All GSM phones, such as those that run on T-Mobile and AT&T in the United States, are vulnerable to a major security flaw that could allow hackers to send text messages or place phone calls remotely using a new security flaw, one hacker said recently. Speaking to Reuters ahead of a hacking convention in Berlin, Karsten Nohl, the head of Germany’s Security Research Labs, said the attack could be initiated on a large scale, too. ”We can do it to hundreds of thousands of phones in a short timefr...

Microsoft employee Ben Rudolph recently tweeted that any Android phone owner who has a device infected with malware can tweet his or her story with the hashtag #windowsphone upgrade for a chance to win a free Windows Phone. That sounds like an attractive promotion, especially given Microsoft’s fresh batch of powerful and solid Windows Phone 7.5 (Mango) devices. Google has reportedly pulled more than 100 malware applications from the Android Market but Microsoft isn’t exactly an anti-malware poster...

A report was recently published by Android Police that suggests HTC’s Sense user interface has several major security flaws that provide HTC with access to SMS data, phone numbers, system logs, location information and much more. Worse, the flaw could potentially allow any third-party application to access the same private information without having permission from the user to do so. The security issue has been identified on the HTC ThunderBolt, EVO 4G and EVO 3D. “HTC takes our customers’ s...

Security blog Defense in Depth has found a glaring security flaw in OS X Lion that enables hackers to change the password of any user on a machine running Lion. “[While] non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Patrick Dunstan from Defense in Depth explained in a recent blog post. The result is that anyone could use a simple Python script, created by Dunstan himself, to discover a user’...

A security expert at Italian security firm AIR Sicurezza Informatica claims to have found a security flaw in Google’s new social network that allows hackers to potentially use Google+ servers to execute DDoS attacks. Simone Quatrini explained the flaw on the IHTeam Security Blog, and he wrote a script that can perform the attack, repeatedly prompting Google’s server to send requests to the target site. DDoS attacks, or distributed denial-of-service attacks, flood a web server with requests in a...

How’s this for an undocumented feature? Apple’s newer MacBook, MacBook Air and MacBook Pro notebooks have a security flaw that can allow hackers to remotely prevent the batteries from charging. Better yet, hackers can exploit the same flaw and remotely cause batteries to explode. Apple laptops’ new “smart” battery technology is intended to provide added control over power management, and it does just that. Unfortunately, it also gives hackers added control because the microcontro...

Apple released iOS 4.3.4 on Friday in an effort to fix a security vulnerability that was present on both the iPhone and the iPad. The fix was supposed to prevent hackers from using a PDF security hole to jailbreak both devices. That didn’t quite work. The next day iPhone Dev Team was able to route around the security fix and issued a jailbreak tool for iOS 4.3.4. iPhone Dev Team has released the latest redsn0w jailbreak tool, but unfortunately it forces iOS 4.3.4 users to keep their iPhone or iPad tethe...

Earlier today, we told you about a study conducted by Blaze Software comparing the native browser speeds in Apple’s iOS and Google’s Android. The results of over 45,000 tests were published, and the firm concluded that Android was roughly 52% faster than iOS in terms of browser performance. Not so fast, says Apple. In a statement to blog The Loop, an Apple spokesperson pointed out a perceived flaw in Blaze Software’s methodology. “Their testing is flawed because they didn’t actually ...

Just a quick follow up to an article we posted last week. It looks like Apple’s iOS 4.2 gold master candidate, which was pushed out to developers last night, closes the security loop hole that allowed the iPhone’s lock screen to be bypassed from the “Emergency Call” function. We’ve been trying, unsuccessful, to replicate the issue with the latest iOS pre-release.If you’re not a member of the developer community, and wondering when you can get your hands on iOS 4.2, know tha...

Blog 9to5Mac has picked up on an interesting bug in iOS 4.1, running on the iPhone, that will allow users to bypass the device’s lock screen and make phone calls. From a locked iPhone pressing the “Emergency Call” button, dialing a non-emergency number (such as “###”), then quickly pressing “Send” followed by the iPhone’s lock key will actually force the device into the “Phone” application. From there you can access favorites, contacts, the dial pad,...

A few months ago, Mozilla threw down the gauntlet by asking developers to find major security flaws in Firefox in return for a $3000 reward. Enter, Alex Miller from San Jose, who spotted a critical security flaw hidden away in the Firefox code. Alex spent 90 minutes every day for 10 days before he stumbled onto something and reported it to Firefox’s parent company. Security program manager at Firefox, Brandon Sterne, said: “Mozilla depends on contributors like these for our very, sort of, survival...

If you happen to be in your browser looking at twitter.com you may notice that the site is somewhat useless at the moment. Thanks to a JavaScript onMouseOver exploit, a nasty little bug is spreading through the micro-blogging site like wildfire. Simply mousing-over a carefully crafted tweet can redirect your browser to a website with malicious code or, in the case of Sarah Brown (wife of the former British Prime Minister), hardcore porn. The exploit is only affecting twitter.com when viewed in the browser and...

In mid-July, Mozilla announced that it was upping its “bug bounty” from $500 to $3,000 for every critical, reproducible security flaw reported. Today, MacWorld is reporting that, “Between 10 percent and 15 percent of the serious security bugs reported since Mozilla launched its bug bounty program have been provided free of charge.” Mozilla spokesperson Johnathan Nightingale said: “A lot of people would say, ‘Don’t worry about it. Donate it to the EFF or just send me a T-shi...

If you are a Mac user, and fancy Safari as your default internet browser, you are going to want to pay attention to this one. A bug found in Safari’s AutoFill feature can allow a malicious website to gather personal information from a users address book card — more specifically: first name, last name, work place, city, state, and email address. There is a published proof of concept exploit for the bug that can be found here. We suggest Safari users navigate to: Preferences > Auto-fill, and...