[img_assist|nid=10979|title=Paul Brodeur|desc=|link=none|align=right|width=100|height=100]We wrote yesterday about research by Paul Brodeur of Leviathan Security Group on security weaknesses that are built into Google’s Android mobile operating system. Brodeur was able to show, using a proof of concept application, that Android applications without any permissions can still access files used by other applications, including which applications are installed and a list of any readable files used by those applications. In this question and answer session, Brodeur corresponds with Threatpost about his ongoing work studying the Android operating system, and how a combination of loose application coding and insecure design makes Google’s Android a boon for advertisers and others who want to harvest data on mobile users.*
Browsing Tag: data breach
The term “permissions” may be a relative one for Google’s Android operating system, which grants applications with no permissions access to a wide range of user and device data, according to research from the company Leviathan Security Group.
Federal authorities have arrested a Texas man accused of working for the hacking group CabinCr3w, a group that once targeted Goldman Sachs CEO LLoyd Blankfein.
Pastebin.com could soon find itself on the wrong side of some of its most reliable traffic generators, namely, Anonymous, (what’s left of) LulzSec, and other hackers now that the site’s owner, Jeroen Vader, said he plans on hiring more staff to patrol the text-sharing site for “sensitive information,” according to a BBC report.
Call it a “rocky start”: U.S. Ambassador to Russia Michael McFaul used his Twitter account to lash out at domestic news operation NTV, which he accused of hacking his e-mail account and cell phone in order to follow the Ambassador about town. The accusation has prompted a sharp response from critics in Russia.
The topic of this program is often how to prevent security issues and attacks, but the reality is that company’s need to understand attacks and how to respond to attacks after they happen. In this episode, Alex Horan of Core Security and Ted Julian of Co3 join Threatpost Editor Paul Roberts to discuss what happens after the breach.
Call it a disaster recovery drill disaster. The loss of four magnetic tape cartridges containing data on 800,000 California residents was the unfortunate result of an IBM-managed disaster recovery exercise gone wrong, said Christine Lally, Assistant Secretary, Legislation & Communications for the California Technology Agency.
UPDATE–MasterCard and Visa have confirmed that they are investigating a potentially huge data breach at one of the companies’ payment processors, which the Wall Street Journal has identified as Global Payments Inc.
Backup cartridges containing records on 800,000 individuals belonging to the California Department of Child Support Services (DCCS) were lost in transit between an IBM facility in Colorado and DCCS’s headquarters in California On March 12, according to a statement from DCCS. (PDF)
The Federal Trade Commission announced on Tuesday that it had reached a settlement with RockYou over violations of the Children’s Online Privacy Protection Act (COPPA) after the Web site allowed hackers to gain access to the personal information of its 32 million members.