Cyber security and Pakistan IN its newly published National Security Strategy, the British government has categorised …
If you want to follow news on your mobile, click on http://dawn.com/mobile/ and download Pakistan’s first mobile news application. Currently this application is for Nokia phones only

Read more on Dawn

It seems that a pretty big security bug has been discovered which allows for calls to be made on a Droid 2 or Droid X running Android 2.2 even without entering the phone’s security pin (if the phone has one).

While on the screen to enter the security pin, if the “search” softkey or keyboard key is held down for four seconds, Google’s Voice Actions will activate, allowing the user to speak a number or contact name and make a call.

The issue was brought to the attention of the folks over at BGR, and appears to only be an issue with Android 2.2 devices also running Blur.

A statement has not been made by Motorola yet, but I’m sure they’re aware of the issue by now and are working on a fix. Continue reading after the break to see a video demonstration of the bug.

Read More…

Droid 2 and Droid X suffering security pin calling issue

View full post on Google Android News Android Forums

The Motorola Droid 2 has been out for two months now and a helpful reader has just discovered that even though the device is in a password protected state using a PIN or the pattern feature, your device can still take voice commands which might annoy well, everyone. Using a 100% stock Motorola Droid 2, BGR puts this claim to the test, check out the video.

No one wants to place unwanted calls or allow anyone to do anything to your phone, which is why you locked it up in the first place. It seems like you would almost have to try and activate voice features while the device is in your pocket in order for this to work, but it’s something that people can gripe about.

Any of you experience this issue on accident before without trying to force voice actions while your device is locked?

Via: BGR

View full post on AndroidSPIN | Your No.1 source for Everything Android.

Android hasn’t exactly had the most success in the enterprise world, with Android devices making up less than 30% percent of enterprise activations, according to a survey conducted by Good Technology. Instead, business users have been more loyal to Blackberry devices produced by Research In Motion.

The reason for this was Android’s lack of VPN support. Android 2.2 features some native support for VPN, but does not support Cisco IPSec VPN.

The Droid Pro, however, could be dubbed the next ‘Blackberry-killer’. In developing the Droid 2, Motorola teamed up with AuthenTec to provide a VPN app that is designed to be easy to configure. Other VPN solutions like Tunnel mode IPSec, two way certication, IKEv1, IKEv2, and Split Tunneling will also be supported.

Check out Motorola’s press release on their hopes for the Droid Pro to help Android break into the business world.

Droid Pro security features hopes to bring more enterprise users to Android

View full post on Google Android News Android Forums

The researcher who discovered a security flaw with Safari’s AutoFill feature earlier this year says the bug is back.

View full post on Macworld

Heads up!  Remember that security warning from Adobe last week?  Well, they just issued a security update today for Adobe Flash Player 10.1.92.10 which should fix that right up.  Yup, having the ability to play flash rocks, but adds another security risk Android users must watch out for.  I’d like to recall a famous quote by FDR (and the Spiderman movie), “With great power, comes great responsiblity.”  So be sure to keep your Adobe software up to date.  See the blog post from Adobe below:

Today, a Security Bulletin has been posted to address a critical security issue (CVE-2010-2884) in Adobe Flash Player. This Security Bulletin affects Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android.  Adobe recommends users apply the update for their product installation. This addresses the issue first mentioned in Security Advisory APSA10-03.

via [Adobe]

Adobe has issued a statement regarding a critical vulnerability which they discovered effecting multiple versions of the Flash Player, including 10.1.92.10 for Android.  The exploit can potentially allow an attacker to compromise the affected system,with reports of this happening on Windows machines.  From the official post by Adobe:

A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.

We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems during the week of September 27, 2010. We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010.

No word yet as to when this update is expected to roll out, but given the severity of the situation, we expect it will be coming shortly.

Adobe issues security warning for Flash Player 10.1.92.10 for Android

View full post on Google Android News Android Forums

Steve Jobs, are you laughing yet? We call Jobs naive, scared, and all of these other things as he downplays Flash due to its performance issues and security risks, but the fact of the matter is he’s right: with Flash comes the vulnerabilities and downsides that’s always plagued the platform.

