Monday, March 31, 2014
Tuesday, February 25, 2014
Apple release patch for a SSL security vulnerability - mSecLabs - MOBIQUANT Mobile Security Labs | mSecLabs - MOBIQUANT Mobile Security Labs
The vulnerability occurs in the logic some iOS applications use toApple
has recently pushed an emergency update for iOS (7.0.6) that fixes a
critical vulnerability that could allow hackers to intercept the user’s
traffic (email, messages etc) and other communications that is meant to
be encrypted.
authenticate themselves to the server over SSL (Secure Socket Layer).
Because of this flaw, an attacker who is present on the same wired or
wireless network can perform a man in the middle (MITM) attack and
bypass the initial authentication check during the connection handshake.
Once this is done, the attacker can see all the traffic going to and
fro from your device to the server. He can modify the data over the air
and also eavesdrop over all the user’s information.
More details about the vulnerability can be found here.
It is recommended to update to the latest version of iOS (7.0.6) that
patches this vulnerability. Until then, it is advisable not to use any
untrusted WiFi networks as your information might be eavesdropped upon.
After reverse engineering the patch, several security researchers
have found out that the flaw exists in the current versions of Mac OSX
as well. No patch is available yet for that operating system, though one
is expected soon.
Read Article on mSeclabs Team website: Apple release patch for a SSL security vulnerability
Blog Mobiquant : Apple's 'Gotofail' Security Mess Extends To Mail, Twitter, iMessage, Facetime And More
encryption in iOS, requiring an emergency patch. Then researchers found
the same bug is also included in Apple’s desktop OSX operating system, a
gaping Web security hole that leaves users of Safari at risk of having their traffic hijacked.
Now one researcher has found evidence that the bug extends beyond
Apple’s browser to other applications including Mail, Twitter, Facetime,
iMessage and even Apple’s software update mechanism.
On Sunday, privacy researcher Ashkan Soltani posted a list of OSX applications on Twitter
that he says he’s determined use Apple’s “secure transport” framework,
the coding library that developers depend on to build programs that
securely communicate online using the common encryption protocols TLS
and SSL. The full list, which isn’t comprehensive given that Soltani
only analyzed the programs on his own PC, is shown below. (Soltani has
underlined the vulnerable application names in red.)
Privacy researcher Ashkan Soltani’s list of
OSX applications that use Apple’s vulnerable implementation of SSL and
TLS encryption. (Click to enlarge.)
OSX applications that use Apple’s vulnerable implementation of SSL and
TLS encryption. (Click to enlarge.)
Soltani, an independent researcher whose recent work has
included analyzing the surveillance documents leaked by NSA contractor
Edward Snowden on behalf of the Washington Post, warns that the security
of several applications on that list are severely compromised,
including Apple’s email program Mail, scheduling app Calendar and the
its official Twitter desktop client. The bug affects how Apple devices
authenticate their secure connection with servers, allowing an
eavedropper to fake that verification and hijack or corrupt traffic
using what’s known as a “man-in-the-middle” attack. ”All these apps
would be vulnerable to the same man-in-the-middle vulnerability outlined
on Friday,” Soltani says.
Some of the affected apps such as iMessage and Facetime have added
security that could reduce the effects of the security vulnerability,
though Soltani warns that for the iMessage instant messaging application
the initial login at Apple’s me.com website may be compromised, even if
the messages themselves remain encrypted, and that similar problems may
exist for Facetime. “There are going to be parts of the protocol like
the initial ‘handshake’ that rely on TLS, and those will be vulnerable
to man-in-the-middle attacks,” Soltani says.
Equally troubling is the notion that Apple’s Software Update
application is affected, which means that Apple’s mechanism for pushing
new code to OSX machines, including security updates, could be
compromised. Soltani notes that in addition to SSL and TLS, Software
Update also checks for Apple’s signature on any code that it asks users
to install. But he adds that the code-signing protection hasn’t stopped
malware from spoofing those updates in the past to install spying tools on victims’ machines.
I’ve reached out to Apple for comment on Soltani’s findings, and I’ll update this post if I hear from the company.
Apple’s newly discovered security flaw, dubbed “gotofail” by the
security community due to a single improperly used “goto” command in
Apple’s code that triggered it, initially came to light Friday when
Apple issued a security update for iOS. Researchers at the security firm
Crowdstrike and Google quickly reverse engineered that patch to show
how it affected OSX as well, and initially recommended that users stay away from untrusted networks and avoid Safari, which is more dependent on Apple’s implementation of SSL and TLS than other browsers such as Chrome or Firefox.
