News

Bernard Wagner, a researcher at MWR Labs, has reported flaws in the Fire phone that could allows apps to install certificates without interaction with users. The CertInstaller tool facilitates the installation of certificates in apps. But the flaws discovered by Wagner mean that apps which don't use certificate pinning are vulnerable to traffic interception. This in turn could lead to man-in-the-middle attacks. This kind of attack is used by attackers to secretly relay and possibly...

Chromium, the open-sourced version of Google Chrome, has been found to be home to an extension containing a binary file which turns on users' microphones and listening in on conversations - without asking for permission. Chromium is where developers at Google test new extensions before adding them to their standard Chrome browser, which is the favourite of 37% of web users. The latest version of Chromium (version 43) on Debian has been silently installing this...

Independent IT security testing authority AV-Test.org has chosen nine fitness trackers and given them the once over, checking how secure they are. An odd thing to be checking one might think, but recent studies have shown vulnerabilities in a lot of the products on the market, with many open to penetration without the owner even knowing. Weaknesses in the authentication process have been a growing concern in the market as the products become more sophisticated...