Security

Bitcoin thieves expose Android flaw to steal currency

Fans of the fledgling cryptocurrency known as Bitcoin got quite a shock in recent days as some clever thieves worked out yet another method to swipe virtual cash from unsuspecting users. The source of the theft was traced to a bug in Android, and now Google has acknowledged the flaw exists.

Another day, another Android flaw.

Android’s latest security flaw

A feature that allows Android users to authenticate themselves on Google websites without having to enter their account password can be abused by rogue apps to give attackers access to Google accounts, a security researcher showed Saturday at the Defcon security conference in Las Vegas.

And with that information, the attacker has access to “Google Apps, Gmail, Drive, Calendar, Voice and other Google services.”

Tumblr asks iOS users to update and change their password

We have just released a very important security update for our iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances¹. Please download the update now.

If you’ve been using these apps, you should also update your password on Tumblr and anywhere else you may have been using the same password.

That doesn’t sound good.

Be safe Android users; Actually, I don’t give a shit

F-Secure:

Android malware has been strengthening its position in the mobile threat scene. Every quarter, malware authors bring forth new threat families and variants to lure more victims and to update on the existing ones. In the fourth quarter alone, 96 new families and variants of Android threats were discovered, which almost doubles the number recorded in the previous quarter.

Android accounts for 79 percent of the security threats for mobile platforms. iOS barely registers in the results, despite the fact there are hundreds of millions of users. F-Secure published a PDF with all of the results.

Good luck Android users.

Another iOS 6 lock screen flaw found

The difference between the first exploit and this one is how it can make the iPhone screen go black, allowing an attacker to plug the device into a computer via USB and access the user’s data without having their PIN or passcode credentials.

I don’t know how they find this stuff, but Apple has to get this fixed.

Microsoft hacked

The world’s largest software company said the security intrusion was “similar” to recent ones reported by Apple Inc (NSQ:AAPL) and Facebook Inc (FB.O).

Apple comments on hacker attack

Apple on Tuesday admitted to being the victim of a hacker attack by the same people that went after Facebook last week. Apple said it is taking steps to help it’s customers, including releasing an updated Java malware removal tool. […]

Google’s war against account hijackers

To improve their chances of beating a spam filter by sending you spam from your contact’s account, the spammer first has to break into that account. This means many spammers are turning into account thieves.

Good to see Google fighting these people.

Android apps suck at security

Android applications downloaded by as many as 185 million users can expose end users’ online banking and social networking credentials, e-mail and instant-messaging contents because the programs use inadequate encryption protections, computer scientists have found.

Of course, iOS doesn’t have this problem, so all of you Android owners that want to switch from the malware invested, security sucking Android can make the move any time.

Apple tech support helped hacker access Honan’s account

Mat Honan:

I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions.

The good news is the hacker didn’t brute-force the password. The bad news… yeah.

Last.fm says passwords leaked

We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.

Let’s just assume that every password is going to be leaked.

Leaky LinkedIn

Lex Friedman:

Two stories about potential user data leakage at the networking company trickled out late Tuesday and early Wednesday. One suggested that the LinkedIn iOS app may leak personal data from your calendar to the LinkedIn website; the second report indicates that a Russian hacker may have posted 6.5 million LinkedIn passwords on the Web.

I guess a little bit of security is too much to ask for.

DropKey encryption software free on Mac App Store

Building on state-of-the-art encryption standards, DropKey quickly and easily encrypts any file specifically for your recipients — without the need for a password or the hassle of juggling a bunch of keys!

They are giving away the app until May 20.

DropKey makes file encryption easy on the Mac

Public-Key Cryptography, created in the 1970s, is a matched-pair encryption/decryption standard. Using this method, the sender and recipient share public encryption keys, thereby establishing a relationship of trust. After that occurs, files can be encrypted by one and decrypted by the other without using passwords. While Public-Key Cryptography can use a variety of levels of security, DropKey uses the 256-bit method, a well-established industry standard.

I talked to DropKey’s CEO Ian Schray, and what impresses me about the app is that it only takes one extra click to encrypt a file and send it in an email, then it does if you didn’t encrypt the file. I’ve tried file encryption software in the past and it was a real pain, but this looks really good.

Android bug allows hackers to record phone conversations

The Register: Computer scientists have discovered a weakness in smartphones running Google’s Android operating system that allows attackers to secretly record phone conversations, monitor geographic location data, and access other sensitive resources without permission. Well now, there’s a feature the … Continued

∞ Researcher finds security bug in iOS

Reuters:

A software flaw in Apple Inc’s iPhones and iPads may allow hackers to build apps that secretly install programs to steal data, send text messages or destroy information, according to an expert on Apple device security.

Here is a video from the researcher Charlie Miller:

∞ U.S. military drones infected by keylogging virus

CNN: A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones. Military security specialists are unsure if the virus was introduced intentionally or … Continued

∞ Mass AG plans to investigate iTunes complaints

Threatpost: Massachusetts Attorney General Martha Coakley said on Tuesday that her office would be inquiring into long-standing complaints about fraudulent purchases that leverage Apple’s popular online music store. In a lunchtime address to business and technology leaders in Massachusetts, Coakley … Continued