Hackers Dupe Apple

Apple’s security was once again made a laughing stock as a team of researchers demonstrated how it is possible to sneak apps past Apple’s test regime. A group of researchers presenting at Usenix were able to spreading malicious chunks of code through an apparently-innocuous app for activation later.

According to their paper the Georgia Tech team wanted to create code that could be rearranged after it had passed AppStore’s tests. The code would look innocuous running in the test environment, be approved and signed, and would later be turned into a malicious app.

They created an app that operated as a Georgia Tech “news” feed but had malicious code was distributed throughout the app as “code gadgets” that were idle until the app received the instruction to rearrange them. After the app passes the App Review and lands on the end user device, the attacker can remotely exploit the planted vulnerabilities and assemble the malicious logic at runtime by chaining the code gadgets together.

The instructions for reassembly of the app arrive through a phone-home after the app is installed.

The app will run inside the iOS sandbox, but can successfully perform many malicious tasks, such as stealthily posting tweets, taking photos, stealing device identity information, sending email and SMS, attacking other apps, and even exploiting kernel vulnerabilities.

Source

Websites ‘Leaking’ User Info To Other Firms

Many top websites share their visitors’ names, usernames or other personal information with their partners without alerting users and, in some cases, without knowing they’re doing it, according to a new study from Stanford University.

Many websites “leak” usernames to third-party advertising networks by including usernames in URLs that the ad networks can see in referrer headers, said the study, released Tuesday by Stanford Law School’s Center for Internet and Society. While there’s a debate in legal circles whether usernames are personal information, there’s a growing consensus among computer scientists that Web-based companies can use usernames to identify their owners, said Jonathan Mayer, a Stanford graduate student who led the study.

“The vast majority of usernames are unique,” he said. “Given the prevalence of social networking, often times, once you have a username for a social network, you then also have a person’s real name, possibly a photo, possibly more.”

Other websites share first names, email addresses and other information with advertising or other partners, Mayer said at a privacy conference in Washington. Those identifiers “get associated not just with what you’re doing right now, but get associated with what you’ve done in the past, and what Web browsing activity you may have in the future,” he said.

Source….

Cell Phones Can Be Dangerous

It appears that an Australian brain surgeon has called the latest report in reference to the report on the potential harmful effects of mobile phones as a wake-up call to users and the telecommunications industry.

Dr Teo, said he was “pleased” that at last there came conclusive proof that mobile phones caused brain tumours. He also went on to say that the report should serve as a ”wake up call’ that should alert both the public and the mobile phone industry to the link between mobile use and cancer.”

As you know a report was released by the World Health Organisation’s cancer research wing that said radio frequency electromagnetic fields generated by cell phones are “possibly carcinogenic to humans” and heavy usage could lead to a possible increased risk of glioma, a malignant type of brain cancer.

Read More…