5 posts tagged with security by Blazecock Pileon.
Displaying 1 through 5 of 5.
Ars Technica reports on malicious extensions on the Chrome web browser, which install advertising-based malware that hijack links and inject ad content. Further speech recognition exploits (source) leave open the opportunity for malicious sites to record sound captured by the user's web browser without permission.
Security researchers at North Carolina State University led by Xuxian Jiang (who had previously discovered 12 malicious Android applications sold through Google's Android Market) have uncovered holes in how the permissions-based security model is enforced on numerous Android devices. Called "leaks", these vulnerabilities allow new and existing malicious applications to eavesdrop on calls, track the user's location, install applications, send SMS messages, delete data from the device, and more. (via)
Logging out of Facebook is not enough - Nik Cubrilovic demonstrates how, even after logging out, Facebook tracks every page you visit on sites that integrate Facebook services [via]
The Haystack application aims to use steganography to hide samizdat-type data within a larger stream of innocuous network traffic. Thus, civilians in Iran, for example, could more easily evade Iranian censors and provide the world with an unfiltered report on events within the country. Haystack earned its creator Austin Heap a great deal of positive coverage from the media during the 2009 Iranian election protests. The BBC described Heap as "on the front lines" of the protesters' "Twitter revolution", while The Guardian called him an Innovator of the Year. Despite the laudatory coverage, however, the media were never given a copy of the software to examine. Indeed, not much is known about the software or its inner workings. Specialists in network encryption security were not allowed to perform an independent evaluation of Haystack, despite its distribution to and use by a small number of Iranians, possibly at some risk. As interest in the project widens and criticisms of the media coverage and software continue to mount, Heap has currently asked users to cease using Haystack until a security review can be performed.
"[C]omputer design is being dictated not by electronic design rules, physical layout requirements, and thermal issues, but by the wishes of the content industry." By deliberately breaking audio and video functionality, opening up new avenues for debilitating malware, and reversing performance gains in desktop PCs and third-party components, Peter Gutmann argues "the Vista Content Protection specification could very well constitute the longest suicide note in history."