Google bans Facebook and other self updating Android apps

Google just released a new Play Store version 4.0.27 that, contains only very minor tweaks and Google has changed the rules of its Google Play Store to put an end to the practice of developers updating their apps through their own means rather than the official Google Play channel. Shortly before...

Java Web Start Launcher ActiveX Control - Memory Corruption

Exploit for windows platform in category dos / poc Vendor description: ------------------- "To date, the Java platform has attracted more than 9 million software developers. It's used in every major industry segment and has a presence in a wide range of devices, computers, and networks. Java...

phpMyAdmin 3.5.7 Cross Site Scripting Vulnerability

phpMyAdmin version 3.5.7 suffers from a reflective cross site scripting vulnerability. Reflected XSS in phpMyAdmin 3.5.7 ==================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html...

Some iMessage Accounts Hit Hard by Mass Messaging, DoS Attacks

A handful of Apple developers have found their iMessage accounts the victim of what’s being loosely referred to as a series of denial-of-service attacks. Using rapid-fire AppleScript texts, attackers have been sending many messages at a time to about half a dozen iOS developers over the last week...

Google Removing Ad-Blocking Apps From Play Android Market

Google, which has been a favorite target of privacy advocates for the last few years, has taken another step that’s unlikely to endear the company to that crowd or Android users. The company has begun removing ad-blocking apps from the Google Play Android app market, apparently for violating the...

Adrian Stone on BlackBerry Security, Privacy and the Challenges of BYOD

Dennis Fisher talks with Adrian Stone, the head of security response at BlackBerry, about the new security model in BlackBerry 10, the partition between private and work data and the challenges of dealing with app developers who might not know a whole lot about security or privacy. Download:...

iOS Developer Site at Core of Facebook, Apple Watering Hole Attack

UPDATE – The missing link connecting the attacks against Apple, Facebook and possibly Twitter is a popular iOS mobile developers’ forum called iPhoneDevSDK which was discovered hosting malware in an apparent watering hole attack that has likely snared victims at hundreds of organizations beyond t...

Apple Breached by Facebook Hackers Using Java Exploit

Apple is the latest major American company to enter the security confessional and disclose it has been breached. The company told Reuters today it was attacked by the same crew that hit Facebook, which disclosed its breach last Friday, and that like the social media giant, no data had been stolen...

Google Play privacy issue, sends app buyers personal details to developers

Google is again under attack for its apparent mishandling of its users' personal information. An Australian software developer 'Dan Nolan' revealed that the search giant was sending him the full names, email and post codes of everyone who purchased his app on Google's Play. In a blog post, Nolan...

Google Play privacy issue, sends app buyers personal details to developers

Google is again under attack for its apparent mishandling of its users’ personal information. An Australian software developer 'Dan Nolan' revealed that the search giant was sending him the full names, email and post codes of everyone who purchased his app on Google's Play. In a blog post, Nolan...

Google Play Gives User Data to App Devs

Android application developer Dan Nolan claims that the Google Play store sends software developers the names, approximated locations, and email addresses of every individual that downloads one of their applications. Nolan created a “Paul Keating Insult Generator” application that is apparently...

Firefox OS for smartphones, incredible platform for Developers

Mozilla's Firefox OS, the mobile operating system from the company that makes the Firefox browser build entirely on open web standards and having ability to beat Android or iOS. Firefox OS is Mozilla's ambitious attempt to build an operating system that brings more openness to the walled gardens ...

FTC Endorses New Privacy Guidelines, Do Not Track for Mobile Apps, Devices

Hoping to ramp up privacy on mobile devices such as smartphones and tablets, the Federal Trade Commission FTC has released a series of suggestions to help app developers, advertising networks and device companies better protect their users online. As it’s done over the last two years with browser...

Adobe InDesign Server SOAP interface RunScript command execution

Added: 02/04/2013 BID: 56574 OSVDB: 87548 Background Adobe InDesign is a desktop publishing application. It includes a server interface providing an API for software developers using SOAP. Problem The SOAP interface in Adobe InDesign Server allows remote, unauthenticated attackers to run arbitrar...

[SECURITY] Fedora 17 Update: libwebp-0.2.1-1.fc17

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

CERT Releases UPnP Security Advisory

Multiple vulnerabilities have been announced in libupnp, the open source portable SDK for UPnP devices. Libupnp is employed by hundreds of vendors for UPnP-enabled devices. Information is also available in CERT Vulnerability Note VU922681. US-CERT recommends that affected UPnP device vendors and...

GitHub Search Down After Some Credentials and Crypto Keys Exposed

GitHub’s search capability remains dark Friday after it was discovered that the code-sharing site’s search feature could be used to dredge up passwords, private crypto keys, and other credentials developers use in their projects. GitHub is a popular collaboration site for open source software...

California Attorney General Fighting for Mobile Privacy Rights

UPDATE – In an attempt to reign in the tendency of indifference toward consumer privacy among mobile application developers, California Attorney General Kamala D. Harris today made public a list of guidelines regulating the ways in which mobile application developers and technology companies hand...

[Watcher v1.5.6] Web Security Testing Tool and Passive Vulnerability Scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...

Microsoft Releases January 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framework as part of the Microsoft Security Bulletin summary for January 2013. These vulnerabilities could allow remote code execution, elevation of privilege,...