Tag: security

  • New data uncovers the surprising predictability of Android lock patterns

    Ars Technica reported on new data that uncovered the surprising predictability of Android lock patterns. Now, Android lock patterns—the password alternative Google introduced in 2008 with the launch of its Android mobile OS—are getting the same sort of treatment. The Tic-Tac-Toe-style patterns, it turns out, frequently adhere to their own sets of predictable rules and…

  • Hackers can remotely steal fingerprints from Android phones

    ZDNet reported on how hackers can remotely steal fingerprints from Android phones. The attack, which was confirmed on the HTC One Max and Samsung’s Galaxy S5, allows a hacker to stealthily acquire a fingerprint image from an affected device because device makers don’t fully lock down the sensor. Making matters worse, the sensor on some…

  • Hackers exploit Flash vulnerability in Yahoo ads

    The New York Times reported on hackers exploiting Flash vulnerability in Yahoo ads. For seven days, hackers used Yahoo’s ad network to send malicious bits of code to computers that visit Yahoo’s collection of heavily trafficked websites, the company said on Monday. The attack, which started on July 28, was the latest in a string…

  • Goodbye, Android

    Lorenzo Franceschi-Bicchierai wrote on Motherboard about switching from Andoird. As security expert Cem Paya put it, that was a conscious decision Google made when it created Android. Paya called it a Faustian deal: “cede control over Android, get market-share against iPhone.” Basically, Google was happy to let carriers put their bloatware on their Android phones…

  • Security researcher reveals that Google App Engine is vulnerable to attack

    Digital Trends reported on Google App Engine’s vulnerability to attack. According to a report released on Seclist.org’s Full Disclosure, a new set of vulnerabilities could leave Google’s App Engine open to attack from a rudimentary Java exploit. Seven different unpatched holes were discovered by Adam Gowdiak, CEO of the Polish security firm Security Explorations. The…

  • Facebook’s head of security wants Flash to die

    The Next Web reported about Facebook CSO Alex Stamos calling for more rapid moves to force Flash’s extinction. It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day. It can’t come sooner.

  • The latest Flash zero-day is no joke

    Tim Murtaugh wrote on A List Apart about the latest Flash zero day vulnerability. Flash gets updated a lot, often for security purposes. What usually happens is a security firm, or a hacker looking for a bounty, or Adobe itself will find a vulnerability, and the Flash team will quietly patch their software before the…

  • Millions of Android phones don’t completely wipe data

    Allie Coyne reported for iTnews about Android’s factory reset flaw. Twenty-six second-hand Android phones running versions 2.3 to 4.3 of the operating system, sold by five handset makers, were tested. The researchers found that all retained at least partial amounts of data from contacts information, images and video, SMS, email, and data from third-party apps…

  • Macs not vulnerable to BadUSB attack

    TidBITS reported on the BadUSB vulnerability. “The new MacBook’s single port comes with a major security risk,” proclaims The Verge. Gizmodo took The Verge’s story a step further with, “The NSA Is Going to Love These USB-C Charging Cables.” So what’s the big deal, and is there any fire behind all this hot air? These…

  • Apple Pay security

    Jim Dalrymple wrote on Fortune about the effect of Apple Pay on the App Store. The fact that none of these guys brought up or seemed at all concerned about cybertheft may tell you more than any headline that contains the words Apple, Pay and Fraud. “There’s no downside,” says Spring’s Alan Tisch. “Anything in…