Government Asks for Security Community's Help on Technical Issues

LAS VEGAS–Washington is looking for a few good hackers. Politicians and policymakers in the United States generally are not thought of as being the most technically savvy lot. It’s a reputation that’s well-earned in some cases, with some politicians boasting about their inability to use email and...

Multiple Android applications fail to properly validate SSL certificates

Overview Multiple Android applications fail to properly validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle MITM attack. Description When communicating via HTTPS, an application should validate the SSL chain to be sure that the...

FTC Settles With Fandango, Credit Karma Over SSL Issues in Mobile Apps

The makers of two major mobile apps, Fandango and Credit Karma, have settled with the Federal Trade Commission after the commission charged that they deliberately misrepresented the security of their apps and failed to validate SSL certificates. The apps promised users that their data was being...

Unfixed XSS vulnerability at www.fandango.com

Security researcher 5k1z k17, has submitted on 25/03/2010 a cross-site-scripting XSS vulnerability affecting www.fandango.com, which at the time of submission ranked 1141 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/07/2010. It is current...