Soltani’s work, however, shows that the problem extends further,
leaving many users with few options for secure communications until
Apple issues a fix for its desktop software. The company promised in a statement to Reuters
Saturday to make that fix available “very soon.” Given the widening
gaps in Apple’s security the flaw exposes, it can’t come soon enough.
Read article on Forbes Magazine:
Apple's 'Gotofail' Security Mess Extends To Mail, Twitter, iMessage, Facetime And More - Forbes
http://www.mobiquant.com
Website Mobiquant
Sunday, February 2, 2014
iH8sn0w ANNOUNCES A PERMANENT BOOTROM EXPLOIT JAILBREAK FOR A5/A5X IOS DEVICES
iH8sn0w , the author of numerous jailbreak softwares, announced on Twitter that he has discovered a bootrom exploit for all Apple devices with A5/A5X processors.
In 2010, the hacker Geohot (aka George Hotz) had found a bootrom exploit called Limera1n, which formed the base for untethered jailbreak for devices running A4 processors.
Unlike a security flaw in the ‘User Space’, which can easily be fixed
by Apple through a simple software update in a fairly quick time,
exploits targeting the BootRom address the physical layer (physical ROM,
NAN storage L3/L2 baseband, GEM and kernel). These are particularly
complicated to fix by Apple as this requires a hardware update and hence
cannot be pushed to existing users.
.../...
Read full article on Mobiquant website and Mobiquant Facebook:
iH8sn0w ANNOUNCES A PERMANENT BOOTROM EXPLOIT JAILBREAK FOR A5/A5X IOS DEVICES
- iH8sn0w Twitter message about his jailbreak new exploit
Unlike a security flaw in the ‘User Space’, which can easily be fixed
by Apple through a simple software update in a fairly quick time,
exploits targeting the BootRom address the physical layer (physical ROM,
NAN storage L3/L2 baseband, GEM and kernel). These are particularly
complicated to fix by Apple as this requires a hardware update and hence
cannot be pushed to existing users.
.../...
Read full article on Mobiquant website and Mobiquant Facebook:
iH8sn0w ANNOUNCES A PERMANENT BOOTROM EXPLOIT JAILBREAK FOR A5/A5X IOS DEVICES
Wednesday, January 29, 2014
Mobiquant Blog : FBI Has Tor Mail's Entire Email Database
FBI Has Tor Mail's Entire Email Database
was an anonymized email service run over Tor. It was operated by a
company called Freedom Hosting, which was shut down by the FBI last August. The owner was arrested for 'enabling child porn,' and the Tor Mail servers suddenly began hosting FBI malware that attempted to de-anonymize users. Now, Wired reports on a new court filing which indicates that the FBI was also able to grab Tor Mail's entire email database.
'The filings show the FBI built its case in part by executing a search
warrant on a Gmail account used by the counterfeiters, where they found
that orders for forged cards were being sent to a TorMail e-mail
account: "platplus@tormail.net." Acting on that lead in September, the
FBI obtained a search warrant for the TorMail account, and then accessed
it from the bureau's own copy of "data and information from the TorMail
e-mail server, including the content of TorMail e-mail accounts,"
according to the complaint (PDF) sworn out by U.S. Postal Inspector Eric Malecki.'"
Read Slashdot article :
FBI Has Tor Mail's Entire Email Database - Slashdot
Tuesday, January 28, 2014
Les applications de téléphone comme Angry Birds vous surveillent pour la NSA
La NSA, l'agence américaine de renseignement chargée des
interceptions de communications, et son homologue britannique du GCHQ
collectent quantité de données sur les utilisateurs d'applications sur
téléphones intelligents, que ce soit Facebook, Angry Birds ou Google
Maps, a révélé lundi le New York Times.
Après les révélations sur la collecte des métadonnées téléphoniques,
la récupération des SMS ou encore la surveillance des plateformes de
jeux en ligne, de nouveaux documents fournis par l'ancien consultant
Edward Snowden dévoilent encore un peu plus la portée des activités de
surveillance de la NSA.
Selon le Times, qui s'appuie sur ces documents, à chaque fois que
quelqu'un utilise une application sur son smartphone, ce programme fait
apparaître quantité de données sur la localisation de l'utilisateur ou
encore la liste de ses contacts, des données que la NSA et le GCHQ
britannique récupèrent dans le cadre de leurs vastes programmes de
collecte.
Un rapport cité par le quotidien note ainsi que toute mise à jour du
système d'exploitation Android envoie sur le réseau 500 lignes de
données sur l'historique du téléphone et son utilisation, des données
captées par les agences de renseignement.
Lire l article :
Les applications de téléphone comme Angry Birds vous surveillent pour la NSA
interceptions de communications, et son homologue britannique du GCHQ
collectent quantité de données sur les utilisateurs d'applications sur
téléphones intelligents, que ce soit Facebook, Angry Birds ou Google
Maps, a révélé lundi le New York Times.
Après les révélations sur la collecte des métadonnées téléphoniques,
la récupération des SMS ou encore la surveillance des plateformes de
jeux en ligne, de nouveaux documents fournis par l'ancien consultant
Edward Snowden dévoilent encore un peu plus la portée des activités de
surveillance de la NSA.
Selon le Times, qui s'appuie sur ces documents, à chaque fois que
quelqu'un utilise une application sur son smartphone, ce programme fait
apparaître quantité de données sur la localisation de l'utilisateur ou
encore la liste de ses contacts, des données que la NSA et le GCHQ
britannique récupèrent dans le cadre de leurs vastes programmes de
collecte.
Un rapport cité par le quotidien note ainsi que toute mise à jour du
système d'exploitation Android envoie sur le réseau 500 lignes de
données sur l'historique du téléphone et son utilisation, des données
captées par les agences de renseignement.
Lire l article :
Les applications de téléphone comme Angry Birds vous surveillent pour la NSA
Friday, January 24, 2014
Monday, January 20, 2014
Mobiquant News: iPad and iPhone users urged to switch to Android by Eric Schmidt ~ Blog Mobiquant Technologies
Mobiquant Technologies - Mobile Security Management :
Google executive chairman issues how to leave Apple guide for new Android users. Google executive chairman Eric Schmidt has authored a guide to help Apple iPhone users make the switch to the Android mobile operating system. Mobiquant News: iPad and iPhone users urged to switch to Android by Eric Schmidt ~ Blog Mobiquant Technologies.
The post Mobiquant News: iPad and iPhone users urged to switch to Android by Eric Schmidt ~ Blog Mobiquant Technologies appeared first on Mobiquant Technologies.
from WordPress http://ift.tt/1mly8i2
via IFTTT
Thursday, January 16, 2014
Thursday, December 12, 2013
Wednesday, December 11, 2013
Mobile Security Management
Mobiquant Technologies flagship product - Mobile NX Defender Suite™ empowers enterprises, governments and end-users in manageing security vulnerabilities of their mobile devices and applications in real-time. Mobile NX™ opens up potential for new use cases that will improve productivity & increase returns on mobile fleet & IT investments.
Monday, December 2, 2013
▶ LG G Flex, first Self Healing Phone from scratches and fully flexible !
At Mobiquant, we got the new LG G flex, and were impressed .
South Korean electronics company LG has launched its Flex smartphone with an intriguing “self-healing” coating that supposedly allows it to recovers from accidental scratches.
To put this claim to the test, YouTube tech personality Marques Brownlee has deliberately scratched his LG Flex phone with his keys, mimicking the way they would rub up against the phone in his pocket.
Surprisingly, after just a few minutes, the light scratches were already mostly cleared up and barely noticeable, thus demonstrating the self-healing power of LG’s special cover coating.
Brownlee also took a knife to his LG Flex—while its self-healing feature was less effective in this case, the knife cut did become far less obvious than it would have been with a regular phone.
Whatch Bronwlee demo:
South Korean electronics company LG has launched its Flex smartphone with an intriguing “self-healing” coating that supposedly allows it to recovers from accidental scratches.
To put this claim to the test, YouTube tech personality Marques Brownlee has deliberately scratched his LG Flex phone with his keys, mimicking the way they would rub up against the phone in his pocket.
Surprisingly, after just a few minutes, the light scratches were already mostly cleared up and barely noticeable, thus demonstrating the self-healing power of LG’s special cover coating.
Brownlee also took a knife to his LG Flex—while its self-healing feature was less effective in this case, the knife cut did become far less obvious than it would have been with a regular phone.
Whatch Bronwlee demo:
mPROAPPSTORE SMEAP : Mobile Enterprise Application, Write once, securely run anywhere
Centralized management enabling administrators to control which users can access an application and what enterprise databases that application can exploit data from.
simplify cross-platform development.
Friday, November 29, 2013
Google aurait envisagé de quitter les Etats-Unis après le scandale de la NSA
Google aurait longuement hésité à déplacer ses serveurs et à quitter les Etats-Unis. C'est Eric Schmidt, le PDG de Google qui l'a annoncé à l'occasion du sommet annuel du Paley Media Center à New-York. La firme, éclaboussée par le scandale de l’espionnage illégal de l’Agence Nationale de Sécurité (NSA), a décidé de rester aux Etats-Unis... pour lutter contre les programmes de surveillance.
Lire l'article :
Google aurait envisagé de quitter les Etats-Unis après le scandale de la NSA
NX Safevoice™: A Unique Non NSA/NIST Standardised Voice and Video Encryption Solution
This reccurring question as global business environment is more and more insecure today has an answer now ! Mobiquant’s secure encrypted voice, visioconference and messenging chat solutions enable your business to bring your organization with a unique high level of mobile communication security. Today’s most efficient companies and public institutions want to ensure a high level of confidentiality and integrity in their communication. Mobiquant encrypted communication sessions enables your staff and employees to use existing systems for secure encrypted communications while maintaining compliance with PCI, HIPAA, and other regulations.Are there any good mobile secure voice, video and chat programs?
Discover more about NXSafeVoice by Mobiquant :
http://www.mobiquant.com/products/nx-safevoice/
Wednesday, November 27, 2013
NSA surveillance: Europe threatens to freeze US data-sharing arrangements | World news
NSA surveillance: Europe threatens to freeze US data-sharing arrangements
After Edward Snowden revelations, EU executive underlines US compliance with European law and 'how things have gone badly'
The EU executive is threatening to freeze crucial data-sharing arrangements with the US because of the Edward Snowden revelations about the mass surveillance of the National Security Agency.
The US will have to adjust their surveillance activities to comply with EU law and enable legal redress in the US courts for Europeans whose rights may have been infringed, said Viviane Reding, the EU's justice and rights commissioner who is negotiating with the US on the fallout from the NSA scandal.
European businesses need to compete on a level playing field with US rivals, Reding told the Guardian.
The US will have to adjust their surveillance activities to comply with EU law and enable legal redress in the US courts for Europeans whose rights may have been infringed, said Viviane Reding, the EU's justice and rights commissioner who is negotiating with the US on the fallout from the NSA scandal.
European businesses need to compete on a level playing field with US rivals, Reding told the Guardian.
Read more :
Tuesday, November 26, 2013
Mobiquant News: iPad and iPhone users urged to switch to Android by Eric Schmidt ~ Blog Mobiquant Technologies
Mobiquant Technologies - Mobile Security Management :
Google executive chairman issues how to leave Apple guide for new Android users. Google executive chairman Eric Schmidt has authored a guide to help Apple iPhone users make the switch to the Android mobile operating system. Mobiquant News: iPad and iPhone users urged to switch to Android by Eric Schmidt ~ Blog Mobiquant Technologies.
The post Mobiquant News: iPad and iPhone users urged to switch to Android by Eric Schmidt ~ Blog Mobiquant Technologies appeared first on Mobiquant Technologies.
from WordPress http://www.mobiquant.com/mobiquant-news-ipad-and-iphone-users-urged-to-switch-to-android-by-eric-schmidt-blog-mobiquant-technologies/?utm_source=rss&utm_medium=rss&utm_campaign=mobiquant-news-ipad-and-iphone-users-urged-to-switch-to-android-by-eric-schmidt-blog-mobiquant-technologies
via IFTTT
Mobiquant News: iPad and iPhone users urged to switch to Android by Eric Schmidt
Google executive chairman issues how to leave Apple guide for new Android users.
Google executive chairman Eric Schmidt has authored a guide to help Apple iPhone users make the switch to the Android mobile operating system.
Read more: ITPRO article
iPad and iPhone users urged to switch to Android by Eric Schmidt | IT PRO
Subscribe to:
Posts (Atom)
Stay updated, Subscribe
Posts
All Comments