Adobe’s discovered a critical security flaw in the latest version of flash for both the desktop computer and for Android that can cause systems to crash and even allow an attacker to remotely control your device. They have a fix being finalized, but we won’t see it until September 27th, at the earliest. Scary stuff. I’m sure we’ll be fine until Adobe gets this rolled out to everyone, but it’s one of those things that makes you think. And after you think, you quickly forget about it as you head on back to Kongregate to play more Flash games.

[Adobe via Androinica]

Adobe has recently discovered a security flaw that makes their desktop (10.1.82.76)  as well as Android version (10.1.92.10) vulnerable to crashes and even allows for those with ill intentions to crash or remotely access your computer or device.

Adobe is currently working on a fix for their desktop and Android versions that will be available during the week of September 27th. Adobe will provide an update for their Acrobat and Reader shortly after during the week of October 4th. Flash has its benefits as well as its flaws so be weary of what flash enabled sites you visit.

Via: Adobe, Androinica

View full post on AndroidSPIN | Your No.1 source for Everything Android.

Apple on Tuesday afternoon released its fifth security update of 2010, covering both client and server versions of Mac OS X 10.5 Leopard and 10.6 Snow Leopard.

View full post on Macworld

With the ease of installing IP security cameras these days any IT consultant with half a brain should be adding cameras to their proposals as they are a nice simple way of generating extra revenue. The biggest issue these days is actually what to do once you have the cameras installed. Sure most of them can record to disk, but what if you are away from the office and want to do know right now what is happening on multiple locations? So far the answer is to bring up multiple web pages, its fairly clunky and doesn’t give you any real options, so what if you could manage multiple cameras very easily on your phone? Continue reading after the break to learn how Tiny DVR brings you this level of functionality.

Read More…

Tiny DVR for Android brings your security cams to your Android device

View full post on Google Android News Android Forums

Well this is quite the unsettling story. Two “security experts” (I prefer to call them hackers) have drafted up a tool that would allow the user of it to probe an Android device to intercept emails and SMS messages. The program is a “root” utility that disguises itself as a program to help easily root your phone, but will do some other extracurricular activity before it’s done (that’s if it even goes through the process of rooting at all). Know that the hackers aren’t doing this with any malintent: they want Google to get off their butts and fix the security holes before a serious incident goes down.

The tool was released to thousands of hackers at the DefCon 18 security and hacking conference going on this weekend. At first, you may not think releasing the scary tool is in yours or anyone’s best interests, but it forces Google’s hand in making sure things are set straight before too long.

This isn’t unlike the story we heard about exactly one year ago where a known SMS flaw plagued millions of handsets (housing many types of operating systems) and would allow the sender of an SMS to send something similar to a denial-of-service attack which would keep you from being able to make and receive calls, send and receive text messages, and use your phone’s data. Following the revelation of that bug at a similar conference, Google, Apple, and other software vendors found themselves pushing out updates within days to fix it. If this is anything like that, then I’m sure Google’s already hard at work to take care of that.

[via Reuters]

View full post on Android Phone Fans

Ted Landau takes a closer look at a security flaw with the Citi Mobile iPhone app and whether users should be concerned about how secure their financial data is.

View full post on Macworld

Not too long ago we discussed keeping your Android device safe from malicious attacks; the general advice was that it doesn’t hurt to take a moment to look at what that cool app is requesting access to, before you download it. This week at the Blackhat security conference, a company by the name of Lookout detailed an app on the market that was extremely questionable in nature:

During our research, we found series of wallpaper applications in the Android Market are gathering seemingly unnecessary data.  The wallpaper applications that we analyzed transmitted several pieces of sensitive data to a server over an unencrypted network connection.  The data included the device’s phone number, subscriber identifier (e.g. IMSI), and the currently entered voicemail number on the phone (see below for technical details).  While this sort of data collection from a wallpaper application is certainly suspicious, there’s no evidence of malicious behavior.  There have been cases in the past on other mobile platforms where well-intentioned developers are simply over-zealous in their data gathering, without having malicious intent.

To be clear, while a simple wallpaper app needs access to such data is very suspect, as of this posting nothing malicious has been discovered in connection with the apps in question. Still, it’s a reminder of just how easily one can open their device to unauthorized access. While various figures are being used for the total number of app downloads, the smallest number being mentioned is 50,000.  There are plenty of security apps to choose from to help keep your data safe, including one from Lookout.

You can read more about Lookout’s report HERE; and while you’re at it, it’s worth reading this post on launcher spam.

Source: MyLookout blog

View full post on AndroidSPIN | Your No.1 source for Everything Android.

The United Arab Emirates is calling BlackBerry devices a security risk. The UAE telecom regulator said "BlackBerry operates beyond the jurisdiction of national legislation" since the data services for the device all take place offshore and stated usage may have "serious social, judicial and national security repercussions". Since all BlackBerry data is relayed through servers that are not operated directly by local mobile carriers, their operation is said to be outside the national secutiry legislation from 2007. There have been no comments from either the UAE or RIM directly, so the future of BlackBerry devices there is still unknown for the time being.

Source: Yahoo!

CrackBerry.com‘s feed sponsored by ShopCrackBerry.com. UAE calling BlackBerry a security risk; Future for device's unknown

View full post on CrackBerry.com blogs

It’s unlikely that consumers’ iTunes accounts were hacked by a Vietnamese iPhone developer, a security researcher said,

View full post on Macworld

ShootMe is an app available from the Market that allows you to take screenshots on your Android phone, at the cost of rooting your device. One of the exceptions to this rule was the HTC Evo 4G. Until now.

For those Evo-carriers using ShootMe that were able to get yesterday’s update (for the EVO, not ShootMe) before it was taken down, you’ll notice that you’re now unable to use ShootMe without a root. While this may be met with some groans, this may be a good thing. There was some that thought that the ShootMe use ability with the stock Evo was sort of unnerving, as with other phones a root was required. While this update may be a bit inconvenient, perhaps it’s for the best. On a related note, Android just needs to add some native screenshot support already.

For more information on Android and the current Android mobile phones, check out our Android Guides

HTC Evo Update Packs Some Security Tightening?

View full post on Google Android News Android Forums

Aurora® Expands Northwest Team with Security Solutions Veteran
Aurora®, a leader in data security and compliance solutions, has announced Ken Leduc as its new Northwest Regional Manager. Leduc is a veteran in the field of IT security and brings over 20 years of experience to Aurora.

Read more on PRWeb via Yahoo! News

In a rush to take advantage of U.S. stimulus money, utilities are quickly deploying thousands of smart meters to homes each day–smart meters that experts say could easily be hacked, reports C/Net.

In this map by Energy Retail Association: red=electricity, green=gas, blue=water and triangle=trial or pilot where circle=project

There are about 250 active smart-metering projects worldwide, with about 49 million meters already installed and 800 million planned for installation, according to the Meterpedia.com blog. Projects in the U.S. are being accelerated because of the $3.4 billion in stimulus funds set aside for smart-grid technologies. About 60 million smart meters will be deployed in the U.S. this year, covering about half of households, according to figures from The Edison Foundation’s Institute for Electric Efficiency (PDF).

Security appears to be a casualty of this haste, experts say.

“Right now a lot of utilities are in a mad grab for money because of the stimulus package. Billions [of dollars] are on the table, so they are moving forward with metering projects and they’re spending money as fast as they can,” said Jonathan Pollet, founder of Red Tiger Security which tests security features in SCADA systems. “The security isn’t where it should be, but the vendors aren’t going to turn down orders.”

According to a recent report from Pike Research, forecasts that home area networking connectivity in smart meters will be included in 49% of all smart meters shipped worldwide by 2013, and the North American HAN-enabled meter penetration rate will be even higher at 81% by the same year.

Pike Research segments the smart meter market into two primary categories: Basic meters, which transmit energy usage data over two-way communications networks, and Advanced meters, which include basic functionality in addition to remote disconnect and Home Area Network capabilities.

Related Smart Meter stories on Dailywireless include; Obama Announces $3.4B in Electric “Smart Grid” Grants, Smart Grid Gets Unwired, Smart Meters on The Stimulus Channel, Obama Announces $3.4B in Electric “Smart Grid” Grants, WiMAX SmartGrid Coming to 700K Australians, Home Networking: A Universal Spec?, Google Power Meter, M2M: Big Deal, Wireless Power Standard Emerging, and Sprint Announces Smart Grid Ambitions, ABI: Stimulus Means Big Bucks for Wireless, The Smart Grid: Licensed or Unlicensed Spectrum, Cellular-enabled SCADA, Smart Grid: Dumb or What?, Smart Grid: It’s Alive!, Google: Smart Power R US, 900 Mhz Telemetry, Traffic Cameras and ITS and the Corpus Christi Cloud.

View full post on dailywireless.org

Using a four-digit PIN to lock your iPhone doesn’t really protect your data, security and IT blogger Bernd Marienfeldt has discovered.

View full post on Macworld

Facebook took the wraps off Thursday on two new security features aimed at protecting users from phishers and other online scammers.

View full post on Macworld

One of the big highlights at WES 2010 for me personally was the sit-down time I had with senior level management at RIM. Everybody we had the opportunity to speak to had a passion for BlackBerry and knew their areas of expertise inside and out. For a couple of these interviews we were even able to fire up the CrackBerry.tv camera so we could bring you back the highlights in video!

The name BlackBerry is synonymous with security, so it was awesome to sit down with Scott Totzke, VP of the Global Security Group for RIM, and learn more about RIM’s holistic approach to security. Scott also took the opportunity in speaking to CrackBerry readers to throw out some security tips that all BlackBerry owners should pay attention to (set a device password!!!!). Apologies in advance for the little bit of radio interference static that shows up towards the end of the interview… as you can imagine, it’s hard to avoid that at an event like WES with BlackBerrys everywhere. We hope you enjoy the piece. HUGE thanks go to RIM and Scott for taking the time to talk to CrackBerry.

CrackBerry.com‘s feed sponsored by ShopCrackBerry.com. Interview with Scott Totzke, VP of Global Security Group for Research in Motion

View full post on CrackBerry.com blogs

Product: Empire Laptop Bag

Manufacturer: Victorinox

Wired Rating: 8

Modern air travel is tough for geeks: The more gadgets you carry, the harder it is to get through security without a cavity search. Victorinox is helping eliminate such embarrassments with the Empire, a TSA-pleasing, laptop-schlepping messenger bag.

As you might suspect, the bag’s killer feature is the laptop pouch. To appease the TSA’s new, somewhat less draconian carry-on guidelines (e.g., notebooks can stay in bags if the garment lies flat), the Empire’s static-free laptop compartment zips in half. This won’t always guarantee a fast pass, since some airports are stricter than others. But little bonuses like mesh vents increase the visibility of the notebook inside, making for faster visual inspections. Overall, converting the bag from its normal state to “X-ray ready” is easy enough, though the large pouch and single velcro strap were too big for anything smaller than a 12-inch screen, like a netbook.

The rest of the Empire’s pockets are a mixed bag. The main catch-all pocket is just that — a surprisingly featureless bucket where our magazines, headphones, granola bars and documents intermingled like coeds on spring break.

We would have liked a little more order in the biggest pouch, but we can’t really blame the bag for our pack-rat tendencies. The fact that bag offers so much real estate is its silver lining.

Even with a few snags, the surprisingly sturdy design ultimately elevates the Empire far above its mushy messenger competitors. Though this build quality and convenience doesn’t come cheap, it’s still the smartest, most elegant way to let the TSA check your tech.

WIRED Well-designed and convenient for gadgety frequent fliers. Quick-access front pocket is magnetically friendly — good for stashing tickets and other documents with magnetic stripes. Accommodates laptops up to 17 inches in screen size. Misplaced bags can be identified and returned (for free!) through serial number registration.

TIRED Pricier than some roundtrip commuter flights. Capacious laptop pouch lets little netbooks slip through the cracks. Though the strap is adjustable, the shoulder pad isn’t. Heavy-duty zippers clang together, announcing your every step.

View full post on Wired Product Reviews