∞ NSA releases security-enhanced Android

From H-Online : 

The National Security Agency’s SELinux Project has announced the first release of SE Android, a security enhanced version of Google’s Android operating system. SEAndroid is the name of both a project to identify, and find solutions for, critical gaps in Android security and of a reference implementation of a security enhanced Android. The project is currently focusing its efforts on enabling SELinux functionality in the hope that it can limit the damage done by malicious apps, but hopes to widen its scope in the future.

Tue-17-2012 | ❤ 6

★ Huge Yahoo! authentication security bug

(Article originally published in French on Clubic.com)

A huge bug has been discovered in Yahoo! authentication mechanism affecting third party applications, even those created by Yahoo!

A member of the Yahoo! Mail Group has discovered that people having connected third party applications may have a problem if they lose their smartphone. Indeed, despite what Yahoo says, changing the password will not be enough. This will not totally revok access to those third party applications.

Read more
Tue-17-2012 | ❤ 18

∞ 10-year old hacker finds flaw in mobile games

I guess DefCon participants were not waiting for this one!

From The Register :

A 10-year-old hacker has won the admiration of her adult peers for finding a previously unknown vulnerability in games on iOS and Android devices.

The young girl, who has adopted the hacker handle CyFi, discovered the timing related bug after she got bored with the slow progress of a FarmVille-style games. For example, crops in planting corn take at least 10 hours to mature.

But changing the clock time on a phone or tablet fools the game into instantly ripening crops. Some of the affected games attempt to detect such shenanigans but by changing the time by small increments or disconnecting devices CyFi managed to circumvent these counter-measures.

Mon-8-2011 | ❤ 12

∞ Biggest series of cyber-attacks in history uncovered

Not sure this is the biggest but certain have the same origins

From the Guardian

Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organisations including the United Nations, governments and companies around the world.

The security company McAfee, which uncovered the intrusions, said it believed there was one “state actor” behind the attacks but declined to name it. One security expert who has been briefed on the hacking said the evidence pointed to China.

Wed-3-2011 | ❤ 5

∞ Dropbox Accidentally Unlocked All Accounts

Hum.. scary and not a bad press as Microsoft unveils a new version of SkyDrive…

From The Dropbox blog:

Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm. A very small number of users (much less than 1 percent) logged in during that period, some of whom could have logged into an account without the correct password. As a precaution, we ended all logged in sessions.

Tue-21-2011 | ❤ 5

∞ PHP.net... hacked...

From PHP.net

The wiki.php.net box was compromised and the attackers were able to collect wiki account credentials. Our biggest concern is, of course, the integrity of our source code. We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found. The compromised machine has been wiped and we are forcing a password change for all svn accounts.

No wonder that 30% of all software vulnerabilities found their root in PHP

Tue-22-2011 | ❤ 2

∞ IE8 XSS filter exposes sites to XSS attacks

The cross-site scripting filter that ships with Microsoft’s Internet Explorer 8 browser can be abused by attackers to launch cross-site scripting attacks on websites and web pages that would otherwise be immune to this threat.

Die IE, just die hard!

Tue-20-2010