Information Security all in one place!

Posts tagged “Android

Wireless Dual Band USB Adapter; offering 5GHz upgrade


 TP-LINK, a global provider of networking products, today announced its new Wireless Dual Band USB Adapter, enabling users to instantly add a 5GHz upgrade to their notebook or desktop computer without disrupting the existing network. With wireless speeds of up to 300Mbps at 2.4GHz and at 5GHz, this dual band USB adapter is the best companion when upgrading PC or laptop wireless capabilities, specifically when using the 5GHz band to avoid potential interference over the 2.4GHz band.

N600 Wireless Dual Band USB Adapter (TL-WDN3200) – $29.99 – Product Available End of April 2012

  • Compatible with IEEE 802.11b/g/n 2.4GHz and IEEE 802.11a/n 5GHz devices
  • Maximum speed up to 2.4GHz 300Mbps and 5GHz 300Mbps
  • USB 2.0 interface
  • Supports ad-hoc and infrastructure mode
  • Easy wireless security encryption at a push of the WPS button
  • Supports Windows XP 32/64bit, Vista 32/64bit, Windows 7 32/64bit
  • Easy Wireless Configuration Utility

http://www.ereleases.com/pic/TP-LINK.png
http://www.ereleases.com/pic/TP-LINK-2.jpg


Mobile Devices and the Growing Concern


A pile of mobile devices including smart phone...

If you use any type of mobile device in your day to day life….keep reading. Ignorance can only bring you so far!

Two separate studies of mobile devices have found serious privacy and security issues. One of the studies found that smartphones and tablet PCs can be eavesdropped on when they are being used to make purchases, conduct online banking transactions, or access VPNs (virtual private networks). Another study uncovered a number of ways to break into Apple’s iOS, its operating system for mobile devices. It is likely that cyber criminals will increasingly turn to mobile devices in their attacks as the devices become more and more commonplace in business transactions.

Related Information: http://www.usatoday.com/tech/news/story/2012-04-08/smartphone-security-flaw/54122468/1

Proof of Concept Video: http://bcove.me/44ip4sgw


McAfee Email and Web Security Appliance v5.6: Multiple Vulnerabilities


NGS Secure has discovered a high risk vulnerabilities in the McAfee Email and Web Security Appliance

All versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, McAfee Email Gateway 7.0 Patch 1

Vulnerabilities Include:

  • Reflective XSS allowing an attacker to gain session tokens
  • Session hijacking and bypassing client-side session timeouts
  • Any logged-in user can bypass controls to reset passwords of other administrators
  • Active sesssion tokens of other users are disclosed within the UI
  • Password hashes can be recovered from a system backup and easily cracked
  • Arbitrary file download is possible with a crafted URL when logged in as any user

 

NGS Secure is going to withhold details of this flaw for three months. This three month window will allow users the time needed to apply the patch before the details are released to the general public. This reflects the NGS Secure approach to responsible disclosure.


Kaspersky Labs: New Generation of Ultimate PC Protection; for Home


Kaspersky Lab, a leading developer of secure content and threat management solutions today announced a new version of its flagship product for at-home PC protection — Kaspersky PURE 2.0 Total Security. Using Kaspersky Lab’s award-winning anti-malware protection and an array of additional security tools, Kaspersky PURE 2.0 Total Security is the easiest way to keep multiple PCs secure, irreplaceable digital assets protected, and children safe and responsible online.

Central Home PC Management

Ideal for households with multiple computers, including families with children, Kaspersky PURE uses Home Network Management to easily protect, manage and monitor every PC in the household from a single machine.

From one PC, you can:

— Run all scans, updates, and backup tasks on every PC in the house automatically or on-demand

— Fix security issues without getting up from your desk

— Manage parental controls from anywhere in the house, so your kids are protected even when they’re out of view

— Conveniently update the Kaspersky PURE licenses throughout your home

Total Package of Security Tools

Kaspersky PURE also includes everything you need to secure your online identity and protect your irreplaceable digital property. When you install Kaspersky PURE, our extra layers of security mean you can say good-bye to overpriced and inefficient niche products.

This is great work. I am demoing the product now and will post my review shortly. Very excited about how this will shape the home and small business central management landscape. Will vendors pile on?

