Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - January 21, 2013

by Carol~ Jan 21, 2013 2:09AM PST
Google Prepares to Leave the Password Behind

Tech juggernaut Google seems to be preparing to move away from passwords, which have long been a weak point of digital security, in favor of dedicated devices. But first it just has to convince the rest of the Internet to go along with their scheme.

According to Wired, next month's edition of the journal IEEE Security & Privacy Magazine will carry a report by Google's VP of security Eric Grosse and engineer Mayank Upadhyay that outline their vision for a world without passwords.

The authors reportedly describe a scenario where a single device is used to seamlessly confirm users' identity. In their experiments, Grosse and Upadhyay used a tiny cryptographic USB card called a YubiKey with a modified version of Google Chrome. However, they hope to take the technology wireless and perhaps integrate with devices users already have—such as mobile phones.

Continued : http://securitywatch.pcmag.com/none/307160-google-prepares-to-leave-the-password-behind

Related:
Google Looking Into Hardware to Help Kill the Password
Google's password proposal: One ring to rule them all

Discussion is locked

5 Posts
- Collapse + Expand Details
- Collapse -
Student checks software for critical bug, gets expelled..
by Carol~ Jan 21, 2013 3:46AM PST
... from college

When 20-year-old Ahmed Al-Khabaz, a computer science student at Montreal's Dawson College, discovered a critical flaw in his college's student web portal, he decided it was his "moral duty" to share the discovery with the institution's leaders so that the bug can be fixed before doing serious harm.

But what he probably could not have imagined at the time is that this - for all intents and purposes - honorable decision will ultimately lead to his expulsion from college.

Al-Khabaz, who was also a member of the college's software development club, and fellow student Ovidiu Mija were working on a mobile app that would facilitate the students' access to their account on the portal in question, when they discovered that the web application's "sloppy coding" allows anyone with a basic knowledge of computers to access all of the student's accounts and the information contained in it: personal information (including Social Security numbers), grades, class schedule, and more.

Continued : http://www.net-security.org/secworld.php?id=14274

Also:
Computer science student first praised, then expelled for poking around
Canadian Student Expelled After Finding Critical Flaw in Software Used by Colleges
- Collapse -
Fake Plants vs Zombies and other Android games infiltrate..
by Carol~ Jan 21, 2013 3:46AM PST
... Google Play store, make money for fraudsters

Is Google doing a good enough job of policing apps in the official Android app store?

It seems not, judging by the number of bogus apps that continue to be made available for public download from Google Play, exploiting the name and reputation of legitimate games in an attempt to make money for fraudsters.

For instance, take a look (but I suggest you don't install) the apps made available by an Android app developer called "abbaradon": [Screenshot]

There are some pretty well known games listed there, including "Plants vs Zombies" and "PES 2012" (Pro Evolution Soccer). [Screenshot]

The real Android version of "Plants vs Zombies", developed by Electronic Arts, costs a few dollars, and has had thousands of reviews.

However, Abbaradon's version is free, and has some fine print tucked away at the end of its description in the Google Play store:

Continued : http://nakedsecurity.sophos.com/2013/01/21/fake-plants-vs-zombies-android-game/
- Collapse -
Comparative review: Opera leads in browser anti-phishing..
by Carol~ Jan 21, 2013 3:47AM PST
... protection

According to the most recently released comparative review by av-comparatives.org, Opera leads competing browsers in anti-phishing protection. Should you make the switch? Not so fast!

The comparative review used 294 phishing URLs and tested the following browsers:

• Apple Safari 5.1.7.7534.57.2
• Google Chrome 23.0.1271.97 m
• Microsoft Internet Explorer 9.0.9112.16421 / 9.0.12
• Mozilla Firefox 17.0.1
• Opera 12.11.1661

It produced the following results:

• Opera - 94,2% detection rate of the phishing URLs used in the test
• Internet Explorer - 82,0% detection rate for the phishing URLs used in the test
• Google Chrome - 72,4% detection rate for the phishing URLs used in the test
• Apple Safari - 65,6% detection rate for the phishing URLs used in the test
• Mozilla Firefox - 54,8% detection rate for the phishing URLs used in the test

None of the browsers triggered a "false phishing alarm". What kind of conclusions we can draw based on the these results, and what should decision makers keep in mind when considering a company-wide browser switch?

Continued : http://www.zdnet.com/comparative-review-opera-leads-in-browser-anti-phishing-protection-7000010039/
- Collapse -
Android.Exprespam Potentially Infects Thousands of Devices
by Carol~ Jan 21, 2013 6:18AM PST

From the Symantec Security Response blog:

Android.Exprespam was discovered at the beginning of January and has only been around for about two weeks, but the scammers seem to be having a lot of success with the malware already. Symantec has acquired some data that has allowed us to get an idea of how successful Exprespam may be in scamming Android users into providing personal data. The data obtained, which is only a portion of the complete data, indicates that the fake market called Android Express's Play has drawn well over 3,000 visits in a period of a week from January 13 to January 20.

Based on several sources*, I calculated that the scammers may have stolen between 75,000 and 450,000 pieces of personal information. [Screenshot: Potential amount of stolen information]

The scam has only been around for about two weeks so I am sure that this is just the beginning for the scammers and the amount of personal data collected will increase exponentially. As proof of this, we have found yet another domain registered by the creators of Exprespam and they also created another version of their fake market on the new domain. This time, they have decided to not give the market a name or provide the name of the party maintaining the market. At the time of writing, the new market does not appear to be in active use yet and may currently be under construction or on standby but that has not stopped the scammers as a new malware variant is already being hosted on the site. [Screenshot: Various fake app markets used by the Exprespam scammers]

Continued: http://www.symantec.com/connect/blogs/androidexprespam-potentially-infects-thousands-devices

- Collapse -
iPhone hackers hint at progress towards iOS 6 jailbreak
by Carol~ Jan 21, 2013 6:18AM PST

"Two new vulnerabilities were apparently found in a day, according to one of the hackers"

Two iPhone hackers hinted they're making progress towards developing a new jailbreak for the latest version of Apple's mobile operating system.

One of the hackers, who goes by "@pod2g" on Twitter, wrote on Sunday that they found two "new vulnerabilities in a day," but what's missing is an "initial code execution" for a public jailbreak.

Pod2g is working with David Wang, known as "@planetbeing" on Twitter, to develop a way to remotely exploit iOS 6, known as a "jailbreak." Jailbreaking a device allows people to install applications that have not been approved by Apple, as well as other customizations.

While legal in the U.S due to an exception in the U.S. Digital Millennium Copyright Act, Apple discourages its customers from jailbreaking their iOS devices and can void the warranties for tampered devices. Apple also tends to quickly fix vulnerabilities that allow a device to be jailbroken.

Continued : http://www.networkworld.com/news/2013/012113-iphone-hackers-hint-at-progress-265982.html

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info