Hasta La Gadget!

That cute little bugger above certainly looks innocent enough, but it might have been spreading some pretty detailed gossip behind your back. Leaf-driver Casey Halverson was playing around with the RSS reader in his Carwings system when he discovered that it wasn’t just collecting feeds from RSS servers, it was also telling those servers his car’s current location, speed, heading and even the destination he’d set in the sat nav. Strangely, Halverson’s undercover tattletale appears to have halted its indiscretions after he posted the discovery on his blog, but we’re surmising there’s still hundreds of server logs up and down the country that prove it really happened, not to mention his video after the break. Cue Rockwell, fade to black.

Continue reading Don’t tell us where you’re going, Nissan Leaf driver, we already know (video)

Don’t tell us where you’re going, Nissan Leaf driver, we already know (video) originally appeared on Engadget on Thu, 16 Jun 2011 14:11:00 EDT. Please see our terms for use of feeds.

Permalink   |  Casey Halverson  | Email this | Comments

This must be the season of the hacking witch as we’ve now seen yet another company’s online security walls breached. Independent UK games developer Codemasters, responsible for titles like Dirt 3 and Overlord, has reported that its website was hacked on the third of June, exposing the names, addresses (both physical and email), birthdays, phone numbers, Xbox gamer tags, biographies, and passwords of its registered users. Payment information wasn’t compromised, but when you consider that almost everything else was, that feels like hollow consolation. For its part, Codemasters says it took the website offline as soon as the breach was detected and a subsequent investigation has revealed the number of affected users to be in the tens of thousands. Those who might have been affected directly are being emailed with penitent apologies, while the rest of us are being pointed to the company’s Facebook page while its web portal is kept offline.

Codemasters website hacked, ‘tens of thousands’ of personal accounts compromised originally appeared on Engadget on Mon, 13 Jun 2011 04:03:00 EDT. Please see our terms for use of feeds.

Permalink   |  BBC  | Email this | Comments

Here’s a little tip for app developers: encrypt everything, especially passwords. Security firm viaForensics fed some popular iPhone and Android apps through its appWatchdog tool and found that Netflix, LinkedIn, and Foursquare all stored account passwords unencrypted. Since the results were first published on the 6th, Foursquare has updated its app to obscure users’ passwords, but other data (such as search history) is still vulnerable. While those three were the worst offenders, other apps also earned a big fat “fail,” such as the iOS edition of Square which stores signatures, transaction amounts, and the last four digits of credit card numbers unencrypted. Most of this data would take some effort to steal, but it’s not impossible for a bunch of ne’er-do-wells to create a piece malware that can harvest it. Let’s just hope Netflix and LinkedIn patch this hole quickly — last thing we need is someone discovering our secret obsession with Meg Ryan movies.

Netflix, Foursquare, LinkedIn, and Square apps expose your data originally appeared on Engadget on Thu, 09 Jun 2011 19:38:00 EDT. Please see our terms for use of feeds.

Permalink Wall Street Journal  |  viaForensics  | Email this | Comments

Some crack reporting from an NBC affiliate news station has revealed a little foible in Best Buy‘s cellphone upgrade checking utility. If you punch in your Sprint mobile number and ZIP code, you get taken to a screen showing all the other numbers on your account as well. This applies only when yours is the main number on the account, mind you, but the issue is in the obviously lax approach to securing data you might care to keep private — Verizon, AT&T and T-Mobile customers have to pass a security check first. Of course, the actual risks resulting from someone being able to find other numbers associated with your cellular account are so small as to verge on the benign (“somebody can use that… for something”, as the KXAN report sagely advises), though that hardly excuses Best Buy from being sloppy with Sprint subscribers. They’re human too, you know!

Best Buy Mobile Upgrade Checker reveals other numbers on your Sprint account, invites scaremongering originally appeared on Engadget on Thu, 26 May 2011 09:07:00 EDT. Please see our terms for use of feeds.

Permalink KXAN.com  |  Best Buy Mobile Upgrade Checker  | Email this | Comments

We’ve recently seen Google crack down on rogue apps and patch some server-side security issues, but let’s not forget Android does have a small measure of built-in security: app permissions. But as with those pesky EULAs, many users tend to breeze through the permissions screen. And Android forces even the most attentive readers to accept or deny all permissions requested by an app. But the newest nightly builds of the CyanogenMod custom ROM include a clever patch allowing users to grant and revoke permissions individually — something like the TISSA security manager we’re still awaiting. Obviously playing God with permissions can crash your applications: with great power comes great responsibility. But we figure if you’re running aftermarket firmware on a rooted phone, you’re comfortable experimenting. See how it works in the video after the break, then hit the source link to download.

Continue reading New CyanogenMod lets you rule Android app permissions with an iron fist

Filed under: Cellphones, Software

New CyanogenMod lets you rule Android app permissions with an iron fist originally appeared on Engadget on Tue, 24 May 2011 13:34:00 EDT. Please see our terms for use of feeds.

Permalink Androinica  |  CyanogenMod  | Email this | Comments