Posts Tagged ‘flaw’

Phone Scam Asks People for Access to Computer Security

Saturday, January 5th, 2013

Don’t tumble for it, since it’s a scam.

According to one of those callers, a male is revelation callers to go on their mechanism so they can troubleshoot an emanate or confidence smirch with windows update.

Article source: http://www.wvfx.com/wdtv.cfm?func=view§ion=5-News&item=Phone-Scam-Asks-People-for-Access-to-Computer-Security7439

Printers could offer hackers a approach in, warns mechanism willingness team

Friday, November 30th, 2012


Some printer models are exposed to hackers since of a formula flaw, warned a U.S. mechanism confidence puncture response team.

In a vulnerability note expelled on Nov. 26 and updated on Nov. 29, a U.S. Computer Emergency Readiness Team (CERT) pronounced Samsung printers and some printer done for Dell by Samsung could be vulnerable.

CERT pronounced Samsung printers enclose a hardcoded Simple Network Management Protocol (SNMP) formula that could concede a remote assailant to take control of an influenced device. Specifically, it pronounced a printers enclose a hardcoded SNMP full read-write village fibre that stays active even when SNMP is infirm in a printer government utility.

Using a flaw, it pronounced remote, unauthenticated enemy could entrance an influenced device with executive read/write privileges. They competence also be means to make changes to a device configuration, entrance to supportive information like device and network information, credentials, and information upheld to a printer, and probability use a ability to precedence serve attacks by capricious formula execution.

According to CERT, both Samsung and Dell have pronounced that models expelled after Oct 31, 2012 are not influenced by a vulnerability. The companies have also indicated that they will be releasing a patch apparatus after this year to residence exposed devices.

CERT endorsed disabling ports on a printer could assistance lessen a risks, as good as restricting entrance to them, as good as disabling SNMP protocol, though remarkable that resolution competence be have some drawbacks.  “Note that a disadvantage contributor has settled that a village fibre that stays active even when SNMP is infirm in a printer government utility,” pronounced a CERT.

“As a ubiquitous good confidence practice, usually concede connectors from devoted hosts and networks,” it said. “Restricting entrance would forestall an assailant from accessing an SNMP interface regulating a influenced certification from a blocked network location. (e.g. Using IP filtering and Mac residence filtering)

 Samsung expelled a matter acknowledging a smirch and pronounced a patch would be accessible on Nov. 30 and wasn’t wakeful of it carrying been exploited. “Samsung is wakeful of and has resolved a confidence emanate inspiring Samsung network printers and multifunction devices. The emanate affects inclination usually when SNMP is enabled, and is resolved by disabling SNMP,” pronounced a company’s statement.

According to Samsung, an refurbish for other models will be accessible by a finish of a year. “However, for business that are concerned, we inspire them to invalidate SNMPv1.2 or use a secure SNMPv3 mode until a firmware updates are made.”

Article source: http://www.gsnmagazine.com/node/27920?c=cyber_security

Breakfast Briefing: Windows 7 Service Packs, Jobs on a iPad mini, and …

Thursday, October 25th, 2012

Breakfast briefing

Gallery

Posted on 25 Oct 2012 during 09:30

Morning all. Today’s tip tech stories – while we wait for a large Windows 8 launch – embody a Service Pack solidify for a predecessor, how to land a pursuit during Google, and calls for a mangle on information centre taxes

No some-more use packs for Windows 7

Today’s concentration competence all be on Windows 8 – we mentioned it’s rising today, right? – though there’s also a important discuss for Windows 7, that a association has pronounced won’t be removing a second use pack.

According to sources from Microsoft’s postulated engineering team, cited in a news in The Register, a association will mangle with a compulsory refurbish cycle by not releasing a Service Pack 2. SP2 had been approaching behind in August. Instead, a association skeleton monthly updates until it ends support for a final chronicle of a handling system.

How to get a pursuit during Google: penetrate it

Wired has an intriguing story of how a mathematician perceived a head-hunting email from Google and beheld a smirch in a cryptography, permitting him to travesty an email from anyone in a company. Zach Harris insincere a smirch was a disreputable recruitment test; notwithstanding not wanting a job, he wanted to uncover he’d beheld a flaw, so he sent an email impersonating Sergey Brin to co-founder Larry Page, compelling his possess work.

