Wednesday, July 14, 2010

Quick links for Bastille Day, 2010

Two quickies about phone security issues and one surprising report about which company had the most vulnerabilities.

Slashdot News Story | Hack AT&T Voicemail With Android
An anonymous reader writes "It is shockingly easy to gain access to an AT&T customer's voicemail using caller ID spoofing techniques. What's worse is that AT&T knows about it. On your Android phone, download one of the two caller ID spoofing programs. Input the number of your target as the destination number and then enter the same number as the spoofed caller ID. Then connect your call. If the target has not added a voicemail password (the default is no password), you will be dropped into a random menu of their voicemail and eventually can drill up or down to get what you want. You can change greetings, erase messages, send voicemails out of the target account, and much more. How many politicians up in arms about Google Wi-Fi sniffing will want to know more about this?"

BlackBerry offers users free security app
BlackBerry maker RIM has shown a new free application that owners can use to track their much-loved smartphones in the event they are lost, stolen, or simply misplaced around the house.

In beta until later this year, the simplest and perhaps most useful feature of BlackBerry Potect is the way it can be used to trace a mislaid BlackBerry. Users log in to Protect web portal and activate the 'loud ring' feature, which causes the BlackBerry to advertise its location for one minute, hopefull from a nearby location.

The feature works as long as the phone is switched on and will override the silent mode setting. Failing that, the ringer will default to maximum volume to allow users to phone the handset instead.

In the event that the phone is lost in a public place, the Protect app portal can be used to remotely set up a password and lock setting on the device as a way of protecting data from prying eyes. A 'lost and found' screen can also be set.

In order to locate the lost smartphone, the GPS function allows the portal to track the BlackBerry's exact map location. If the device has been stolen, a remote wipe feature can be used to delete all stored data from the device, including from any installed Micro-SD card.

A wireless backup function, which should have been set first, allows lost data to be restored to a new BlackBerry.

Members of the Beta Zone can get hold of the pre-release version of the app from this week via invite codes but all other BlackBerry users will have to wait until later this year to use Protect, the company said.

Report: Apple had the most vulnerabilities throughout 2005-2010 | ZDNet

Which vendor has the most reported security vulnerabilities?

According to Secunia’s recently released report, between 2005 and 2010 that’s Apple Inc. followed by Oracle and Microsoft. Moreover, based on the company’s data, ten vendors are responsible for 38% of the total number of vulnerabilities, and seven of the vendors on the top 10 list back in 2005, still occupy the top positions in 2010.

However, interpreting this data through the prism of the current threat landscape, results in some pretty interesting findings. For instance, although Apple visibly tops the graph, excluding social engineering driven malware attacks targeting Mac OS X users, there are no known widespread campaigns utilizing any of these vulnerabilities — targeted attacks and cyber espionage attacks excluded.

Moreover,  although Adobe is on the 5th position, in 2009 malicious PDFs represented 80 percent of all exploits, followed by active exploitation of Flash taking into consideration the fact that millions of users continue browsing the Web using outdated versions of Adobe’s products.

No comments: