11.3 C
Sunday, September 24, 2017

Android Security Flaw Puts Bitcoin Wallets at Risk

The security flaw is just the latest highlight of the weaknesses inherent in the highly fragmented distribution of the Android platform. Bitcoin, the maker of the digital currency, announced that a security vulnerability within Google’s Android operating system has exposed Bitcoin users to theft through several Bitcoin digital wallet applications. The company said updates are being prepared for wallet apps including Bitcoin Wallet, where the update is in beta testing now, BitcoinSpinner, for which an update is being prepared, Mycelium Wallet, for which update v0.6.5 can be installed from Google Play or the Mycelium Website, and an update is also being prepared for blockchain.info. "Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app," a note on the company’s Website said. "Apps where you don't control the private keys at all are not affected.

For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated on your Android phone." The company also advised users to enact a "key rotation" procedure, which involves generating a new address with a repaired random number generator and then sending all the money in the user’s wallet back to the user.

The site also notes that if the user has downloaded Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after the user upgrades, though the old addresses will be marked as insecure in the user’s address book. "If you use an Android wallet then we strongly recommend you to upgrade to the latest version available in the Play Store as soon as one becomes available," the post said. "Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one." Cryptography is one of the keys to Bitcoin’s success, according to the Bitcoin Foundation.

If Bitcoin is to be a viable money for both current users and future adopters, the company needs to maintain, improve and legally protect the integrity of the protocol. Building upon the notion that money is any object, or any sort of record, accepted as payment for goods and services and repayment of debts in a given country or socio-economic context, Bitcoin is designed around the idea of a new form of money that uses cryptography to control its creation and transactions, rather than relying on central authorities. The security flaw is just the latest highlight of the weaknesses inherent in the highly fragmented distribution of the Android platform.

The Android operating system remains a prime target for cyber-criminals, as Android’s user base expands but security remains weak. The number of malicious and high-risk Android apps has grown to 718,000 in the second quarter–a massive increase from the 509,000 high-risk apps found in the previous quarter, according to the report.

These malicious apps are on track to exceed one million by year's end, a recent Trend Micro report projected. ${QSComments.incrementNestedCommentsCounter()} {{if QSComments.checkCommentsDepth()}} {{if _childComments}}

NSA to replace 90 per cent of its system administrators with...

The US National Security Agency (NSA) is attempting to beef up its security by letting go of 90 per cent of its system administrators, automating their roles instead.  The NSA has faced increased scrutiny after former contractor Edward Snowden, who had worked as a system administrator for the NSA, had leaked highly classified and embarrassing data about the NSA's surveillance programmes to the press. As a result, Keith Alexander, director of the NSA, told delegates at a cyber-security conference in New York that replacing staff with technology would improve security, according to Reuters. "What we're in the process of doing - not fast enough - is reducing our system administrators by about 90 per cent," he said. Alexander had previously stated that there are about 1,000 system administrators working for the NSA. Before the agency began its attempts to automate many of its IT processes, Alexander claimed that the NSA had been "putting people in the loop of transferring data, securing networks and doing things that machines are probably better at doing". He added that by using automated technology, NSA's networks would be "more defensible and more secure". The NSA has claimed that its efforts to automate processes began prior to Snowden's leaks, but are now being accelerated. Alexander had previously discussed other measures to beef up security at the agency, including a ‘two man rule' which means that administrators need another person with them to access sensitive information. At the New York conference, Alexander said that new technology, which he said was a "thin virtual cloud structure", would replace employees. "At the end of the day it's all about trust.

And people who have access to data as part of their missions, if they misuse that trust they can cause huge damage," the Huffington Post reported him saying.

Norway hinders Apple 3D Flyover maps over Oslo

Norway's National Security Authority is blocking Apple from constructing 3D aerial maps over Oslo.Norwegian newspaper Aftenposten quoted an official citing national security as the reason for the ban - in case Apple vehicles mapped out confid...

All Android-created Bitcoin wallets vulnerable to theft

Android Java SecureRandom function flaw undermines security of Android wallets.    

London tosses out Wi-Fi-sniffing ‘smart bins’

The rubbish receptacles were all about serving up targeted ads -- a trick that required them to track phone data of passersby. August 12, 2013 7:13 AM PDT Renew London says its smart trashcans collected anonymized and aggregated MAC data from pa...

BYOD Could Help Spur Mobile Security Growth: Gartner

Consumers have a preference for online antivirus products and low spending on mobile security products, the report found. The growing high use of personal mobile devices for work purposes means security provider...

Lavabit CEO quits email entirely

12 Aug 2013 11:50 | by a staff writer | Filed in Security USA The CEO of the encrypted email service Lavabit, which NSA whistleblower Edward Snowden used, has said he's quit using email entirely and that others would consider the same if they knew what he knows.Lavabit shut down the entire service while under pressure from the US administration to compromise its integrity.  A gagging order prevents Levison from disclosing the full nature of the government's inquiry.Speaking with Forbes, Lavabit CEO Ladar Levison said the move was about "protecting all of our users, not just one in particular"."It's not my place to decide whether an investigation is just," Levison added, "but the government has the legal authority to force you to do things you're uncomfortable with.

The fact that I can't talk about this is as big a problem as what they asked me to do." "I'm taking a break from email," he said. "If you knew what I know about email, you might not use it either."Meanwhile, Levison's lawyer, Jesse Binnall, said it's "ridiculous" he has to be so careful when speaking about the government inquiry. "In America, we're not supposted to have to worry about watching our words like this when we're talking to the press," Binnall said, speaking with Forbes.Although Levison is appealing the government request, he said there is not much point restoring the service unless the case sets a precedent, and that it is made clear the "government can't do what they're trying to do".