As it turns out, it was a genuine flaw. While Google fast bound a flaw, it turns out to be widespread – and not all firms have worried to repair it, so Harris has now left public.

How Jobs relented on iPad mini

Steve Jobs famously derided a thought of a 7in tablet, fearing it would be trapped in a background between smartphones and full-sized tablets. Naturally, his open comments about a “tweeners” have been reheated entirely this week, after a launch of a 7.9in iPad mini.

CNet, however, reveals Jobs was in fact receptive of a thought when Apple exec Eddie Cue bravely lifted a thought of a mini-tablet to his afterwards boss.

“I trust there will be a 7in marketplace and we should do one,” Cue wrote in an email that cropped adult during a hearing with Samsung, whose little Galaxy Tab he so admired. “I voiced this to Steve several times given Thanksgiving and he seemed really receptive a final time.”

Confusion over Irish Pirate Bay action

Irish ISP UPC has blamed a European network exam for The Pirate Bay being blocked in a nation notwithstanding a Irish courts not restraint a P2P site. UPC surfers visiting a filesharing site progressing this week saw a notice explaining a site had been blocked due to a justice sequence from a Irish Recorded Music Association. The ISP, however, claims a site is not blocked and it won’t be unless a justice orders a association to do so.

“UPC Ireland’s position has not changed. UPC is not compulsory by any justice or management to retard The Pirate Bay and does not intend to willingly retard The Pirate Bay,” it told a BBC. “Periodically contrast is carried out opposite a European network, that competence have been celebrated by Irish customers.” Seems to lift some-more questions than it answers, that.

Data centres’ fatiguing questions

Data centres and purgation measures competence not be apparent bedfellows, though TechWeek Europe reports how sourroundings taxation proposals could supplement costs to server farms and make vital companies consider twice about locating in a UK. The site argues that with 5% of a tellurian marketplace for information centres, a UK should be embracing a industry, that attracts digital economy heavyweights, not forcing it abroad around environmental taxes.

Article source: http://www.pcpro.co.uk/news/377755/breakfast-briefing-windows-7-service-packs-jobs-on-the-ipad-mini-and-hacking-google

Breakfast Briefing: Windows 7 Service Packs, Jobs on a iPad mini, and …

Thursday, October 25th, 2012

Breakfast briefing

Gallery

Posted on 25 Oct 2012 during 09:30

Morning all. Today’s tip tech stories – while we wait for a large Windows 8 launch – embody a Service Pack solidify for a predecessor, how to land a pursuit during Google, and calls for a mangle on information centre taxes

No some-more use packs for Windows 7

Today’s concentration competence all be on Windows 8 – we mentioned it’s rising today, right? – though there’s also a important discuss for Windows 7, that a association has pronounced won’t be removing a second use pack.

According to sources from Microsoft’s postulated engineering team, cited in a news in The Register, a association will mangle with a compulsory refurbish cycle by not releasing a Service Pack 2. SP2 had been approaching behind in August. Instead, a association skeleton monthly updates until it ends support for a final chronicle of a handling system.

How to get a pursuit during Google: penetrate it

Wired has an intriguing story of how a mathematician perceived a head-hunting email from Google and beheld a smirch in a cryptography, permitting him to travesty an email from anyone in a company. Zach Harris insincere a smirch was a disreputable recruitment test; notwithstanding not wanting a job, he wanted to uncover he’d beheld a flaw, so he sent an email impersonating Sergey Brin to co-founder Larry Page, compelling his possess work.

As it turns out, it was a genuine flaw. While Google fast bound a flaw, it turns out to be widespread – and not all firms have worried to repair it, so Harris has now left public.

How Jobs relented on iPad mini

Steve Jobs famously derided a thought of a 7in tablet, fearing it would be trapped in a background between smartphones and full-sized tablets. Naturally, his open comments about a “tweeners” have been reheated entirely this week, after a launch of a 7.9in iPad mini.

