DHS Seeks More Infosec Funds for 2012
Homeland Security Secretary Janet Napolitano, testifying before the Senate Appropriations Committee Wednesday, characterized securing and safeguarding cyberspace as one of the department's six primary missions. "Today's threat picture features an ...
The great IT risk measurement debate, part 2
IDG News Service
Since there hasn't been anything like that for infosec yet that I'm aware of, the other approach is component testing: We can at least be sure whether or not the gears of the clock work. Hutton: That's where I was going to go. That's one of the reasons ...
by Robert Westervelt
The Android applications contained hidden Trojan called DroidDream that attempted to gain root access to the smartphone to view sensitive data and download additional malware.
Google has pulled at least 21 free applications from its Android Market late Tuesday after software developers found hidden malware aimed at gaining access to sensitive data.
The free applications included variety of games and were removed after bloggers questioned hidden malcode in them that attempted to gain root access to the user’s smartphone. Google removed the apps and references to their publisher, Myournet. within minutes of being informed of the problem.
According to Aaron Gingrich, who writes for the Andoid Police blog, the apps contained a variety of hidden features, including the ability to contact a remote server to download more malware.
“I asked our resident hacker to take a look at the code himself, and he’s verified it does indeed root the user’s device,” Gingrich wrote.
“But that’s just the tip of the iceberg: it does more than just yank IMEI and IMSI. There’s another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.”
The malware has been analyzed by mobile malware researchers at Lookout Inc. Called DroidDream, the malware has been discovered in more than 50 applications in the official Andoid Market. In an update on the Lookout blog, the company said Google is actively working on the issue. The Lookout DroidDream blog post also lists all the affected applications.
We originally reported that Google removed the apps from devices, but we recently learned that the remote removal system has not yet been engaged for these applications because they are under active investigation.
Up until now malware has been surfacing on apps on third-party Android app repositories. Google and Apple have removed Android and iPhone apps in the past for failing to comply with certain standards. While both mobile giants check apps for software quality and interaction with the smartphone OS, experts point out that they do not closely scrutinize applications for hidden malicious code and other security issues.
Ten things we hate about Trade shows - even Infosec
A company called EventGenie says its can take the pain out of IT exhibitions like Cebit, Infosec and Embedded World. (If they can make Embedded World fun, they can do anything) OK, then, EventGenie, how are you going to make Infosuck any less than a ...
Posted by InfoSec News on Mar 01http://www.latimes.com/news/nationworld/nation/la-na-homeland-security-20110302,0,2881352.story
Posted by InfoSec News on Mar 01http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229219613/anonymous-member-says-palantir-not-off-the-hook.html
Posted by InfoSec News on Mar 01http://www.computerweekly.com/Articles/2011/02/28/245653/Vodafone-reviews-security-systems-after-burglary-causes-network.htm
Posted by InfoSec News on Mar 01http://www.theregister.co.uk/2011/03/01/self_destructing_flash_drives/
Posted by InfoSec News on Mar 01Forwarded from: LayerOne Call For Papers <layeronecfp (at) gmail.com>