Hard on the heels of the controversy that arose recently around Symantec and its claims that numerous apps on the Android Market were actually malware in disguise, Google on Thursday unveiled a new tool to help it identify malicious apps.
Symantec subsequently recanted its assertions, of course, but in the meantime there's now a service called “Bouncer” that aims to keep the Android Market free of malware by quietly and automatically scanning it for questionable apps.
“Today we’re revealing a service we’ve developed, codenamed Bouncer, which provides automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process,” wrote Hiroshi Lockheimer, vice president of engineering for Android, in a Thursday post on the Google Mobile Blog.
VeriSign – the company behind the root DNS servers that provide the foundation for the Web, and formerly the largest encryption certificate authority – has revealed that it was repeatedly hacked in 2010. Details are sparse thus far, but the revelation calls into question the security of the Internet itself.
Let’s start with what (little) we know. The disclosure did not happen as a result of VeriSign discovering the breach and taking responsible, proactive action to alert customers and address the situation. No, VeriSign buried the information in a quarterly Securities and Exchange Commission (SEC) filing as if it was just another mundane tidbit.
IT staff at VeriSign allegedly discovered the compromise in 2010, but hid the incident from upper management until sometime in 2011. VeriSign itself may not be at fault for the initial delay in disclosure, but it appears that a significant amount of time has passed since VeriSign executives learned of the breach, and yet the company still tried to sneak the information covertly in an SEC filing.
Symantec stirred up controversy last week when it announced the discovery of apps in the Android Market that it deemed malicious. Symantec has now stepped back from calling the apps “malware”, but it still maintains that the apps in question do unwanted things that legitimate apps shouldn’t do…so what’s the difference, exactly?
The thing is, the apps do things that cross the line. Symantec says the apps can change the default home page in the browser, add bookmarks, and place shortcuts. Those are the sorts of actions I associate with browser hijackers in Windows, and I can say with confidence that I would not appreciate having an app perform those actions without my explicit consent on my smartphone.
It's been known for some time that there are security issues associated with the increasing use of RFID tags in credit cards, but this past weekend afforded a fresh demonstration of just how easy it is for hackers to take advantage of them.
Onstage at the Shmoocon hacker conference in Washington, D.C., Recursion Ventures security researcher Kristin Paget used about $350 in equipment to wirelessly read a volunteer’s RFID-enabled credit card and then encode its key data onto a blank card, as described Monday by Forbes.
If you're anything like me, you're usually quick to reach for the "Forgot Password" link on most webpages that you don't visit that often. Sure you could have your browser remember your passwords for everything, but that probably isn't the best approach when it comes to handling your login information.
Today, Norton launched a public beta of its new Norton Identity Safe service for Windows, Mac, iOS, and Android. Similar to 1Pass, Norton Identity Safe will store your website login info into an encrypted file that is protected by a single master password. That way, instead of having to remember several different passwords and usernames, you only need to remember the one.
Any password or usernames entered on the desktop client will be automatically synced to the apps and vice versa. And, for an even safer browsing experience, Norton Identity Safe comes with Norton Safe Search built-in. Safe Search uses Norton's database of websites to tell you if site is trustworthy or not.
Despite the popularity of real-time communications like instant messaging, as well as updates via Facebook and Twitter, most workplaces still use and rely on email. As handy as email can be, it can also be dangerous. Attachments can contain viruses, and email messages can hide phishing links that lead you to fake websites in an attempt to steal your login information.
Tech giants including Google and Facebook aim to establish a new standard called DMARC to reduce these threats in the future. For now, however, there are five things you can do to help secure your email.
SourceFire is a trusted name in information security. It has been around for over 10 years, and it is the steward of popular open source tools like Snort intrusion detection. Now, SourceFire is using big data analytics to give organizations better tools to fight malware with FireAMP.
FireAMP is a malware discovery and analysis platform that can identify advanced malware threats, and provide data necessary to understand the scope of the threat, and contain it. It uses a small agent on endpoints to relay data to FireCLOUD--a cloud-based analysis engine that uses big data analytics to identify and score threats that are missed by other security tools.
In and of itself, FireAMP defies easy classification. It is a new type of security tool that does not fit easily into any standard categories like antivirus, or antispyware, or firewall. Yet, it seems to have some overlap with existing security tools to augment their capabilities.