Applications


California Attorney General Fighting for Mobile Privacy Rights

UPDATE – In an attempt to reign in the tendency of indifference toward consumer privacy among mobile application developers, California Attorney General Kamala D. Harris today made public a list of guidelines regulating the ways in which mobile application developers and technology companies handle user data and educate users about what they intend on doing with that data.


We wrote yesterday about research by Paul Brodeur of Leviathan Security Group on security weaknesses that are built into Google’s Android mobile operating system. Brodeur was able to show, using a proof of concept application, that Android applications without any permissions can still access files used by other applications, including which applications are installed and a list of any readable files used by those applications. In this question and answer session, Brodeur corresponds with Threatpost about his ongoing work studying the Android operating system, and how a combination of loose application coding and insecure design makes Google’s Android a boon for advertisers and others who want to harvest data on mobile users.* 

From DarkReading (Kelly Jackson Higgins)
The cleanup cost for fixing a bug in a homegrown Web application ranges anywhere from $400 to $4,000 to repair, depending on the vulnerability and the way it’s fixed.
Security experts traditionally have been hesitant to calculate the actual cost associated with bug fixes because there are so many variables, including the severity of the vulnerability, differences in man-hour rates, and the makeup of the actual fix. Read the full story [darkreading.com]

Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention.
According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could lead to the theft of sensitive information and cookie-based authentication credentials.  Here’s the top-five list [zdnet.com]

From DarkReading (Kelly Jackson Higgins)
Danish security firm Secunia is attempting to rally other software vendors to develop an industry-standard tool that automatically updates all applications on a consumer’s PC.
Secunia envisions an industry-standard app that runs when a laptop starts up, for example, scanning for unpatched or vulnerable apps and guiding the user with simple point-and-click options to update the machine. Read the full story [darkreading.com]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.