Daily Tech Briefing: July 30, 2014
Black Hat USA, Fake ID, Google, Bluebox Security, Android, Adobe, Hewlett-Packard, DefCon, Fortify on Demand, HP Fortify, Cisco, Application Centric Infrastructure, Google Drive, email, iOS, Apple, App Store, Google Play,
At the 2013 Black Hat USA conference, Jeff Forristal revealed the Master Key vulnerability impacting millions of Android users. For this year's conference, Forristal is back to reveal a Fake ID vulnerability that could enable attackers to impersonate valid app developers.
He will provide full details of the Fake ID flaw, identified as Google bug 13678484, during a session at Black Hat USA 2014, which runs Aug. 4-7 in Las Vegas. Forristal is CTO of Bluebox Security, which focuses on mobile security.
He explained that Android is actually hard-coded to give apps from Adobe special permissions. So Adobe apps are allowed to be a plug-in for other apps. With the Fake ID flaw, a malicious app can then be enabled to inject code into any other app.
Hewlett-Packard is bringing a Capture the Flag competition to the 2014 Black Hat USA conference. This will be run in a format similar to the CTF event at the DefCon security conference.
Daniel Miessler, practice principal for Fortify on Demand at HP Fortify, declined to give specific details of the challenges that HP will present at its Black Hat CTF, although he said that the challenges will be familiar to many security professionals. He did hint that one challenge may be looking for buffer overflow conditions in code.
Cisco Systems officials announced that the company is days away from making its Application Centric Infrastructure technology generally available. This news comes about one year after the company first introduced its answer to the growing network virtualization trend.
Thomas Scheibe, director of product management at Cisco, explained that Cisco will begin shipping its Application Policy Infrastructure Controller and prepackaged Application Centric Infrastructure "starter kits" July 31.
A new capability allows Google Drive users on mobile iOS devices to share files more easily with others by inserting them directly into a Gmail message and sending them. his capability will even notify users if the file they are sending isn't preset for sharing with the recipient so the settings can be changed.
The feature is available in the latest version of the Gmail iOS app, which is available from the Apple App Store. Android users can get the latest version of the Gmail Android app from the Google Play store.