CNet, however, reveals Jobs was in fact receptive of a thought when Apple exec Eddie Cue bravely lifted a thought of a mini-tablet to his afterwards boss.

“I trust there will be a 7in marketplace and we should do one,” Cue wrote in an email that cropped adult during a hearing with Samsung, whose little Galaxy Tab he so admired. “I voiced this to Steve several times given Thanksgiving and he seemed really receptive a final time.”

Confusion over Irish Pirate Bay action

Irish ISP UPC has blamed a European network exam for The Pirate Bay being blocked in a nation notwithstanding a Irish courts not restraint a P2P site. UPC surfers visiting a filesharing site progressing this week saw a notice explaining a site had been blocked due to a justice sequence from a Irish Recorded Music Association. The ISP, however, claims a site is not blocked and it won’t be unless a justice orders a association to do so.

“UPC Ireland’s position has not changed. UPC is not compulsory by any justice or management to retard The Pirate Bay and does not intend to willingly retard The Pirate Bay,” it told a BBC. “Periodically contrast is carried out opposite a European network, that competence have been celebrated by Irish customers.” Seems to lift some-more questions than it answers, that.

Data centres’ fatiguing questions

Data centres and purgation measures competence not be apparent bedfellows, though TechWeek Europe reports how sourroundings taxation proposals could supplement costs to server farms and make vital companies consider twice about locating in a UK. The site argues that with 5% of a tellurian marketplace for information centres, a UK should be embracing a industry, that attracts digital economy heavyweights, not forcing it abroad around environmental taxes.

Article source: http://www.pcpro.co.uk/news/377755/breakfast-briefing-windows-7-service-packs-jobs-on-the-ipad-mini-and-hacking-google

Breakfast Briefing: Windows 7 Service Packs, Jobs on a iPad mini, and …

Thursday, October 25th, 2012

Breakfast briefing

Gallery

Posted on 25 Oct 2012 during 09:30

Morning all. Today’s tip tech stories – while we wait for a large Windows 8 launch – embody a Service Pack solidify for a predecessor, how to land a pursuit during Google, and calls for a mangle on information centre taxes

No some-more use packs for Windows 7

Today’s concentration competence all be on Windows 8 – we mentioned it’s rising today, right? – though there’s also a important discuss for Windows 7, that a association has pronounced won’t be removing a second use pack.

According to sources from Microsoft’s postulated engineering team, cited in a news in The Register, a association will mangle with a compulsory refurbish cycle by not releasing a Service Pack 2. SP2 had been approaching behind in August. Instead, a association skeleton monthly updates until it ends support for a final chronicle of a handling system.

How to get a pursuit during Google: penetrate it

Wired has an intriguing story of how a mathematician perceived a head-hunting email from Google and beheld a smirch in a cryptography, permitting him to travesty an email from anyone in a company. Zach Harris insincere a smirch was a disreputable recruitment test; notwithstanding not wanting a job, he wanted to uncover he’d beheld a flaw, so he sent an email impersonating Sergey Brin to co-founder Larry Page, compelling his possess work.

As it turns out, it was a genuine flaw. While Google fast bound a flaw, it turns out to be widespread – and not all firms have worried to repair it, so Harris has now left public.

How Jobs relented on iPad mini

Steve Jobs famously derided a thought of a 7in tablet, fearing it would be trapped in a background between smartphones and full-sized tablets. Naturally, his open comments about a “tweeners” have been reheated entirely this week, after a launch of a 7.9in iPad mini.

CNet, however, reveals Jobs was in fact receptive of a thought when Apple exec Eddie Cue bravely lifted a thought of a mini-tablet to his afterwards boss.

“I trust there will be a 7in marketplace and we should do one,” Cue wrote in an email that cropped adult during a hearing with Samsung, whose little Galaxy Tab he so admired. “I voiced this to Steve several times given Thanksgiving and he seemed really receptive a final time.”

Confusion over Irish Pirate Bay action

Irish ISP UPC has blamed a European network exam for The Pirate Bay being blocked in a nation notwithstanding a Irish courts not restraint a P2P site. UPC surfers visiting a filesharing site progressing this week saw a notice explaining a site had been blocked due to a justice sequence from a Irish Recorded Music Association. The ISP, however, claims a site is not blocked and it won’t be unless a justice orders a association to do so.

