Tag: Android

heartbleed SSL image

Heart Attack? Fixes For More Critical Holes In OpenSSL

Just a month after a critical security hole in OpenSSL dubbed “Heartbleed” captured headlines around the globe, The OpenSSL Foundation has issued an other critical software update fixing six more security holes, two of them critical. The Foundation issued its update on Thursday, saying that current versions of OpenSSL contain vulnerabilities that could be used to carry out “man in the middle” (or MITM) attacks against OpenSSL clients and servers. SSL VPN (virtual private network) products are believed to be especially vulnerable. Users of OpenSSL versions 0.9.8, 1.0.0 and 1.0.1 are all advised to update immediately. According to information released by the OpenSSL Foundation, an attacker using a carefully crafted handshake can force the use of “weak keying material in OpenSSL SSL/TLS clients and servers.” That could lay the groundwork for man-in-the-middle attacks in which an attacker positions herself between a vulnerable client and server, decrypting and modifying traffic as it passes through the attacker’s […]

Continue Reading
Security Iris Scanner on Blue Human Eye

WSJ: Samsung Looks To Iris Scans To Secure Mobile Devices

Min-Jeong Lee has an interesting article over at The Wall Street Journal Digits blog on how mobile device maker Samsung is looking to expand its use of biometric sensors in mobile devices beyond the finger-print scanners that are now the state of the art. According to the article, Samsung is considering “various types of biometric [mechanisms]” in addition to fingerprint scanners. Samsung’s senior vice president Rhee In-jong told analysts and investors at a forum in Hong Kong on Monday that iris scanners are a top consideration. “One of things that everybody is looking at is iris detection,” Rhee said. The biometric features are part of Samsung’s enterprise-focused mobile software, dubbed “Knox.”According to Rhee, only a small portion of some 80 million Samsung devices that shipped with the Knox software, which provides additional security functions for use by businesses, such as hardware based “TrustZone” technology to isolate sensitive data, virtualization for data- […]

Continue Reading

Blade Runner Redux: Do Embedded Systems Need A Time To Die?

The plot of the 1982 film Blade Runner (loosely based on the 1968 novel Do Androids Dream of Electric Sheep by Philip K Dick) turns on the question of what makes us ‘human.’ Is it memories? Pain? Our ability to feel empathy? Or is it merely the foreknowledge of our own certain demise? In that movie, a group of rebellious, human-like androids – or “replicants” – return to a ruined Earth to seek out their maker. Their objective: find a way to disable an programmed ‘end of life’ in each of them.  In essence: the replicants want to become immortal. It’s a cool idea. And the replicants – pre-loaded with fake memories and histories – pose an interesting philosophical question about what it is that makes us humans. Our artificial intelligence isn’t quite to the ‘replicant’ level yet (the fictional tale takes place in 2019, so we have time). But some […]

Continue Reading

Perverse Security Incentives Abound In Mobile App Space

Security problems abound in the mobile device space – and many of them have been well documented here and elsewhere. While mobile operating systems like Android and iOS are generally more secure than their desktop predecessors, mobile applications have become a major source of woe for mobile device owners and platform vendors. To date, many of the mobile malware outbreaks have come by way of loosely monitored mobile application stores (mostly in Eastern Europe and Russia). More recently, malicious mobile ad networks have also become a way to pull powerful mobile devices into botnets and other malicious online schemes. But my guests on the latest Security Ledger podcast point out that mobile application threats are poised to affect much more than just mobile phone owners. Jon Oberheide, the CTO of DUO Security and Zach Lanier, a researcher at DUO, note that mobile OS platforms like Android are making the leap […]

Continue Reading
Android Wear

Google: Android Wear Isn’t Ready For Health Data

I didn’t get a chance to write about Google’s (big) announcement that it was expanding its Android operating system franchise to wearable products. If you haven’t been following the news: the company unveiled a developer preview of Android Wear, software that will allow developers to outfit wearable devices that can interact with Android devices like mobile phones and tablet.   The announcement is important: it shows Google continuing to grow its footprint in the wearables space beyond the (controversial) Glass technology. In fact, noted tech luminary Robert Scoble and others have wondered aloud whether Google is ready to let Glass go the way of Wave, Buzz and other skunkworks projects. The announcement of Wear and attendant deals with watch makers like Fossil and others suggests that, if nothing else, Google is ready to get out of the wearable hardware business and leave that to companies that are better suited to […]

Continue Reading
1 6 7 8 9 10 14