vulnerability

A researcher showed today that Oracle's databases could be hacked with brute-force attacks using only the database's name and a username, according to Kaspersky Lab Security News.

Esteban Martinez Fayo, who works for AppSec Inc., was demonstrating his discovery at a security conference in Argentina and said that within just five hours on a regular PC using a special tool he could hack through easy passwords and access users' data.

"It's pretty simple," Martinez Fayo told the security blog Dark Reading. "The attacker just needs to know a valid username in the database, and … Read more

A developer is taking Virgin Mobile USA to task, arguing that its username and password handling put users at risk.

Kevin Burke yesterday took to his personal blog to report that Virgin Mobile's authentication process only allows for users to input numbers as their account PIN. What's worse, he says, the password is limited to six numbers, leaving "only one million possible passwords you can choose."

"This is horribly insecure," Burke wrote. "Compare a 6-digit number with a randomly generated 8-letter password containing uppercase letters, lowercase letters, and digits -- the latter has … Read more

More than 50 percent of Android devices have serious vulnerabilities that are unpatched because carriers are often slow to update the software, a mobile security researcher says.

"Since we launched X-Ray [Android app used for scanning for vulnerabilities], we've already collected results from over 20,000 Android devices worldwide. Based on these initial results, we estimate that over half of Android devices worldwide have unpatched vulnerabilities that could be exploited by a malicious app or adversary," Jon Oberheide, chief technology officer at Duo Security, wrote in a blog post. The results are then extrapolated using Google's … Read more

The Auslogic Registry Cleaner is an application for cleaning up problematic and error-filled files or folders on your computer, making it run more efficiently.

This is a good application to have, and it is pretty easy to use. You don't have to be a very advanced computer user to use it properly. There are a few scan options for more advanced users, but this Registry Cleaner already selects a default list of the drives and items it will search and repair. The Scan and Repair processes were very quick. It took half a minute to scan a little over … Read more

While 3D printing has shown much promise in helping to treat physical ailments and disabilities, there may be more nefarious applications in the near future.

The security of high-end handcuffs can be defeated by plastic keys cheaply produced with a laser cutter and 3D printer, a man who identified himself as "Ray" demonstrated last week at a Hackers on Planet Earth conference workshop, according to a Forbes report.

His 3D-printer-produced replica keys opened handcuffs produced by German manufacturer Bonowi and British maker Chubb, both of which try to restrict distribution of keys that open their locks to law-enforcement … Read more

There's a pretty good chance you've scanned a QR code with your smartphone. QR is short for "quick response." Hidden in those lines are embedded code only your smartphone can read that points it to a new location on the Web. Online marketing gurus are singing the digital praises for the inexpensive cost with maximum return on investment.

The real estate industry is one example. Agents are able to market their hottest properties and themselves by embedding QR codes into their signs and brochures. QR design companies say they're seeing exponential growth in their business … Read more

Yahoo made its first foray into the browser business this evening, but did it give us an unfinished product?

As my colleague Rafe Needleman explains, Axis is an aggressive product designed to eliminate the middleman in the usual search process and take visitors from query process straight to the desired page.

However, this doesn't appear to be the only step Yahoo skipped; the struggling Internet pioneer also left out an explanation of its terms of service. A search for those basic rules turns up a placeholder page that informs users:"Terms will go here."

Granted, most users … Read more

In an effort to cut down on hacking, bugs, and vulnerabilities, Google offers dollar rewards for people to hack into its Web services.

The Internet giant began swapping security research for cash over the past couple of years, but today it announced that it was upping the ante.

"In just over a year, the program paid out around $460,000 to roughly 200 individuals," Google security team members Adam Mein and Michal Zalewski wrote in a blog post. "We're confident beyond any doubt the program has made Google users safer."

As of today, hackers can … Read more

Thanks in large part to Android's history of lax app policing, Google's mobile operating system has been criticized as insecure.

But now it appears that apps with no permissions pose a new threat, gaining access to sensitive personal information without authorization. Leviathan Security Group researcher Paul Brodeur explained in a blog post earlier this week that he created a proof-of-concept to demonstrate that "no permissions" apps still have access to the device's SD card, handset identification data, and files stored by other apps.

On the SD card, Brodeur's app yielded a list of all … Read more