personal data collected will increase exponentially. As proof of this, we have found yet another domain registered by the creators of Exprespam and they also created another version of their fake market on the new domain. This time, they have decided to not give the market a name or provide the name of the party maintaining the market. At the time of writing, the new market does not appear to be in active use yet and may currently be under construction or on standby but that has not stopped the scammers as a new malware variant is already being hosted on the site. [Screenshot: Various fake app markets used by the Exprespam scammers]

Continued: http://www.symantec.com/connect/blogs/androidexprespam-potentially-infects-thousands-devices

Collapse -
iPhone hackers hint at progress towards iOS 6 jailbreak
by Carol~ Forum moderator / January 21, 2013 6:18 AM PST

"Two new vulnerabilities were apparently found in a day, according to one of the hackers"

Two iPhone hackers hinted they're making progress towards developing a new jailbreak for the latest version of Apple's mobile operating system.

One of the hackers, who goes by "@pod2g" on Twitter, wrote on Sunday that they found two "new vulnerabilities in a day," but what's missing is an "initial code execution" for a public jailbreak.

Pod2g is working with David Wang, known as "@planetbeing" on Twitter, to develop a way to remotely exploit iOS 6, known as a "jailbreak." Jailbreaking a device allows people to install applications that have not been approved by Apple, as well as other customizations.

While legal in the U.S due to an exception in the U.S. Digital Millennium Copyright Act, Apple discourages its customers from jailbreaking their iOS devices and can void the warranties for tampered devices. Apple also tends to quickly fix vulnerabilities that allow a device to be jailbroken.

Continued : http://www.networkworld.com/news/2013/012113-iphone-hackers-hint-at-progress-265982.html

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.