Daily Tech Briefing: July 30, 2014

By eWEEK Staff  |  Posted 2014-07-30 Print this article Print

Fake ID flaw puts Android users at risk; HP brings 'Capture the Flag' competition to Black Hat; Cisco will ship ACI technology July 31; and more.

Facebook Starts 'Journalism Project' to Curb Fake News

DAILY VIDEO: Facebook unveils ambitious project to clean up news feeds; Google rolls out new cloud...

Yahoo to Emerge from Verizon Sale Under New Name: 'Altaba

DAILY VIDEO: CEO, co-founder to leave Yahoo, now known as Altaba; DHS designates election machines,...

Hacker Enters Guilty Plea to Attacks on U.S. Intelligence Officials

DAILY VIDEO: Hacker pleads guilty to attacks against U.S intelligence officials; Google spinoff...

MongoDB Databases Hit by Multiple Groups of Ransomware Attackers

DAILY VIDEO: MongoDB ransomware impacts over 10,000 databases; Labor Department sues Google demanding...

FTC Sues D-Link Over Security Flaws in Routers, IP Cameras

DAILY VIDEO: FTC claims D-Link routers and IP cameras are leaving consumers at risk; Microsoft...

Red Hat Improves Hybrid Cloud Management With CloudForms 4.2

DAILY VIDEO: Red Hat CloudForms 4.2 Improves Hybrid Cloud Management; Virtual Reality-Enabled Windows...

DHS-FBI Report Provides Details on Russian Hacks of U.S. Targets

DAILY VIDEO: DHS-FBI report details Russian malicious cyber activity; U.S. prosecutors charge three...

Amazon Refuses to Give Police Echo Digital Assistant User Transcripts

DAILY VIDEO: Amazon resists warrant for Echo digital assistant user transcripts; South Korea fines...

Congressional Study Concludes Strong Encryption Important for Economy

DAILY VIDEO: Congressional study backs strong encryption essential for U.S. economy; Container...

Security Flaws Detected in Panasonic Airline Entertainment System

DAILY VIDEO: Security vulnerabilities found in airline entertainment systems; Akamai acquires...

Read more about the stories in today's news:


Black Hat USA, Fake ID, Google, Bluebox Security, Android, Adobe, Hewlett-Packard, DefCon, Fortify on Demand, HP Fortify, Cisco, Application Centric Infrastructure, Google Drive, email, iOS, Apple, App Store, Google Play,

At the 2013 Black Hat USA conference, Jeff Forristal revealed the Master Key vulnerability impacting millions of Android users. For this year's conference, Forristal is back to reveal a Fake ID vulnerability that could enable attackers to impersonate valid app developers.

He will provide full details of the Fake ID flaw, identified as Google bug 13678484, during a session at Black Hat USA 2014, which runs Aug. 4-7 in Las Vegas. Forristal is CTO of Bluebox Security, which focuses on mobile security.

He explained that Android is actually hard-coded to give apps from Adobe special permissions. So Adobe apps are allowed to be a plug-in for other apps. With the Fake ID flaw, a malicious app can then be enabled to inject code into any other app.

Hewlett-Packard is bringing a Capture the Flag competition to the 2014 Black Hat USA conference. This will be run in a format similar to the CTF event at the DefCon security conference.

Daniel Miessler, practice principal for Fortify on Demand at HP Fortify, declined to give specific details of the challenges that HP will present at its Black Hat CTF, although he said that the challenges will be familiar to many security professionals. He did hint that one challenge may be looking for buffer overflow conditions in code.

Cisco Systems officials announced that the company is days away from making its Application Centric Infrastructure technology generally available. This news comes about one year after the company first introduced its answer to the growing network virtualization trend.

Thomas Scheibe, director of product management at Cisco, explained that Cisco will begin shipping its Application Policy Infrastructure Controller and prepackaged Application Centric Infrastructure "starter kits" July 31.

A new capability allows Google Drive users on mobile iOS devices to share files more easily with others by inserting them directly into a Gmail message and sending them. his capability will even notify users if the file they are sending isn't preset for sharing with the recipient so the settings can be changed.

The feature is available in the latest version of the Gmail iOS app, which is available from the Apple App Store. Android users can get the latest version of the Gmail Android app from the Google Play store.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel