+

Category: News

March 1, 2012


Pinterest vulnerable to XSS and iframe attack vectors

Security researcher Shadab Siddiqui recently uncovered several vulnerabilities in the social media site Pinterest, which has more than 10 million active users. A security researcher identified a cross-site scripting (XSS) vulnerability and an iframe injection issue that could allow a hacker to hijack user accounts and perform other malicious operations. The security researcher also found […]

Read more

March 1, 2012


Google withdraws from Pwn2Own and starts Pwnium

Google has officially withdrawn its sponsorship from the 2012 Pwn2Own security challenge. According to Google, they pulled out after they discovered that exploits demonstrated at the event did not have to be disclosed to the affected vendors. Instead, Google is pumping $1m into awards they are calling Pwnium. These awards will pay $60k for a full […]

Read more

March 1, 2012


DNT browser update – The Do Not Track Plus plugin

There appears to be many choices when it comes to using Do Not Track (DNT) extensions/add-ons with browsers. Until recently I hadn’t found one extension/add-on* that I could really truly say is easy to use and does what it says without slowing my browser experience. TIP: Google Universal Do Not Track can still be used for some purposes […]

Read more

March 1, 2012


How to use OS X FileVault to encrypt external data

Those that use OS X might be aware of FileVault. This post assumes you have already set up FileVault or have some knowledge of its capabilities – so for those of you who haven’t done this yet you might want to do it right now. Mac OS X Lion now allows you to encrypt (it uses XTS-AES […]

Read more

March 1, 2012


iOS test app gains access to photo library

Following on from my previous post on how iOS apps are accessing and uploading contact data, it’s now been reported there are permission issues with an app that can access the iOS photo library. A test app was developed called PhotoSpy which was commissioned by The New York Times. The PhotoSpy app requires the user […]

Read more

February 22, 2012


Pingit P2P mobile cash payment app security

Pingit allows users in the UK to send payments from one mobile to another in the UK – it’s a kind of P2P application. The Pingit app is of course free to download to any smartphone such as a BlackBerry, Android or iPhone. Note to my readers – Some in the media claim this payment method is […]

Read more

February 21, 2012


Mac OS X Gatekeeper and the Apple Developer ID

Apple has introduced Gatekeeper to a select handful of developers recently, and given I like research I couldn’t help but notice that over 20 years ago the Mac had an antivirus software called, yes you’ve guessed it – Gatekeeper. It’s moved on a bit since then though – Macs don’t really need AV at the system/kernel […]

Read more

February 10, 2012


Firefox to use Flash Player sandbox

The new Flash Player sandbox for Firefox is currently still in public beta mode. Adobe has decided to sandbox each plugin process to ensure that  a plugin crash will not occur with the entire web browser (one of the main reasons why Apple never introduced Flash).  It appears though, that there are no security restrictions […]

Read more

February 10, 2012


Security flaw identified in Google Wallet

Security researchers have uncovered a method of cracking Google Wallets PIN security in just a matter of seconds. The Google Wallet application stores a hash of the PIN, which allowed them to create a matching PIN simply by hashing all 10,000 possible numbers which only took a few seconds. Closer examination of the per-app DB, […]

Read more

February 10, 2012


Malware scanning improved in Google Chrome 17

Google Chrome released it’s first stable (out of beta) release on the 8 February – Chrome 17. This has been some time in the making but it’s finally arrived. This stable release now incorporates a malware download scanner which scans for malicious “.exe” and “.msi” files which checks with a whitelist database (DB) for known […]

Read more

February 8, 2012


Polymorphic Android malware requires HIPS analysis

Mobile application morphing isn’t something we have heard of on mobile platforms – however I did read an article on some recent developments. I suspect malware writers are developing mobile apps that automatically modify on download as well as continuing to re-engineer the codebase on a daily basis which involves changing the file signature and […]

Read more

February 7, 2012


Remote locate lock and wipe your Apple iOS iPhone

If you own an iPhone, it’s imperative that you consider how you might protect your device and the personal information you store on it in the event you lose or have your device stolen. There are now many apps that provide OTA backup, device tracking and device lock and wipe feature sets, which all do […]

Read more

IT MAGAZINES: Hakin9 Magazine | Pentest Magazine | eForensics Magazine | Software Developer's Journal | Hadoop Magazine | Java Magazine
IT Blogs: Hakin9 Magazine Blog | Pentest Magazine Blog | eForensics Magazine Blog | Software Developer's Journal Blog | Hadoop Magazine Blog | Java Magazine Blog
IT ONLINE COURSES: Pentest Laboratory
JOB OFFERS FOR IT SPECIALIST: Jobs on Hakin9 Magazine | Jobs on Pentest Magazine | Jobs on eForensics Magazine | Jobs on Software Developer's Journal | Jobs on Java Magazine | Jobs on Hadoop Magazine
Hakin9 Media Sp. z o.o. Sp. komandytowa ul. Postępu 17D, 02-676 Warszawa