Posts tagged Security

Mobile Safari Vulnerability Discovered In iOS 5.1 – Allows URL Spoofing

0
March 23, 2012
by _GadgetNews in , , , , , , , , , , , , ,

If you are using Mobile Safari on iPad, iPhone, or iPod Touch running iOS 5.1, than you should be cautious of a security issue that involves address bar spoofing. The issue was discovered by David Vieira-Kurz of MajorSecurity, and involves “an error within the handling of URLs when using javascript’s window open() method.” This can be exploited by malicious sites to display custom URLs, potentially fooling users into supplying personal information to a malicious website (since the Safari address bar can display a totally different address than the website that is actually being More >

Apple Releases Update For Mac Defender – Can Now Quarintine

0
May 31, 2011
by TechHead in , , , , ,

The MAC Defender malware and inaction on Apple’s part to clean up the mess has finally been fixed. Apple released a Security Update today which adds malware detection and removal for the “MAC Defender” malware. Using the malware list Apple has been keeping since 2009, the update adds a tool to Snow Leopard that removes malware (based on the list).

There is a new simple File Quarintine feature added to OS X when Snow Leopard first came out. It examines external files downloaded within quarantine-aware applications (such as Mail, iChat, Safari, etc.) and warns users of downloads that match the More >

Sony Offers Identity Theft Protection To PlayStation Network Users

0
May 26, 2011
by _GadgetNews in , , , , , ,

The US-based PlayStation Network users will now be able to register for a free Identity Protection service thanks to an arrangement made by Sony with a company named Debix. On May 3rd, Sony promised all customers affected by the recent break-ins into the PlayStation Network system, free identity theft protection from Debix for one year. The company is now delivering on that promise, and users can sign up for the identity protection starting today. As Sony explained in an email sent to every active PSN customer:

Sony has arranged, at no charge to eligible PlayStation®Network and Qriocity More >

Russian Forensic Experts Crack iOS 4 iPhone Encryption

0
May 24, 2011
by _GadgetNews in , , , , , , , , , ,

A Russian forensic experts team named ElcomSoft was recently able to crack Apple’s iOS 4 iPhone Encryption including backup file encryption and on device data security. The team was also involved in providing software services that are used by law enforcement and certain three-letter agencies. They used a GPU-accelerated Phone Password Breaker Tool to remove protection for Apple and BlackBerry backups. After the release of iOS 4, Apple began providing 256-bit encryption to secure iPhone devices. Since this encryption has now been cracked, we wonder what move Apple is going to take More >

Google’s Android Credentials Vulnerability Being Patched

0
May 18, 2011
by TechHead in , , , , , ,

Well it didn’t take too long for Google to response. We mentioned just yesterday about the Android vulnerability found in ClientLogin that could have some serious security ramifications. Using a dummy open access point, a nefarious third party could passively through the use of Wi-Fi collect authentication tokens to password protected services such as Facebook, Twitter, and Google Calendar stored on affected Android devices. Speaking with Mobilized’s, Ina Fried, the Android-maker has stated that it is taking action, and fast.

Google told the publication; “Today we’re starting to roll out a More >

Sony’s PSN Password Reset Page Has Been Compromised

0
May 18, 2011
by TechHead in , , , , , , , , ,

According to reports coming in from Eurogamer, NeoGaf, and Nyleveia Sony’s PlayStation Network password reset system (the one that was put into place after the PSN hack) has been compromised, allowing hackers to change a PSN password if they know your email and date of birth. This information was exactly the same information that was released in the original hack. As a result, Sony has taken the password reset system offline.

The good news here as pointed out by NeoGAF’s “Metalmurphy” is that if your account was compromised, you should have gotten an email from PSN stating that your password More >

RecognizeMe – Facial Recognition Unlocking For iDevices

0
May 18, 2011
by TechHead in , , , , , , , , , , ,

It’s always amazing to see the kinds of things developers can get up to when they have a jailbroken iPhone to play with. Granted there are already a plethora of themes and notifcation replacements but every so often we get something that breaks new boundaries. Something that reminds everyone how talented the iOS development community really is. One such app was something we told you about a while ago called 3DBoard. The app 3DBoard used head-tracking technology to change the orientation of an iDevice’s homescreen, giving the user the illusion of being 3D. Apocolipse, 3DBoard’s developer is More >

Sony’s “Welcome Back” Package Announced For PSN Users

0
May 17, 2011
by TechHead in , , , , , , , ,

Sony recently released details of their PlayStation Network “Welcome Back” package for North American customers, with PlayStation Plus service and free games as the order of the day.

Offered by a way of a thank you for sticking ar0und with the company through the PlayStation Network downtime, Sony is offering a free month’s subscription to their PlayStation Plus PSN upgrade for users who don’t currently subscribe. Existing customers will have a month’s usage added to their account free of charge.  More interestingly, the company is offering two free games to download from a list of five for More >

User Login Vulnerability Found In 99% of Android Handsets

1
May 17, 2011
by TechHead in , , , , , , , , , ,

Research from multiple universities is now warning that almost all smartphones that are running Google’s Android software could be allowing third parties access to digital tokens that could allow access to services such as Google Calendar and Contacts. The issue seems to affect all devices running versions of Android prior to 2.3.3 and is related to handling of the authentication protocol ClientLogin. According to researchers at the German University of Ulm, once a user enters their credentials, the programming interface retrieves its token in clear text. The token is valid for 14 days and More >

Charlie Miller Hacks iPhone 4; Wins Pwn2Own 2011 Contest Again

2
March 11, 2011
by TechHead in , , , , , , , , , , , ,

Charlie Miller, known for exploiting the Safari browser for the past 3 years has managed to rip apart iPhone 4 security today at the Pwn2Own 2011 hacking contest at Vancouver. This is Miller’s forth consecutive win at the Pwn2Own contests.

All the attack required was for the target iPhone to surf to a rigged website. On his first attempt at the drive-by exploit, the iphone browser crashed but once it was relaunched, Miller managed to hijack the entire address book. He partnered with colleague Dion Blazakis to successfully exploit the Apple device using a MobileSafari flaw to swipe the iPhone More >

Go to Top