BlackBerry says TIFF vulnerability exposes enterprise servers to malware

BlackBerry has always prided itself on its top-notch security features, so it's a little worrying to see the company release a "high severity" advisory today warning of a potential exploit. According to the Waterloo-based operation:

Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone.

Essentially, hackers could rig a TIFF file with malware and then trick a BlackBerry user into loading it via webpage, email or an embedded message, thus allowing the bad guys into their company's Enterprise Server. BlackBerry hasn't received any reports of attacks just yet, but urges IT administrators to update their BES software all the same. The update is available at the source, as are several temporary workarounds for those that can't update their installations just yet.

Via: Naked Security

Source: BlackBerry Knowledge Base

Source

By: Unknown On 6:15 PM

Continue Reading

Nokia engineer exposes Windows Store piracy problems

A Nokia engineer working on Windows Phone 8 has posted details on how Microsoft's Windows Store approach to security can be bypassed to avoid paying for games and in-app purchases. The process involves things like injecting code into the purchase process, altering a few lines for security checks, and changing files associated with games. That’s probably more than the average user is prepared to handle, but it does highlight a potential threat to developers who have submitted their creations to the Windows Store.

Justin Angel, the engineer in question, points out that there’s a fundamental problem with Microsoft storing game data locally -- including encrypted files alongside the algorithm and algorithm key/hash for decryption. “If it’s stored locally, we can find it, read it and modify it,” he says.

Angel explains the process using a handful of games as case studies. In Soulcraft, for example, he was able to decrypt and edit XML files to gain 1,000,000 of gold for his first level character (worth over a thousand dollar on Android and iOS), while in Meteor Madness he was able to modify another file to turn the trial game into the full $1.5 version. There's also an example that ditches ads in Minesweeper and a workaround to unlock levels in Cut The Rope. Basically, if there’s a way for developers to make money, there’s a way to bypass it.

Angel says his findings are meant to be educational with the hope that “both developers and Microsoft can benefit from an open exchange of knowledge,” and that Nokia had nothing to do with the research. Justin Angel’s website is currently offline for some reason but the article is available through Google Cache.

View the original article here

By: Dilusha On 1:11 PM

Continue Reading

Sony's Alpha A99 gets torn apart, exposes its 35mm full-frame sensor (video)

There are not any reviews for this product yet.
Why not be the first to write one?

Get better reviews from people who actually have this product!

write a reviewsee all reviews ?

Sourse

By: Dilusha On 11:38 AM

Continue Reading