Archive for the ‘security’ Category
Opening doors with wireless RFID cardkeys is old hat at this point, but opening those doors with a smartphone is rather more intriguing. Doing so without permission of the people who put the locks on the doors, well, that brings things up to a whole new level of awesomeness. That’s what Caribou does, a little Android app that remotely connects to a server managing the locks at a supposedly secure location. The app then diddles the ports and security settings of that server until it finds the magic phrase and, in a couple of seconds, it’s open sesame time. Doors are unlocked remotely and then, 30 seconds later, automatically locked again. How thoughtful.
We first saw this demonstrated a few days ago but weren’t entirely convinced of its legitimacy. But now, after exchanging a few e-mails with Michael Gough, who discovered the exploit, and Ian Robertson, who wrote the app, we’re convinced. They’re actually working with US-CERT on this issue so that appropriate measures will be taken but, in the short-term, if you have a system like this and it’s sitting out there, IP open to the internet and being caressed by every passing breeze, you might want to think about pulling that in behind your firewall. Lots more info at both source links below, though you can see it working for yourself right here in a video after the break, running on an HTC Incredible.
One small checkbox for your mouse pointer, one giant leap for your Twitter account’s security. The microblogging site that every techie knows, loves, and occasionally loathes, has added a new option to allow users to go HTTPS full-time. For the unenlightened among you, that means all your communications with Twitter can now be done over an SSL-encrypted channel, which massively boosts their resilience to external attacks. That won’t protect you if you’re careless with your password or leave your account logged in on computers other than your own, but at least you can sleep a little more restfully knowing that nobody other than yourself will be embarrassing you on the Twittersphere.
Oh, here we go again. Adobe’s kicked out a security bulletin for users of its Flash Player on “all platforms” — that’ll be the entire population of the internet, then — warning them that a new critical vulnerability has been discovered that may cause crashes and potentially permit the hijacking of systems. The issue also affects the company’s Reader and Acrobat software products. Even better news is that Adobe has found it’s being actively exploited “in the wild” via a .swf file embedded in an Excel spreadsheet, but a fix won’t be forthcoming until the beginning of next week. So, erm, enjoy your full web experience until then!
As you might recall, a certain game was racking up credit card bills because of its in-app purchases — something which probably resulted in some angry parents (or as the folks in Finland say, “birds”). In Apple’s latest iOS update, a feature has been implemented that requires the user to input their password whenever an in-app purchase is made. Will this new security measure actually prevent those children from purchasing hundreds worth of virtual fruit? A big boon for grown-ups, a big downer for those who no longer have an excuse to explain their Smurfberry obsession.