Daily Tech Briefing: July 30, 2014

By eWEEK Staff  |  Posted 2014-07-30 Print this article Print

Fake ID flaw puts Android users at risk; HP brings 'Capture the Flag' competition to Black Hat; Cisco will ship ACI technology July 31; and more.

How the Internet Survived Massive DNS Attack

DAILY VIDEO: Why a massive DNS attack didn't shut down the internet; the LinkedIn hacking suspect is...

Analysts Offer Mixed Views on AT&T-Time Warner Deal

DAILY VIDEO: Analysts weigh pros and cons of AT&T-Time Warner deal; massive cyber-attack shows...

Czech Police Arrest Alleged LinkedIn Hacker

DAILY VIDEO: Czech police apprehend alleged LinkedIn hacker; Intel gets a boost in lengthy appeal of...

Yahoo's Earnings Exceed Expectations but Ad Revenue Still Eroding

DAILY VIDEO: Yahoo's earnings report shows ad revenue is still eroding; Intel's record Q3 revenue is...

Snowden Offers Grim Assessment of State of Internet Security, Privacy

DAILY VIDEO: Edward Snowden gives his take on security...

FAA's Samsung Galaxy Note7 Flight Ban Poses Challenges for Travelers

DAILY VIDEO: FAA's Samsung Galaxy Note7...

Salesforce No Longer Plans to Pursue Twitter Acquisition

DAILY VIDEO: Salesforce withdraws from contention to acquire Twitter; HP to cut another 3,000 to...

Samsung Releases Details on How to Exchange Defective Note7 Phones

DAILY VIDEO: Samsung releases Note7 return details following its recall; what the new update process...

HP, Lenovo Vie for Top Spot in a Consolidating Global PC Market

DAILY VIDEO: HP closes in on Lenovo in a consolidating global PC market; Intel launches its first...

Samsung Permanently Halts Note7 Smartphone Production

DAILY VIDEO: Samsung ends Note7 smartphone production permanently after fires; Odinaff Trojan is...

Read more about the stories in today's news:


Black Hat USA, Fake ID, Google, Bluebox Security, Android, Adobe, Hewlett-Packard, DefCon, Fortify on Demand, HP Fortify, Cisco, Application Centric Infrastructure, Google Drive, email, iOS, Apple, App Store, Google Play,

At the 2013 Black Hat USA conference, Jeff Forristal revealed the Master Key vulnerability impacting millions of Android users. For this year's conference, Forristal is back to reveal a Fake ID vulnerability that could enable attackers to impersonate valid app developers.

He will provide full details of the Fake ID flaw, identified as Google bug 13678484, during a session at Black Hat USA 2014, which runs Aug. 4-7 in Las Vegas. Forristal is CTO of Bluebox Security, which focuses on mobile security.

He explained that Android is actually hard-coded to give apps from Adobe special permissions. So Adobe apps are allowed to be a plug-in for other apps. With the Fake ID flaw, a malicious app can then be enabled to inject code into any other app.

Hewlett-Packard is bringing a Capture the Flag competition to the 2014 Black Hat USA conference. This will be run in a format similar to the CTF event at the DefCon security conference.

Daniel Miessler, practice principal for Fortify on Demand at HP Fortify, declined to give specific details of the challenges that HP will present at its Black Hat CTF, although he said that the challenges will be familiar to many security professionals. He did hint that one challenge may be looking for buffer overflow conditions in code.

Cisco Systems officials announced that the company is days away from making its Application Centric Infrastructure technology generally available. This news comes about one year after the company first introduced its answer to the growing network virtualization trend.

Thomas Scheibe, director of product management at Cisco, explained that Cisco will begin shipping its Application Policy Infrastructure Controller and prepackaged Application Centric Infrastructure "starter kits" July 31.

A new capability allows Google Drive users on mobile iOS devices to share files more easily with others by inserting them directly into a Gmail message and sending them. his capability will even notify users if the file they are sending isn't preset for sharing with the recipient so the settings can be changed.

The feature is available in the latest version of the Gmail iOS app, which is available from the Apple App Store. Android users can get the latest version of the Gmail Android app from the Google Play store.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel