Search This Blog


Tuesday, July 28, 2015

Critical vulnerability in Apple App Store, iTunes revealed

The critical injection vulnerability potentially impacts millions of users.
By Charlie Osborne for Zero Day | July 28, 2015

A critical flaw has been discovered in Apple's App Store and iTunes invoice system which could result in session hijacking and malicious invoice manipulation.

Revealed this week by security researcher Benjamin Kunz Mejri from Vulnerability Lab, the persistent injection flaw, deemed critical, is an application-side input validation web vulnerability. In an advisory, the researcher said the vulnerability allows remote attackers to inject malicious script codes into flawed content function and service modules.

According to Mejri, an attacker can exploit the flaw by manipulating a name value (device cell name) within the invoice module through an exchange of malicious, scripted code. If a product is purchased in Apple's stores, the backend takes the device value and encodes it with manipulated conditions in order to generate an invoice before sending it on to the seller.

This results in application-side script code execution within the Apple invoice. The flaw has been issued a CVSS 5.8 severity rating. In addition, cyberattackers can remotely manipulate this bug by interaction through persistent manipulated context to other Apple store user accounts, whether they be senders or receivers. The researcher says:

"The invoice is present to both parties (buyer & seller) which demonstrates a significant risk to buyers, sellers or apple website managers/developers. The issue impact also the risk that a buyer can be the seller by usage of the same name to compromise the store online service integrity."

The exploit can be used to hijack user sessions, launch persistent phishing attacks, create persistent redirects to external sources and manipulate affected or connected service modules.

Read more here -->

Android bug: MMS attack affects 'one billion' phones

By BBC News July 28, 2015

A bug in the Android mobile operating system has been discovered by researchers, who say it affects nearly a billion devices. The flaw can be exploited by sending a photo or video message to a person's smartphone, without any action by the receiver. Google said it had patched the problem, but millions of devices still need their software updating. The researchers said the flaw was "extremely dangerous".

Researchers from US information security company Zimpherium said they believed it was one of the worst Android vulnerabilities to date, estimating that 950 million devices were affected.
Hackers were able to send malicious code within a multimedia message that could access a service within Android called Stagefright. After Stagefright had been invoked, which required no action from the victim, other data and apps on the handset could be accessed by the malicious code.
"These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited," the researchers wrote.

Further details on the flaw will be revealed by the team, at the Black Hat security conference in Las Vegas next week.

Read more here -->

Samsung Unveils Monitor With Qi Wireless Charging, Casually Mentions AMD FreeSync Support

By Michael Justin Allen Sexton JULY 27, 2015

Samsung unveiled its new SE370 display, which packs a few special features to help it stand out. Samsung claimed that this is the first display capable of wirelessly charging your mobile devices. It also supports several other key features, including AMD's Freesync technology.

The principal feature in this display is the ability to charge your smartphone wirelessly from the monitor's base using Qi wireless technology. Thus, you don't need to worry about digging out a cable to charge your phone when using this display, as you can just set it on the base, and it will begin charging.

Samsung claimed that this is the first display capable of charging mobile devices in this manner. Any device supporting the Qi wireless charging standard will work with this feature.

Read more here -->

Microsoft has quietly released its own Android launcher

By James Vincent  on July 28, 2015

Microsoft's relatively new strategy of pushing more apps onto more platforms continues apace with the quiet release of Arrow Launcher Beta: a basic but functional launcher for Android devices. As the name suggests, Arrow Launcher Beta is unfinished, and has been pushed onto the mobile scene with little fanfare, attracting beta-testers via a private Google+ group. (We downloaded a mirror of the launcher via the unofficial site Microsoft News, but doing so doesn't get you the updates accessed by signing up for the beta.)

The launcher itself is pretty straightforward, with a pair of lists on the home screen displaying your most recent and most frequently used apps. Swiping up from the bottom of the screen brings up a customizable list of quick-access apps, as well as some settings and feedback options. Swiping right summons a simple Notes & Reminders page (where you can add tasks and schedule reminders), and swiping left show your most frequent contacts. There's also the option to update your wallpaper daily with images from Bing.

Read more here -->

Microsoft’s free Windows 10 giveaway: What that means

By Brandon Bailey  July 28 2015

Microsoft’s new Windows 10 operating system debuts Wednesday, as the longtime leader in PC software hopes that giving the upgrade away for free will help it carve out a new role in a world where people increasingly rely on smartphones, tablets and information stored online.

The company is counting on tens or even hundreds of millions of people to download its latest release in the coming months. Many people will also get Windows 10 as part of new PCs. The launch will be accompanied by a global marketing campaign for an event the company hopes will be pivotal — both for its own future and for a vast audience of computer users around the world.

Windows 10 is coming to PCs and tablets first, but it’s also designed to run phones, game consoles and even holographic headsets. It has new features, a streamlined Web browser called Edge and a desktop version of Cortana, the online assistant that is Microsoft’s answer to Google Now and Apple’s Siri.

Still, the company insists Windows 10 will seem familiar to users of Windows 7, the six-year-old operating system still running on most PCs. Microsoft and PC makers want to erase the memory of the last big update, 2012’s Windows 8, which alienated many with its jarring, unwieldy design.

Read More here -->

Wednesday, July 22, 2015

ZTE Axon Is The First Smartphone To Use Corning’s Antimicrobial Glass

By Tyler Lee on 07/21/2015

Wherever we go and whatever we touch, we end up picking up or transferring germs in the process, so you can only imagine how filthy your smartphone’s display is when you consider how many times a day we touch our devices, speak into them, or press them against our faces. Kind of makes you cringe, doesn’t it?

However as it turns out, if you pick up the brand new ZTE Axon, you can rest assured knowing that your phone will be relatively germ free. This is because it has been recently revealed that the ZTE Axon is actually the first smartphone in the world to take advantage of Corning’s Antimicrobial Gorilla Glass.

The Antimicrobial Gorilla Glass was actually announced in January of 2014, but it seems that the first smartphone OEM to use it in their products is none other than ZTE. Basically what this glass does is that it offers an antimicrobial layer on the glass that ensures that your display remains relatively germ-free.

Read more here -->

5 Reasons To Be Excited About Windows 10

by Jay McGregor  July 22, 2015

It’s taken a while for Microsoft to clear up some of the loose ends around Windows 10’s availability, price and support but what is clear is that this update is expected to be the biggest, most well-received and feature-rich update in recent memory. So what can you look forward to?
  • Edge -  Internet Explorer isn’t quite gone, a version still exists in Windows 10 for Enterprise. But for everyone else, the new Windows default browser is ‘Edge’. With Edge comes some huge improvements on the much maligned IE – most notably speed. Edge, Although the version I saw still isn’t completely finished (some websites didn’t quite render properly), loading sites and navigating around was quick.
  • Windows 7 users will find it easy to use -- Windows 10’s UI is a nod to Windows 7, and is a natural successor to the 2009 iteration. So much so that Microsoft told me that “if you’re a Windows 7 user, you’re going to come to this and feel like an expert”. That’s an accurate description. Windows 10 doesn’t have the steep learning curve Windows 8 did. Users will find this version familiar and easy to navigate. The desktop and start menu particularly play a large role in helping navigate around the UI. This, combined with the removal of fullscreen apps,  makes Windows 10 an instantly recognisable and user-friendly OS. 
  • Cortana -- The awkward and poorly-acted adverts don’t do Cortana justice. Yes, it’s another personal assistant, but this key difference is that Cortana is on your desktop. And yes, I’m aware that Google GOOGL +2.36% Now is -sort-of- also available on desktop, but Cortana is built into the OS. It’s a key part of the everyday user-experience. Well, Microsoft hopes it will be. 
  • Universal apps -- The current Windows apps store is lacking, not just in quantity but also quality. Microsoft is hoping to tackle this by making it easier to develop apps for Windows 10. All apps developed for Windows 10 can easily be made compatible (with a few UI tweaks) for mobile and Xbox use – or ‘universal apps’ as they’re known. This means that the new Windows store is the same across all platforms, with only compatible apps appearing in the right platform. Microsoft has also made it easier to turn iOS and Android apps into Windows apps for developers. Microsoft told me that it took two weeks for mobile game developer King to turn Candy Crush Saga into a Windows game using iOS code. The core of Microsoft’s apps strategy here is to make it as easy as possible to build and deploy apps on Windows 10, so it can close the app gap between itself, iOS and Android. 
  • UI Tweaks and Support -- Windows 10 has undergone a dramatic UI change from the controversial Windows 8. Aside from looking like a souped-up version of Windows 7, it now boasts a number of nifty productivity tweaks that really enhance the experience. Personal favorites of mine include: multiple desktops; ‘snap feature’; the left-sided notification center (which is open to third parties); and continuum, which syncs your data, apps and personal settings across all Windows devices. 

    Read more here -->


Intel, one of the nations largest technology corporations, has delivered a stern message to their workers: You’re not good enough.
by Adelle Nazarian  21 Jul 2015

During an internal meeting last week, the multi-billion dollar company’s CEO Brian Krzanich said Intel would be more vigorously implementing a policy he suggests has been in place for years and which has resulted in the laying off of hoards of American workers.

According to Business Insider, Intel employees have been laid off based on a policy which evaluates “the level of performance-based stock grants they received” from last year, as opposed to its standard annual-review-based layoff process. Krzanich reportedly described this policy to irate, devoted employees as being “the way a meritocracy works.” He also told them that they should “[e]xpect that in the future we’ll probably do similar types of things.”

The company is complicit in laying off American workers from their posts while advocating for an increase in H1B visa workers. Once an employee is laid off, they are never eligible for rehire at Intel again, which Business Insider notes is a policy most workers are not aware of.

Read more here -->
Loading... All rights Reserved 2002-2015