Articles Tagged:

security

200 articles
...

Google Seeks To Reward Proactive Security Improvements In Android By Expanding Patch Rewards Program To AOSP

Back in October, Google announced a rewards program that would give financial incentives for "down-to-earth, proactive improvements" to security across third-party open-source projects that Google deems "vital to the health of the entire Internet."

Starting with core infrastructure services, Chrome foundations and other "high impact libraries," Google vowed to expand the program soon. Today, in an entry to the official security blog, Google announced that the program has been expanded in scope to include open-source bits of Android, found in AOSP, and several other projects.

We started with a fairly conservative scope, but said we would expand the program soon. Today, we are adding the following to the list of projects that are eligible for rewards:

  • All the open-source components of Android: Android Open Source Project
  • Widely used web servers: Apache httpd, lighttpd, nginx
  • Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot
  • Virtual private networking: OpenVPN
  • Network time: University of Delaware NTPD
  • Additional core libraries: Mozilla NSS, libxml2
  • Toolchain security improvements for GCC, binutils, and llvm

According to the patch rewards guidelines, rewards can range from $500 to $3,133.70, with higher rewards going to solutions with unusually high impact or solutions to exceedingly complex issues.

Read More
...

Here Are The Details Of Recently Discovered Vulnerabilities That Allowed Any App To Gain Root Privileges With SuperSU And Superuser

An XDA member recently unveiled serious vulnerabilities in all three root packages used to gain superuser access on devices. The developers have been contacted, and the two active projects are working to address the issues. If you're running an older version, you might want to get on the update train.

According to cernekee on XDA, the vulnerabilities allow for a malicious app to obtain root access without going through the proper channels. You wouldn't see a notification at all – the app could just do its business in secret. Superuser from ChainsDD is no longer in development, but some folks are still using it.

Read More
...

PSA: The Latest Google Play Services Update May Disable Android Device Manager (Remote Lock And Wipe) In Device Administrators

There's a new Google Play Services app in town, and it includes all kinds of goodies for developers. But there's a nasty surprise waiting inside Google Play Services 4.0, at least for users on some devices: it may have disabled the Android Device Manager's permission to act as a Device Administrator. This is what allows users to access the new remote lock and device wipe features from the web... which some of them might not realize they can no longer do.

2013-11-06 08.31.15

2013-11-06 08.31.45 2013-11-06 08.31.59

It's a simple fix: just check the version number of your Google Play Services app (it seems to be affecting both 4.0.30 and the slightly newer 4.0.31), then check the Device Administrators section of your Security settings page.

Read More
...

KitKat Feature Spotlight: SELinux Defaults To Enforcing Rather Than Permissive, Other New Security Features

Yet another facet of KitKat worth pointing out today is the addition of new security enhancements to the OS. Security is one area that's frequently sensationalized with Android - it seems that every few days a scare story about Android malware creeps onto my Google News page. Google's eliminating security arguments (and possible arguments) one at a time, though, and has made a few key enhancements this time around.

First among them is a change to SELinux. For those not up to speed, SELinux - introduced in Android 4.2 - is essentially a set of kernel add-ons and tools that restricts pieces of software to run with only the bare minimum privilege set they require to function properly, and minimizes the damage a malicious program can do by tightly controlling security policy.

Read More
...

[New App] Popular Windows Anti-Malware Suite Malwarebytes Now Available On Android

According to Google, less than one hundredth of a percent of apps out there are both malicious and capable of evading the built-in defenses in both Android and the Google Play Store. But if you really feel like you need a defense from that one-in-100,000 app, a trusted name in software protection has just entered the fray. Malwarebytes, makers of the popular eponymous Windows software, is now offering its services on Android.

unnamed (8) unnamed (10) unnamed (11)

The anti-malware app works on the familiar and relatively ancient principle of a scanner paired to an updated database of naughty apps. According to the company's press release, the app actively scans for "over 200 malware families" in real-time in both apps and general files.

Read More
...

Google Talks Android Malware, Estimates That .001% Of Apps Evade Defenses And Harm Users

You hear a lot of reports about malware and other undesirable third-party apps these days, especially from security researchers (and people who want to sell you something to make you feel safe). It's undeniable that malicious apps are a problem on an open system, but new data from Google indicates that the amount of actual harm being done might be negligible. QZ.com reports on a presentation from Google's Android Security Chief Adrian Ludwig at the Virus Conference in Berlin. He estimates that .001% of Android apps are able to get past Google's defenses.

image-4-mlod-with

That number includes both apps on the Google Play Store and 1.5 billion side-loaded or non-Play Store app installs, at least on devices that also include the Play Store and its Verify Apps feature.

Read More
...

Google Voice To Receive Enhanced Voicemail Security Starting October 1

Google will soon roll out changes to Voice intended to prevent unauthorized access to our voicemail inboxes. To access accounts via phone, you will now have to call from a verified forwarding number. If you're calling from a number Google doesn't recognize, you will be prompted to enter a verified number instead. In addition to this, PIN codes can now be up to 10 digits long. These changes will take effect starting on the first day of October, and anyone who signs in via a web browser should receive a notification giving them a head's up.

Voice1

If you want to tinker with your phone forwarding or voicemail settings before these changes take effect, here are instructions for doing so straight from Google.

Read More
...

[APK/Website Teardown] Next Up For Android Device Manager: Remote Password Changing And Device Locking

When Google launched the Android Device Manager in early August, I applauded the initiative because we finally got a much-needed security solution that was built into every Android devices that ships with Google's services. Rather, it was a good start, since the functionality was so limited: location, remote wipe, and alarm.

For the last two days, I've been digging around the new Google Play Services APK 3.2.64 that started rolling out to Android devices everywhere. If you remember, Google Play Services is the company's secret weapon to combat lack of device updates, as Google can push new functionality to everyone without the need for OS patches.

Read More
...

SuperSU Updated To v1.60, Compatible With Samsung's Latest Galaxy S 4 Firmwares With KNOX

These days, it seems like everybody is trying to make Android more secure. As usual, rooting and modding are often casualties of this effort. Just over a month ago Android 4.3 broke the existing model for root, forcing updates to existing methods, and now Samsung is rolling out updated Android 4.2.2 firmwares for the Galaxy S 4 which fully enable the company's heavily secured KNOX environment. Fortunately, Chainfire is already on top of it and has updated his popular root software, SuperSU, to be compatible with the new system.

nexusae0_KNOX

Samsung has been charging full steam ahead on the movement towards corporate security.

Read More
...

Piper Home Automation And Security Gadget Reaches $100,000 Indiegogo Goal

Piper is a nifty little gadget that combines a number of recently deployed technologies to create a connected and hyper-aware home automation hub. The project has been getting a lot of press since it appeared on Indiegogo a couple of weeks ago, and it passed its $100,000 funding goal today. There's another twenty days before the project ends, so the creators won't be wanting for funds.

Piper is essentially is a little box that's stuffed with a ton of sensors and WiFi connectivity, making it the hub of a connected house. It functions as a security and monitoring tool first and foremost, thanks to a panning wide-angle webcam and microphone.

Read More
Page 7 of 20«First...56789...20...Last»
Quantcast