Apr 14

Skype for Android vulnerable to hack that compromises personal info

Posted in: Android, app, apps, hack, hacked, Hacks, hands-on, privacy, security, skype, Today's Chili, VoIP

If you didn’t already have enough potential app privacy leaks to worry about, here’s one more — Android Police discovered that Skype’s Android client leaves your personal data wide open to assault. The publication reports that the app has SQLite3 databases where all your info and chat logs are stored, and that Skype forgot to encrypt the files or enforce permissions, which seems to be a decision akin to leaving keys hanging out of the door.

Basically, that means a rogue app could grab all your data and phone home — an app much like Skypwned. That’s a test program Android Police built to prove the vulnerability exists, and boy, oh boy does it work — despite only asking for basic Android storage and phone permissions, it instantly displayed our full name, phone number, email addresses and a list of all our contacts without requiring so much as a username to figure it out. Android Police says Skype is investigating the issue now, but if you want to give the VoIP company an extra little push we’re sure it couldn’t hurt.

Skype for Android vulnerable to hack that compromises personal info originally appeared on Engadget on Thu, 14 Apr 2011 22:02:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceAndroid Police  | Email this | Comments

No Comments | Tags: , ,
Apr 14

iOS 4.3.2 / 4.2.7 now available to download, fixes iPad 3G and FaceTime woes (update: jailbroken!)

Posted in: Apple, firmware, firmware update, FirmwareUpdate, ios, ipad, iPhone, ipod touch, IpodTouch, operating system, OperatingSystem, os, security, Software, Today's Chili, update

If you’re hankering to be riding the very latest mobile software from Apple, hit up your iTunes, for version 4.3.2 of iOS is now available for downloadin’ and updatin’. Fixes for occasional “blank or frozen” FaceTime video and iPad 3G issues get top billing, while the obligatory security updates fill out the rest. The size of this mighty software drop? A hefty 666.2MB.

Update: Well, someone’s skipping class today. A tethered jailbreak is already in the wilds, if you dare. Thanks, Jeff!

Update 2: Looks like Verizon customers are getting a slightly different update of their own: iOS 4.2.7. It promises only “bug fixes and security updates.”

[Thanks to everyone who sent this in]

iOS 4.3.2 / 4.2.7 now available to download, fixes iPad 3G and FaceTime woes (update: jailbroken!) originally appeared on Engadget on Thu, 14 Apr 2011 13:21:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

No Comments | Tags:
Apr 14

Toshiba’s Self Erasing Drive Wipes Itself Instantly

Posted in: security, storage, Today's Chili, Toshiba

Inside an old 4GB PATA hard drive. Photo Walknboston / Flickr

If you yank one of Toshiba’s new Self Erasing Drives from a computer and try to use it in another machine, then it can instantly wipe sensitive data, leaving a thief with little more than an empty chunk of glass and silicon.

The SED performs a cryptographic erase on itself. Unlike a regular erase which overwrites data several times to obliterate it, a crypto erase actually just nukes the crypto keys. Data on the dive is encrypted using a 256-bit AES algorithm, and is unencrypted on the fly during normal use. Once the drive detects that it isn’t in its usual machine, it destroys its keys, making the data impossible to decipher.

This is the same tech used in smartphones to perform remote wipes.

The SED can be configured in several ways. The first I have described above. The user can also choose to have certain sections erased on every reboot, have part or all of the drive zapped if an unauthorized host tries to connect, or wipe the drive after x incorrect password attempts.

The drives will come in sizes up to 640GB, and will be ideal for laptop use, or in machines to which many people have physical access. The next version of OS X — 10.7 Lion — should have something similar, but having it built into the drive itself seems like the best idea of all, especially if you travel to and from the U.S and don’t trust the border guards (hint: never trust border guards).

