Displaying items by tag: Exploits

After last week experts from Gibson Security found security holes in the application Snapchat, on the internet appeared web page under a name SnapchatDB! where there is allegedly database with usernames of Snapchat users and their associated phone numbers.

Kaspersky Lab experts noticed a security flaw related to Apple's Safari browser, or to be more precise, its storage of passwords and user ID information.

About a month ago we reported on an statement by the FTC in regards to a security flaw in certain models of TRENDNet IP cameras. The statement was a “what he said” move considering that all of the items they talked about have already been done by TRENDNet. We also noted that the FTC was less concerned about the actual presence of flaws than they were with a product being labeled as secure when it was not. At the time of the statement we remarked that the flaws found in TREDNNet products were very common in embedded devices. In fact we recently reported that a similar flaw exists in many residential firewalls and routers. It seems that companies building products with an embedded OS just do not know how to keep things secure.

The company Appriver warned users of Dropbox service to increase caution, as false messages that ask users to change the password they use when signing up for service appeared once again. Fraudulent email messages are composed so that at first glance they look like they were really sent from Dropbox Team.

In a career that has spanned over 20 years in IT I have met a lot of people from different industries. Many of these people I have not kept in contact with and some I have. Occasionally when talking to some of them something will be said that might not hit home until a little later. This was the case with something that was said to be by an acquaintance who just happens to work as a technical manager at a security consulting company. During our talk I mentioned that it seemed like systems were getting much more insecure, and he joked saying: why would any security company want to work themselves out of business?

Indian enthusiast Arul Kumar who deals with computer security issues, reported a flaw in the social network Facebook, which allows you to delete any photo on Facebook within one minute. Failure is spotted within Support Dashboard portal that allows users to send complaints regarding violation or offensive content, and monitor whether the individual complaint is processed. Facebook employees handle complaints 24 hours a day, seven days a week.

Researchers from the firm MWR Labs found a way to exploit vulnerabilities in Chrome, and how to bypass the security mechanisms in Windows 7, which enabled them to perform arbitrary actions on the victim's computer.

Android users have a lot to be happy about. Despite all the awesome that is Android, there are the occasional bumps in the road. One of the more hilarious of these problems is the tendency for Android phones to display incorrect timestamps on text messages under certain conditions. Sometimes, it can appear as if your friend has texted you from several hours in the future. Sometimes in the past.

Ubisoft has responded to the claims that its UPlay DRM software is a rootkit that enabled them (and anyone else) to install arbitrary code on systems that it was installed on. The original claim was from developer Travis Ormandy who posted the issue on pastebin and also showed the vulnerability working with a website specially crafted to take advantage of the exploit he found. Ormandy likened the issue to Sony’s famous screw up with their BMG DRM that was in actuality a rootkit and caused the recall of quite a bit of Sony games.

If the name Charlie Miller sounds familiar to you it should. After all he is one of the researchers that has consistently found bugs and holes in Apple’s vaunted security. He is also a very frequent winner of the Pwn2Own competition where security experts and “hackers” alike compete to find the fastest way of breaking into a computer system. Charlie’s love for Apple and all of its devices has kept him in something of a love-hate relationship with the company for years, but recently things turned for the worse.

After the discovery of a flaw in Apple’s Mobile Safari that allowed the execution of unsigned code Miller reported this to Apple. He did this on the 14th of October and never received any word back on it. To further demonstrate the seriousness (and apparent ease) of this new flaw Miller submitted an app that had the malicious code packed inside. The App, which was disguised as a stock ticker, was approved by Apple and set up for distribution in the walled garden of the iTunes App Store. Miller was able to use the App to execute his code and take control of core functions of the phone.

For his troubles Miller was unceremoniously dropped from the Apple Developers Program for violating the terms of the agreement (which he really did do). The problem with this type of action from Apple is that it makes them seem like they do not want to admit or address serious security issues inside their operating systems. Miller has sent off an email asking for clarification stating “I’m mad, I report bugs to them all the time. Being part of the developer program helps me do that. They’re hurting themselves, and making my life harder.”

Miller feels that this is one of the changes that are coming after the passing of Steve Job and the new management. “I miss Steve Jobs,” he says. “He never kicked me out of anything.”

Source Forbes

Discuss in our Forum