Firm finds security holes in mobile bank apps

Firm finds security holes in mobile bank apps

Firm finds security holes in mobile bank apps

Posted:

InfoSec News: Firm finds security holes in mobile bank apps: http://news.cnet.com/8301-27080_3-20021874-245.html
By Elinor Mills InSecurity Complex CNet News November 4, 2010
A security firm disclosed holes today in mobile apps from Bank of America, USAA, Chase, Wells Fargo and TD Ameritrade, prompting a scramble by most of the companies to update the apps.
"Since Monday (11/01/2010), we have been communicating and coordinating with the financial institutions to eliminate the flaws," research firm viaForensics wrote in a post on its site. "The findings we published reflect testing completed on 11/03/2010. Since that time, several of the institutions have released new versions and we will post updated findings shortly."
The company had reported its findings to The Wall Street Journal earlier in the day. Yesterday, viaForensics went public with problems in PayPal's iPhone app, spurring the online payment provider to action.
Specifically, viaForensics concluded that: the USAA's Android app stored copies of Web pages a user visited on the phone; TD Ameritrade's iPhone and Android apps were storing the user name in plain text on the phone; Wells Fargo's Android app stored user name, password, and account data in plain text on the phone; Bank of America's Android app saves a security question (used if a user was accessing the site from an unrecognized device) in plain text on the phone; and Chase's iPhone app stores the username on a phone if the user chose that option, according to the report.
[...]

MPD antiterrorism file leak traced to Luxembourg server

Posted:

InfoSec News: MPD antiterrorism file leak traced to Luxembourg server: http://mdn.mainichi.jp/mdnnews/news/20101103p2a00m0na011000c.html
Mainichi Japan November 3, 2010
Internal information about the Tokyo police's anti-terrorism activities found circulating online was leaked via a server in Luxembourg, investigative sources have revealed, raising the possibility that there was intent to disguise the source of the leak.
Furthermore, there have been no signs that computers at the Metropolitan Police Department (MPD) were infected with a virus via a file-sharing program, increasing the likelihood that the data was leaked intentionally. Those involved in the case say that it will be difficult to trace the leak.
According to investigators and experts, records of the leak -- which took place via the file-sharing program Winny -- showed that the information had been uploaded onto the Internet via a server in Luxembourg. Experts say that when computers in Japan are infected with a virus, the source of the virus is usually traced to a domestic server. The MPD is currently trying to trace the original server used to upload the leaked information.
The MPD has found 114 documents online, which include information on people believed to be cooperating with terrorism investigations and those who are under investigation. Of these, 108 documents were in PDF format.
[...]

Burma Taken Off-Net By Cyber Attack

Posted:

InfoSec News: Burma Taken Off-Net By Cyber Attack: http://www.eweekeurope.co.uk/news/myanmar-taken-off-net-by-cyber-attack-11113
By Peter Judge eWEEK Europe November 4, 2010
The Asian nation of Myanmar, still widely known as Burma, has been virtually taken of the Net by a sustained attack of unknonw origin. [...]

Metasploit and SCADA exploits: dawn of a new era?

Posted:

InfoSec News: Metasploit and SCADA exploits: dawn of a new era?: http://www.zdnet.com/blog/security/metasploit-and-scada-exploits-dawn-of-a-new-era/7672
By Ryan Naraine Zero Day ZDNet News November 4, 2010
Guest editorial by Shawn Merdinger
On 18 October, 2010 a significant event occurred concerning threats to [...]

Hacker Attacks on Cheong Wa Dae on the Rise

Posted:

InfoSec News: Hacker Attacks on Cheong Wa Dae on the Rise: http://english.chosun.com/site/data/html_dir/2010/11/04/2010110401076.html
The Chosum Ilbo Nov. 04, 2010
Cyber attacks targeting the computers of Cheong Wa Dae officials are increasing as the G20 Summit in Seoul approaches, officials say. Even the home computers of senior Cheong Wa Dae officials have apparently become targets.
Officials believe North Korean hackers based in China are behind the attacks. "North Korean hackers are increasingly accessing the website of the G20 Summit preparatory committee," said one Cheong Wa Dae official. "They appear to be gathering data of lower importance, but we are keeping our eyes open for any sudden moves."
As the hacking attempts intensify, officials are changing their computers every six months, and security officials at the presidential office are having their cars screened every month for bugs planted by North Korean agents.
According to the National Intelligence Service, North Korea has a 1,000-strong hacker unit. There have been 9,200 hacking attempts targeting the computers of the G20 Summit preparatory committee and other government agencies this year. Since June, the government has been running a special cyber defense team to prevent attacks against major private and public computer networks.
[...]

Secunia Weekly Summary - Issue: 2010-44

Posted:

InfoSec News: Secunia Weekly Summary - Issue: 2010-44: ========================================================================
The Secunia Weekly Advisory Summary 2010-10-28 - 2010-11-04
This week: 78 advisories [...]

Europe attacks itself in cyber-warfare test

Posted:

InfoSec News: Europe attacks itself in cyber-warfare test: http://www.theregister.co.uk/2010/11/04/europe_cyber_test_lives/
By John Oates The Register 4th November 2010
Security experts are launching fake cyber-attacks against various European institutions today to check the response of European cyber defence. [...]

Career Bobs

Posted by Rohan ingale at 1:22 AM

0 comments:

Post a Comment