The year 2012 is expected to be a breakthrough year for cyber attacks on smartphones.
Not only are they loaded with all sorts of personal and possibly business information a crook would like to steal, but most smartphones are also completely unprotected. And most people are not aware of the threat.
“We’ve definitely got to start to worry about security on mobile devices,” said James Lyne, an expert on mobile security at Sophos Labs, one of the giants in the data security business.
“For the last few years, it’s really been more of a hyped topic. But over 2011 we started to see the bad guys produce some nasties just like on the PC for these mobile devices. So it’s more important we’re protecting ourselves,” Lyne said.
[click to continue…]
Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that’s passing between a webserver and an end-user browser.
The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet’s foundation of trust. Although versions 1.1 and 1.2 of TLS aren’t susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he’s visiting.
At the Ekoparty security conference in Buenos Aires later this week, researchers Thai Duong and Juliano Rizzo plan to demonstrate proof-of-concept code called BEAST, which is short for Browser Exploit Against SSL/TLS. The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts. The exploit works even against sites that use HSTS, or HTTP Strict Transport Security, which prevents certain pages from loading unless they’re protected by SSL.
[click to continue…]
Hackers have obtained a digital certificate good for any Google website from a Dutch certificate provider, a security researcher said today.
[click to continue…]
In one of the first cases of its kind in Britain, Glenn Steven Mangham, 25, used “considerable technical expertise” to repeatedly bypass security at the world’s dominant social network, it was claimed.
The student, from York, faces five charges, including that he “made, adapted, supplied or offered to supply” a computer program to hack into a Facebook server, Westminster magistrates’ court heard.
Police sources described the incidents as one of the first investigations into attempts to illegally access the site, which boasts more than 750 million members worldwide.
One Scotland Yard source told The Daily Telegraph that detectives were not aware of any hacking attempts “to this extent” on the site in Britain. It is understood Mangham does not have a Facebook profile.
Mangham was arrested by officers from the Metropolitan Police’s Central e-Crime Unit in early June on suspicion of “computer hacking offences” before being charged earlier this month.
[click to continue…]
