Unpatched iPhones/iPads secure connections not so secure | Naked Security

Unpatched iPhones/iPads secure connections not so secure | Naked Security.

Yesterday I wrote about Apple’s latest fixes for iWork and iOS and encouraged folks to update. Now that more information is available it is clearly critical that all users update as soon as possible, unless they only use their device for telephone calls.

The flaws in iOS 4.3.4, 4.2.9 and 5.0b3 and lower are a lot more serious than Apple’s description of their fix: “This issue is addressed through improved validation of X.509 certificate chains.”

Do not do any e-commerce or banking transactions until you upgrade.

Sparse iPhone, iPad Screen Space Aids Phishers | threatpost

Sparse iPhone, iPad Screen Space Aids Phishers | threatpost.

Pinched screen real estate on iPhone devices may make it easier for users to be fooled into using bogus “phishing” Web sites, according to an analysis by researcher Nitesh Dhanjani.

In a post on the SANS Application Security Street Fighter Blog on Monday, Dhanjani called attention to the common practice of hiding the Web address once Web pages and applications have loaded. That practice, coupled with the ability of application programers to renderĀ  screen elements that can mimic real address bars, could throw open the door to the kinds of phishing attacks that modern browsers have long since rendered ineffective.

Dhanjani recommends URLs be displayed within the applications and more importantly that Apple (1) makes this a policy and (2) sets default behaviors to encourage this policy.

You can read Dhanjani’s post in its entirety at Insecure Handling of URL Schemes in Apple’s iOS.

A phone application that threatens security

A phone application that threatens security.

London: A cheap mobile phone application that can track the precise location of passenger aircraft in the sky can be a serious terrorist threat, security experts have claimed and called for its immediate ban.

The Plane Finder AR application, developed by a British firm for the Apple iPhone and Google’s Android, allows users to point their phone at the sky and see the position, height and speed of nearby aircraft.

The new application works by intercepting the so-called Automatic Dependent Surveillance-Broadcasts (ADS-B) transmitted by most passenger aircraft to a new satellite tracking system that supplements or, in some countries, replaces radar.

Apparently the ADS-B transmits all this information in clear text. If this information can be used to aid terrorists, why is it not encrypted? Don’t blame the developer. Blame the people who built the ADS-B system!!

Is there a need for mobile anti-malware

With the increasing popularity of mobile devices like iPhones and Android-based phones, we are beginning to see targeted malware, raising the question, do we need anti-malware for our mobile devices? ReadWriteWeb Enterprise was prompted to write an article on this topic as a result of the Android game Tap Snake which was reported to be spyware.

It appears the mobile anti-malware market is fairly immature:

I took to the opportunity to test a few of the anti-malware apps available on the market: antivirus free from droidSecurity, Lookout, Symantec‘s Norton Mobile Security for Android beta, and Smobile. I was also going to try SmrtGuard, but I couldn’t get the app to activate before Tap Snake was removed from Android Market. Of those four apps, only one detected Tap Snake as a potential threat.

The article goes on to say that tightly controlling what apps can be loaded onto mobile devices may all enterprises need at this time.

Enhanced by Zemanta