InSecurity Complex

Google pulls more SMS fraud-related Android apps

Google has removed five additional apps from the Android Market that mobile-security firm Lookout alleges appear to be engaged in SMS fraud targeting Europeans.

The apps were removed after Lookout discovered them yesterday, a Lookout representative told CNET today. That brings the total number of apps removed that Lookout has dubbed "RuFraud" (Russian Fraud) to 27, the representative said.

The apps, which appear to be free versions of legitimate games or wallpaper, are designed to do nothing more than charge premium SMS toll rates on European phones, according to Lookout. The rates are buried within the terms of … Read more

Microsoft fixes Duqu hole, but not BEAST problem

Microsoft has finally patched a flaw being exploited by the Duqu Trojan, but a fix to protect Internet Explorer users from having their encrypted communications snooped on didn't quite make the cut.

As part of Patch Tuesday today Microsoft released 13 security bulletins, fixing 10 important bugs and three critical ones, according to the advisory.

MS11-087 fixes a critical hole in the TrueType font handling in the Windows kernel that could allow an attacker to take control of a machine. It has been used in the wild to infect systems with the Duqu malware. "Now that the patch … Read more

Google Wallet stores too much unencrypted data in a rooted device--report

Google Wallet does a good job of storing passwords but doesn't encrypt the entire credit card number, balance, and other information, a research firm said today after testing the application on a rooted device.

Data that is stored on the device in various SQLite databases in unencrypted form also includes name on the card, the last four digits of the credit card, card limit, expiration date, transaction dates, and locations, ViaForensics said in a report titled "Forensic security analysis of Google Wallet."

In addition, the application created a recoverable image of a credit card that could provide … Read more

Google boots 'RuFraud' apps from Android market

Lookout is warning Android users in Europe about a slew of apps that showed up on the Android Market in the last week that aren't what they appear to be.

Google has removed 22 apps and suspended the developer accounts, a Google spokesman confirmed to CNET today.

The apps were purporting to be free versions of legitimate games or wallpaper. Instead, they appeared designed to do nothing more than charge premium SMS toll rates on European phones, Lookout said today. The rates are buried several levels deep within the terms of service, and users may not realize that they … Read more

HP sued over security flaw in printers

A lawsuit against Hewlett-Packard alleges that the company sold LaserJet printers that it knew had a security flaw in them that could allow hackers to steal data, take control of networks and even cause physical damage to printers through overheating.

The suit, filed last week in district court in San Jose, Calif., accuses HP of knowingly selling printers with a design defect that renders them "highly vulnerable to attacks by hackers." The plaintiff, David Goldblatt of New York, said he would not have purchased two HP printers had he known about the problems. It alleges HP violated the … Read more

Yahoo awarded $610 million from lottery spammers

A judge has awarded Yahoo $610 million in a lawsuit against spammers who sent e-mails to people falsely telling them they had won a lottery prize from Yahoo.

The federal district court judge in New York ordered defendants, whom Yahoo did not identify, on Monday to pay Yahoo $27 million for trademark infringement, $583 million for violating the Can-Spam Act, and an unreleased sum for attorney's fees.

Yahoo filed the lawsuit in 2008, alleging that spammers were using the fake lottery e-mails to defraud people. The messages were designed to trick recipients into providing their bank and other information … Read more

Adobe warns of attacks using Reader on Windows

Hackers are exploiting a previously unknown flaw in Reader to attack computers running Windows, Adobe said today.

A patch for the critical vulnerability in Reader and Acrobat is expected by next week, the company said in a blog post.

The vulnerability, which is being exploited in "limited, targeted attacks in the wild against Adobe Reader 9.x on Windows," could allow an attacker to take control of the system, Adobe said.

Adobe is finalizing a fix and expects to release an update for Reader and Acrobat 9.x for Windows no later than the week of December 12, … Read more

T-Mobile deploys Carrier IQ on BlackBerry, others

The more the subject of Carrier IQ gets stirred, the more questions arise.

Last week, BlackBerry maker Research In Motion distanced itself from the Carrier IQ controversy saying:

RIM is aware of a recent claim by a security researcher that an application called "CarrierIQ" is installed on mobile devices from multiple vendors without the knowledge or consent of the device users. RIM does not pre-install the CarrierIQ app on BlackBerry smartphones or authorize its carrier partners to install the CarrierIQ app before sales or distribution. RIM also did not develop or commission the development of the CarrierIQ application, … Read more

FCC to review SF subway cell service shutdown rules

The chairman of the U.S. Federal Communications Commission says the agency will review the new rules adopted by the San Francisco subway that allow officials to shut down cell service in the subway stations because of the legal and policy issues it raises.

The Bay Area Rapid Transit District, known as BART, adopted a policy yesterday that bars officials from interrupting cell service in subway stations except in "extraordinary circumstances," such as when there is evidence of imminent unlawful activity that threatens the safety of people, property destruction, or disruption of subway service.

"Today BART took … Read more