Jul 29

Obama says presidential BlackBerry ownership is ‘no fun,’ should’ve gone with the Sectera Edge

Posted in: BlackBerry, RIM, security, smartphone, Today's Chili, us, usa

It’s hard out there for a prez, you know? Hardly anyone knows better than one Barack Obama, who sat down this morning on ABC’s The View in order to talk smack with a few ladies who undoubtedly helped put him in office. If you’ll recall, Obama fought hard early on for the privilege of maintaining his prized BlackBerry, and while he eventually won out, we learned today that a grand total of ten individuals are authorized to ping it. Yeah, ten. Needless to say, he described that depressing fact as “no fun,” and even the folks that are cleared to make contact with it won’t send over anything juicy. Why? They know that messages sent to it “will probably be subject to the presidential records act,” so those lucky enough to have the digits are also smart enough to divert their ramblings to Texts From Last Night. But hey, at least hanging in there despite the limitations grants you early access to BlackBerry OS 6, right? Right?

Obama says presidential BlackBerry ownership is ‘no fun,’ should’ve gone with the Sectera Edge originally appeared on Engadget on Thu, 29 Jul 2010 19:06:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceAFP / Yahoo! News  | Email this | Comments

No Comments | Tags:
Jul 29

Lookout’s App Genome Project warns about sketchy apps you may have already downloaded

Posted in: Android, app, Apple, GoogleAndroid, iPhone, security, Today's Chili
Lookout's App Genome Project warns about sketchy apps you may have already downloaded

If you’re an iPhone user, the only privacy notice you’ll see from an app regards your current location — as much a warning about the associated battery hit from the GPS pinging as anything. If you’re an Android user, however, things are different, with a tap-through dialog showing you exactly what each app will access on your phone. But, do you read them? You should, with Lookout running a sort of survey across 300,000 apps on those two platforms, finding that many access personal information even though they seemingly don’t need to. One particularly scary instance, an app called Jackeey Wallpaper on Android, aggregates your browsing history, text messages, could get your voicemail password, and even your SIM ID and beams it all to a server in China. That this app has been downloaded millions thousands of times is a little disconcerting, but it’s not just Android users that have to fear, as even more iPhone than Android apps take a look through your contact infos. What to do? Well, be careful what you download to start, on Android read those privacy warnings… and we’re sure Lookout wouldn’t mind if you took this opportunity to download its security app.

Update: We received a note from Jussi Nieminen, who indicated the data fields being retrieved, as reported by VentureBeat, are incorrect. Texting and browser history are apparently not retrieved, but your phone number, phone ID, and voicemail fields are. And, since it’s not unheard of for voicemail entries to include a password when setup on a phone, it’s possible they could wind up with that too. Also, the popularity of the app was apparently misstated, with actual downloads somewhere south of 250,000.

Update 2: Kevin, one of the Black Hat speakers from Lookout, wrote us to let us know that the full details on the wallpaper apps have been posted here, if you’d like to read. Meanwhile, estimations of just how many people have downloaded this particular wallpaper app are all over the place, ranging from as low as 50,000 to over four million.

Lookout’s App Genome Project warns about sketchy apps you may have already downloaded originally appeared on Engadget on Thu, 29 Jul 2010 08:15:00 EDT. Please see our terms for use of feeds.

Permalink MobileBeat, Yahoo! News  |  sourceLookout Blog  | Email this | Comments

No Comments | Tags: , , ,
Jul 28

New ‘licensing service’ replacing existing copy protection method in Android Market

Posted in: Android, android market, AndroidMarket, app, apps, Google, GoogleAndroid, mobile os, MobileOs, operating system, OperatingSystem, os, security, Today's Chili

Copy protection has always been a concern in the Android Market, primarily because applications can be sideloaded onto phones without a root or other modification from the end user. In a brief announcement made today, Eric Chu has made clear that a new method for protecting the work of paid app creators will be implemented long-term, with the plan being to “replace the current Android Market copy-protection mechanism over the next few months.” This new “licensing service” is available now for those that want in, providing developers with a secure mechanism that can ping a Market License Server upon launch in order to see if a particular app was indeed purchased legitimately. It’s hard to say how exactly this will affect usability (specifically in offline scenarios), but it’s certainly an interesting twist to the whole situation. Expect to hear lots of growling on both sides as more and more apps opt to take advantage.

