Three researchers in Germany at the University of Ulm have discovered a massive security hole in Android – so big, in fact, that it affects at least 97%, and as many as 99%, of all Android users. The researchers, Bastian Könings, Jens Nickels, and Florian Schaub, have discovered that the security flaw allows anyone who is sniffing around your connection on an unsecured wireless network to acquire your Google authorization credentials from a specific token (the authToken), giving them access to your contacts, your calendar and, well – really any application that authenticates you by using your Google authorization credentials contained within that authToken.
If you received a notice from one or another company with whom you do business or have done business in the past, saying that your email address has been compromised due to a data security breach at email service provider (ESP) Epsilon (due to their customers’ email lists being hacked and stolen), you’re not alone. Oh, you are so not alone. Banks, large merchants, and others, have all had their entire list of customers’ email addresses swiped and leaked due to the Epsilon data breach. Chase Bank, Citi Bank, Best Buy, Krogers – even Disney, have all been affected – as have their customers. Of course, lots of people receiving these notices will assume that they are phishing attempts (and there will undoubtedly be phishing attempts riding on the coat tails of this fiasco). Here is the complete list as we know it today – if you have received a notice saying that your email address has been compromised, please add the name of the company involved to the list here.
If you have ever had an account – even just to leave comments to articles and posts – on Gizmodo, Lifehacker, Gawker, Jezebel, io9, Kotaku, Deadspin, Fleshbot or Jalopnik, then you are in for a nasty surprise. Odds are good that your account has been compromised, and your user name and password posted on the Internet, as the result of security breach of Gawker Media’s servers that happened over the weekend. Gawker media does get points for alerting all of their users as soon as they discovered the breach (about 10 minutes ago as of the time of this posting on 6:20 p.m. PST on Monday, December 13th, 2010).
iPhones will join any old hotspot so long as it claims to be an attwifi hotspot, says a researcher who discovered the security hole this week. This security hole can lead unsuspecting iPhone users to give up all sorts of personal information to anyone who knows how to change the name of their wireless access point.
Microsoft has just announced an emergency patch for both Internet Explorer (IE) and Office Products, and it is recommended that everyone install this patch ASAP (link to patch included below). This affects Internet Explorer 6 (IE6), Internet Explorer 7 (IE7) and Internet Explorer 8 (IE8) as well as any Microsoft Office Product with ActiveX, including Microsoft Word, Excel, PowerPoint and Microsoft Access.
Holy privacy and security issue! A Palm Pre user who is also a securitygeekstud has discovered that Palm Pres (or should that be Palm Pri? Palm Prie? What is the plural of “Pre”?) are spying on Palm Pre users and on how they are using their Palm Pre, and reporting back to Palm!
Malware pushers have been quick to exploit confusion over a patch that was released yesterday by Norton Security for users of older versions of Norton. The patch was accidentally unsigned, which caused Norton to throw an error referencing the “pifts.exe” file. As a result, hords of Norton users have been searching Google for pifts.exe (or searching in their other favourite search engine for pifs.exe).
Microsoft has gone outside their usual patch release schedule and has released an emergency patch which everyone running affected versions of Windows is urged to get and install immediately.
A new hotel network security study by Cornell University entitled “Hotel Network Security: A Study of Computer Networks in U.S. Hotels” has proven that using the wireless Internet – and even cabled Internet – at your hotel is almost always inherently insecure and unsafe.
An intriguing and novel eavesdropping technique has been disclosed by a group of German scientists, who describe and demonstrate in their paper “Compromising Reflections, or How to Read LCD Monitors Around the Corner” how your monitor screen can be read from a distance, by pointing a telescope at its content reflected in nearby objects. Teapots, spoons, plastic bottles, glasses and even the surface of the user’s eye offer sufficient quality for text on the screen to be intelligible, even at long distance.