Archive for July, 2010


Software released for attacking Android phones

Filed under: Android, Droid, Exploit, Google, Hackers, HTC, RootKit, Security, Technology, Telecom, Wireless by Ryan Boese — 1 Comment
July 30, 2010

Two security experts said on Friday they released a tool for attacking smartphones that use Google Inc’s Android operating system to persuade manufacturers to fix a bug that lets hackers read a victim’s email and text messages.

“It wasn’t difficult to build,” said Nicholas Percoco, head of Spider Labs, who along with a colleague, released the tool at the Defcon hacker’s conference in Las Vegas on Friday.

Percoco said it took about two weeks to build the malicious software that could allow criminals to steal precious information from Android smartphones.

“There are people who are much more motivated to do these things than we are,” he added.

The tool is a so-called root kit that, once installed, allows its developer to gain total control of Android devices, which are being activated by consumers at a rate of about 160,000 units per day, according to Google.

“We could be doing what we want to do and there is no clue that we are there,” Percoco said.

The test attacks were conducted on HTC Corp’s Android-based Legend and Desire phones, but he believed it could be conducted on other Android phones.

The tool was released on a DVD given to conference attendees. Percoco was scheduled to discuss it during a talk on Saturday.

Google and HTC did not immediately return calls for comment.

Some 10,000 hackers and security experts are attending the Defcon conference, the world’s largest gathering of its type, where computer geeks mix with federal security officials.

Attendees pay $140 in cash to attend and are not required to provide their names to attend the conference. Law enforcement posts undercover agents in the audience to spot criminals and government officials recruit workers to fight computer crimes and for the Department of Defense.

Organizers of the conference say presenters release tools such as Percoco’s root kit to pressure manufacturers to fix bugs.

Source: Yahoo! /Reuters

Tags: , , , , , , ,
Comment

RIM will release a Blackpad

Filed under: Blackberry, RIM, Tablets, Technology by Ryan Boese — 6 Comments
July 30, 2010

CANADIAN PHONE MAKER Research in Motion (RIM) has decided that the image it wants for its rumoured tablet is that of darkness.

According to the rumour mill RIM wants to name its forthcoming Apple Ipad killing tablet the Blackpad. The name reminds one of a 17th Century pirate who was the scourge of the seven seas, or possibily a highwayman on the London to York run. Either way there is something of the night about it, and it certainly won’t have a connotation of fruity like ‘Blackberry’ does.

According to whois, the Blackpad.com domain name is now in the hands of RIM and, while it only goes to a blank page now, that does seem to indicate that the Canadian smartphone outfit is going to have a tablet with the word ‘Black’ in its name.

The latest rumour circulating is that the tablet will have a seven inch display, embedded 3G, dual cameras and a 1GHz processor. However at this stage of the rumour mill game anyone’s guess is as good as another’s. At this point in the Ipad rumour cycle word on the street was that the Ipad was going to be cheap and useful.

MobileCrunch thinks that ‘Blackpad’ is just a code name and it will probably ship under the name ‘Cobalt’, but who wants a tablet that will give them the blues?

We would have thought that it would be a good idea to dump the ‘pad’ from the name. Black is fairly cool but there are loads of better things to do with it. Blackslate, Blacksablet, Blackadder, or Blackknight. You could have a Blacksabbath for heavy metal fans, or a Black&white for Michael Jackson fans. But then, Blackpad will be consistent, we guess.

Source: The Enquirer

Tags: , , , , ,
Comment

Google has two times more malware than Bing, Yahoo! and Twitter combined

Filed under: Bing, Google by Ryan Boese — Leave a comment
July 29, 2010

Barracuda released its Barracuda Labs 2010 Midyear Security Report, revealing data from two key areas: search engine malware and Twitter use and crime rate.

Searching for Malware

Barracuda Labs conducted a study across Bing, Google, Twitter and Yahoo!, over a roughly two-month period. The analysis reviews more than 25,000 trending topics and nearly 5.5 million search results. The purpose of the study was to analyze trending topics on popular search engines to understand the scope of the problem and to identify the types of topics used by malware distributors.

Key highlights from the search engine study include:

  • Overall, Google takes the crown for malware distribution – turning up more than twice the amount of malware as Bing, Twitter and Yahoo! combined when searches on popular trending topics were performed. Google presents at 69 percent; Yahoo! at 18 percent; Bing at 12 percent; and Twitter at one percent.
  • The average amount of time for a trending topic to appear on one of the major search engines after appearing on Twitter varies tremendously: 1.2 days for Google, 4.3 days for Bing, and 4.8 days for Yahoo!
  • Over half of the malware found was between the hours of 4:00 a.m. and 10:00 a.m. GMT.
  • The top 10 terms used by malware distributors include the name of a NFL player, three actresses, a Playboy Playmate and a college student who faked his way into Harvard.

The dark side of Twitter

Barracuda Labs analyzed more than 25 million Twitter accounts, both legitimate and malicious. The purpose of this part of the study was to measure and analyze account behavior on Twitter in order to model normal user behavior and identify features that are strong indicators of illegitimate account use. The study reviews several key areas including True Twitter Users, Twitter Crime Rate, and Tweet Number.

Key highlights from the Twitter research include:

  • In general, activity is increasing on Twitter: more users are coming online; True Twitter Users are tweeting more often, and even casual users are becoming more active. As users become more active, the malicious activity also increases.
  • Only 28.87 percent of Twitter users are actual True Twitter Users.
  • Half of Twitter users tweet less than once a day, yet one in 10 users tweet five or more times a day and 30 percent of Twitter accounts have never tweeted.
  • One in every eight Twitter users has at least 10 times more followers than they are following.
  • Only one in 10 users is following more than 100 users, and almost half are following less than five.

Source:  Help Net Security

Tags: , , , , , , , ,
Comment

Security pro harvests info on 100 million Facebook users

Filed under: Facebook by Ryan Boese — Leave a comment
July 29, 2010

How easy would it be to compile a list of, say, 20 percent of Facebook’s user base, including their full name, unique user ID and URL of their Facebook page? Awfully easy, it turns out.

Computer security consultant Ron Bowes did exactly that, BBC News reports. He snagged a full 100 million users in his research, all through the power of searching for what is freely available online.

Bowes was quick to note that the file he compiled did not include email addresses, phone numbers or other restricted information, and that everything added to the file was publicly available and in keeping with each user’s privacy settings on Facebook. The file does not represent an attack on Facebook nor a compromising of its security measures: Bowes simply scraped up the information about individual accounts that anyone could have uncovered, and he crammed it into one gargantuan document.

The file is spreading across the Internet rapidly, and it will probably be used much in the way a spammer’s e-mail database is used: to target the unsuspecting with phony friend requests, to send en masse invitations to spam-filled groups, and to coerce them into clicking on phishing links and other malicious URLs.

Are you on the list? You can check by downloading a torrent of the file. Note: It’s nearly 3GB in size.

Meanwhile, it’s probably a good idea to re-check your Facebook Privacy Settings and make the appropriate changes if you don’t want your profile information public.

Source: Yahoo!

Tags: , ,
Comment

Intel Says Computer Users May Be Denied Class Status in Antitrust Lawsuit

Filed under: Intel by Ryan Boese — Leave a comment
July 29, 2010

Intel Corp., the world’s biggest chipmaker, said a special master appointed to review an antitrust lawsuit brought by computer users recommended rejecting their request for class-action status.

The recommendation will become the court’s ruling unless the plaintiffs object within 21 days, Intel spokesman Chuck Mulloy said today in an e-mailed statement.

The purchasers of computers with Intel microprocessors “have not established that they will be able to demonstrate an antitrust violation through common proof,” Special Master Vincent J. Poppiti wrote in a report yesterday to U.S. District Court in Wilmington, Delaware.

Santa Clara, California-based Intel said July 13 it logged record sales for the quarter, beating analysts’ estimates, with more than $11 billion in sales.

