Tag Archive for: Disaster

Google-funded study reveals Android security is a total disaster – BGR

/in

BGR

Google-funded study reveals Android security is a total disaster
BGR
“The difficulty is that the market for Android security today is like the market for lemons,” the researchers explain. “There is information asymmetry between the manufacturer, who knows whether the device is currently secure and will receive security
Android security a 'market for lemons' that leaves 87 percent vulnerableZDNet
Google-commissioned security report paints a bleak picture of AndroidDigital Trends
90% of Android devices left exposed to critical vulnerabilitiesDigital Journal
Techworm
all 7 news articles »

“android security” – read more

Disaster as CryptoWall encrypts US firm’s entire server installation

/in

“Here is a tale of ransomware that will make your blood run cold,” announced Stu Sjouwerman of security training firm KnowBe4 in a company newsletter this week and he wasn’t exaggerating.

One of his firm’s customers contacted him on 14 October for advice on how to buy Bitcoins after all seven of its servers containing 75GB of data had been encrypted by a recent variant of the hated CryptoWall ransom Trojan.

An admin had clicked on a phishing link which was bad enough. Unfortunately, the infected workstation had mapped drives and permissions to all seven servers and so CryptoWall had quickly jumped on to them to hand the anonymous professional a work day to forget.

To read this article in full or to leave a comment, please click here

Network World Security

Half of all Android devices still vulnerable to ‘privacy disaster’ browser bug – ZDNet

/in

BGR

Half of all Android devices still vulnerable to 'privacy disaster' browser bug
ZDNet
According to Lookout, whose Android security product has been installed on up to 100 million smartphones, the problem is worse in some countries than others. For example, in Japan, 81 percent of its users are running the vulnerable browser, while
Half of all Android phones are still vulnerable to a massive privacy bug BGR

all 5 news articles »

“android security” – read more

Android Browser flaw a “privacy disaster” for half of Android users

/in

Thanks to a bug in the Android Browser, your cookies aren’t safe.
Surian Soosay

A bug quietly reported on September 1 appears to have grave implications for Android users. Android Browser, the open source, WebKit-based browser that used to be part of the Android Open Source Platform (AOSP), has a flaw that enables malicious sites to inject JavaScript into other sites. Those malicious JavaScripts can in turn read cookies and password fields, submit forms, grab keyboard input, or do practically anything else.

Browsers are generally designed to prevent a script from one site from being able to access content from another site. They do this by enforcing what is called the Same Origin Policy (SOP): scripts can only read or modify resources (such as the elements of a webpage) that come from the same origin as the script, where the origin is determined by the combination of scheme (which is to say, protocol, typically HTTP or HTTPS), domain, and port number.

The SOP should then prevent a script loaded from http://malware.bad/ from being able to access content at https://paypal.com/.

Read 9 remaining paragraphs | Comments


Ars Technica » Technology Lab