Daily Tech Briefing: July 30, 2014

By eWEEK Staff  |  Posted 2014-07-30 Print this article Print

Fake ID flaw puts Android users at risk; HP brings 'Capture the Flag' competition to Black Hat; Cisco will ship ACI technology July 31; and more.

Microsoft Closes $26 Billion LinkedIn Social Network Buyout

DAILY BRIEFING: Microsoft completes $26 Billion LinkedIn social network acquisition; Google develops...

Windows 10 Creators Updates Includes New Security Features

DAILY VIDEO: Microsoft bolsters security features in windows 10 creators update; Dynamics 365...

AT&T 5G Wireless Trial Handles Streaming 4K HD Video, Camera Feeds

DAILY VIDEO: AT&T's first 5G business trial handles new high speed mobile apps; SCOTUS trims...

Amazon Shows Off Grocery Store Without Checkout Counters

DAILY VIDEO: Amazon unveils no-checkout POS system for early 2017; Google patches Android for 74...

Avalanche Botnet Shut Down by International Law Enforcement Action

DAILY VIDEO: Avalanche botnet disabled by law enforcement; Google launches continuous testing service...

More than 1 Million Android Devices Infected by 'Gooligan' Trojan

DAILY VIDEO: 'Gooligans' malware infects more than 1.3 million Android devices; Firefox patched for...

Azure Cloud Flaw Posed Hacking Risk to RHEL Virtual Machines

DAILY VIDEO: Microsoft Azure flaw posed RHEL hacking risk; Google explores use of machine learning to...

Microsoft Readying New Smartphone Models for Late 2017, Reports Say

DAILY VIDEO: Microsoft readying new mobile device push in 2017, reports say; Cisco extends security...

San Francisco Transit Agency Gets Back Online After Ransomware Attack

DAILY VIDEO: Cyber-attack knocks out San Francisco transit system fare terminals; Cisco extends...

Recount in Wisconsin Unlikely to Reveal Vote System Fraud, Hacking

DAILY VIDEO: Election recount unlikely to reveal evidence of vote system hacking; Mimecast brings...

Read more about the stories in today's news:


Black Hat USA, Fake ID, Google, Bluebox Security, Android, Adobe, Hewlett-Packard, DefCon, Fortify on Demand, HP Fortify, Cisco, Application Centric Infrastructure, Google Drive, email, iOS, Apple, App Store, Google Play,

At the 2013 Black Hat USA conference, Jeff Forristal revealed the Master Key vulnerability impacting millions of Android users. For this year's conference, Forristal is back to reveal a Fake ID vulnerability that could enable attackers to impersonate valid app developers.

He will provide full details of the Fake ID flaw, identified as Google bug 13678484, during a session at Black Hat USA 2014, which runs Aug. 4-7 in Las Vegas. Forristal is CTO of Bluebox Security, which focuses on mobile security.

He explained that Android is actually hard-coded to give apps from Adobe special permissions. So Adobe apps are allowed to be a plug-in for other apps. With the Fake ID flaw, a malicious app can then be enabled to inject code into any other app.

Hewlett-Packard is bringing a Capture the Flag competition to the 2014 Black Hat USA conference. This will be run in a format similar to the CTF event at the DefCon security conference.

Daniel Miessler, practice principal for Fortify on Demand at HP Fortify, declined to give specific details of the challenges that HP will present at its Black Hat CTF, although he said that the challenges will be familiar to many security professionals. He did hint that one challenge may be looking for buffer overflow conditions in code.

Cisco Systems officials announced that the company is days away from making its Application Centric Infrastructure technology generally available. This news comes about one year after the company first introduced its answer to the growing network virtualization trend.

Thomas Scheibe, director of product management at Cisco, explained that Cisco will begin shipping its Application Policy Infrastructure Controller and prepackaged Application Centric Infrastructure "starter kits" July 31.

A new capability allows Google Drive users on mobile iOS devices to share files more easily with others by inserting them directly into a Gmail message and sending them. his capability will even notify users if the file they are sending isn't preset for sharing with the recipient so the settings can be changed.

The feature is available in the latest version of the Gmail iOS app, which is available from the Apple App Store. Android users can get the latest version of the Gmail Android app from the Google Play store.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel