Friday, November 22, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Mobile Apps

ComputerWorld Independent 

Amazon wants to deliver groceries to your car trunk — not a good idea

admin , ,

Credit to Author: Evan Schuman| Date: Tue, 17 Oct 2017 03:00:00 -0700

In the minds of mobile shoppers, where is the line between convenience and personal space/privacy? We now have two retailers — Walmart and Amazon, the giants of in-store and online shopping, respectively — separately testing programs to deliver purchases directly into your home or your car trunk when the shopper is nowhere near. 

Both efforts rely on mobile devices connecting shoppers to the scene of the delivery, where customers can theoretically watch the delivery in real time. It isn’t practical or likely, but that’s the idea. Mobile is what justifies these attempts.

Walmart’s efforts, focused entirely on shoppers letting the retailer unlock a home’s front door and put away the groceries in the shopper’s kitchen and refrigerator/freezer, is an idea that begs for a privacy/security disaster to happen. A prudent executive looks at any cutting-edge plan and asks, “What could go wrong with this and how bad is it for our customers if it does?”

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

It's time for IT to take control of mobile apps

admin , ,

Credit to Author: Evan Schuman| Date: Tue, 05 Sep 2017 14:13:00 -0700

IT is seeing a very dangerous collision of two trends: BYOD and mobile apps. IT’s job is, among other things, to protect corporate data, a portion of the company’s intellectual property. And yet easily downloaded consumer apps are threatening that data security by sharing their sensitive data with mobile apps that have almost infinite capabilities.

Consider this reference from a scary story courtesy of The Intercept: “When launched for the first time, [popular app Sarahah] immediately harvests and uploads all phone numbers and email addresses in your address book. Although Sarahah does in some cases ask for permission to access contacts, it does not disclose that it uploads such data, nor does it seem to make any functional use of the information.”

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Schools in Alabama warn parents about Blue Whale ‘suicide game’ app

admin , ,

Credit to Author: Darlene Storm| Date: Wed, 10 May 2017 10:44:00 -0700

A “suicide game” presented in an app sounds like an urban legend or something from a horror flick, but unfortunately the “Blue Whale Challenge” is real. In fact, police and school districts have issued warnings about the app and even Instagram serves up a warning after searching for the #bluewhalechallenge.

blue whale challenge instagram message IDG

Vulnerable young people are the targets for Blue Whale. Once the app is downloaded onto a phone, it reportedly hacks the phone and harvests the user’s information. In the Blue Whale Challenge, a group administrator – also referenced as a mentor or master – gives a young person a task to complete each day for 50 days. If a person balks at the daily task, then the personal information which was stolen is used as a form of blackmail as in do this or else your private information will be released or your family threatened. The task on the last day is to commit suicide. This is supposedly winning the game.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Google Play faces cat-and-mouse game with Android malware

admin , ,

Credit to Author: Michael Kan| Date: Fri, 24 Mar 2017 11:16:00 -0700

What’s the best way to avoid Android malware? Downloading all your apps from the Google Play store — where software is vetted – is perhaps the best advice.  

But that doesn’t mean Google Play is perfect.

Security researchers do find new Android malware lurking on Google’s official app store. That’s because hackers are coming up with sneaky ways to infiltrate the platform, despite the vetting processes that protect it.

“Eventually, every wall can be breached,” said Daniel Padon, a researcher at mobile security provider Check Point.

To be sure, most Android users will probably never encounter malware on the Google Play store. Last year, the amount of malicious software that reached the platform amounted to only 0.16 percent of all apps, according to a new report from Google.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Security holes in Confide messaging app exposed user details

admin , ,

Credit to Author: Michael Kan| Date: Wed, 08 Mar 2017 12:51:00 -0800

Confide, a messaging app reportedly used by U.S. White House staff, apparently had several security holes that made it easier to hack.

Security consultancy IOActive found the vulnerabilities in Confide, which promotes itself as an app that offers “military-grade” end-to-end encryption.

But despite its marketing, the app contained glaring problems with securing user account information, IOActive said in a Wednesday post.

The consultancy noticed it could access records for 7,000 Confide users by exploiting vulnerabilities in the app’s account management system. Part of the problem resided with Confide’s API, which could be used to reveal data on user’s phone numbers and email addresses.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

WhatsApp reduces spam, despite end-to-end encryption

admin , , ,

Can a spam filter work even without reading the content of your messages?

WhatsApp thinks so. Since last April, the messenger app has been successfully fighting spam abuse, even as it’s been using end-to-end encryption.

That encryption means that no one — not even WhatsApp — can read the content of your messages, except for the recipient.

More privacy, however, can raise issues about spam detection. If WhatsApp can’t scan your messages for suspicious content, say for advertisements peddling cheap Viagra, then how can it effectively filter them out?

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Google pushed developers to fix security flaws in 275K Android apps

admin , , ,

Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps.

Since 2014, Google has been scanning apps published on Google Play for known vulnerabilities as part of its App Security Improvement (ASI) program. Whenever a known security issue is found in an application, the developer receives an alert via email and through the Google Play Developer Console.

[To comment on this story, visit Computerworld’s Facebook page.]

To read this article in full or to leave a comment, please click here

Read more