“UPC Ireland’s position has not changed. UPC is not compulsory by any justice or management to retard The Pirate Bay and does not intend to willingly retard The Pirate Bay,” it told a BBC. “Periodically contrast is carried out opposite a European network, that competence have been celebrated by Irish customers.” Seems to lift some-more questions than it answers, that.

Data centres’ fatiguing questions

Data centres and purgation measures competence not be apparent bedfellows, though TechWeek Europe reports how sourroundings taxation proposals could supplement costs to server farms and make vital companies consider twice about locating in a UK. The site argues that with 5% of a tellurian marketplace for information centres, a UK should be embracing a industry, that attracts digital economy heavyweights, not forcing it abroad around environmental taxes.

Article source: http://www.pcpro.co.uk/news/377755/breakfast-briefing-windows-7-service-packs-jobs-on-the-ipad-mini-and-hacking-google

Earlier warning over Winz confidence flaws ‘disturbing’

Tuesday, October 16th, 2012
  • Bennett's bureau indicted of leaking blogger's source  (Source: ONE News)
    Bennett's bureau indicted of leaking blogger's source  (Source: ONE News)
  • Watch Video


    • The Ministry of Work and Income logo.  (Source: ONE News)

      IT organisation identified WINZ smirch a year ago (2:22)
  • Related



    • 18:44


      Security experts to inspect Winz mechanism hacking
      video


    • 19:40


      Bennett promises lessons-learned from Winz hacking
      video
    • Fears over large WINZ remoteness crack (4:08)

Opposition MPs have indicted Paula Bennett’s bureau of leaking
the name of a blogger’s source on a Work and Income privacy
blunder to a media.

Blogger Keith Ng suggested yesterday that thousands of the
Ministry of Social Development’s trusted files were accessible
from open self-service kiosks in Winz offices.

Ng reported a problem in his blog and

said he was responding to a spill from
Ira Bailey

, a systems administrator.

Green Party Co-leader Metiria Turei asked a Social Development
Minister in Parliament if she will inspect either any MSD
staff in her office, or generally, were concerned in a trickle of
Bailey’s name to a media, “and if not, is this given she
herself has exhibited such a arrogant opinion to a insurance of
the remoteness of individuals?”

Bennett replied that right now she and her method are very
concerned about people’s personal information being done available
through a kiosks.

“That is a focus, that is a earnest that we’re taking
that. we have 0 seductiveness in going on a bit of a witch-hunt during the
moment,” Bennett said.

The apportion denied she was obliged for creation Bailey’s name
public.

Earlier, Bennett pronounced it is “disturbing” that her dialect was
warned about a disadvantage in a mechanism complement some-more than a
year ago.

Following Ng’s explanation yesterday, it has emerged that earlier
warnings about a smirch might not have been followed by by the
ministry.

“I consider it is disturbing, we’ve given seen a news that from
April final year that there was a smirch in a complement and that this
information was accessible,” Bennett said.

“What we now need to do is ask was it acted on? And how was it
acted on? Obviously it wasn’t good adequate differently we wouldn’t be
in this conditions today.”

Problem detected ‘by accident’

Ng pronounced Bailey detected a problem with a Winz computers by
accident, and had asked a method if it offering rewards for
reporting confidence vulnerabilities, that he pronounced was common
practice.

However, he pronounced a method did not know how to respond to his
request and Bailey got in hold with Ng instead exposing the
problem to a media.

Bennett pronounced she had famous about Bailey’s requests final week but
was not certain how severely to take them.

“I initial became wakeful of it on Wednesday final week that he was
asking (for a reward) and we contingency acknowledge in a small bit of
information that we had it seemed distant too deceptive to know accurately what
they knew and either or not they were unequivocally means to (access
computer systems).

“It does lift a doubt do we palm over income meditative it
might be information we wish or not?”

Bailey was also one of those arrested during a Urewera raids
in 2007. He was before charged in a box though all charges
against him were dropped.

Ng pronounced both organisation had deleted any trusted information from
their computers.

