Security Alerts & News
by Tymoteusz A. Góral

History
#1963 Dozens of popular iOS apps vulnerable to intercept of TLS-protected data
While developing a tool for evaluating mobile application security, researchers at Sudo Security Group Inc. found out something unexpected. Seventy-six popular applications in Apple's iOS App Store, they discovered, had implemented encrypted communications with their back-end services in such a way that user information could be intercepted by a man-in-the-middle attack. The applications could be fooled by a forged certificate sent back by a proxy, allowing their Transport Layer Security to be unencrypted and examined as it is passed over the Internet.

The discovery was initially the result of bulk analysis done by Sudo's verify.ly, a service that performs bulk static analysis of application binaries from Apple's App Store. Will Strafach, president of Sudo, verified the applications discovered by the system were vulnerable in the lab, using a network proxy configured with its own Secure Socket Layer certificate.
Read more
#1963 Dozens of popular iOS apps vulnerable to intercept of TLS-protected data
#1962 Microsoft hosts the Windows source in a monstrous 300GB Git repository
#1961 InterContinental confirms breach at 12 hotels
#1960 Darknet follows Google's bug bounty lead: But this cash is for flaws that expose shady traders
#1959 Polish banks infected with malware hosted on their own government's site
#1958 Vizio: The spy in your TV
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12