Text messages have largely replaced seasonal (and non) greeting cards, and there are mobile apps out there that let you send prewritten witty/sweet messages to friends and family.
But there are also some that pretend to do that, and F-Secure researchers have recently spotted a Trojan targeting Chinese Android users that masquerades as just that type of app.
Check out Help Net Security for the full article
Passwords for document files are commonly used to prevent unauthorized access to the files by encrypting them with passwords. However, attackers are misusing the password feature to encrypt files, most likely to make it difficult for security products to detect them as malware,” say the researchers. “It also makes reverse-engineering the files difficult because they need to be decrypted before analysis can be performed.
Check out Help Net Security for the full article
Just a day after security researcher Stefan Viehbock released details of a vulnerability in the WiFi Protected Setup (WPS) standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver, has the ability to find the WPS PIN on a given router and then recover the WPA passphrase for the router, as well.
The vulnerability reported by Viehbock to US-CERT is related to the way that the WPS standard handles failed authentication attempts in some cases. In those scenarios, it will send back too much detailed information to the user–or attacker–about the PIN that’s required to set up the router using WPS. Viehbock found that he was able to use that information to greatly reduce the amount of time it takes to recover the PIN for a router through a brute-force attack. Once the attacker has the WPS PIN, he can take control of the router.
The full article by Threat Post
Bit9’s new research on “The Most Vulnerable Smartphones of 2011” lists the devices that pose the most serious security and privacy risk to consumers and corporations. In the Bit9 research report, Android phones overwhelmingly topped the list, accounting for the “dirty dozen” most vulnerable devices.
2011 has been labeled by IT security experts as “The Year of the Hack”. Bit9′s endpoint survey of 765 IT executives revealed that Advanced Persistent Threat (APT) attacks, like the one that was used to breach RSA, are of most concern to IT and security professionals.
US-CERT is aware of reports that some users on the Xbox 360 video game system are receiving potential phishing attempts through an in-game messaging service. In-game message phishing is not a Microsoft issue and has nothing to do with Xbox LIVE. Games are products of third party developers that are playable on Xbox LIVE and other gaming systems.
Microsoft has posted a service alert on the Xbox LIVE status page regarding this issue.
US-CERT encourages users to take the following measures to protect themselves from these types of phishing attacks:
Apple’s claim that the geolocation tracking of its customers via a stealth file maintained in devices running the iOS operating system are, well, “patently” false.
The stealth iOS file records geolocation information derived from triangulating the location of a device using the signals from the closest cell phone transmission towers and Wi-Fi access points. The data is continuously collected and recorded regardless of whether the user has chosen to disable location services features on their mobile device.
Apple released a statement earlier this week that claims the data collection is caused by a software bug that will be remediated in a soon to be issued update to the iOS. Apple admitted that the information was being sent to the company, but they maintain that they are unable to trace the data a particular phone or user.
Apple CEO Steve Jobs even stated directly that “We don’t track anyone. The info circulating around is false.”
Reports have now surfaced that demonstrate these assurances are false.
Apple filed for a patent in September of 2009 titled “Location Histories for Location Aware Devices” with the intent to develop services based around the company’s ability to locate and track mobile devices running the iOS operating system.
Check out the full article here at InfoSec Island