Earlier warnings

The ministry’s arch executive Brendan Boyle pronounced this morning
an eccentric exploration will inspect either some-more could have been
done to strengthen a supportive data.

“We perceived a news from Dimension Data in Apr 2011, which
identified flaws in a system,” he said.

“Since yesterday afternoon we have perceived serve information
that means we am not assured that we took a right actions in
response to Dimension Data’s recommendations on security.

“I will demeanour to a examination to yield me with a answers.”

Deloitte has been hired to lift out a exploration and will look
at both a latest occurrence and a wider reserve of a ministry’s
electronic data.

Chris Zack from gratification organisation Auckland Action Against Poverty
told TV ONE’s Breakfast an disciple reported a problem with the
ministry’s mechanism systems a year ago though no movement was taken.

“Really what this shows is them carrying a blasé attitude
towards customer remoteness and also their contentment and also
their reserve in this case,” he said.

“We’re positively troubled that this happened not usually because
of a astringency of a information that’s been done open though also
the range of it, it’s utterly staggering.

“At a same time we’re not terribly surprised, we consider within
MSD there is a systemic opinion problem with propinquity to privacy
and beneficiaries.”

‘Change a whole attitude’

Zack pronounced a dialect indispensable to change a whole attitude
towards privacy.

“An eccentric exploration is an critical initial step, we’ll see
what comes out of that.

“But over an exploration there needs to be a enlightenment change within
MSD given an hapless side-effect of this is there will be
more fear among beneficiaries that their information is not
safe.”

Privacy counsel John Edwards pronounced a matter is really critical but
might not infer a widespread negligence for remoteness issues in the
department.

“It’s positively a disaster to take a systematic and methodical
approach to new innovations in record and to make certain we get
these things right when we hurl these things out,” he told
Breakfast.

He pronounced anyone who might wish to sue a dialect over the
matter would need to infer they had suffered “some mistreat or
significant humiliation.”

This is some of what Ng accessed:

  • The full addresses of CYF protected houses
  • The full names of problem children, infrequently fixing a school
    they attend
  • The names of people who have attempted self-murder and subsequently
    been given support
  • Details of MSD’s authorised cases including a names of parties and
    the inlet of a case
  • The full names of possibilities for adoption and of foster
    parents
  • A list of people who owe MSD income and how much
  • Contractors invoices with their full names, hours worked and
    pay rates.
  • Email this article
  • Print this article
  • Text size
    +
    -
  • more…

Latest NZ News Video

  • Bennett denies fixing chairman behind Winz spill  (Source: ONE News)


    Bennett denies fixing chairman behind Winz spill (3:04)
     

  • ONE News Afternoon Update  (Source: ONE News)


    ONE News Afternoon Update (1:40)
     

  • IT organisation identified WINZ smirch a year ago  (Source: ONE News)


    IT organisation identified WINZ smirch a year ago (2:22)
     

Article source: http://tvnz.co.nz/national-news/source-asked-money-before-revealing-winz-flaw-5133571

Galaxy S III, Android phone confidence smirch could make phones useless

Sunday, September 30th, 2012

Originally published: Sep 29, 2012 11:39 AM
Updated: Sep 29, 2012 11:46 AM

By THE ASSOCIATED PRESS

FILE - This Jun 19, 2012 record photo

Photo credit: AP | FILE – This Jun 19, 2012 record print shows Samsung’s new Galaxy S III phone, in New York. Millions of dungeon phones that use Google’s Android handling complement — including a renouned Samsung Galaxy S III — are exposed to a digital bug that can invalidate a inclination or purify them purify of their data, including their contacts, music, photos and more. The confidence researcher who detected a smirch urged consumers on Friday to refurbish their phone program shortly to strengthen themselves. (AP Photo/Bebeto Matthews)

Videos



iPhone 5 facilities excite Hudson Valley fans


Apple on Wednesday suggested that a new iPhone
New iPhone Thinner, Lighter


Jurors began deliberating Wednesday in a multibillion dollar
Apple-Samsung obvious case

Galleries

Customers line adult outward a Apple Store at
Apple iPhone 5 recover photos

Apple II: This Apple Computers Inc. record photo
Breakthrough products of Steve Jobs


The grand opening of The Apple Store at
Apple store opens in Yonkers

WASHINGTON – Cellphones regulating Google’s Android handling complement are during risk of being infirm or wiped purify of their data, including contacts, song and photos since of a confidence smirch that was detected several months ago though went neglected until now.

