Android devices await Heartbleed fix

By -
Version 4.1.1 of Android Jelly Bean was released in 2012 Millions of Android devices remain vulnerable to the Heartbleed bug a week after the flaw was made public. Google announced last weekthat handsets and tablets running version 4.1.1 of its mobile operating system were at risk. The search giant has since created a fix, but it has yet to be pushed out to many of the devices that cannot run higher versions of the OS. It potentially places owners at risk of having sensitive data stolen. In addition security firms warn that hundreds of apps available across multiple platforms still need to be fixed. These include Blackberry's popular BBM instant messaging softwarefor iOS and Android. Still dangerous Last week internet security firm Cloudfare questioned if Heartbleed was as dangerous as claimed. The company - which had been one of the select few to be informed of the bug before it was made public - said it had been unable to exploit the flaw to reveal the server certificate private keys that would make sites vulnerable to impersonation. On Friday it announced a test for others to try, but warned that it believed the task was "likely impossible". It did not take long for the firm to be proved wrong. The same day Russian security researcher Fedor Indutny managed to "steal" an SSL key from Cloudfare's servers. He said that it took him less than three hours to do so. Since then a further three people - including a computer security researcher at the University of Cambridge - have completed the challenge. "This result reminds us not to underestimate the power of the crowd and emphasises the danger posed by this vulnerability," blogged Cloudfare's software engineering leader Nick Sullivan. Cloudfare blog The Canadian firm has said that it will not issue a fix until Friday, but said there was only an "extremely small" risk of hackers exploiting the bug to steal its customers' data. In the meantime the program remains available for download from Apple's App Store and Google Play. Data theft News of the vulnerability with recent versions of the OpenSSL cryptographic software library was made public last Monday after researchers from Google and Codenomicon, a Finnish security firm, independently discovered the problem. OpenSSL is used to digitally scramble data as it passes between a user's device and an online service in order to prevent others eavesdropping on the information. It is used by many, but not all, sites that show a little padlock and use a web address beginning "https". The researchers discovered that because of a coding mishap hackers could theoretically access 64 kilobytes of unencrypted data from the working memory of systems using vulnerable versions of OpenSSL. Although that is a relatively small amount, the attackers can repeat the process to increase their haul. UK versions of the HTC One S handset cannot currently be upgraded beyond Android 4.1.1 Futhermore, 64K is enough to steal passwords and server certificate private keys - information that can be used to let malicious services masquerade as genuine ones. Press reports initially focused on the risk of users visiting vulnerable websites, but attention is now switching to mobile. At-risk handsets Google's own statistics suggest that fewer than 10% of Android devices currently run version 4.1.1. However, since close to one billion peoplecurrently use the OS that is still a significant number. Some of those device owners can protect themselves by upgrading Android to a more recent version. But several machines are unable to be upgraded higher than 4.1.1. Customer websites indicate these include Sony's Xperia Eand Xperia Jhandsets, HTC's One S, Huawei's Ascend Y300and Asus's PadFone 2. "Privacy and security are important to HTC and we are committed to helping safeguard our customers' devices and data," said the Taiwanese firm. "We're currently working to implement the security patch issued by Google this week to the small number of older devices that are on Android 4.1.1." Asus said its device was "expecting an update imminently". Sony and Huawei were unable to comment. Tab grab Google has now created a fix to address the problem. However, manufacturers still need to adapt it for their devices and this software will need to be tested by the various operators before they release it. Sony and Huawei were not able to say when they planned to patch vulnerable devices Users can check which edition of Android they are running by going to the "about phone" or "about tablet" option in their Settings app. Alternatively several free apps have been released that can scan phones and tablets to say if they are vulnerable. Lookout - a security firm behind one of the products - explained how hackers might take advantage of a vulnerable handset. "Someone could build a malicious website or advert designed to steal data from your memory," Thomas Labarthe, the firm's European managing

Comments

Post a Comment

Popular posts from this blog

First computer made of carbon nanotubes is unveiled.

By -
The first computer built entirely with carbon nanotubes has been unveiled, opening the door to a new generation of digital devices. "Cedric" is only a basic prototype but could be developed into a machine which is smaller, faster and more efficient than today's silicon models. Nanotubes have long been touted as the heir to silicon's throne, but building a working computer has proven awkward. The breakthrough by Stanford University engineers is published in Nature. Cedric is the most complex carbon-based electronic system yet realised. So is it fast? Not at all. It might have been in 1955. Cedric's vital statistics *.1 bit processor *.Speed: 1 kHz *.178 transistors *.10-200 nanotubes per transistor *.2 billion carbon atoms *.Turing complete *.Multitasking The computer operates on just one bit of information, and can only count to 32. "In human terms, Cedric can count on his hands and sort the alphabet. But he is, in the full sense of the word, ...
Read More

2014 Prophecies By Dr. DK Olukoya Of MFM

By -
Dr. Olukoya tagged the year the passover year with reference to Exodus 12 vs 21, wherein promises would be fulfilled, he also drew a nexus between the number 14 and the passover, going to the prophecies, he said. 1. This year is going to be one of great revival 2. It is going to be a year of many questions but very few answers 3. There is going to be deliverance this year from afflictions and bondages 4. A year of monumental failure for those who trust in the occult
Read More

A-Z Country Domain List Extensions

By -
Below is a full list of country code extensions from each country. These extensions include the top-level domain as well as any second and/or third level domain from each country. All country domain extensions are listed alphabetically by country. Afghanistan Domain registrations at the second-level are unrestricted, but more expensive. Third-level names have restrictions based on which second-level name they are beneath .af  - Registrations are taken directly at the second level or at the third level beneath the following domain extensions. .com.af  - Commercial entities (Trade license / Business authorization or approval from the Ministry of Commerce.) .edu.af  - Educational institutions .gov.af  - Government and agencies .net.af  - Network providers .org.af  - Non-commercial entities
Read More