[SECURITY] [DSA 3178-1] unace security update
Monthly Archives: March 2015
Bugtraq: [ MDVSA-2015:051 ] sympa
[ MDVSA-2015:051 ] sympa
Bugtraq: [ MDVSA-2015:052 ] tomcat
[ MDVSA-2015:052 ] tomcat
Bugtraq: [ MDVSA-2015:053 ] tomcat6
[ MDVSA-2015:053 ] tomcat6
Toys “R†Us resets account passwords to counter stolen reward points
Account holders with Toys “R” Us have been informed that their passwords will be reset, after unauthorised third-parties attempted to gain access to the company’s reward program.
The post Toys “R” Us resets account passwords to counter stolen reward points appeared first on We Live Security.
WhatsSpy Public: The app that spies on WhatsApp users Â
When WhatsApp decided to let users hide or display the ‘Last Seen’ info, many hurried to disable a feature they considered a breach of privacy. However, shortly after came the blue check marks, which caused angry reactions from users who considered it yet another intrusion into their privacy. The new feature proved to be rather unpopular among many, and so, the instant messaging service decided to let users disable the annoying tick marks and breathe a big sigh of relief.
Despite all the measures you may take to hide as many details as you can about your digital life, a lot of that information is still available to third parties. For example, even if you change your WhatsApp privacy settings, any would-be snooper can still see the time when you are online.
WhatsApp is aware of this design flaw since the end of last year; however, they haven’t done anything about it. Users are normally not aware of this bug, so it has been mostly overlooked.
Now, however, Dutch developer Maikel Zweerink has released an application that demonstrates that WhatsApp users’ online status and other information can be monitored, even with the strictest privacy settings: WhatsSpy Public.
The name might ring a bell as it is similar to another tool, WhatsSpy, which claimed to have similar features to WhatsSpy Public (or even more invasive), even though it turned out to be a fraud.
Even if the ‘Last Seen’ option is disabled, WhatsSpy Public can still track the user’s online status, as well as the last time of connection and any changes made to profile photos. Zweerink’s intention is not to provide snoopers with the perfect tool to spy on other people indiscriminately, but highlight the messaging service’s ineffective privacy options.
Everything started as an experiment. Zweerink was trying to build a bot for personal use, when he realized that someone could use a similar tool to track other people’s digital footprint. He then decided to develop an app to fully expose and share his discovery with other people.
Once the app is installed, all you have to do to retrieve the online status of any telephone number is to add it to your contacts and open a chat window, without alerting the phone number owner or asking for their permission.
The bot displays the victim’s information in the chat window, just as if the snooper had actually subscribed to the other user’s account. Attackers could use the tool to track any WhatsApp user they choose to follow, even though Zweerink explains that the app is not designed to support a large number of requests.
Maybe it is not too serious that other people may know when you are online or not, but Zweerink believes it is unacceptable that WhatsApp’s privacy settings simply don’t work. In his opinion, the company is giving users a false sense of security by ensuring it protects some private information it actually doesn’t protect.
Zweerink also warns that this information could be used not only by friends or contact but also by companies. Many Internet advertisers use the trace people leave on the Internet (the Web pages they visit, their online activities, etc.) to design custom advertising campaigns; and they could do the same with your WhatsApp information.
A spokesperson for WhatsApp recently denied Zweerink’s accusations that the app’s security settings are broken, explaining that the Dutch researcher’s tool simply gathers publicly available data. And that’s precisely the point that Zweerink is trying to make: the fact that some WhatsApp user information is simply there for anyone to see no matter what you do.
The post WhatsSpy Public: The app that spies on WhatsApp users appeared first on MediaCenter Panda Security.
Media Alert: Kaspersky Lab to Hold a Panel Discussion at Mobile World Congress to Explore the Hostile World Online for Generation Mobile
Avast Launches Memory Saving Cleaner App for Android
Today, Avast announced the launch of Avast GrimeFighter at the Mobile World Congress in Barcelona. The new application helps Android users free extra memory on their devices with just a few taps so they can save the data that matters to them while enjoying a faster, smoother performance on their devices.
How Avast GrimeFighter works
Avast GrimeFighter begins by scanning all applications on an Android device, identifying unimportant or unnecessary data that could be eliminated without damaging applications’ functionalities. Using GrimeFighter’s easy-to-use interface, users can choose from two modes that allow them to eliminate excess files with ease: Safe Cleaner and Advanced Cleaner. Safe Cleaner is a customizable scanner that quickly identifies unimportant data for instant, one-tap removal. Advanced Cleaner runs in parallel to Safe Cleaner, mapping all of the device’s storage and creating a simple overview of all files and applications that take up space. Advanced Cleaner locates inflated or unused applications and arranges them by file type, size, usage, or name, so users can permanently remove the files and free up storage space.
In addition to cleaning up unwanted data, Avast GrimeFighter helps maximize storage capacity by syncing with personal cloud storage accounts so users can manage their device’s storage without having to delete valuable data. Users can drag files to the cloud icon and GrimeFighter will instantly transfer them to a safe folder in the cloud. Avast GrimeFighter is currently compatible with Dropbox and can assist users in setting up a Dropbox account. Additional popular cloud storage solutions will be added soon.
How does excess data get accumulated?
Bits and pieces of data accumulate on your device, whether you are aware of it or not. GrimeFighter helps you locate excess data that you wouldn’t typically be able to find, such as data left over from initiated app downloads, residual data, thumbnails, and app caches. Popular apps, like Facebook and Instagram, also create excess data on your device as they inflate from their original download size when used regularly. Avast tested some of the most popular Android apps and found that their size can grow exponentially during one week of heavy usage:
install size: additional data accumulated:
1) Facebook 36.7MB 153MB
2) Flipboard 12.6MB 71.1MB
3) Google Maps 23.21MB 68.8MB
Avast GrimeFighter will help the more than one billion Android users free up anywhere from 500MB to 1GB of storage per device to enjoy faster performance and is available for download on Google Play.
GNU Transport Layer Security Library 3.3.13
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
MDVSA-2015:050: patch
Updated patch package fixes security vulnerabilities:
It was reported that a crafted diff file can make patch eat memory
and later segfault (CVE-2014-9637).
It was reported that the versions of the patch utility that support
Git-style patches are vulnerable to a directory traversal flaw. This
could allow an attacker to overwrite arbitrary files by applying a
specially crafted patch, with the privileges of the user running patch
(CVE-2015-1395).
GNU patch before 2.7.4 allows remote attackers to write to arbitrary
files via a symlink attack in a patch file (CVE-2015-1196).