The company Appriver warned users of Dropbox service to increase caution, as false messages that ask users to change the password they use when signing up for service appeared once again. Fraudulent email messages are composed so that at first glance they look like they were really sent from Dropbox Team.

In a career that has spanned over 20 years in IT I have met a lot of people from different industries. Many of these people I have not kept in contact with and some I have. Occasionally when talking to some of them something will be said that might not hit home until a little later. This was the case with something that was said to be by an acquaintance who just happens to work as a technical manager at a security consulting company. During our talk I mentioned that it seemed like systems were getting much more insecure, and he joked saying: why would any security company want to work themselves out of business?

Indian enthusiast Arul Kumar who deals with computer security issues, reported a flaw in the social network Facebook, which allows you to delete any photo on Facebook within one minute. Failure is spotted within Support Dashboard portal that allows users to send complaints regarding violation or offensive content, and monitor whether the individual complaint is processed. Facebook employees handle complaints 24 hours a day, seven days a week.

Researchers from the firm MWR Labs found a way to exploit vulnerabilities in Chrome, and how to bypass the security mechanisms in Windows 7, which enabled them to perform arbitrary actions on the victim's computer.

Android users have a lot to be happy about. Despite all the awesome that is Android, there are the occasional bumps in the road. One of the more hilarious of these problems is the tendency for Android phones to display incorrect timestamps on text messages under certain conditions. Sometimes, it can appear as if your friend has texted you from several hours in the future. Sometimes in the past.

Ubisoft has responded to the claims that its UPlay DRM software is a rootkit that enabled them (and anyone else) to install arbitrary code on systems that it was installed on. The original claim was from developer Travis Ormandy who posted the issue on pastebin and also showed the vulnerability working with a website specially crafted to take advantage of the exploit he found. Ormandy likened the issue to Sony’s famous screw up with their BMG DRM that was in actuality a rootkit and caused the recall of quite a bit of Sony games.

If the name Charlie Miller sounds familiar to you it should. After all he is one of the researchers that has consistently found bugs and holes in Apple’s vaunted security. He is also a very frequent winner of the Pwn2Own competition where security experts and “hackers” alike compete to find the fastest way of breaking into a computer system. Charlie’s love for Apple and all of its devices has kept him in something of a love-hate relationship with the company for years, but recently things turned for the worse.

After the discovery of a flaw in Apple’s Mobile Safari that allowed the execution of unsigned code Miller reported this to Apple. He did this on the 14th of October and never received any word back on it. To further demonstrate the seriousness (and apparent ease) of this new flaw Miller submitted an app that had the malicious code packed inside. The App, which was disguised as a stock ticker, was approved by Apple and set up for distribution in the walled garden of the iTunes App Store. Miller was able to use the App to execute his code and take control of core functions of the phone.

For his troubles Miller was unceremoniously dropped from the Apple Developers Program for violating the terms of the agreement (which he really did do). The problem with this type of action from Apple is that it makes them seem like they do not want to admit or address serious security issues inside their operating systems. Miller has sent off an email asking for clarification stating “I’m mad, I report bugs to them all the time. Being part of the developer program helps me do that. They’re hurting themselves, and making my life harder.”

Miller feels that this is one of the changes that are coming after the passing of Steve Job and the new management. “I miss Steve Jobs,” he says. “He never kicked me out of anything.”

Source Forbes

Discuss in our Forum

At Defcon 19 in Las Vegas this year the annual security show launched a new event. Called Defcon Kids the even features young “hackers” that have uncovered exploits, vulnerabilities and other security related items. One of the first to speak this year is a 10-Year Old Girl from California who found an exploit in some mobile games.

The girl, who goes by the alias CyFi (and who is a Girl Scout as well) found the new exploit because she did not want to wait for certain in-game items to complete in a farming game that she plays. To get around this boring wait she simply moved time along. When she did this it opened up the exploit. Independent researchers have verified her findings, but will not list the games that are affected by this (no will CyFi giving the authors a chance to fix things).

CyFi also said that while many games have cheat prevention systems she found that most can be circumvented with a few simple techniques. The Exploit affects both iOS and Android operating systems and illustrates how developers and security experts alike can miss something simple while overthinking their protections and applications.


Source and Image Cnet

Discuss thus on our Forum