Researchers use smudge attack, identify Android passcodes 68 percent of the time

In a movie-plot like scenario, where a biometric system is bypassed using restored fingerprint samples, Penn State researchers managed to identify the pass code patterns on two Android smartphones (the HTC G1 and the HTC Nexus One), 68% of the time, using photographs taken under different lighting conditions, and camera positions. […] The experimenting took place using two different scenarios – the passive attacker, who operates from a distance, and the active attacker who has breached the physical security of the device, namely, has physical access to it. Even in the worst possible experiment conditions, the were still able to … Continue reading Researchers use smudge attack, identify Android passcodes 68 percent of the time

There will be no fix for a Palm Pre WebOS zero day flaw until ‘Autumn

Spies can feel free to send malware laden business card texts to Palm’s Pre smartphones because a patch to fix the flaw that allows such messages to turn the handsets into bugging devices won’t be available until Autumn. Basingstoke based MWR Infosecurity announced last week that the Palm Pre WebOS has a zero day flaw that allows the phone to be used as a recorder and transmitter for anything within range of its microphone. It seems that Palm’s security systems don’t use sandboxing that MWR Labs thinks could have stopped the malign SMS. The INQUIRER learned of the lack of … Continue reading There will be no fix for a Palm Pre WebOS zero day flaw until ‘Autumn

AV-Test.org issues latest round of testing results

Symantec and Microsoft outdo Trend and McAfee in live tests. Independent testing organisation AV-Test.org has released its latest round of test results in a simplified format, providing at-a-glance details of performance in a series of tests aimed at mimicking real-world situations. Testing covered a wide range of criteria, all run in a fully connected and realistic environment to exercise all available protective features. In the tests, 19 products were put through their paces on Windows 7 in the second quarter of the year, with 13 of them meeting the necessary standard to be marked as ‘certified’ by the testing body. … Continue reading AV-Test.org issues latest round of testing results

NetworkSolutions Sites Hacked By Wicked Widget

Hundreds of thousands of Web sites parked at NetworkSolutions.com have been serving up malicious software thanks to a tainted widget embedded in their pages, a security company warned Saturday. Santa Clara, Calif. based Web application security vendor Armorize said it found the mass infection while responding to a complaint by one of its largest customers. Armorize said it traced the problem to the “Small Business Success Index” widget, an application that Network Solutions makes available to site owners through its GrowSmartBusiness.com blog. Armorize soon discovered that not only was the widget serving up content for those who had downloaded and … Continue reading NetworkSolutions Sites Hacked By Wicked Widget

Apple Worker Arrested On Kickback Charges

An Apple worker has been arrested on charges he allegedly took kickbacks of more than $1 million over a period of several years from the company’s Asian suppliers in exchange for inside information about the iPhone maker’s product lineup. A federal grand jury has indicted Paul Shin Devine, 37, of Sunnyvale, Calif., along with Singapore-based alleged accomplice Andrew Ang, on 23 counts of wire fraud, money laundering, receiving kickbacks, and other charges, according to the San Jose Mercury News, which first reported the story on Friday. Apple has also filed a civil lawsuit against Devine, who was a supply-chain manager … Continue reading Apple Worker Arrested On Kickback Charges

Virgin Media tracks Zeus Trojan using white hats

ISP to use Shadowserver Foundation intelligence ISP Virgin Media is now using organisations such as The Shadowserver Foundation to work out which of its customers might be part of botnets spreading the dangerous Zeus online banking Trojan. If a third-party identifies a suspect connection, the company will then write to affected customer outlining how they can remove Zeus using online tools or through the company’s paid-for Digital Home Support service. This process hands the work of removing Zeus and other malware to the Virgin Media Security security software package that comes with Virgin’s ISP package, which currently uses the BitDefender … Continue reading Virgin Media tracks Zeus Trojan using white hats

IE9 Beta Official Launch: September 15th

  It’s official: the Internet Explorer 9 Beta will launch next month – September 15th. To kick off the launch, Microsoft is holding a special press event in San Francisco where the theme, according to the invite, is the “beauty of the Web.” “Developers and designers are reimaging the familiar on the web. Join us in celebrating their work,” the invite reads. To promote the event, Microsoft has also launched a site at www.beautyoftheweb.com where invitees have to type in the letters to to unlock the invitation (hint: it’s “native”). There’s not much to see here otherwise, but the site … Continue reading IE9 Beta Official Launch: September 15th

Add-on Guidelines and Requirements in Action – Upgrade Advisor

From IE Blog: We’ve blogged in the past about guidelines and requirements that we’ve published to help add-on developers create quality add-ons.  We wrote these guidelines based on years of providing support to users and developers in response to questions from the developer community. We’ve shared several great examples of these guidelines and requirements in action in the past few months. As part of IE’s cumulative security updates, we’ve released an update to the Internet Explorer Upgrade Advisor list that helps users update to new versions of add-ons that follow the guidelines and requirements. In this post, we highlight the … Continue reading Add-on Guidelines and Requirements in Action – Upgrade Advisor

Rise in Latvian botnets prompts Spamhaus row

Concerns over the rising tide of nuisance and malicious email from Latvia have sparked an acrimonious dispute between anti-spam organisation Spamhaus and the country’s top-level domain registry. NIC.LV, which administers .lv web addresses, has branded Spamhaus "impolite, arrogant and even rude" after it added a large chunk of Latvian IP addresses to its anti-spam list. As a result "thousands of Internet users – academic users, state and municipal institutions, non-profit organisations, companies, and individuals" were cut off, it claimed. For its part, a bemused Spamhaus says it merely followed its normal procedures, and the allegations of rudeness are the result … Continue reading Rise in Latvian botnets prompts Spamhaus row

Underground Credit Card Processor Compromised

A group of hackers recently published detailed information from an underground credit card company. On July 23, an anonymous group claimed to have compromised a server of an online credit card processor company. At that time, however, the extent of the compromise was unclear. Looking at the data that was published leads us to believe that the compromise is very plausible. The leaked data includes employee emails as well as recorded phone calls. A particular recorded conversation discussed the various ways of defrauding major credit card companies. Another conversation discussed Fethard, a payment service that allows anonymous payments to be … Continue reading Underground Credit Card Processor Compromised