The consolidated lawsuit “generally accuses Intel of wrongfully offering discounts to computer manufacturers,” allegedly inflating prices, according to Mulloy.

Intel fell 30 cents to $21.03 in Nasdaq Stock Market trading in New York at 4:30 p.m.

The lead case is Paul v. Intel Corp., 05CV485, U.S. District Court, District of Delaware (Wilmington).

Source: BloomBerg

Tags: , ,
Comment

Research In Motion Unveils BlackBerry App World 2.0 Beta

Filed under: Blackberry, Telecom, Wireless by Ryan Boese — Leave a comment
July 29, 2010

Research In Motion has released a beta version of its updated mobile software marketplace, BlackBerry App World 2.0.

BlackBerry smartphone users in Canada and the U.S. can now sign up to access the new store, which features a simplified design with tabbed shortcuts to the top 25 free and paid applications, as well as the newest and most recently updated programs.

App World 2.0 also allows for payment by credit card and direct carrier billing, in addition to the PayPal billing option used by the original App World.

Research In Motion hasn’t announced an official launch date for App World 2.0, or said if the beta will be available outside North America.

Source: TeleClick

Tags: , , , , , ,
Comment

EU launches antitrust probes of IBM

Filed under: IBM, Security by Ryan Boese — Leave a comment
July 26, 2010

The European Commission on Monday launched two formal antitrust investigations against IBM over two alleged infringements of EU antitrust rules about abusing a dominant market position, the commission said in a statement (PDF).

The first case is in response to complaints by software vendors T3 and Turbo Hercules over the tying of mainframe hardware to the mainframe operating system. The second is an investigation launched by the commission itself over alleged discrimination toward competing suppliers of mainframe maintenance services, the commission said.

IBM said the claims, which the company said were the result of a campaign of competitors led by Microsoft and its “satellite proxies,” have no merit, according to a Bloomberg report.

Source: CNET

Tags: ,
Comment

Ruling Lets Owners Alter iPhone Software

Filed under: Apple, Telecom, Unlocking, Wireless by Ryan Boese — 2 Comments
July 26, 2010

Apple Inc.’s control over its iPhone and other devices via its iTunes store was undercut Monday by a federal ruling legalizing jailbreaking, or altering the devices to install unapproved software, a practice used now by a small number of customers.

The Library of Congress, which helps oversee copyright law, removed a legal cloud over altering of iPhones, iPads and iPods, to install and run software not purchased from Apple.

Jennifer Granick, civil liberties director at Electronic Freedom Foundation, the digital-rights organization that pushed for the change, said the ruling could open the door for third-party app stores. “Innovators now know that there will be customers for them,” she says.

It’s unclear how many companies will take advantage of the ruling, which affects a law called the Digital Millennium Copyright Act. By one estimate just 8% of iPhones have been altered to allow such downloads.

“I don’t think it’s that big a deal,” said Charles Golvin, an analyst at Forrester Research Inc. “The mainstream iPhone customer isn’t complaining about apps they can’t get because of Apple’s restrictive policies.”

Apple has reviewed and maintained veto power over apps for the iPhone since it opened the device to outside developers in 2008. These apps can only be downloaded from Apple’s App Store. Monday’s ruling applies to other smartphone makers but only Apple now restricts what apps can run on its devices.

Computer experts have found ways to get around the code that tethers iPhones to the App Store, however, allowing device owners to download and run programs that haven’t been approved by Apple. The legality of the practice was not clear, so it hasn’t caught on widely.

Mario Ciabarra, president of Rock Your Phone Inc., which sells apps for jailbroken iPhones, says close to $2 million worth of about apps for about four million iPhones have been downloaded from his store. He said the company felt that what it was doing was legal, but was not eager to argue that point in court. What this ruling does “is make it very clear that it is okay,” he said.

Apple, which says it has sold about 50 million iPhones worldwide, has discouraged jailbreaking. A spokeswoman did not address the ruling directly, but explained the company’s policy.