Opening a couple to a website or a mobile focus embedded with antagonistic formula can trigger an conflict able of destroying a memory label in Android-equipped handsets done by Samsung, HTC, Motorola and Sony Ericsson, digest a inclination useless, mechanism confidence researcher Ravi Borgaonkar wrote in a blog post Friday. Another formula that can erase a user’s information by behaving a bureau reset of a device appears to aim usually a newly expelled and tip offered Galaxy S III and other Samsung phones, he wrote.

Borgaonkar sensitive Google of a disadvantage in June, he said. A repair was released quickly, he said, though it wasn’t publicized, withdrawal smartphone owners mostly unknowingly that a problem existed and how they could repair it.


PHOTOS:
Apple iPhone 5 recover photos
| Breakthrough products of Steve Jobs
| An Apple story in photos, Apple 1 to iPad

VIDEO:
New iPhone Thinner, Lighter
| iPhone 5 facilities excite Hudson Valley fans
| What Apple’s $1B feat means for consumers


Google declined to comment. Android debuted in 2008 and now dominates a smartphone market. Nearly 198 million smartphones regulating Android were sole in a initial 6 months of 2012, according to a investigate organisation IDC. About 243 million Android-equipped phones were sole in 2011, IDC said.

Versions of Android that are exposed embody Gingerbread, Ice Cream Sandwich and Jelly Bean, according to Borgaonkar. He pronounced a Honeycomb chronicle of Android, designed for tablets, needs to be tested to establish if it is during risk as well.

Samsung, that creates many of a Android phones, pronounced usually early prolongation models of a Galaxy S III were influenced and a program refurbish has been released for that model. The association pronounced it is conducting an inner examination to establish if other inclination are influenced and what, if any, movement is needed. Samsung pronounced it is advising business to check for program updates by a “Settings: About device: Software update” menu accessible on Samsung phones.

Borgaonkar, a researcher during Germany’s Technical University Berlin, pronounced a bug works by holding advantage of functions in phones that concede them to dial a write series directly from a web browser. That preference comes with risk, however. A hacker, or anyone with ill intent, can emanate a website or an app with codes that indoctrinate a phones joining to those numbers to govern commands automatically, such as a full bureau reset.

The phone’s memory card, famous as a subscriber temperament module, or SIM, can be broken remotely in a same way, Borgaonkar said. “Vulnerability in Android can be exploited to kill a SIM label henceforth by clicking a singular click,” he wrote. “After a successful attack, a finish user has to go to a mobile network user and buy a new SIM card.”

While Borgaonkar has drawn courtesy to a problem, it’s misleading how useful a disadvantage would be to cybercriminals who are essentially meddlesome in increase or gaining a rival advantage, pronounced Jimmy Shah, a mobile confidence researcher during McAfee. “There’s no advantage to a assailant if they can’t make income off it or they can’t take your data,” Shah said. “It’s unequivocally not that useful.”

But a technique could means outrageous headaches if it were harnessed to emanate outbound phone calls, pronounced Mikko Hypponen, arch investigate officer during F-Secure, a digital confidence association in Helsinki, Finland. “If that would be doable, we would fast see genuine universe attacks causing phones to automatically dial out to premium-rate numbers,” he said.

Copyright 2012 The Associated Press. All rights reserved. This element might not be published, broadcast, rewritten or redistributed.

Article source: http://newyork.newsday.com/business/technology/galaxy-s-iii-android-phone-security-flaw-could-make-phones-useless-1.4055284

Android confidence smirch puts phones during risk

Sunday, September 30th, 2012

<!–enpproperty http://www.china.org.cn/business/2012-09/30/content_26681266.htmwww.china.org.cnCellphones regulating Google’s Android handling complement are during risk of being infirm or wiped purify of their data, including contacts, song and photos, since of a confidence smirch that was detected several months ago though went neglected until now.2012-09-30 11:08:07.0Android confidence smirch puts phones during riskAndroid,china,flaws,risk,google,AppleAndroid confidence smirch puts phones during riskAndroid confidence smirch puts phones during risk10077074868Technology, Media and Telecom/enpproperty–>

Cellphones regulating Google’s Android handling complement are during risk of being infirm or wiped purify of their data, including contacts, song and photos, since of a confidence smirch that was detected several months ago though went neglected until now.

