Cryptography

SAN FRANCISCO–Many carriers and mobile providers are touting
smartphones as the future of secure mobile payment systems, enabling
users to pay for purchases with an app on their phones, and this already
reality in many parts of Asia and Europe. However, researchers have
discovered that some of the more popular smartphone platforms leak
sensitive data during these transactions that could allow criminals to
spoof a victim’s phone and make purchases with the victim’s account.

SAN FRANCISCO — Mobile phones, tablet PCs and other new technologies are poised to take over the workplace, but organizations that hope to secure them before they do so face an uphill battle, according to a symposium on mobile security.

There’s a vulnerability in the Kerberos implementation in several versions of Ubuntu, which could allow an attacker to cause a denial-of-service on vulnerable servers. The bug is in Ubuntu 8.04, Ubuntu 9.10, Ubuntu 10.04 and Ubuntu 10.10.

Google has introduced a new two-step authentication feature for Gmail users that it says will significantly increase the security of the free mail service. The system enables users to set up a method for obtaining a secret code that will be required, along with a password, to access a Gmail account.

A popular wireless access point made by Cisco Systems’ Linksys unit has a vulnerability that enables a remote attacker to gain root access and execute arbitrary commands on the device. The bug is several months old and Linksys has not issued a patch for it yet.

A group of academic researchers at the University of Cambridge has developed a new technique for making JPEG images copy-evident, so that users can tell whether an image has been recompressed and copied.

Controversy has erupted around the free online dating site, PlentyofFish.com, after the Web site was
found to contain a serious security vulnerability that could have potentially exposed the personal
information of some 30 million users.