Researcher Jon Oberheide explains on his blog how users can be tricked into installing apps on their Android phones — through an XSS vulnerability! This tops of the last weeks fuzz about Android security.
On Saturday, the Google mobile team blogged about how they would deal with the malware spread through their Android Market — the same day they confirmed that there were 58 different malicious apps that had been downloaded onto around 260,000 Android devices.
At the beginning of February I blogged about the dangers rising from the Android market's web driven installation routine. Oberheide now showed one scalable way to take advantage of the market store. Others remain.
Disclaimer
Mar 7, 2011
Subscribe to:
Post Comments (Atom)
Read other popular posts
-
I just found out that Terminal services manager does not exist in Windows 7. But fear not, the Remote Desktop Services Manager will do the ... -
The release of Firesheep a week ago brought a lot of attention to a problem that has been known for many, many years: cookies sent over both...
-
Security headers in an HTTP response There are many things to consider when securing a web application but a definite "quick win&qu... -
Yesterday I was playing around with the validateIntegratedModeConfiguration="true" setting on IIS 7.5. To my surprise I got an ... -
If you work in an environment where several people fiddle around on the same servers, every once in a while you'll get the message "... -
Well, when I have trouble reaching particular websites I often check whether Google works — to verify that my Internet connection is working... -
If one of your ASP.NET applications need to access to a certificate from the certificate store along with its private key, you'll probab...
-
I'm baffled. IIS 7.5 does not log to files by default, you have to enable the feature manually. In the settings it's called "HT... -
Today I had to add a new HttpModule to A LOT of web.configs. Adding it manually would be too tedious, so I had to figure out how to search f... -
A couple of weeks ago I was remotely involved in a discussion on password hashing in .NET with @thorsheim , @skradel , and @troyhunt . (Foll...
No comments:
Post a Comment