RIM’s Troubles May Not Be Over

Law firms in the United States and Canada are considering possible consumer lawsuits against Research In Motion Ltd for last week’s BlackBerry outages, which for three days crippled email and messaging for tens of millions of users around the world.

Consumer lawyers say they are investigating whether customers have common claims against the BlackBerry manufacturer and might be able to band together in a single lawsuit.

While the outage did not rise to the level of seriousness comparable to a dangerous medication or tainted food, it inconvenienced and angered customers. Frustrated BlackBerry users, turning to blogs, message boards, Twitter and Facebook, complained about losing important emails and missing meetings last week.

Law firms are considering breach-of-contract or consumer-fraud claims, attorneys said.

A breach-of-contract claim could argue the company failed in its obligations to provide service and could include carriers for BlackBerry service as additional defendants, said attorneys exploring litigation against RIM.

Source…

Mobile Security Threats Continue To Grow

According to industry analysts, mobile device shipments will exceed a billion devices in 2015 and will rapidly outrun PC shipments. That’s great news for end user convenience, mobility, and work-anywhere productivity. But it also means that enterprises must prepare for the fact that the criminals will target these devices with attack exploits, spyware,
and rogue applications.

And while IBM’s IT security research team, X-Force, predicts a modest 33 software exploits targeting mobile devices in the year ahead, that’s roughly twice the number of such attack code released in the past year.

The group also sees a number of other troubling mobile security trends. First, when software flaws do surface, many mobile phone makers do not rapidly deploy software patches to devices; malicious apps are often distributed through third-party app markets. Another troubling trend is that some mobile malware can collect end user’s personal information for use in phishing attacks.

An example of vulnerabilities that would make such attacks possible are the two recent Android security flaws that were reported to affect popular handsets including the AT&T Samsung Galaxy SII and various HTC devices.

The security find announced by security researcher Trevor Eckhart, called HTClogger (logging tools introduced by handset maker HTC) that could leak email account information, user location, phone numbers, and messaging logs.

Handset maker HTC said, in a statement, that it is working to quickly issue an update to its customers. “HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly,” the company said.

Source….

Tool Created To Hack BlackBerry Passwords

A Russian security firm has upgraded a phone-password cracking software with the ability to figure out the master device password for Research in Motion’s BlackBerry devices.

Elcomsoft said on Thursday that before it developed the product, it was believed that there was no way to uncover a device password on a BlackBerry smartphone or PlayBook tablet. BlackBerry smartphones are configured to wipe all data on the phone if a password is typed incorrectly 10 times in a row, the company said.

Elcomsoft said it figured a way around the problem using a BlackBerry’s removable media card, but only if a user has configured their smartphone in a specific way. In order for Elcomsoft’s software to be successful, a user must have enabled the feature to encrypt data on the media card.

The feature is disabled by default, but Elcomsoft said around 30% of BlackBerry users have it enabled for extra security.

The company’s software can then analyze the encrypted media card and use a brute-force method to figure out a password, which involves trying millions of possible password combinations per second until one works.

Elcomsoft said it can recover a seven-character password in less than an hour if the password is all lower-case or all capital letters. The software does not need access to the actual BlackBerry device but just the encrypted media card.

Read More..

Get Ready For Email-Malware Spree

A sizeable uptick in malicious email attachments is just subsiding, but if history is any indicator,several smaller spikes are about to follow that use even more deceptive tactics than their predecessors.

The recent surge, fueled in large part by a flood of fake messages from UPS, is similar to one observed at the end of March in that the messages urge recipients to open an attachment that releases the malware on victims’ machines, according to Internet security firm Commtouch.

The earlier wave used a wide range of package-delivery services as senders, including FedEx and DHL, but the latest outbreak employs a wider variety of messages such as, “Dear client, recipient’s address is wrong”, “Dear User, Delivery Confirmation: FAILED”, and “Dear Client, We are not able to delivery [sic] the postal package”, according to the Commtouch blog.

All the messages then instruct the recipient to open the attachment that contains the malware, claiming it is an invoice or a form that needs to be filled out. “This time we see differences in the style of the emails – there is far more variation in the automatically-generated subjects, body and attachment names. Last time all the attachments were “UPS.exe” – this time there are many variations,” says Avi Turiel, director of product marketing at Commtouch in an email.

The attackers will evaluate the success of the attack by finding out how many recipients activated the malware, “Based on the infections vs. malware sent out they will probably try and figure out what they could improve in the next attack,” he says.

Read More…

India Wants To Monitor Twitter & Facebook

India’s Communications Ministry has received a request from the Home Ministry to monitor social networking websites such as Twitter and Facebook amid fears that the services are being used by terrorists to organize attacks.

The request suggests that the Indian government is trying to expand the scope of its online surveillance for national security purposes.

Telecommunications service providers in India provide facilities for lawful interception and monitoring of communications on their network, including communications from social networking websites such as Facebook and Twitter, in accordance with their license agreements, Milind Deora, the minister of state for communications and IT, told Parliament, according to the country’s Press Information Bureau.

But there are certain communications which are encrypted, Deora said Friday.

The government did not provide details of what encrypted data they would like to have access to. A spokesman for the home ministry said on Monday that additional
information can only be provided in Parliament while it is in session.

Under new rules to the country’s IT Act that came into force earlier this year, websites and service providers are required to provide government security agencies with information on private accounts, including passwords, on request without a court order.

Most companies, however, are not willing to share information with law enforcement agencies unless they have a court order.

Twitter states in its guidelines for law enforcement that “non-public information about Twitter users is not released unless we have received a subpoena, court order, or other valid legal process document.”

Read More…

Acer Is The Latest Victim Of Computer Hacking

Taiwanese PC manufacturer Acer is investigating a cyber hacker attack that stole customer data from its Packard Bell division in Europe, the company said.

Acer said the security breach was limited to customers’ names, addresses, phone numbers, emails, and system serial numbers. No credit card data was stolen, it said. Acer provided no other details about the breach, and said the investigation was ongoing.

News of the breach was reported several days ago, after a hacker group called Pakistan Cyber Army claimed to have stolen the personal data of about 40,000 people from an Acer server in Europe. Acer did not comment on the attack at the time.

The Hacker News had published screen shots of the personal data and some of the source code that was stolen in the security breach. It also said that the Pakistan Cyber Army would issue a press release detailing more about their motives. But so far, no new information has surfaced from the hacking group.

Read More….

EBS Coming To Your Smartphone

In the event of local and/or nationwide disasters, wireless carriers will soon begin alerting the public by sending emergency SMS text messages to mobile phones.

AT&T, Sprint, T-Mobile and Verizon Wireless have all agreed to a participate in this new Emergency Broadcast System alert method. It  will initially be rolled  out in New York and Washington, D.C., later this year, and nationwide next year, in April at the earliest.

The emergency text messages will cover public safety threats, Amber Alerts for missing children, and messages from the president, the New York Times reports. Messages will be free for customers, who can opt out of them all except the presidential messages.

We don’t expect the alerts to be frequent,” Julius Genachowski, chairman of the Federal Communications Commission, told the Times. “They will be reserved for when they are truly needed, for tornadoes or for disasters like 9/11.”

Genachowski said the emergency texts will look different from ordinary messages, making them more difficult for hackers to infiltrate or fake. They’ll probably appear directly on the screen, along with a special vibration or other signal. No word on how closely they’ll resemble the tone and color bars of the current Emergency Broadcast System for televisions, or whether users can expect “this is a test” messages on a regular basis.

Read More…..

« Previous Page