“Apple’s goal has always been to insure that our customers have a great experience with their iPhone,” she said, adding that “jailbreaking can severely degrade the experience” of the iPhone and that it “can violate the warranty and can cause the iPhone to become unstable and not work reliably,” she said.

In 2008 the EFF, asked the Library of Congress to authorize jailbreaking, arguing that the rights of Apple and other smartphone makers wouldn’t be infringed because any changes to the devices are for the personal use of the phone owner. Apple disagreed, arguing that jailbreaking its iPhone would open up consumers and Apple to harm and that the practice was a violation of the law.

The U.S. Copyright Office, a unit of the Library of Congress, on Monday said that Apple’s objections appeared to be rooted partly in the potential “harm to its reputation” which isn’t protected by copyright law.

It said that phone owners have the right to run whatever legal programs they want on their devices and that “modifications that are made purely for the purpose of such interoperability are fair uses.”

The action was in the form of a final rule, which would require a legal challenge to overturn.

The Library of Congress also ruled that it was legal to modify software on a used phone so that it can run on a different carrier’s network, although other technical barriers make it difficult to use an iPhone with networks other than that of AT&T Inc., the sole carrier authorized by Apple in the United States.

The government said the use of snippets of DVDs and other videos for use in universities and schools have fair use protections under the law. However, it rejected other applications for fair-use protections, including a request that consumers be allowed to use their own software to access streaming online video from Netflix Inc. or other providers.

Source: Wall Street Journal

Tags: , , ,
Comment

Apple to sell iPhone 4 unlocked in Canada

Filed under: Apple, Mobile, Technology, Telecom, Unlocking, Wireless by Ryan Boese — Leave a comment
July 26, 2010

When the iPhone 4 goes on sale in Canada on Friday, it will bring with it something relatively new for Canadian wireless customers — the ability to pit the big three service providers against each other.

Apple on Monday said it will sell its wildly popular device to customers online and through its own retail stores, as well as through Bell, Rogers and Telus.

The difference with buying the phone directly from Apple is that it will be unlocked and contract-free, so customers will be able to shop around for a service plan with the big three.

The iPhone 4 is compatible with all three companies’ networks, so customers would only have to pop in a Subscriber Identity Module (SIM) card, which carriers generally sell for between $5 and $10, to make it work.

Customers will also be able to switch providers whenever they like and use the phone in other countries with SIM cards from local carriers, which will allow them to avoid roaming charges from Canadian providers.

Industry analysts say Apple’s move puts a higher value on the iPhone 4 in Canada than in the United States, where customers currently have only one carrier, AT&T, as an option for the device.

Not only does AT&T have an exclusive deal with Apple to sell the iPhone, but its network technology is also incompatible with most of the other big U.S. service providers.

“The offers or plans of the big three Canadian carriers might look similar, but for some customers who know how to bargain on a specific service or within a bundled backdrop, there may be some opportunities for cost savings,” said Amit Kaminer, an analyst with The SeaBoard Group telecommunications consultancy.

“And, having no contract? Some might say that you can’t put a value on freedom.”

Source: CBC News

Tags: , , , , , , , , , , ,
Comment

Wi-Fi WPA2 Vulnerability Found

Filed under: Exploit, Hackers, Security, WiFi by Ryan Boese — Leave a comment
July 24, 2010

BobB-nw sends along news based on yet another press release in advance of the Black Hat conference: a claimed vulnerability in WPA2 Enterprise that leaves traffic open to a malicious insider. “…wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available. Malicious insiders can exploit the vulnerability, named ‘Hole 196′ by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried. Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network, and compromise other authorized devices using open source software, according to AirTight. ‘There’s nothing in the standard to upgrade to in order to patch or fix the hole,’ says Kaustubh Phanse, AirTight’s wireless architect who describes Hole 196 as a ‘zero-day vulnerability that creates a window of opportunity’ for exploitation.” Wi-Fi Net News has some more detail and speculation.

Source: Slashdot

Tags: , , , ,
Comment