Recent Posts

Security Lapse Has Tumblr Asking IPhone, IPad Users To Update -Now!

Tumblr, the blogging and content sharing web site issued an urgent warning to those using its mobile application for Apple iPhones and iPads to update their Tumblr application – ASAP – after it was apparently found to be transmitting user names and passwords in the clear. In a blog post on Tuesday, Derek Gottfrid, the Vice President of Product at the New York City-based firm, said that the company had issued an update to the iOS version of Tumblr’s mobile application to fix an issue that allowed Tumblr passwords to be sniffed in transit on certain versions of the iOS Tumblr application for iPhone and iPad. Gottfrid did not explain the reason for the sudden update. However, a report by the UK publication The Register claims that the rush update came after Tumblr was made aware that the iOS versions of its application was not using SSL (Secure Socket Layer) […]

Continue Reading

Security Start-Up, University Team On Android Patch App

The saga of the application-signing flaw affecting Google’s Android mobile phones took another turn Tuesday when a Silicon Valley startup teamed with graduate students from Northeastern University in Boston to offer their own fix-it tool for hundreds of millions of Android phones that have been left without access to Google’s official patch. Duo Security announced the availability of an Android utility dubbed “ReKey” on Tuesday. The tool allows Droid users to patch the so-called “Master Key” vulnerability on Android devices, even in the absence of a security update from Android handset makers (OEMs) and carriers who distribute the phones, according to a post on the Duo Security blog. The tool can be downloaded from the site rekey.io. “ReKey is the latest of our research projects designed to make the Internet a safer place,” said Collin Mulliner, a postdoctoral researcher at NEU SecLab in a joint press release issued by NEU […]

Continue Reading

Emergency Alert System: Vulnerable Systems Double, Despite Zombie Hoax

You’d think that the prospect of a zombie invasion would prompt our nation’s broadcasters and others who participate in the Emergency Alert System (EAS). Just the opposite is true. Months after a bogus EAS message warning about a zombie uprising startled residents in Michigan, Montana and New Mexico,  the number of vulnerable EAS devices accessible from the Internet has increased, rather than decreased, according to data from the security firm IOActive. In a blog post Thursday, Mike Davis, principal research scientist at IOActive said that a scan of the public Internet for systems running versions of the Monroe Electronics software  found almost double the number of vulnerable systems in July – 412 – as were found in April, when an IOActive scan of the public Internet using the Shodan search engine found only 222 vulnerable systems. IOActive first notified Monroe Electronics about vulnerabilities in its DASDECS product in January of […]

Continue Reading

Microsoft Set To Pay First Bug Bounty For IE Hole

Weeks after launching its first, formal bug bounty program, Microsoft is set to issue its first monetary reward, according to a blog post by Katie Moussouris, the Senior Security Strategist at Microsoft’s Security Response Center (MSRC). Writing on Wednesday, Moussouris said that the company has received “over a dozen” submissions since it launched the paid bounty program on June 26, and that “I personally notified the very first bounty recipient via email today that his submission for the Internet Explorer 11 Preview Bug Bounty is confirmed and validated. (Translation: He’s getting paid.)” Last month, Microsoft announced its new policy to pay for information about serious vulnerabilities in its products. The company had long maintained that it provided other kinds of rewards for information on software holes – mostly recognition and jobs – and didn’t need to offer bounties, as firms like Google, The Mozilla Foundation and Facebook do. In launching the new […]

Continue Reading

Android Founder: Install Base Fragmentation No Big Deal

Android owners who were hoping that Google might be on the cusp of cleaning up its balkanized install base won’t be cheered by the latest word from on high: Android co-founder and Google Ventures Partner Rich Miner thinks it’s no big deal. Speaking on Tuesday at an event in Boston, Miner said that fragmentation of the install base was inevitable, given the number and variety of Android devices that are being adopted, according to a report by Xconomy.com.The statement comes as Google is dealing with the fallout from a newly disclosed vulnerability affecting almost all Android platforms that could allow attackers to fool Android into installing and running compromised applications.   Miner was speaking at a Mobile Summit forum hosted by the Massachusetts Technology Leadership Council. He made his statements while being interviewed by renowned technology journalist and columnist Scott Kirsner (@ScottKirsner) of the Boston Globe on the (evergreen) topic “What’s […]

Continue Reading
1 364 365 366 367 368 395