 

More on this breaking news can be found here: http://www.marketwatch.com/story/kaspersky-lab-announces-new-generation-of-ultimate-pc-protection-for-your-home-2012-03-26


Symantec Reports: New Trojan headed for Win7: Backdoor.Conpee


Symantec has issued a warning about a Trojan horse program that is capable of infecting both 32- and 64-bit versions of Windows 7. The malware can allow attackers to elevate privileges of restricted processes without user knowledge or permission.

The latest fully patched versions of Windows 7 are vulnerable to a Backdoor.Conpee Trojan, warned Mircea Ciubotariu, a security response engineer at Symantec, on a company blog.

Ciubotariu also states in the article: “The new Trojan targets both 32-bit and 64-bit versions of Windows 7, adding to the growing weight of evidence that malware writers are redesigning their software to bypass security features in 64-bit Windows, said Ciubotariu.

Image representing Windows as depicted in Crun...

The 64-bit version of Windows 7 and Vista included Kernel Mode Code Signing and Kernel Patch Protection, that were intended to make them less vulnerable to malware.

But backdoor.Conpee and the recently-discovered Backdoor.Hackersdoor Trojan have both been shown to infect 64-bit operating systems, said Ciubotariu.

“What was just a theory not so long ago is now being used in-the-wild by [these] threats,” he warned.”

More on this topic can be found here: http://www.v3.co.uk/v3-uk/news/2159725/symantec-warns-bit-windows-trojans


Anonymous launches it’s own OS?


The hacking group Anonymous may or may not have launched its very own operating system.

Dubbed Anonymous OS Live, the operating system, which is available as a free download on Sourceforge, is based on the Ubuntu version of Linux. According to a description on the Sourceforge page, the operating system is designed for “educational purposes” and can also be used to check “the security of Web pages.”

Azərbaycan: Ubuntu-nun rəsmi loqosu. Deutsch: ...

The people behind the software have set up a Tumblr page providing news and updates on the software. Those folks yesterday announced that the OS had been downloaded over 4,600 times.

What’s not immediately clear is just who it is behind the operating system. Anonymous has no central hierarchy, and in many cases, parts of the group break off from the main sector to engage in their own activities. In other words, there is no easy way to know if this operating system has been endorsed by the whole group, or is the brainchild of just a few members.

Ream more here: http://news.cnet.com/8301-1009_3-57397895-83/anonymous-os-worth-the-risk/?tag=mncol;txt


Apple: New iOS Release Addresses Multiple Vulnerabilities


Apple closes security holes with iOS 5.1 and iTunes update

Alongside the launch of the “new iPad“, Apple released iOS 5.1 for the iPhone 3GS, 4 and 4S, the 3rd generation iPod touch, and iPad and iPad 2. The update includes fixes for 91 issues with CVE identifiers. The majority, 66 of the issues, are described as “unexpected application termination or arbitrary code execution” in WebKit due to memory corruption. These flaws were mostly found by Apple or members of the Google Chrome Security Team, while a number were found by Chrome special rewardwinner miaubiz.

Two screen lock bypass issues are fixed, including one, a race condition with slide to dial gestures that could bypass the passcode lock, discovered by Roland Kohler of the German Federal Ministry of Economics and Technology, and an uncredited discovery that Siri’s lock screen could be used to forward messages to an arbitrary user.

iPhone, iPhone 3G and 3GS

Another error, which allowed a malicious program to bypass the sandbox by exploiting an error in the handling of debug calls, has been fixed, with the error’s discovery credited to the “2012 iOS Jailbreak Dream Team”. A flaw in Private Browsing in Safari that recorded JavaScript pushState and replaceState methods in browser history has also been fixed. Other flaws fixed include information disclosure in CFNetwork with maliciously crafted URLs, an integer underflow when mounting disk images, an integer underflow when processing DNS records, and cross-origin issues with cookies and content which could enable cross-site scripting attacks.

iOS 5 devices have automatic update support, and the update should be available “over-the-air” or via iTunes. Users who wish to force the update can use the Settings app, select General and then Software Update, ensuring the device is fully charged or on charge. Full details of all the issues fixed are given in About the security content of iOS 5.1 Software Update.

Many of the same WebKit issues are fixed in the iTunes 10.6 update to mitigate the possibility that a man-in-the middle attack could be used while browsing Apple’s iTunes Store to compromise a system. The iTunes 10.6 update is for Mac OS X and Windows systems and details of the fixes are available in About the security content of iTunes 10.6.

More available here: http://www.h-online.com/security/news/item/Apple-closes-security-holes-with-iOS-5-1-and-iTunes-update-1466786.html