Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - October 09, 2015

Oct 9, 2015 10:58PM PDT
Apple removes several apps that could spy on encrypted traffic

Apple has purged its iOS App Store of several titles that it said had the ability to compromise encrypted connections between end users and the servers they connect to. The company advised users to uninstall the apps from their iPhones and iPads to prevent potentially harmful monitoring, but it has yet to name any of the offending titles.

"Apple has removed a few apps from the App Store that install root certificates that could allow monitoring of data," company officials wrote in an advisory posted Friday. "This monitoring could be used to compromise SSL/TLS security solutions. If you have one of these apps installed on your device, delete both the app and its associated configuration profile to make sure your data remains protected."

Continued : http://arstechnica.com/security/2015/10/apple-removes-several-apps-that-could-spy-on-encrypted-traffic/

Related :
Apple boots some ad blockers from App Store to protect users' privacy
Apple Removes Apps That Expose Encrypted Traffic
Apple removes apps from App Store that could spy on your data traffic
Apple Removes ‘A Few’ Apps Including Ad Blockers From App Store For Installing Root Certificates

Discussion is locked

- Collapse -
Samsung Pay ‘safe’ from LoopPay attack
Oct 9, 2015 11:01PM PDT

ESET's "We Live Security" blog:

Following a report from the New York Times that Samsung’s new mobile payment system acquisition was attacked by cybercriminals, the tech giant has reassured its customers that there is no need to be concerned.

In an official statement that directly addressed the article, it said that Samsung Pay was not affected by the isolated incident at LoopPay.

It added that the attack was focused on the LoopPay office network, which is completely independent of the production network that is native to Samsung Pay.

Continued : http://www.welivesecurity.com/2015/10/08/samsung-reassures-customers-samsung-pay-safe/

Related:
Hackers breach firm whose tech is used in Samsung Pay
Samsung says customer payment data not affected by hack attack

- Collapse -
LogMeIn buys LastPass for $125 million
Oct 9, 2015 11:03PM PDT

Remote computer-access company LogMeIn has acquired popular password-management company LastPass for $125 million, LogMeIn says in a statement today. The company says the deal is "expected to close in the coming weeks."

According to the statement, LogMeIn is planning to merge LastPass with another password-management company, Meldium, which was bought last year by LogMeIn. Eventually, Meldium and LastPass will go under the LastPass brand.

LastPass became a favorite password-management option soon after its launch in 2008, and now caters to millions of users. Earlier this year, the company also offered its service for free on smartphones, only charging users hoping to switch between desktop and mobile. In June, the company announced that it had been hacked, with attackers stealing email addresses and hashed versions of some users' master passwords.

Continued : http://www.theverge.com/2015/10/9/9486343/logmein-buys-lastpass-for-125-million

Related :
LogMeIn buys LastPass password manager for $110 million
LogMeIn buying password manager LastPass
Furious LastPass fans fear favorite tool's fate amid LogMeIn's gobble
LogMeIn just acquired LastPass to build one password platform to rule them all

- Collapse -
Outlook.com had classic security blunder in authentication..
Oct 9, 2015 11:13PM PDT
.. engine

"Redmond pays $25k to hacker who spotted flaw allowing anyone to own your email"

Synack senior security researcher Wesley Wineberg has received US$25,000 from Microsoft for quietly disclosing a bug that allows any Hotmail account to be hijacked.

The cross-site request forgery vulnerability means that any user visiting a malicious page can have their accounts hijacked without further interaction.

The since-patched hole existed in Microsoft Live.com and could have been spun into a dangerous worm, Wineberg says.

Continued : http://www.theregister.co.uk/2015/10/09/hotmail_hijack_hole_earns_boffin_25k_double_bug_bounty_trouble/