Flashlight apps are spying on users Android, iOS, Windows Phone smartphones, is yours on the list? Many of the top downloadable flashlight apps are accessing sensitive user data and compromising the safety of your device. Here’s a rundown of the top offenders and what to do about it. (Photo : Google Play | Tech Times) That innocent Flashlight App you installed on your device to shed light on certain situations is also spying on you, and potentially selling or using your personal data. Especially vulnerable are Android devices. Gary Miliefsky of cyber security firm Snoopbit, says, "'We've all become victims of installing many apps on our smartphones and tablets that do much more than the service they should provide. The firm did a study of the top ten Android flashlight apps and found that when downloaded they are given permission to access sensitive user information that clearly has nothing to do with their function as a simple flashlight for their users. © 2015 Tech Times, All rights reserved.
Android apps that fail to validate SSL - Google Sheets. Popular Android Apps with SSL Certificate Validation Failure. Background CERT tested many Android apps in 2014, and notified the authors of SSL certificate validation vulnerabilities. I found that "snap secure" was still vulnerable to a trivial MITM attack, and wrote a homework project for my students. I decided to test more apps on the CERT list, just to see what I could find.
Here are details of the CERT test and notification, from 9/3/2014: Finding Android SSL Vulnerabilities with CERT Tapioca. This spreadsheet from CERT, shows "Android App SSL Failures": Android apps that fail to validate SSL Testing Method I have Burp set up as a proxy for my Genymotion Android emulator, without the PortSwigger certificate installed, so secure sites give a warning in the default Web browser: So no HTTPS connections should be possible through the proxy. Here's the app: CERT notified the author about the SSL vulnerability on 8-27-14, and the app was updated on 3-13-15, but it's still vulnerable. Sending test credentials: Harvesting them from Burp via MITM attack: Top 10 External and Internal Vulnerabilities | Qualys, Inc. Windows Security: Vulnerabilities in Windows | Russ Harvey Consulting.
Vulnerabilities in Windows Update Windows | Windows Alternatives | ActiveX All Windows Versions are Vulnerable Ignore Windows security at your own peril. Beware of the Human Factor People are too trusting of any warning that appears on their computer, particularly when visiting websites with their browser. James Gleick illustrated this human factor in an article discussing some of the Windows vulnerabilities exploited by the I Love You virus.
We are more likely to open an email (or click on a advertising link) that appeals to our need for approval or caters to our fears. Virtually all scanners that suddenly appear on your screen warning about dozens or hundreds of vulnerabilities on your computer are scams. The exception would be when you visit legitimate sites and run their software (after asking you first). No, It's Not Microsoft Phoning You If you receive a phone call telling you that your computer is at risk, hang up. Your best solution is to simply hang up. Educate Yourself About the Risks. Most vulnerable operating systems and applications in 2014. See update at the end of this post An average of 19 vulnerabilities per day were reported in 2014, according to the data from the National Vulnerability Database (NVD).
The NVD provides a comprehensive list of software security vulnerabilities. In this article, I look at some of the trends and key findings for 2014 based on the NVD’s database. Some of the questions asked are: - What are the latest vulnerability trends? Are we seeing an increase or a decrease in the number of vulnerabilities? - What percentage of these vulnerabilities are rated as critical? - In which areas do we see the most vulnerabilities? - Which operating systems and applications are listed with most vulnerabilities? 7,038 new security vulnerabilities were added to the NVD database in 2014. 24% of these vulnerabilities are rated as high severity. Third-party applications are the most important source of vulnerabilities with over 80% of the reported vulnerabilities in third-party applications. Ubuntu Red Hat Enterprise.
Heartbleed Bug. The 10 most common Windows security vulnerabilities. We all know that Windows-based systems have plenty of potential security risks. But are your systems vulnerable? Likely so. Any given network is chock full of Windows vulnerabilities. It's a law of nature and a side effect of doing business using networked computers. But with the thousands of Windows vulnerabilities in the wild, what do you really need to focus your efforts on? Well, let me share with you the Windows-based weaknesses...
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. I'm seeing most often in my work -- things that can get you in a bind if you ignore them. Here's my top 10 list: File and share permissions that give up everything to everyone -- This is easily the biggest vulnerability I'm seeing with Windows systems regardless of the type of system or Windows version. Now that you know what to focus on, you can start finding out what's what. Every Version of Windows Is Affected By This Vulnerability - What You Can Do About It.
What would you say if we told you that your version of Windows is affected by a vulnerability that dates back to 1997? You’d laugh, right? Surely, after all, Microsoft would have patched the fault prior to releasing Windows 98, or at the latest, Windows 2000? Well, not quite. This Redirect to SMB vulnerability has its roots in the identically-named attack discovered by Aaron Spangler 18 years ago. Redirect to SMB: What Does it Do? Affecting Windows PCs, tablets and servers, Redirect to SMB – discovered by Cylance’s Brian Wallace – is a development of the original vulnerability. In 1997, Spangler found that introducing URLS beginning “file” would cause Windows to attempt authentication with an SMB server at the given IP address (for example, which could then be used to record login credentials. SMB is the Server Message Block protocol, mostly used for sharing files, printers, and serial ports on a network. How Redirect to SMB Might Be Used Against You Microsoft: Apple:
Top 10 Windows Vulnerabilities. By understanding Windows based vulnerabilities, organizations can stay a step ahead and ensure information availability, integrity, and confidentiality. Listed below are the Top 10 Windows Vulnerabilities: Web Servers - misconfigurations, product bugs, default installations, and third-party products such as php can introduce vulnerabilities. Microsoft SQL Server - vulnerabilities allow remote attackers to obtain sensitive information, alter database content, and compromise SQL servers and server hosts. Passwords - user accounts may have weak, nonexistent, or unprotected passwords. The operating system or third-party applications may create accounts with weak or nonexistent passwords. Workstations - requests to access resources such as files and printers without any bounds checking can lead to vulnerabilities. Network security assessments help organizations identify, manage, and reduce their risks.