Password-pilfering app exposes weakness in iOS and Android vetting process

4 12 2015

Ars Technica

November 12, 2015

Dan Goodin

Highlighting crucial weaknesses in Apple’s and Google’s processes for admitting new titles into their competing app stores, both companies have ejected a third-party Instagram app after discovering it probably pilfered user passwords and pictures.

InstaAgent, as the app was called, marketed itself as a program that tracked people who visited a user’s Instagram account. It had between 100,000 and 500,000 downloads from Google’s Play Store and was in the top charts of the iOS App Store. But behind the scenes, an app developer said earlier this week, the app sent users’ Instagram login credentials to a server controlled by the InstaAgent developer. Google was the first to pull the app. Apple later followed.

more.

The content in this post was found at http://arstechnica.com/security/2015/11/password-pilfering-app-exposes-weakness-in-ios-and-android-vetting-process/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.

 



Hacking tool swipes encrypted credentials from password manager

4 12 2015
Ars Technica
November 2, 2015 
Dan Goodin
Using a password manager is one of the biggest ways that average computer users can keep their online accounts secure, but their protection is pretty much meaningless when an end user’s computer is compromised. Underscoring this often ignored truism is a recently released hacking tool that silently decrypts all user names, passwords, and notes stored by the KeePass password manager and writes them to a file.

more.

The content in this post was found at http://arstechnica.com/security/2015/11/hacking-tool-swipes-encrypted-credentials-from-password-manager/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.



Facebook Beats Privacy Lawsuit Alleging Persistent Tracking

2 12 2015
Technology and Marketing Law Blog
Venkat Balasubramani
This is a lawsuit against Facebook alleging that it tracked people visiting websites throughout the web even if they were not logged on to Facebook. As the court describes the allegations, Facebook uses a persistent cookie that tracks a person’s interactions with any page containing a “like” button (regardless of whether or not the person interacts with the like button). Plaintiffs allege common law claims as well as state and federal statutory claims.

more.

The content in this post was found at http://blog.ericgoldman.org/archives/2015/10/facebook-beats-privacy-lawsuit-alleging-persistent-tracking.htm and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.

 



Low-cost IMSI catcher for 4G/LTE networks tracks phone’s precise locations

2 12 2015
Ars Technica
October 28, 2015
Dan Goodin
Researchers have devised a low-cost way to discover the precise location of smartphones using the latest LTE standard for mobile networks, a feat that shatters widely held perceptions that it’s immune to the types of attacks that targeted earlier specifications.

The attacks target the LTE specification, which is expected to have a user base of about 1.37 billion people by the end of the year. They require about $1,400 worth of hardware that run freely available open-source software. The equipment can cause all LTE-compliant phones to leak their location to within a 32- to 64-foot (about 10 to 20 meter) radius and in some cases their GPS coordinates, although such attacks may be detected by savvy phone users. A separate method that’s almost impossible to detect teases out locations to within an area of roughly one square mile in an urban setting.

more.

The content in this post was found at http://arstechnica.com/security/2015/10/low-cost-imsi-catcher-for-4glte-networks-track-phones-precise-locations/ and was not authored by the moderators of freeforafee.com. Clicking the title link will take you to the source of the post.