«
Expand/Collapse
38 items tagged "app"
Related tags:
android [+],
vulnerability [+],
iphone [+],
google [+],
hacks [+],
code execution [+],
apple [+],
engine [+],
store [+],
stack overflow [+],
security management [+],
privacy [+],
parameter [+],
nicolas seriot [+],
mobile application [+],
malware [+],
logs [+],
library management system [+],
kevin mahaffey [+],
john hering [+],
ipad [+],
ios [+],
hering [+],
bugtraq [+],
black hat [+],
attack [+],
apple ios [+],
amlibweb [+],
amlib [+],
wordpress [+],
win 7 [+],
win [+],
whispercore [+],
weight [+],
web apps [+],
web [+],
video [+],
tracks [+],
terror [+],
target machine [+],
tagged [+],
surrey [+],
stiegg [+],
steve jobs [+],
smartphone [+],
skysa [+],
skipfish [+],
security scanner [+],
security compromise [+],
secret [+],
scale [+],
safer use [+],
rolf dieter klein [+],
rolf dieter [+],
question [+],
privacy risk [+],
phpgroupware [+],
phones [+],
phone [+],
patchy [+],
new [+],
native apps [+],
native app [+],
monome [+],
mobile [+],
millennium series [+],
mike nathan [+],
mike [+],
max msp [+],
max [+],
marketplace [+],
mail [+],
magcloud [+],
lying [+],
lyi [+],
hackers [+],
hack [+],
grindr [+],
geiger counter [+],
forum search [+],
facebook [+],
enging [+],
encrypts [+],
electronic reference [+],
electrodroid [+],
dock [+],
disappear [+],
digital model [+],
development security [+],
development [+],
deputize [+],
dating [+],
cross site scripting [+],
cops [+],
compromise [+],
code fragments [+],
code [+],
casainho [+],
carrier [+],
camera [+],
busted [+],
body scanners [+],
bathroom scale [+],
audio [+],
apps [+],
app development [+],
androidome [+],
amazon [+],
adsdroid [+],
access to data [+],
Support [+],
Pentesting [+],
General [+],
BackTrack [+]
-
-
4:01
»
Hack a Day
A few months ago when I reviewed the Android electronic reference app ElectroDroid, I made the offhand remark that a front end app for alldatasheet.com would be a killer mobile electronic reference app. [András Veres-Szentkirályi] accepted my challenge and built ADSdroid, the unofficial Android app for alldatasheet.com. You can check out my complete review after the break. [...]
-
-
11:45
»
Hack a Day
[Casainho] wanted to track his body weight using an app on his Android phone. He just needed a way to get the weight readings onto the device automatically. He ended up adding Bluetooth to a bathroom scale and hacking the app to grab data from it. The scale which he hacked is a digital model, [...]
-
-
13:01
»
Hack a Day
Earlier this week, fellow Hack a Day-er [Mike Nathan] reviewed Adafruit’s new iPhone/iPad app Circuit Playground. The comments on [Mike]‘s review turned to suggesting ElectroDroid as an alternative to Circuit Playground. Surprisingly, Hack a Day authors actually pay attention to the comments, so I’ve decided to throw my hat into the ring and offer up my review of [...]
-
-
14:25
»
Hack a Day
Next time you’re waiting in the security line in an airport, why don’t you pull out your smartphone and count all the radiation being emitted by those body scanners and x-rays? There’s an app for that, courtesy of Mr. [Rolf-Dieter Klein]. The app works by blocking all the light coming into a phone’s camera sensor with [...]
-
-
7:19
»
Wirevolution
Today Rethink Wireless reported that Facebook is moving towards HTML 5 in preference to native apps on phones.
When the iPhone in arrived 2007, this was Steve Jobs’ preferred way to do third party applications:
We have been trying to come up with a solution to expand the capabilities of the iPhone so developers can write great apps for it, but keep the iPhone secure. And we’ve come up with a very. Sweet. Solution. Let me tell you about it. An innovative new way to create applications for mobile devices… it’s all based on the fact that we have the full Safari engine in the iPhone. And so you can write amazing Web 2.0 and AJAX apps that look and behave exactly like apps on the iPhone, and these apps can integrate perfectly with iPhone services. They can make a call, check email, look up a location on Gmaps… don’t worry about distribution, just put ‘em on an internet server. They’re easy to update, just update it on your server. They’re secure, and they run securely sandboxed on the iPhone. And guess what, there’s no SDK you need! You’ve got everything you need if you can write modern web apps…
But the platform and the developer community weren’t ready for it, so Apple was quickly forced to come up with an SDK for native apps, and the app store was born.
