HolidayBuyer's Guide

Spyware, Viruses, & Security forum

Alert

NEWS - August 22, 2014

by Carol~ Forum moderator / August 22, 2014 12:34 AM PDT
Microsoft Responds To The Availability Of Thousands Of Fake Apps In Windows Store

Apart from the lack of key apps, Microsoft's Windows Store faces another key issue of having fake apps in the Store. For example, searching for VLC will give you the above search results page, out of which only one is the official app. Others are just spam apps with no real content and offers no value to the users downloading it. How-To Geek's did an investigation of this issue,

"Within half an hour we managed to find fake paid versions of Adobe Flash Player, Firefox, Pandora, IMDB, Candy Crush Saga, Wechat, WhatsApp, uTorrent, Picasa, Bluestacks, Minecraft, Spotify, Google Hangouts, Picasa, Clash of Clans, Blender 3D, and a lot more." These are all apps that are supposed to be free (and if you go to the Windows Store now you can try this experiment for yourself).

Microsoft responded to this issue with the following statement,

'We strive to make the Windows Store a high-quality experience for customers and also accessible to the broadest audience of developers ....'

Continued : http://microsoft-news.com/microsoft-responds-to-the-availability-of-thousands-of-fake-apps-in-windows-store/

Related: The Windows Store is a Cesspool of Scams - Why Doesn't Microsoft Care?

Microsoft Admits It Has to Remove Some Windows 8 Metro Apps
Microsoft: We plan to CLEAN UP this here Windows Store town
Microsoft finally acknowledges that the Windows Store has a bunch of crap apps
Discussion is locked
You are posting a reply to: NEWS - August 22, 2014
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - August 22, 2014
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Data breach at UPS Stores in 24 states
by Carol~ Forum moderator / August 22, 2014 1:09 AM PDT
In reply to: NEWS - August 22, 2014

United Parcel Service has discovered a computer breach at 51 stores, making Big Brown the latest retailer to lose customer data.

UPS said that the hacking had escaped detection at stores in 24 states, or around 1% of its locations. At most stores, the malware attack occurred after March 26, and was eliminated by August 11.

No fraud has yet been discovered, UPS said, but customer names, postal addresses, email addresses and payment card information were compromised.

Tim Davis, president of The UPS Store, apologized in a statement for any anxiety the theft may have caused customers. He said the company had deployed "extensive resources to quickly address and eliminate this issue."

Continued : http://money.cnn.com/2014/08/21/technology/security/ups-store-data-hack/

Related :
UPS says 51 stores infected with credit card stealing malware
51 UPS stores hit with PoS malware
UPS Admits 51 Stores Hit With Malware For Five Months

Collapse -
Researchers create privacy wrapper for Android Web apps
by Carol~ Forum moderator / August 22, 2014 1:09 AM PDT
In reply to: NEWS - August 22, 2014

"Users can wrap Facebook and other apps to better control their privacy and security, according to researchers from North Carolina State University."

On a mobile application, users typically have a single choice to protect their privacy: install the application or not.

The binary choice has left most users ignoring permission warnings and sacrificing personal data. Most applications aggressively eavesdrop on their users, from monitoring their online habits through the device identifier to tracking their movements in the real world via location information.

Now, a research group at North Carolina State University hopes to give the average user a third option. Dubbed NativeWrap, the technology allows Web pages to be wrapped in code and make them appear as a mobile application, but with user-controlled privacy. Because many applications just add a user interface around a Web application, the user should have equivalent functionality for many wrapped apps, said William Enck, assistant professor in the department of computer science at North Carolina State University.

Continued : http://arstechnica.com/security/2014/08/researchers-create-privacy-wrapper-for-android-web-apps/

Related: Control Android app permissions with NativeWrap

Collapse -
Sneak attack through smartphone shared memory
by Carol~ Forum moderator / August 22, 2014 1:10 AM PDT
In reply to: NEWS - August 22, 2014

A weakness believed to exist in Android, Windows and iOS operating systems could be used to obtain personal information from unsuspecting users, research at the University of Michigan has shown. The team demonstrated the hack in an Android phone.

The method was successful between 82 percent and 92 percent of the time on six of the seven popular apps they tested. Gmail, CHASE Bank and H&R Block were among those easily compromised.

The hack is particularly dangerous because it allows attackers to time the moment that they present the user with a fake screen to when the user is expecting to enter sensitive data.

"We know the user is in the banking app, and when he or she is about to log in, we inject an identical login screen," said Qi Alfred Chen, a doctoral student in electrical engineering and computer sciences at U-M. "It's seamless because we have this timing."

Continued : http://www.net-security.org/secworld.php?id=17284

Collapse -
Your Anonymous Posts to Secret Aren't Anonymous After All
by Carol~ Forum moderator / August 22, 2014 3:11 AM PDT
In reply to: NEWS - August 22, 2014

White hat hacker Ben Caudill is halfway through his sandwich when he casually reaches over to his iPhone, swipes the screen a few times, then holds it up to me. "Is that you?" he asks.

It is, but nobody was supposed to know. He's showing me one of my posts to Secret, the popular anonymous sharing app that lets you confess your darkest secrets to your friends without anyone knowing it's you. A few minutes ago I gave Caudill my personal e-mail address, and that was all he needed to discover my secret in the middle of a Palo Alto diner, while eating a BLT.

My secret is pretty lame, but Secret's stream is slurry of flippant posts, Silicon Valley gossip, and genuinely personally confessions like, "He proposed—I had to say no. And it broke my heart to do the right thing." At this moment, Caudill could type in any Secret user's e-mail address or phone number and decloak that person's secrets.

Continued : http://www.wired.com/2014/08/secret/

Related : Secret app takes mere minutes to hack, revealing anyone's secret via simple vulnerability

Collapse -
Vulnerability Found in Google Wallet, Alipay Payment SDKs
by Carol~ Forum moderator / August 22, 2014 3:11 AM PDT
In reply to: NEWS - August 22, 2014

Researchers at Trend Micro have uncovered a security hole that can be exploited to launch phishing attacks against users who make payments from their Android mobile devices.

According to the security firm, the vulnerability affects the in-app payment (IAP) SDKs for Google Wallet and Alibaba's Alipay, China's leading third-party online payment solution.

The flaw identified by researchers is related to what's known as an "intent," the software mechanism in Android that allows users to coordinate the functions of different apps to achieve a certain task.

"Explicit intents are used if the developer wants an action to be performed by a specific component in a specific app. Implicit intents are used when a developer allows the process to be performed by components of other apps," Trend Micro Mobile Threats Analyst Weichao Sun explained in a blog post. "The Android platform uses intent-filters of apps to determine which app can perform the implicit intent. If an app contains the matching intent-filter, it can perform the task requested by the intent."

Continued : http://www.securityweek.com/vulnerability-found-google-wallet-alipay-payment-sdks

Collapse -
Stealthy, Razor Thin ATM Insert Skimmers
by Carol~ Forum moderator / August 22, 2014 3:11 AM PDT
In reply to: NEWS - August 22, 2014

An increasing number of ATM skimmers targeting banks and consumers appear to be of the razor-thin insert variety. These card-skimming devices are made to fit snugly and invisibly inside the throat of the card acceptance slot. Here's a look at a stealthy new model of insert skimmer pulled from a cash machine in southern Europe just this past week.

The bank that shared these photos asked to remain anonymous, noting that the incident is still under investigation. But according to an executive at this financial institution, the skimmer below was discovered inside the ATM's card slot by a bank technician after the ATM's "fatal error" alarm was set off, warning that someone was likely tampering with the cash machine. [Screenshot]

"It was discovered in the ATM's card slot and the fraudsters didn't manage to withdraw it," the bank employee said. "We didn't capture any hidden camera [because] they probably took it. There were definitely no PIN pad [overlays]. In all skimming cases lately we see through the videos that fraudsters capture the PIN through [hidden] cameras."

Continued : http://krebsonsecurity.com/2014/08/stealthy-razor-thin-atm-insert-skimmers/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.