Information Security all in one place!

Posts tagged “Google

NSA: Ultimate Internet Spy Center


The NSA‘s new spy center will see everything

Imagine a massive supercomputer in the desert, watched around the clock by armed guards, capable of intercepting and decrypting virtually every piece of information in the world. Sounds like science fiction doesn’t it? Well, according to Wired, the NSA is in the process of building just such a place, and they’ve madeleaps and bounds of progress at breaking the standard AES encryption algorithm that keeps your emails and other private information secure.

This new surveillance center is being constructed in the Utah desert, near a town called Bluffdale. When it’s finished, you’ll be able to fit five US Capitols inside, and most of that space will be occupied by supercomputers capable of storing more data than you can even imagine (you can imagine a lot, can’t you?). Your private emails, Google searches, receipts, travel information – pretty much ever scrap of data generated – will be stored here, while sophisticated software sifts through it in search of anything remotely suspicious.

More on this interesting story here: http://www.neowin.net/news/the-nsas-new-spy-center-will-see-everything

Advertisements

Mozilla: Multiple Updates


English: Mozilla Firefox word mark. Guestimate...

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities.

  • Firefox 11,
  • Firefox 3.6.28,
  • Firefox ESR 10.0.3,
  • Thunderbird 11,
  • Thunderbird 3.1.20,
  • Thunderbird ESR 10.0.3, and
  • SeaMonkey 2.8.

These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, bypass security restrictions, operate with escalated privileges, or perform a cross-site scripting attack.

English: A candidate icon for Portal:Computer ...

Firefox users can find more information here: http://www.mozilla.org/security/known-vulnerabilities/firefox.html

Thunderbird users can find more information here: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

Seamonkey users can find more information here: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html 


Safari: Closes Security Holes with version 5.1.4


Safari: Closes 80 Security Holes with version 5.1.4

Apple has released version 5.1.4 of its Safari web browser for Windows and Mac OS X. According to the company, the maintenance and security update addresses more than 80 vulnerabilities. The update also includes includes various stability and performance improvements as well as fixes for other non-security related bugs.

A majority of the security holes closed in 5.1.4 were found in the WebKit browser engine used by Safari. These include several cross-site scripting (XSS), cross-origin and HTTP authentication problems, as well as numerous memory corruption bugs that could be exploited by an attacker, for example, to cause unexpected application termination or arbitrary code execution.

The recent issue, where Google were accused of bypassing Safari’s privacy controls on cookies, also appears to have been addressed. Details of how Apple have fixed this though are not given. A bug in Safari’s Private Browsing mode that allowed page visits to be recorded in the browser history when the mode was active has been fixed.

On Windows systems, the browser update improves domain name validity checking in order to prevent attackers from using look-alike characters in a URL to visually spoof a legitimate domain and direct users to a malicious site – Mac OS X systems were not affected by this issue.

More can be found here: http://www.h-online.com/security/news/item/Safari-update-closes-security-holes-1470595.html


Adobe: Out of Band Flash Player Fixes


From SophosLabs: on March 6, 2012 

Adobe has released a critical update for Flash Player versions 11.1.102.62 and earlier for Windows, OS X, Linux and Solaris and versions 11.1.115.6/11.1.111.6 and earlier for Android.

The patch addresses two CVEs in Flash Player, CVE-2012-0768 and CVE-2012-0769, both reported to Adobe by Google researchers.

Chrome users should restart their browser as soon as possible as Google has automatically provided the fix in the latest Chrome update.

Non-Chrome browser users can get the latest version (11.1.102.63) by surfing to http://get.adobe.com/flash and running the installer for your platform.

Android users should visit the Android Marketplace and search for Adobe Flash Player. iOS users don’t need to worry as Apple devices don’t work with Flash :)

CVE-2012-0768 is a memory corruption vulnerability that could lead to remote code execution by exploiting a flaw in Matrix3D.

CVE-2012-0769 is an information disclosure vulnerability as a result of integer errors in Flash Player.

As always we recommend deploying these updates as soon as possible. While we do not have any evidence of these flaws being exploited in the wild, past patterns indicate it won’t be long.

More Here: http://nakedsecurity.sophos.com/2012/03/06/adobe-ships-critical-out-of-band-flash-player-update/


Botnet: Cutwail Returns; Overall Spam Increasing


According to M86 Security, the infamous Cutwail botnet (aka PandexMutant and Pushdo) appears to have been reactivated. The security specialists say that in the past few weeks they have registered several waves of HTML emails that were infected with malicious JavaScript and probably originated from Cutwail-infected PCs.

Cutwail had its heyday about five years ago, when it led the botnet activity list with 1.6 million infected computers. However, it lost its top position in the market after hackers intruded into the system and disclosed the names of customers and affiliates.

How a botnet works: 1. A botnet operator sends...

Image via Wikipedia

According to M86 Security, the volume of infected emails was 50 times higher between 23 and 25 January, and three further waves from 6 February were found to be as much as 200 times higher.

Infected emails had subject lines such as “FDIC Suspended Bank Account”, “End of August Statement” and “Scan from Xerox WorkCentre”.

Read More Here: Cutwail botnet back in action


Android: Malware Magnet


In the last seven months of 2011, malware targeting the Android platform jumped 3,325 percent!

According to Juniper Networks‘ Mobile Threat Report, malware targeting the Android OS grew by 3,325 percent in the last seven months of 2011.

“Android malware accounted for about 46.7 percent of unique malware samples that targeted mobile platforms, followed by 41 percent for Java Mobile Edition,” writes eWeek’s Fahmida Y. Rashid.

Android System architecture

Android System Architecture

“The explosion in Android malware is a direct result of the platform’s diverse and open marketplace where developers are free to post their apps as well as growing market share, according to Juniper,” Rashid writes. “Google‘s market share in the mobile space, at 46.9 percent, is statistically the same as the proportion of Android malware detected by Juniper.”

 

Read More: 2011 Android Report: Malware

 

 

 


Google Wallet users might be wise to start getting a little nervous.


The hack doesn’t require any extra software or root access.

The Smartphone Champ has revealed a simple hack that can provide access to all of the funds of a Google Wallet user — it’s far easier than a method of cracking the Google Wallet PIN that was revealed earlier this week.

“[The] hack doesn’t require extra software, root access, or any particular skills in general,” writes CNET News’ Lance Whitney. “Instead, all someone apparently has to do it clear the data for the Google Wallet app in the smartphone‘s application settings menu. The app is then reset and will prompt the person to enter a new pin number the next time it launches.”

Google Wallet Logo

“Since the Google Wallet information is linked to the device and not to the actual account, a person can then use the Google prepaid card already tied to the device to gain full access to the owner’s funds, explained The Smartphone Champ,” Whitney writes.

In response to the hack, a Google spokesman sent CNET the following statement:

“We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.”

This latest Google Wallet hack follows an earlier hack reported by security blogging site Zvelo.

Sourcehttp://news.cnet.com/8301-1009_3-57374589-83/latest-google-wallet-hack-picks-your-pocket/