So it seems that Apple was four years early on its iPhone developer solution, and that in bowing to public pressure in 2007 to deliver an SDK, it made a ton of money that it otherwise wouldn’t have:
A web service which mirrors or enhances the experience of a downloaded app significantly weakens the control that a platform company like Apple has over its user base. This has already been seen in examples like the Financial Times newspaper’s HTML5 app, which has already outsold its former iOS native app, with no revenue cut going to Apple.
-
-
10:01
»
SecDocs
Authors:
Nicolas Seriot Tags:
malware iPhone rootkit Event:
Hashdays 2010 Abstract: Apple's AppStore moves the burden of security management from the user to the vendor. Apple semi-automatically verifies each of the 200.000 applications and their updates. Moreover, when an application is downloaded on the iPhone, a sandboxing mechanism is supposed to prevent it from reading other applications' data. We showed at Black Hat DC 2010 that such a schema did not prevent malware from reaching the App Store and harvesting personal data. This talk will discuss the current state of iOS 4 privacy and show to what extent iOS 4 fixes the issues raised earlier this year. We will also present some findings about another possible frauds happening inside the App Store eco-system such as "App Farms", which basically consists in artificially boosting applications ratings with stolen accounts.
-
10:01
»
SecDocs
Authors:
Nicolas Seriot Tags:
malware iPhone rootkit Event:
Hashdays 2010 Abstract: Apple's AppStore moves the burden of security management from the user to the vendor. Apple semi-automatically verifies each of the 200.000 applications and their updates. Moreover, when an application is downloaded on the iPhone, a sandboxing mechanism is supposed to prevent it from reading other applications' data. We showed at Black Hat DC 2010 that such a schema did not prevent malware from reaching the App Store and harvesting personal data. This talk will discuss the current state of iOS 4 privacy and show to what extent iOS 4 fixes the issues raised earlier this year. We will also present some findings about another possible frauds happening inside the App Store eco-system such as "App Farms", which basically consists in artificially boosting applications ratings with stolen accounts.
-
-
13:04
»
SecuriTeam
A vulnerability related to unauthorized access to data was discovered in HP MagCloud iPad App.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
9:47
»
Hack a Day
[Ewan Hemingway] tipped us off about his new Android app, Androidome. This is the first one he’s turned out after going through our Android development tutorials. It combines an app running on his Android 2.1 device with a computer running Max/MSP 5. The two don’t needed to be tethered, they just need to be on [...]
-
-
16:01
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack overflow in Amlib's Amlibweb Library Management System (NetOpacs). The webquery.dll API is available through IIS requests. By specifying an overly long string to the 'app' parameter, SeH can be reliably overwritten allowing for arbitrary remote code execution. In addition, it is possible to overwrite EIP by specifying an arbitrary parameter name with an '=' terminator.
-
16:01
»
Packet Storm Security Exploits
This Metasploit module exploits a stack overflow in Amlib's Amlibweb Library Management System (NetOpacs). The webquery.dll API is available through IIS requests. By specifying an overly long string to the 'app' parameter, SeH can be reliably overwritten allowing for arbitrary remote code execution. In addition, it is possible to overwrite EIP by specifying an arbitrary parameter name with an '=' terminator.
-
-
10:01
»
remote-exploit & backtrack
In the millennium series by stiegg larsson, a talented pc user named WASP designs and implements an app named asphyxia. The interesting part is how the app is constructed on the remote machine by the concatenation of individual payloads. Is this possible in reality? All my knowledge in pentesting is rather limited to standard approaches. Installing a vulnerability is based on the delivery of an intact piece of code that can execute or a single event.
The concept of piecemeal delivery of code that is assembled remotely on the target machine seems to be a devilishly difficult exploit to guard against. How would an antivirus or malware scanning app know about code fragments?
Getting back to the point though-does anyone have insight into this idea?
-
-
18:14
»
remote-exploit & backtrack
I know it's a purely cosmetic question, but has anyone found a desktop app dock that works well with BT4 Final? Can't seem to find any on google or forum search that work with KDE3 debian
If this is the wrong section, i apologize, please move.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant