A cross-site scripting (XSS) vulnerability exists in the browser version of AirDroid, a cloud management application for Google’s Android phones. According to an alert from the US-Computer Emergency Readiness Team (US-CERT), at the current time, there is no patch planned and there is no logical workaround.
You only have to glance at the headlines to know that the state of computer application security is bad. But a new report from Veracode makes clear how bad: just 16 percent of almost 10,000 applications tested in the last six months received a passing security grade on their first attempt.
Web surfers frustrated with the task of managing a forest of user names and passwords have been flocking to LastPass in an effort to simplify. But now a a security researcher says that a security flaw in that company’s Web site could reveal sensitive account details.
