Feeds

Android sig vuln exploit SEEN IN THE WILD

Tiny script is a big headache

5 things you didn’t know about cloud backup

A github user has demonstrated that the Android APK vulnerability isn't a trivial matter, posting “quick and dirty” proof-of-concept exploit code on github.

The demo, here, occupies just 32 lines of shell script – it doesn't actually plant malware into the target code, it merely allows an app to masquerade under another app's identity.

As noted in The Register on July 4, the vulnerability allows an app's APK code to be modified without breaking its cryptographic signature. At the time, Bluebox, which discovered the vulnerability (thus creating the credible business card any security startup needs), explained that firmware updates will be needed to fix the issue.

Github user “Poliva” – Pau Oliva Fora, whose LinkedIn profile identifies him as an engineer at viaForensics in Spain – created the script apparently without access to the promised extra information that Bluebox plans to present at Black Hat USA in August.

Although Google has been pushing patches to its OEMs since March, its availability depends on whether the OEM has shipped the new code through carriers to end users. In the meantime, Google maintains its advice that users should stay away from third-party Android app markets. ®

5 things you didn’t know about cloud backup

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?