MKxx61GSYG Series Hard Disk Drive [Toshiba via Computer world]

See Also:


No Comments
Apr 13

Toshiba’s Wipe HDDs render data useless when you get online in a strange place

Posted in: security, Today's Chili, Toshiba

Self-encrypting drives are hardly new, but that doesn’t mean researchers aren’t still looking for ways to give those IT folks behind the curtain more ways to lock down sensitive intel. Toshiba just launched a line of self-encrypting HDDs that will “invalidate” the data — essentially, rendering it useless — when the laptop connects to an unknown host. IT departments can also use Toshiba’s so-called Wipe Technology to scrub a machine before tossing it, or encrypt the drives every time someone powers down. The company won’t be peddling these directly to consumers, of course, and in fact, Tosh is planning on shopping them around not just for laptops, but multifunction printers and point-of-sale systems, too. They’ll come in five sizes, ranging from 160GB to 640GB, and will all run at 7,200RPM. And Tosh says it’ll work with OEMs to help them customize the conditions that will trigger a data lockup. It’s too soon to say what laptops will pack this technology, though the company is clearly moving quickly — it’ll start showing off samples this month and will ramp up mass production by late June.

Continue reading Toshiba’s Wipe HDDs render data useless when you get online in a strange place

Toshiba’s Wipe HDDs render data useless when you get online in a strange place originally appeared on Engadget on Wed, 13 Apr 2011 16:52:00 EDT. Please see our terms for use of feeds.

Permalink PhysOrg, Akihabara News  |   | Email this | Comments

No Comments | Tags: ,
Apr 12

Adobe finds another ‘critical’ flaw in Flash, Steve Jobs smiles smugly

Posted in: adobe, flash, reader, security, Today's Chili

Flash is FlawedHey, guess what? Adobe has found yet another serious security flaw in Flash. We can already hear the iOS fanboys warming up their commenting fingers. The vulnerability affects all platforms, including Android, though only attacks on Windows have been seen in the wild so far. Just like last month’s exploit, this one is spreading via malicious .swf files embedded in Office documents, only this time it’s Word instead of Excel being targeted (a hacker’s gotta keep it fresh, after all). Once again Reader and Acrobat are also vulnerable, but attacks can be thwarted using Reader’s Protected Mode. When exactly Adobe plans on plugging this hole is anyone’s guess, so when a deposed Nigerian prince tells you about the fabulous sum of money he’d like you to transfer, you’ll have yet another reason not to open the Office attachments in his email.

Adobe finds another ‘critical’ flaw in Flash, Steve Jobs smiles smugly originally appeared on Engadget on Tue, 12 Apr 2011 16:41:00 EDT. Please see our terms for use of feeds.

Permalink The Inquirer  |  sourceAdobe  | Email this | Comments

No Comments | Tags:
Apr 10

Sensor Locks Your PC By Detecting Body Heat

Posted in: diy, hack, security, Today's Chili

20110406-102457.png

Here’s a unique bit of technology for the paranoid and forgetful. A developer has written an application for PCs that locks your computer if you’re not at your desk. Now, most of the time this is accomplished through timers and the like, but this one is a little different. Using an IR heat sensor, it monitors your body heat. When it sees that it’s no longer there, it locks down the system, ensuring that nobody can see whatever super-secret data you had been working on. You can set custom delays before locking and the temperature at which the lock will trigger.

The application itself is free, but the sensor that developer Dider Stephens used costs about $90. Hack-A-Day suggests that it can work with any USB temperature sensor, so you might be able to save some money by finding a cheaper one.

Click through the break to see a video of the app in use.

[via Hack-A-Day]

No Comments | Tags:
Apr 09

Sprint radar imaging system peeps inside walls, floors to detect bombs, tell-tale hearts

Posted in: military, security, Sprint, Today's Chili

Back in 2005, we reported on a little something called the Prism 200, which allowed its holder to essentially see what folks were doing on the other side of a wall. Since then, we’ve seen plenty of devices that boast the same claims, but it wasn’t until recently that the makers of the Prism 200 created a device that can actually see inside those walls. Looking something akin to an old school punch clock, Cambridge Consultants’ Sprint in-wall radar imaging system provides 3D renderings of items embedded in walls, floors, and even ceilings. Where as existing X-ray systems require access to both sides of a wall, Sprint’s radar setup allows users to see what’s going on inside without dual access. As you might imagine, Cambridge is pushing this thing as a security tool, allowing for detection of bombs, drugs, dead bodies — you know, the usual bad guy stuff. Sprint is currently undergoing testing. Full PR after the break.