[Thanks, Jonathan]

New ‘licensing service’ replacing existing copy protection method in Android Market originally appeared on Engadget on Wed, 28 Jul 2010 14:01:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceAndroid Developers  | Email this | Comments

No Comments | Tags: , , , , , ,
Jul 28

Kensington’s Laptop Locking Station is a thief’s worst nightmare… maybe

Posted in: security, Today's Chili, video

Make no mistake, this one’s no docking station — rather, it’s a locking station. Kensington, which has somehow managed to get a self-labeled lock slot embedded into nearly every modern Windows-based laptop, has just introduced a new duo meant to keep your lappie locked down and unavailable for thieves. The Kensington Laptop Locking Station ($79.99) boasts an all-steel backbone (one that resists cutting, drilling or prying), and ideally you’d mount it onto the desk or table where you typically leave your machine for extended periods of time. If you’re in need of a little extra reach, there’s an optional Tether Kit ($29.99) that keeps things secure regardless of where you’re at. Specific details on both — along with a video demonstration — are embedded after the break, with the whole shebang capable of handling laptops from 13.3- to 17-inches.

Continue reading Kensington’s Laptop Locking Station is a thief’s worst nightmare… maybe

Kensington’s Laptop Locking Station is a thief’s worst nightmare… maybe originally appeared on Engadget on Wed, 28 Jul 2010 08:58:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

No Comments
Jul 23

AT&T Encrypted Mobile Voice to bring extra security to Obama’s BlackBerry calls

Posted in: att, carrier, cellphone, enterprise, mobile, privacy, security, smartphone, Today's Chili

Yeah, we know that the Prez was once seen rocking a Verizon-branded BlackBerry 8830, but just bend your mind a bit and bear with us. Shortly after lighting up Wall Street with an exceedingly excellent quarterly earnings report, AT&T has announced an Encrypted Mobile Voice service that’ll hit later in the year. Assuming Obama actually does own an AT&T-branded ‘Berry, he’ll soon be able to enjoy what AT&T calls “the first mobile-to-mobile voice encryption solution using two-factor authentication offered by a US operator.” Said service is expected to provide a higher level of security for calls across the AT&T wireless network, and naturally, it’ll be shopped to government agencies, law enforcement organizations, financial services institutions and international businesses, all of which will pay far too much for what’s likely a false sense of security. We mean, haven’t these guys ever seen 24?

AT&T Encrypted Mobile Voice to bring extra security to Obama’s BlackBerry calls originally appeared on Engadget on Fri, 23 Jul 2010 15:46:00 EDT. Please see our terms for use of feeds.

Permalink GSMA  |  sourceFierce Mobile IT  | Email this | Comments

No Comments | Tags: , , ,
Jul 22

Secunia ranks Apple first in software insecurity, Safari said to have AutoFill vulnerability

Posted in: adobe, Apple, HP, Microsoft, security, Software, Today's Chili
Bad news, Oracle. You’ve slipped to second place for the first time in years. The good news is that it’s in Secunia’s ranking of the top ten companies with the most software vulnerabilities, which is now topped by Apple — Microsoft remains in third place, followed by HP and Adobe. According to Secunia, Apple’s vulnerabilities are mostly not in OS X, but in Safari, iTunes and other applications. What’s important to note, however, is that Secunia’s definition of “vulnerability” doesn’t simply include dangerous, exploitable vulnerabilities, so the rankings don’t necessarily indicate which software is the most insecure from a user’s point of view.

One vulnerability that is potentially serious, however, is an issue with Safari’s AutoFill feature recently discovered by Jeremiah Grossman of WhiteHat Security. According to Grossman, a malicious website can exploit the feature to pull data from a user’s address book without their knowledge, which has been demonstrated to take “mere seconds” by a bit of proof of concept code (you can try out yourself if you’re feeling trusting). Grossman also says he’s informed Apple of the vulnerability but hasn’t received a response, and suggests that the only “fix” in the meantime is to turn off the AutoFill feature completely.

Update: AllThingsD has a statement from Apple on the AutoFill issue — a spokesperson says “we take security and privacy very seriously,” and that, “we’re aware of the issue and working on a fix.”

Secunia ranks Apple first in software insecurity, Safari said to have AutoFill vulnerability originally appeared on Engadget on Thu, 22 Jul 2010 15:31:00 EDT. Please see our terms for use of feeds.

Permalink Ars Technica, 9 to 5 Mac  |  sourceSecunia (PDF), Jeremiah Grossman  | Email this | Comments

No Comments | Tags: ,
Jul 21

Researcher will enable hackers to take over millions of home routers

Posted in: hack, hacking, Hacks, router, security, Today's Chili
WRT54G

Cisco and company, you’ve got approximately seven days before a security researcher rains down exploits on your web-based home router parade. Seismic’s Craig Heffner claims he’s got a tool that can hack “millions” of gateways using a new spin on the age-old DNS rebinding vulnerability, and plans to release it into the wild at the Black Hat 2010 conference next week. He’s already tested his hack on thirty different models, of which more than half were vulnerable, including two versions of the ubiquitous Linksys WRT54G (pictured above) and devices running certain DD-WRT and OpenWRT Linux-based firmware. To combat the hack, the usual precautions apply — for the love of Mitnick, change your default password! — but Heffner believes the only real fix will come by prodding manufacturers into action. See a list of easily compromised routers at the more coverage link.

Researcher will enable hackers to take over millions of home routers originally appeared on Engadget on Wed, 21 Jul 2010 06:33:00 EDT. Please see our terms for use of feeds.

Permalink Forbes, Ars Technica  |  sourceBlack Hat 2010  | Email this | Comments

No Comments
Jul 15

Aegis Bio grows to 640GB of fingerprint-protected storage

Posted in: external hard drive, ExternalHardDrive, hard drive, HardDrive, portable, security, Today's Chili

Apricorn specializes in the fine art of making people believe their data is worth stealing and charging them for the privilege of protecting it. Its Aegis Bio range has now been expanded, both in number and in capacity, as the former ceiling of 250GB has been lifted with the introduction of 320GB, 500GB and 640GB variants. The 2.5-inch external disk validates user identity with that handy fingerprint scanner on top before allowing access to the otherwise 128-bit encrypted precious stuff within it. Prices of the new models top out at $160 for the most voluminous one, making them thrifty enough to buy even if you don’t need secret agent-level security — which, let’s face it, you don’t. Full PR after the break.

Continue reading Aegis Bio grows to 640GB of fingerprint-protected storage

Aegis Bio grows to 640GB of fingerprint-protected storage originally appeared on Engadget on Thu, 15 Jul 2010 08:44:00 EDT. Please see our terms for use of feeds.

Permalink Electronista  |   | Email this | Comments

No Comments | Tags:
Jul 08

Perfect Citizen: secret NSA surveillance program revealed by WSJ

Posted in: government, security, Today's Chili, us

Do you trust your government? Do you just support it like an obedient Britney Spears, steadfast to your faith that it will do the right thing? Your answer to those questions will almost certainly predict your response to a Wall Street Journal exposé of a classified US government program provocatively dubbed, “Perfect Citizen.” Why not just call it “Big Brother,” for crissake! Oh wait, according to an internal Raytheon email seen by the WSJ, “Perfect Citizen is Big Brother,” adding, “The overall purpose of the [program] is our Government…feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security.”

Histrionics aside, according to the WSJ, the “expansive” program is meant to detect assaults on private companies and government agencies deemed critical to the national infrastructure. In other words, utilities like the electricity grid, air-traffic control networks, subway systems, nuclear power plants, and presumably MTV. A set of sensors deployed in computer networks will alert the NSA of a possible cyber attack, with Raytheon winning a classified, $100 million early stage contract for the surveillance effort. Now, before you start getting overly political, keep in mind that the program is being expanded under Obama with funding from the Bush-era Comprehensive National Cybersecurity Initiative. The WSJ also notes that companies won’t be forced to install the sensors. Instead, companies might choose to opt-in because they find the additional monitoring helpful in the event of cyber attack — think of Google’s recent run-in with Chinese hackers as a potent example.

Like most citizens, we have mixed emotions about this. On one hand, we cherish our civil liberties and prefer to keep the government out of our personal affairs. On the other, we can barely function when Twitter goes down, let alone the national power grid.

Filed under:

Perfect Citizen: secret NSA surveillance program revealed by WSJ originally appeared on Engadget on Thu, 08 Jul 2010 04:28:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceWall Street Journal  | Email this | Comments

No Comments | Tags:
Jul 07

Camera ‘Security’ Locks from Gary Fong

Posted in: security, Today's Chili

Gary Fong, famous for selling a $60 plastic dome for your camera-flash, has come up with another “handy” set of accessories: the Gary Fong GearGuard. The security devices do for your camera gear what a Kensington lock does for your laptop.

First is the Camera Body Lock, yet another accessory which screws into the tripod-mount. This one is a flat plastic plate with a loop on the back. Another covering plate slides over this to stop the first from being unscrewed, and a cable run through the loops both secures the camera and stops the cover from sliding off.

This is really only good if you are leaving the camera unattended or are shooting handheld (in which case it is rather pointless). To use it on a tripod, the most common use-case, you’ll need to remove the cable and outer plate to access the integrated screw-mount. Thus, it cannot lock-down a camera when left on a tripod. $10.

The second part of the range is the GearGuard Bag Lock, a combination-locking plastic sleeve which clips over the quick-release clips on a bag and stops them from being opened. Two for $10.

Last is the cable and combination lock, which at $10 should prove to be as secure as your average Kensington lock.

Available soon at the Gary Fong store.

Gary Fong store page [Gary Fong. Thanks, Zach!]




No Comments | Tags: