Information Security News
Mobile virus writers pay to Google Play
Banking customers are the target of a new Android malware package seeking to infiltrate the Google Play store. Photo: Getty Images. An explosion in mallicious software -malware - targeting Android smartphone users is being fueled in part by a budding ...
Citizens' rights to be free from searches don't hold everywhere. At border crossings, as in airports, people can be searched by authorities as a matter of routine course. But what should the standard be for not just rummaging through a briefcase, but for when the government wants to dig deep into the files on our electronic gadgets—even looking at deleted files?
A "watershed" decision from a federal appeals court today ruled that the government must have "reasonable suspicion" to do such an intensive computer search. However, the judges also ruled that standard was met in the search in question, which involved child pornography being brought across the border from Mexico. The US Court of Appeals for the 9th Circuit, sitting "en banc," reversed a lower court's decision to suppress an intensive forensic analysis of a laptop belonging to a traveler, Howard Cotterman, which resulted in a discovery of child pornography.
The search started out as a "cursory review at the border but transformed into a forensic examination of Cotterman's hard drive." The court acknowledged it was a "watershed case" with implications for what kind of privacy rights all Americans can expect with regards to password-protected files on their computers.
Thursday was another grim day for Internet security as contestants at the Pwn2Own hacker competition exploited flaws in Adobe's Reader and Flash programs, allowing them to take full control of the computers they ran on. Oracle's Java was also, once again, felled.
The exploits, which fetched more than $160,000 in prizes, were impressive because they pierced a wall of defenses erected by some of the brightest minds in the field of software engineering. Those defenses included an anti-exploit "sandbox," which Adobe engineers added to Reader in 2010 and have been improving ever since. The mechanism isolates Web content in a restricted container that's sealed off from sensitive operating-system functions, such as writing files to disk or making system changes.
Until last month, no active attack had successfully bypassed the Reader sandbox protection. On Thursday, the defense suffered another significant blow when George Hotz, who hacked Sony's PlayStation 3 in 2010 at age 21, was also able to circumvent the Reader sandbox. The feat won him $70,000.
#FFSec, March 8: Five infosec pros who stand out
@stacythayer: Stacy Thayer is founder and executive director of the SOURCE conference. SOURCE Boston is one of my favorites in terms of the content provided and the networking opportunities. She inspires infosec pros to volunteer their time in ...