Continue reading Sprint radar imaging system peeps inside walls, floors to detect bombs, tell-tale hearts

Sprint radar imaging system peeps inside walls, floors to detect bombs, tell-tale hearts originally appeared on Engadget on Sat, 09 Apr 2011 13:17:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceCambridge Consultants  | Email this | Comments

No Comments | Tags:
Apr 09

Google preps Android for its corporate interview, adds new encryption and security measures

Posted in: Android, business, enterprise, Gmail, Google, GoogleAndroid, honeycomb, security, Today's Chili

With over 300,000 devices activated per day, Android‘s clearly firing on all cylinders from a consumer standpoint, but much like the famed Cheez-It wheel, some would argue that the OS isn’t quite mature enough for unabashed enterprise use. Being a corporation itself, El Goog’s obviously been toiling around the clock to change that, and it’s taking three major strides today. An updated version of its Google Apps Device Policy enables employees to secure a lost or stolen Android 2.2+ device by locating it on a map, ringing the device, and resetting the device PIN or password remotely via the new My Devices website. Furthermore, Apps admins now have an option in the control panel to “Encrypt Data on Device,” which will now include requiring encrypted storage on Android 3.0 tablets. Finally, Google Apps Lookup is acting as a type of internal blackbook, allowing users to easily sift through colleagues and contact them through one form or another. So… hired?

Google preps Android for its corporate interview, adds new encryption and security measures originally appeared on Engadget on Sat, 09 Apr 2011 02:54:00 EDT. Please see our terms for use of feeds.

Permalink The Inquirer, Google Apps (1), (2)  |  sourceOfficial Google Enterprise Blog  | Email this | Comments

No Comments | Tags: , , , ,
Apr 08

Pink Tactical Pen Sends Mixed Messages

Posted in: security, Today's Chili

With this pink tactical pen, you can invite your girlfriends to a slumber party, and then pay them back for fooling with your boyfriend

Tactical pens: Who knew? This sweet-looking, $23 ball-pen can be used to sign checks and faxes, and craft long letters, just like any other pen. But once the cap is screwed back on, you can flip it around and come out fighting.

The pens come from Schrade, are made from CNC-machined 6061 aluminum, and can be had in two designs. On features a heart motif stamped on the outside, presumably reminding you which vital organ you should be aiming for. The other is a much more practical fluted design, with four blood gutters running down the shaft.

Of course, you don’t really need to buy a tactical pen to get all “tactical” on someone’s ass. Anyone who has watched Scorsese’s awesome Casino will already know this, having watched the unforgettable scene where Joe Pesci goes crazy on that idiot in the casino bar, and almost kills him with his own pen. Clearly a true “tactical” master can turn anything into a tool.

Still, if it makes you feel tough to carry around a weapon, you’ll find them — appropriately — at the Knife Center. This may sound like a cool-sounding place to shop, but for every Kung Fu Sword there’s a pair of nose-hair scissors. And what on Earth are “baby scissors”?

The pink death-dealing pen is available now.

Schrade (Pink Hearts) Aluminum Tactical Pen [Knife Center via Book of Joe]

See Also:


No Comments
Apr 07

Pandora mobile app found to be sending birth date, gender and location information to ad servers

Posted in: app, privacy, security, Today's Chili

We still haven’t heard much more about that Federal Grand Jury investigation into Pandora and other mobile apps over privacy concerns, but an independent security firm has now gone ahead and taken matters into its own hands. According to an analysis done by the folks at Veracode, Pandora does indeed seem to be sharing more information about you then it lets on. More specifically, they found that the Android app (they haven’t yet gotten around to the iOS version) “appears” to be sending information about users’ birth date, gender, Android ID and GPS location to various advertising companies — bits of information that the firm notes could be combined to determine who someone is, what they do for a living, and even who they associate with. For its part, Pandora is simply declining to to comment at the moment, and we’re guessing that’s unlikely to change anytime soon given the aforementioned investigation. Hit up the source link below for Veracode’s complete findings.

Pandora mobile app found to be sending birth date, gender and location information to ad servers originally appeared on Engadget on Thu, 07 Apr 2011 19:02:00 EDT. Please see our terms for use of feeds.

Permalink Ars Technica  |  sourceVeracode  | Email this | Comments

No Comments | Tags: