Hacking and Anonymous surfing

Worried your Android apps are spying on you? You should be, according to a recent study that found several popular Android Apps regularly share your location and critical phone data such as your phone number with advertisers and others. Researchers from Intel Labs, Penn State, and Duke University randomly selected 30 out of 358 popular apps from the Android Market for this study. The computer scientists were able to track each application’s behavior using a special monitoring program called TaintDroid developed by the researchers.

Here’s a breakdown of the researcher’s findings:

-15 popular Android apps sent location information to advertisers without requiring user consent

-9 apps transmitted a user’s International Mobile Equipment Identity number, a unique device identifier

-7 out of those 9 apps did not mention IMEI collection in their End User License Agreements including one unnamed popular social networking app and one unnamed location-based search application

-2 applications transmitted a user’s phone number and ICC-ID–a SIM card’s serial number–both of which are unique identifiers

The researchers did not name which specific apps were behaving irregularly. You can read the entire paper about Android app security here (PDF) and you can find out more about TaintDroid here.

Anonymous, the online collective engaged in a global cyber-war with the pro-copyright industry, has said it will not end its attacks until it stops being angry at its enemies.

In an interview on Wednesday with security company PandaLabs, which has been in contact with Anonymous since the attacks and counter-attacks began, an organiser of the group said Anonymous had a mission to “fight back against the anti-piracy lobby”. The organiser said that the collective had been provoked by the UK Digital Economy Bill and “three-strikes legislation in the EU” — a possible reference to France’s Hadopi laws or MEPs’ recent backing of a copyright crackdown document. The organiser added that their attacks would “keep going until we stop being angry”.

After a nearly two month search, HP said Thursday that it had selected Leo Apotheker to succeed ousted CEO Mark Hurd. Apotheker had resigned from business software firm SAP in February of this year after serving for nearly two years as the company’s chief executive, and a total of nearly two decades within the company.

The company has also named Ray Lane as its new chairman. Hurd had served as both HP’s chairman and CEO. In naming Apotheker, HP passed over several potential candidates from within, including printer business chief Vyomesh Joshi, PC head Todd Bradley, storage and server unit chief Dave Donatelli, and enterprise division chief Ann Livermore.

“Leo is a strategic thinker with a passion for technology, wide-reaching global experience and proven operational discipline — exactly what we were looking for in a CEO,” lead independent director of HP’s board Robert Ryan said.

Google has open sourced a new “lossy” image format known as WebP — pronounced “weppy” — claiming it can cut the size of current web images by almost 40 per cent.

CNet revealed the format with a story late this morning, and Google soon followed with a blog post describing the technology, which has been released as a developer preview. WebP is derived from VP8, the video codec Google acquired with its purchase of On2 Technologies earlier this year and promptly open sourced as part of the new WebM format.

It’s no secret that Google is on a mission to make the web faster — in any way it can. The faster the web, the more cash Google rakes in. WebP is yet another speed play, with Google claiming that images and photos make up about 65 per cent of the bytes transmitted per web page today.

Windows 7 has been warmly received and swiftly adopted by businesses, with the result that many IT admins are now struggling with the platform’s new security features. In addition to changes to User Account Control, BitLocker, and other features inherited from Windows Vista, Windows 7 introduces a slew of new security capabilities that businesses will want to take advantage of.

Windows 7 improves on Vista with a friendlier UAC mechanism, the ability to encrypt removable media as well as hard drive volumes, broader support for strong cryptographic ciphers, hassle-free secure remote access, and sophisticated protection against Trojan malware in the form of AppLocker, to name just a few.

In this guide, I’ll run through these and other significant security enhancements in Windows 7, and provide my recommendations for configuring and using them. I’ll pay especially close attention to the new AppLocker application-control feature, which may be a Windows shop’s most practical and affordable way to combat socially engineered Trojan malware.

The Stuxnet computer worm has wreaked havoc in China, infecting millions of computers around the country, state media reported this week. Stuxnet is feared by experts around the globe as it can break into computers that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like pumps, motors, alarms and valves.

It could, technically, make factory boilers explode, destroy gas pipelines or even cause a nuclear plant to malfunction. The virus targets control systems made by German industrial giant Siemens commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.

“This malware is specially designed to sabotage plants and damage industrial systems, instead of stealing personal data,” an engineer surnamed Wang at antivirus service provider Rising International Software told the Global Times.

Apple has sued Nokia in the UK over nine patents, in a continuation of the legal battle that has raged between the two companies in the US over the last year.

According to a statement from Nokia on Wednesday, “Apple’s action is an unsurprising development, which seems designed to put pressure on the ongoing dialogue between both companies”. It is not yet clear which patents are the subject of the suit.

Nokia was the first aggressor in the legal war, having sued Apple over the iPhone manufacturer’s use of GSM, 3G and Wi-Fi patents in October 2009. Apple struck back with a countersuit in December 2009. In March 2010, a Delaware court put both lawsuits on hold to give the US International Trade Commission time to issue its own deliberation on the matter. Then, in May, Nokia expanded its original suit to include the iPad as well as the iPhone.

‘Sophos’ security firm bewares of a different kind of phishing threat which is targeting Australian Commonwealth bank customers, using a DNS hijacking Trojan to hack login information.

According to the researchers, the attack begins with phishing emails targeting a genuine Commonwealth Bank pattern, which contains the company’s logo, copyright notice and additional identification details. The fake email also contains the heading as “Update your Commonwealth Bank” and says that the email has been sent to inform the recipient that his/her account will be ceased within a period of 48 hours because of Account Inactivity, as reported by Sophos lab blogs on 15 September, 2010.

Also, the users are informed that particular details related with their account are needed to be confirmed, so that they can continue operating it. The purpose of the text is to spread rumours in order to scare users. Starting with “Customer ID: 000-5432-654386-PSI”, the emails looks authentic and depends on the reality that maximum customers are not able to remember their personal ID number.

PayPal has fixed a cross-site scripting problem on its mobile payments site that, left unaddressed, had the potential for misuse in phishing attacks.

The vulnerability, discovered by hacking and security site Security-Shell, also created a possible mechanism for hackers to redirect surfers from mobile.paypal.com onto untrusted sites.

In a statement issued on Wednesday, PayPal said that it had plugged the website vulnerability. “We act very quickly whenever we discover any security issues and dealt with this issue within hours of finding out about it.”

INSECURITY EXPERTS attending the Virus Bulletin 2010 conference have voted overwhelmingly to abolish the PDF standard and replace it with a safe document format.

In a conference session Paul Baccus, a senior threat researcher at Sophos, asked the audience for a straw poll on the future of Adobe’s PDF and it voted by an estimated 97 per cent to dump the standard and work on a new safe document format with better software security.

The ever media friendly Graham Cluley, senior technology consultant at Sophos, told The INQUIRER that at this point Baccus asked if anyone from Adobe was in the session. After a pause a voice at the back shouted “Of course not, it’s a security conference.”