Daily Tech Briefing: July 30, 2014

By eWEEK Staff  |  Posted 2014-07-30 Print this article Print

Fake ID flaw puts Android users at risk; HP brings 'Capture the Flag' competition to Black Hat; Cisco will ship ACI technology July 31; and more.

Apple iPhone 7 Users Report 'Hissing' Noise That May Prove Innocuous

DAILY VIDEO: "Hissing" iPhone 7s reported, but that may be a normal noise; Microsoft delivers Version...

Google Smartphone, VR Headset Expected to Debut at Oct. 4 Event

DAILY VIDEO: Google expected to unveil smartphone, VR headset at Oct. 4 event; Ellison claims...

Samsung Says Green Charging Light Hallmark of Safe Note7 Handsets

DAILY VIDEO: Samsung Note7 recall update: How to ID a non-defective handset; Oracle launches a major...

Google to Roll Out Allo Messaging App on Sept. 21: Report

DAILY VIDEO: Google reportedly launching Allo messaging app Sept. 21; Intel, GE partner to make...

iPhone 7 Plus So Far More Popular Than iPhone 7

DAILY VIDEO: iPhone 7 sales patterns contrast with those of iPhone 6 and 6s; mobile carriers unveil...

Apple Says iPhone 7 Sales Start With Some Models Already Sold Out

DAILY VIDEO: Apple says some iPhone 7 models are already sold out; Qualcomm pushes for more dual...

Apple Says It's Fixed iOS 10 Bug That Disabled Some iPhones, iPads

DAILY VIDEO: Apple's new iOS 10 update disables iPhones, iPads for some users; Samsung to limit Note7...

Apple Delivers iOS 10 Ahead of iPhone 7 Arrival

DAILY VIDEO: Apple releases iOS 10 just before iPhone 7 arrives; official recall of Samsung Galaxy...

Google Working With Huawei to Build 7-Inch Tablet: Report

DAILY VIDEO: Google rumored to Be Planning Huawei-Built 7-Inch Tablet; Bing Update Asks Smarter...

Google to Label Sites That Don't Upgrade to HTTPS as 'Non-Secure

DAILY VIDEO: Google to start labeling as non-secure sites that use HTTP; Dell and HPE CEOs debate the...

Read more about the stories in today's news:


Black Hat USA, Fake ID, Google, Bluebox Security, Android, Adobe, Hewlett-Packard, DefCon, Fortify on Demand, HP Fortify, Cisco, Application Centric Infrastructure, Google Drive, email, iOS, Apple, App Store, Google Play,

At the 2013 Black Hat USA conference, Jeff Forristal revealed the Master Key vulnerability impacting millions of Android users. For this year's conference, Forristal is back to reveal a Fake ID vulnerability that could enable attackers to impersonate valid app developers.

He will provide full details of the Fake ID flaw, identified as Google bug 13678484, during a session at Black Hat USA 2014, which runs Aug. 4-7 in Las Vegas. Forristal is CTO of Bluebox Security, which focuses on mobile security.

He explained that Android is actually hard-coded to give apps from Adobe special permissions. So Adobe apps are allowed to be a plug-in for other apps. With the Fake ID flaw, a malicious app can then be enabled to inject code into any other app.

Hewlett-Packard is bringing a Capture the Flag competition to the 2014 Black Hat USA conference. This will be run in a format similar to the CTF event at the DefCon security conference.

Daniel Miessler, practice principal for Fortify on Demand at HP Fortify, declined to give specific details of the challenges that HP will present at its Black Hat CTF, although he said that the challenges will be familiar to many security professionals. He did hint that one challenge may be looking for buffer overflow conditions in code.

Cisco Systems officials announced that the company is days away from making its Application Centric Infrastructure technology generally available. This news comes about one year after the company first introduced its answer to the growing network virtualization trend.

Thomas Scheibe, director of product management at Cisco, explained that Cisco will begin shipping its Application Policy Infrastructure Controller and prepackaged Application Centric Infrastructure "starter kits" July 31.

A new capability allows Google Drive users on mobile iOS devices to share files more easily with others by inserting them directly into a Gmail message and sending them. his capability will even notify users if the file they are sending isn't preset for sharing with the recipient so the settings can be changed.

The feature is available in the latest version of the Gmail iOS app, which is available from the Apple App Store. Android users can get the latest version of the Gmail Android app from the Google Play store.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel