Blog

Vulnerability

Android malware gains root access

 August 26, 2011

Estimated reading time: 1 minute

A new malware affecting the latest version of Android operating system (2.3 – Gingerbread) is now out in the wild and masquerading as an app featuring some “Beauty of the Day” photos. The package I downloaded uses the following permissions: android.permission.READ_PHONE_STATE android.permission.READ_LOGS android.permission.DELETE_CACHE_FILES android.permission.ACCESS_CACHE_FILESYSTEM android.permission.WRITE_SECURE_SETTINGS android.permission.ACCESS_NETWORK_STATE android.permission.INTERNET android.permission.WRITE_EXTERNAL_STORAGE android.permission.MOUNT_UNMOUNT_FILESYSTEMS android.permission.READ_OWNER_DATA...

Microsoft Security Bulletin MS11-057

 August 11, 2011

Estimated reading time: 1 minute

Microsoft has released two Critical updates: MS11-057 (Internet Explorer): This security update resolves 5 privately reported vulnerabilities and 2 publicly disclosed vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Microsoft is not...

Android Focus Stealing Vulnerability

 August 10, 2011

Estimated reading time: 2 minutes

Android allows applications to voluntarily come to the foreground or to become active while user is using another application. However, because Android’s SDK (Software Development Kit) allows apps to be pushed to the foreground, Android allows users to dismiss and override this behaviour be hitting the back button. This Android...

Massive Attack targeting osCommerce sites

 August 6, 2011

Estimated reading time: 1 minute

More than 90,000 websites were found to be infected with an iframe that points to:- willysy(dot)com. The effected websites were found using the osCommerce which is an open source e-commerce package used by small vendors to manage their online shops. An iframe is a line of code inserted into a...

Apple patches iOS interception flaw

 July 27, 2011

Estimated reading time: 1 minute

Apple on Monday issued a new patch that fixes a vulnerability that could allow an attacker to spoof an X.509 certificate used to encrypt web sessions on 4.3.4 iOS devices. The vulnerability is related to the way Apple validates X.509 certificates and can undermine Secure Socket Layer (SSL) and Transport...

OS X Lion: What’s new in Security

 July 22, 2011

Estimated reading time: 3 minutes

Once you are done with the online installation experience and seen the upside-down mouse gestures and all the other bling that comes as part of OS X Lion, it is time to look at what has changed from the security point of view. Lion provides some significant security improvements. An...