EU Asks Google to Delay Privacy Policy Changes

European officials want Google to slow its plans to introduce a new privacy policy so that they can investigate whether or not it is strong enough to protect user data. The Article 29 Working Party, which is comprised of European data protection officials as well as a representative from the...

Privacy Fail: Is Uncle Sam Encouraging Bad Security?

CANCUN, MEXICO – A prominent privacy activist says that leading software vendors, and the U.S. government are failing the public when it comes to Internet privacy, and that big changes are needed to prevent consumers from criminals, advertisers and government spies. Christopher Soghoian, a...

360手机卫士 for Android 权限许可和访问控制漏洞

CVE-2011-4769 Android是Google通过Open Handset Alliance发起的项目，用于为移动设备提供完整的软件集，包括操作系统、中间件等。 360手机卫士,360 MobileSafe com.qihoo360.mobilesafe应用程序2.1.0版本和2.2.0版本中存在漏洞，该漏洞源于未能正确保护数据。远程攻击者可利用此漏洞借助特制应用程序读取或修改SMS消息。 0 360手机卫士360 MobileSafe 2.1.0 360手机卫士360 MobileSafe 2.2.0 目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接：...

Tencent(腾讯)手机QQ for Android 权限许可和访问控制漏洞

CVE-2011-4864 Android是Google通过Open Handset Alliance发起的项目，用于为移动设备提供完整的软件集，包括操作系统、中间件等。 Android的Tencent MobileQQ com.tencent.mobileqq应用程序2.2版本中存在漏洞，该漏洞源于未正确保护数据。远程攻击者可利用此漏洞借助特制应用程序读取或修改短信息和好友列表。 0 Tencent腾讯手机QQ for Android 2.2 目前厂商已经发布了升级补丁以修复此安全问题 补丁获取链接： http://mobile.qq.com...

Android 'Tencent QQPhoto'权限许可和访问控制漏洞

CVE-2011-4867 Android是Google通过Open Handset Alliance发起的项目，用于为移动设备提供完整的软件集，包括操作系统、中间件等。 Android的Tencent QQPhoto com.tencent.qqphoto应用程序0.97版本中存在漏洞，该漏洞源于未正确保护数据。远程攻击者可利用此漏洞借助特制应用程序读取或修改联系人列表和密码哈希值。 0 0.97 the latest version in 29 Dec 2011 目前厂商还没有提供此漏洞的相关补丁或者升级程序 建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

eBank IT Online Banking Cross Site Scripting

Title: ====== eBank IT Online Banking - Multiple Web Vulnerabilities Date: ===== 2012-01-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=313 VL-ID: ===== 313 Introduction: ============= As a leading provider of innovative online banking software solutions, eBank-IT!...

Hawaii Bill Would Require Internet Data Retention For Two Years

A Hawaiian legislator has introduced a broadly worded data-retention bill that require ISPs and other service providers to retain their customers’ Internet activity records for at least two years. The bill, introduced by state Rep. John Mizuno, does not have any provisions for exclusions or priva...

CVE-2011-4770

The QIWI Wallet ru.mw application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application...

CVE-2011-4704

The Voxofon com.voxofon application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application...

CVE-2011-4772

The 360 KouXin com.qihoo360.kouxin application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application...

CVE-2011-4867

The Tencent QQPhoto com.tencent.qqphoto application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application...

CVE-2011-4864

The Tencent MobileQQ com.tencent.mobileqq application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application...

CVE-2011-4705

The Ming Blacklist Free vc.software.blacklist application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list via a crafted application that launches a "data-flow attack."...

CVE-2011-4865

The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...

CVE-2011-4771

The Scan to PDF Free com.scan.to.pdf.trial application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application...

CVE-2011-4697

The Xiaomi MiTalk Messenger com.xiaomi.channel application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a crafted application...

CVE-2011-4699

The Ubermedia Twidroyd Legacy com.twidroydlegacy application 4.3.11 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application...

CVE-2011-4702

The Nimbuzz com.nimbuzz application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application...

Code injection

The AnGuanJia com.anguanjia.safe application 2.10.343 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application...

Code injection

The UberMedia UberSocial com.twidroid application 7.x before 7.2.4 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application...