Archive for July 2014

Android users since 2010 may have had their data exposed because of vulnerability

Posted on July 29, 2014 by

Android malwareThis bit of news is terrifying & we suggest all Android users sit up & take note. Researchers from the US-located Bluebox Labs have discovered an Android vulnerability that lets malware take over your apps, steal data….basically even take control of your phone.

Announcing this on the firm’s blog, Bluebox’s Jeff Forristal has dubbed it ‘Fake ID’. The vulnerability allows malicious applications to impersonate specially recognized trusted applications without any user notification. This can result in a wide spectrum of consequences. Citing an example, he said the vulnerability can be used by malware to escape the normal application sandbox & take 1 or more malicious actions: insert a Trojan horse into an application by impersonating Adobe Systems; gain access to NFC financial and payment data by impersonating Google Wallet; or take full management control of the entire device by impersonating 3LM.

By now, readers are getting the significance of what Forristal is saying.

Worse, Fake ID affects almost all Android phones. Bluebox said the vulnerability dated back to the January 2010 release of Android 2.1 & affected all devices that were not patched for “Google bug 13678484,” which was disclosed to Google & was released for patching in April.

Android applications use the same certificate signature concepts as SSL, including full support for certificates that are issued by other issuing parties (commonly referred to as a “certificate chain”). Application signatures play an important role in the Android security model. An application’s signature establishes who can update the application, what applications can share it’s data, etc. Certain permissions, used to gate access to functionality, are only usable by applications that have the same signature as the permission creator. More interestingly, very specific signatures are given special privileges in certain cases.

Explains Forristal: However, Bluebox Labs discovered a vulnerability that has been relatively present in all Android versions since Android 2.1, which undermines the validity of the signature system and breaks the PKI fundamental operation. The Android package installer makes no attempt to verify the authenticity of a certificate chain; in other words, an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim (normally done by verifying the issuer signature of the child certificate against the public certificate of the issuer). For example, an attacker can create a new digital identity certificate, forge a claim that the identity certificate was issued by Adobe Systems, and sign an application with a certificate chain that contains a malicious identity certificate and the Adobe Systems certificate. Upon installation, the Android package installer will not verify the claim of the malicious identity certificate, and create a package signature that contains the both certificates.

There’s more of the security mumbo jumbo in the blogpost, but by now, our readers must have got the basic picture – if you have been using an Android based device, you may have been compromised.

Install the Bluebox Security Scanner to see if you’ve been exposed to this vulnerability.

Image Credit: Bluebox

Advertising Message

Comments Off on Android users since 2010 may have had their data exposed because of vulnerability Posted in Android devices, Digital World News, Internet News

Browser-based graphics app GetBulb thrown open to all

Posted on July 29, 2014 by

Despite advancements, designing Online graphics, especially infographics, can still be a pain in the backside. Converting heavy data into an easy-to-understand graphic can be a tough task.

Now, there’s a startup called GetBulb which claims to make this job easy. It’s almost like a meat grinder – put in the meat out comes the mince! So far, not many had access to this new startup except early beta testers but these guys have moved on to the next phase & thrown open GetBulb to all. All that you need to do to access it is to sign up.

getbulb

Essentially, GetBulb puts big media visualization power in the hands of the common man, so there’s no need to hire big design firms or a part-time graphic designer; you can now draw pie charts, bar graphs, whatever….all by yourself.

So how does this startup work? To tell you the truth, there’s still some amount of work to be done before you make that 1st graphic but practise will make you doing things right in no time. When you log into GetBulb, you’ll see a list of elements on the right side of your dashboard. In the centre are your layout fields, where you’ll be dragging/dropping each element you want to use. You can decide the story you wanna tell & name your graphic. Then, choose the elements that will go into your infographic & get your data ready. After that, add the elements, paste in your data, & then export your data wherever you want.

The GetBulb app comes with a host of features:

  • Export high quality images that are ready for both Online & print
  • By default, the colour palettes are chosen with colour blind people in mind
  • Upload your own graphics from Adobe Illustrator & select your own colour palette
  • GetBulb is Responsive by default, allowing your to publish to any device
  • Comes with preloaded templates
  • Simply highlight your data in a spreadsheet, click Copy/Paste your Data into GetBulb

Although a single account on GetBulb is free, there are pay plans that offer template flexibility etc.

Here’s a video that will help you understand how this app works:

 

Image Credit: GetBulb

 

Advertising Message

Comments Off on Browser-based graphics app GetBulb thrown open to all Posted in Internet Startups, New Internet Startups
« Older Entries   Recent Entries »