The Pirate Bay bypasses censorship with its own browser

P2P outfit the Pirate Bay stuck two fingers up at big content yet again by releasing a 'Pirate Browser' which it claims would allows users to access the Pirate Bay and other blocked websites. Fully functional, the browser works with Windows and does not have any adware or toolbars bundled with it. Writing on its blog, TPB said that it's a simple one-click browser that circumvents censorship and blockades and makes the site instantly available and accessible. There's no bundled adware, toolbars or other bloat, just a pre-configured Firefox browser. The browser is basically a bundled package consisting of the Tor client and Firefox Portable browser.

The package also includes some tools meant for evading censorship in countries like the UK, Finland, Denmark, and Iran. Until now TPB has been recommending the use of proxy sites to browse the website from countries where it has been blocked. But it thinks its browser can effectively bypass any blockade enforced by ISPs. The Pirate Bay says: "This browser is just to circumvent censorship, to remove limits on accessing sites governments don't want you to know about". The Pirate Browser would allow users to browse websites like KickassTorrents, Fenopy and H33T which have been blocked by many countries including the UK. IsoHunt may also be accessed from Italy which was blocked earlier this month. 

Londoners stalked by data harvesting recycle bins

The unique identifying numbers of over half a million smartphones have been recorded by a network of recycling bins in central London. The data, which included the "movement, type, direction, and speed of unique devices", was recorded from smartphones that had their wi-fi on. Although the Big Brother-esque rubbish bins are not harvesting data for an invasive totalitarian government, they are harvesting data.

They're a proof-of-concept project, named Presence Orb, demonstrating the possibility for targeted personal advertising. Targeted advertising is frequently sold to the public as a way to narrow down ads to fit personal user profiles - so you only see relevant information. But this can require knowing a fair amount about an individual, and could in fact reduce personal choice if you are bombarded with adverts that market research and some algorithm has decided are best fitted to you. The idea is to bring cookie profiling into the real world, QZ reports. Renew, the start-up behind the project, said the system provides an unparalleled insight into the past behaviour of users such as entry and exit points, "dwell" times, places of work, places of interest, and affinity to other devices. It should provide a compelling reach data base for predictive analytics such as likely places to eat, drink, and personal habits. Presence Orb is described as "a cookie for the real world". In one of the most surveilled countries in Europe it is perhaps unsurprising such a project launched in Britain's capital. In tests running between 21-24 May and 2-9 June, over four million events were captured, with over 530,000 unique devices captured. Renew operates roughly 100 recycling bins around London, primarily in the City of London, which double up as digital advertising boards. Twelve of those bins were fitted with tracking devices. If you don't want to be involved in the project, which many people are unlikely to know about, you can opt out by visiting the Presence Orb website which has instructions on how to prevent your phone's MAC address being picked up by the technology.  Nick Pickles, director of privacy campaign group Big Brother Watch, said: "This is shameless snooping for profit with absolutely no interest in respecting peoples' privacy. "It is wholly wrong for companies we have absolutely no relationship with to turn our mobile phones into tracking devices without our permission or knowledge.

If the Government did this there would rightly be uproar. "I expect the Information Commissioner's Office to investigate this scheme urgently to address what is clearly a serious infringement on our privacy." 

Sky web filter blocks news sites

ISPs have been caught out censoring news sites mentioning torrents as part of the bold new filtering system blessed by the British Prime Minster David "tough on m**tur****on" Cameron. Although not quite Cameron's anti-p**n, anti-witchcraft, anti-anything-my-nanny-would-not-like filter, it is pretty close. Following a High Court ruling last month, six UK ISPs are required to block subscriber access to the popular TV-torrent site EZTV.it. But for some reason Sky subscribers noticed that the blocklist had been quietly expanded with a new site that's certainly not covered by any court order - TorrentFreak.com. It has been unblocked, briefly, before it was blocked again. TorrentFreak said that the problem lies with Sky's filtering software that is supposed to enforce the court-ordered torrent site blockades. The owner of EZTV informed TorrentFreak that he used Geo DNS to point UK visitors to TorrentFreak's IP address.

The moment that happened the website had become inaccessible to Sky users. EZTV then pointed the public to some of Facebook's IP addresses.

The idea was to add Facebook to the piracy blocklist, but nothing happened, perhaps because the DNS pointed to a wide range of IP addresses. What this means is that Sky's filtering system blocks IP addresses EZTV adds to its DNS. Ironically the people the courts rule as pirates can block any site they like to Sky subscribers just by pointing their sites to others. The others are then caught in the ISP's filters. EZTV's owner told TorrentFreak that he just wanted to see how the various blocking procedures work at UK ISPs.

He never imagined that simply adding a few IP addresses to EZTV's DNS zone would take out TorrentFreak. 

Android-based Bitcoin digital wallets vulnerable to theft

Weakness in a component that generates random numbers leaves Android-based digital wallets susceptible, Bitcoin developers warn. August 11, 2013 1:42 PM PDT (Credit: CNET) A critical weakness in Android leaves digital wallets on the mobile platf...

Lawmakers tasked with overseeing NSA surveillance programs feel “inadequate”

"Was [surveillance] approved by a fully knowing Congress? That is not the case."