YourITDepo Archives

All Platinum Categories

  • Security
  • Service

    All Platinum Tags

    Archive for October 4th, 2011

    HTC confirms hole in its Android phones

    Posted on Tuesday, October 4th, 2011

    HTC on Tuesday confirmed a gaping vulnerability in its Android phones that could be exploited by a third-party to steal personal information from users.

    The company said it was not aware of any customers yet impacted by the flaw, but that it was “diligently” working on a fix.

    “Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it,” the statement said.

    The flaw, affecting several HTC Android smartphone models, was discovered by researcher Trevor Eckhart, who alerted the company about it on Sept. 24 and received no response for five days before going public with the issue on Friday, according to the blog AndroidPolice, which first reported the news.

    The bug stems from a recently added program, HTCLoggers.apk, which logs large amounts of information from the phones, according to Eckhart. The program enables any third-party app that requests permission to connect to the web to easily access data that has been logged. This information includes user accounts, email addresses, GPS locations, SMS data, phone numbers and system logs.

    HTC Android phones, including the EVO 3D, EVO 4G and Thunderbolt, among others, are affected, Eckhart said.

    In its statement, HTC advised customers to “use caution when downloading, using, installing and updating applications from untrusted sources.”

    Posted in Security by | Comments Off on HTC confirms hole in its Android phones

    Malicious security assaults increased 650% in past five years, Feds say

    Posted on Tuesday, October 4th, 2011

    Cybercriminals and other villains intent on stealing all manner of personal and government data are bombarding federal government agencies.

    Over the past 5 years, the number of incidents reported by federal agencies to US-CERT (United States Computer Emergency Readiness Team) has increased from 5,503 incidents in fiscal year 2006 to 41,776 incidents in fiscal year 2010 —
    including a more than tripling of the volume of malicious software since 2009 — an increase of over 650%, according to a Government Accountability Office security report out this week.

    US-CERT aggregates and disseminates cybersecurity information to improve warning and response to incidents, increase coordination of response information, reduce vulnerabilities, and enhance prevention and protection, the GAO added.

    “Reported attacks and unintentional incidents involving federal systems and critical infrastructure systems demonstrate that a serious attack could be devastating. Agencies have experienced a wide range of incidents involving data loss or theft, computer intrusions, and privacy breaches, underscoring the need for improved security practices,” the GAO stated.

    The good news is perhaps that according to US-CERT, the growth in the gross number of incidents is attributable, at least in part, to agencies improving detection of security incidents on their respective networks, and then possibly implementing appropriate responsive and preventative countermeasures, the GAO stated.

    Agencies reported the following types of incidents are occurring frequently:

    • Unauthorized access: Gaining logical or physical access to a federal agency’s network, system, application, data, or other resource without permission.
    • Denial of service: Preventing or impairing the normal authorized functionality of networks, systems, or applications by exhausting resources. This activity includes being the victim of or participating in a denial of service attack.
    • Malicious code: Installing malicious software (e.g., virus, worm, Trojan horse, or other code-based malicious entity) that infects an operating system or application. Agencies are not required to report malicious logic that has been successfully quarantined by antivirus software.
    • Improper usage: Violating acceptable computing use policies. Scans/probes/attempted access: Accessing or identifying a federal agency computer, open ports, protocols, service, or any combination of these for later exploit. This activity does not directly result in a compromise or denial of service.

    Posted in Security by | Comments Off on Malicious security assaults increased 650% in past five years, Feds say