Android confidence smirch puts phones during risk.[File photo]

Android confidence smirch puts phones during risk.[File photo] 

Opening a couple to a website or a mobile focus embedded with antagonistic formula can trigger an conflict able of destroying a memory label in Android-equipped handsets done by Samsung, HTC, Motorola and Sony Ericsson, digest a inclination useless, mechanism confidence researcher Ravi Borgaonkar wrote in a blog post on Friday. Another formula that can erase a user’s information by behaving a bureau reset of a device appears to aim usually a newly expelled and top-selling Galaxy S III and other Samsung phones, he wrote.

Borgaonkar sensitive Google of a disadvantage in June, he said. A repair was released quickly, he said, though it wasn’t publicized, withdrawal smartphone owners mostly unknowingly that a problem existed and how they could repair it.

Google declined to comment. Android debuted in 2008 and now dominates a smartphone market. Nearly 198 million smartphones regulating Android were sole in a initial 6 months of 2012, according to a investigate organisation IDC. About 243 million Android-equipped phones were sole in 2011, IDC said.

Versions of Android that are exposed embody Gingerbread, Ice Cream Sandwich and Jelly Bean, according to Borgaonkar. He pronounced a Honeycomb chronicle of Android, designed for tablets, needs to be tested to establish if it is during risk as well.

Samsung, that creates many of a Android phones, pronounced usually early prolongation models of a Galaxy S III were influenced and a program refurbish has been released for that model.

The association pronounced it is conducting an inner examination to establish if other inclination are influenced and what, if any, movement is needed.

Borgaonkar, a researcher during Germany’s Technical University Berlin, pronounced a bug works by holding advantage of functions in phones that concede them to dial a write series directly from a web browser. That preference comes with risk, however. A hacker, or anyone with ill intent, can emanate a website or an app with codes that indoctrinate a phones joining to those numbers to govern commands automatically, such as a full bureau reset.

Article source: http://www.china.org.cn/business/2012-09/30/content_26681266.htm

Research organisation discovers new Java sandbox vulnerability

Friday, September 28th, 2012

A investigate organisation has detected what’s being called a vicious smirch in Java SE that could enable
an assailant to bypass a pivotal confidence safeguard, potentially putting as many as 1 billion Java
installations during risk.

The vulnerability, found by confidence investigate consultancy Security Exploitations, was disclosed
Tuesday around a Seclists.org Full
Disclosure mailing list
. The emanate affects specific builds of Oracle Corp.’s Java SE, versions
5, 6, and 7.

Adam Gowdiak, Security Exploitations owner and CEO, wrote that his organisation was means to use the
flaw to bypass a confidence measures of a Java
sandbox
, a special memory area that a Java Virtual Machine (JVM) sets aside for a execution
of untrusted code. An assailant could use a smirch to govern antagonistic formula and benefit during least
partial control over a aim system.

Gowdiak told Computerworld that while Security Exploitations tested a smirch on a fully
patched Windows 7 32-bit complement regulating a Firefox, Google Chrome, Internet Explorer, Opera and
Safari Web browsers, probably any endpoint using Windows, Linux, Solaris or MacOS that has Java
SE chronicle 5, 6, or 7 commissioned is vulnerable.

In his Seclists post, Gowdiak pronounced information on a disadvantage was supposing to Oracle. As
of Wednesday morning, Oracle has nonetheless to respond. To secure endpoints in a meantime, told
Computerworld that Java Web browser plugins should be infirm until Oracle issues
patches.

Word of a new smirch comes only weeks after Oracle
issued a singular puncture out-of-band patch
for a Java zero-day flaw. That Java
flaw enabled an assailant to implement a dropper
onto putrescent systems, that are afterwards instructed
to download additional malware from a remote server. However, researchers fast detected a flaw
in Oracle’s patch.

The new Java problem was announced on a eve of Oracle’s annual JavaOne conference, expected as a
dig to Oracle, a association whose proceed to program confidence has come underneath complicated critique in
recent years.

“We wish that a news about 1 billion users of Oracle Java SE program being exposed to yet
another confidence smirch is not gonna spoil a ambience of Larry Ellison’s morning…Java,” Gowdiak
wrote.




Article source: http://www.pheedcontent.com/click.phdo?i=7a8859fad84b1254b53be9a479ca73fc

1 Billion computers during risk from Java exploit

Wednesday, September 26th, 2012

A new zero-day feat in mixed versions of Java puts roughly 1 billion users during risk to enemy and antagonistic code.

The smirch was detected by researchers during Poland’s Security Explorations, a confidence organisation that already has a famous gusto for detection flaws in Java’s notoriously cart programming language.

In April, a confidence organisation found another zero-day Java exploit that influenced usually Java 7, that wasn’t done open until August. This latest smirch is worse in that it leaves all upheld versions of Java (Java 5, 6 and 7) on many desktop platforms (Windows, Mac, Linux and Solaris) exposed to criminals.

Security experts had formerly suggested Java users to hillside to Java 6 to equivocate a prior flaw, though that will no longer strengthen computers from attack.

[Should You Disable Java On Your Computer?]

The feat works in all vital browsers, including Internet Explorer, Safari, Firefox, Chrome and Opera. Mac users of Lion or Mountain Lion who commissioned Java after squeeze are also vulnerable. (Apple stopped bundling Java into a handling complement after Snow Leopard, Mac OS X 10.6.)

Security Explorations CEO Adam Gowdiak, who went open with a disadvantage yesterday (Sept. 25), pronounced it works by achieving “a finish Java confidence sandbox bypass.”

Sandboxing is a resource that runs programs in an removed sourroundings with singular entrance to other programs and to a computer’s supportive files and formula to forestall a potentially hurtful module from infecting a whole machine.

The Polish confidence firm’s feat find final month stirred Oracle, a owners of Java, to emanate a once-in-a-blue-moon “out-of-band” confidence patch on Aug. 30. The subsequent one is scheduled to be pushed out Oct. 16, a soonest Java users should design to see this new hole plugged.

After a prior Java feat was disclosed in August, heading to a call of attacks, Security Explorations claimed that they had detected a same confidence hole months before and warned Oracle about it, Sophos’ Naked Security blog reported.

Oracle unsuccessful to residence a emanate fast and when they did, Security Explorations demonstrated that a “rushed patch” could still be overcome.

When Web browsing initial became widely adopted by a public, removing around though Java would have been difficult. Now, many people don’t even know either Java runs on their browser or not.

To find out, you’ll need to check your settings. On PCs, Java settings are found underneath a Control Panel. For Macs, they’re underneath Utilities.

To see either we even need Java, try disabling it entirely. If it doesn’t interrupt your mechanism usage, leave it off; if it does, we can always spin it behind on. (You can check to see if your browser is using Java by visiting Oracle’s website.)

Another approach to lessen your risk is to keep Java plug-ins using usually on a browser we frequency use. When we need it for online use, use that browser; when we don’t, hang with your unchanging one.

Developed by Sun Microsystems as a self-contained height and programming denunciation in 1995, Java let users and organizations run programs opposite a accumulation of handling systems though glitches or corruption.

But as competing technologies such as Macromedia (later Adobe) Flash and Shockwave were adopted, Java became reduction ubiquitous. (Oracle bought Sun in 2009.)

With a current, though slow, rollout of a HTML 5 Web standard, that supports all demeanour of audio, video and other user interactivity directly in a browser, Java and Flash are expected to shortly be obsolete.

Copyright 2012 SecurityNewsDaily, a TechMediaNetwork company. All rights reserved. This element might not be published, broadcast, rewritten or redistributed.

Article source: http://www.foxnews.com/tech/2012/09/26/1-billion-computers-at-risk-from-java-exploit/