Take care,


A week in security: RIM faces trouble in India
We round up the top security stories of the week
Phil Muncaster, V3.co.uk 14 Aug 2010

A week in security: RIM faces trouble in India - V3.co.uk

This week was dominated by smartphone security, in particular the continuing struggle RIM is having placating foreign governments over access to the encrypted data of its customers, and new security concerns over the Palm Pre.

First up, the Saudi government apparently decided early in the week that RIM is doing enough to ease its concerns over not being able to monitor encrypted Messenger traffic. The Saudi Press Agency reported that the Communications and Technology Commission “permits the continuation of BlackBerry Messenger services in addition to the continuation of joint work with service providers to fulfil the remaining requirements”.

However, later on there was bad news for RIM as the Indian government issued an ultimatum: make information from BlackBerry Enterprises Services and BlackBerry Messenger “accessible to law enforcement agencies” by 31 August or face a ban.

Elsewhere a team at MWR Infosecurity uncovered a zero-day flaw in the Palm Pre operating system which allows the handset to be used as a bugging device. Alex Fidgen, director of MWR, told V3.co.uk that a specially crafted text message can subvert Palm's webOS completely.

Over at Apple, the firm issued an update to patch the iOS vulnerabilities disclosed earlier this month by iPhone 'jail-break' researchers. The updates block remote code execution flaws in the iOS PDF viewer and IOSurface components which can be exploited through specially crafted web pages.

It was a big week for security admins too, the Microsoft and Adobe issuing hefty patrch updates. Microsoft issued 14 bulletins addressing 34 vulnerabilities in Windows, Office, Internet Explorer and Silverlight.

Eight of the 14 bulletins are labelled 'critical', the highest of Microsoft's security alert levels. If exploited, the vulnerabilities could allow an attacker to remotely execute malicious code on a targeted system. Adobe, meanwhile, patched six 'critical' vulnerabilities in Adobe Flash Player from version downwards, warning that the flaws could allow attackers to take control of a user's system

Facebook was forced to patch a security hole that left users' names and profile pictures available to unrelated users, while M86 Security researchers warned of another Zeus attack targeted at the customers of a specific UK bank, which has compromised over 3,000 accounts and transferred in excess of £600,000 from victims' accounts to its creators.

Finally, The latest security tests from Virus Bulletin have identified 19 of the 54 security suites examined as inadequate for VB100 status. The products were tested on Windows Vista Business Edition SP2 using a variety of malware and security simulations, and the testers noted a marked inability of some software to cope with heavy attacks.