Samsung phones are spontaneously texting users’ photos to random contacts without their permission Bad news for Samsung phone owners: some devices are randomly sending your camera roll photos to your contacts without permission. As first spotted by Gizmodo, users are complaining about the issue on Reddit and the company’s official forums. One user says his phone sent all his photos to his girlfriend. The messages are being sent… Read More
An Exploit Left Millions of Steam Users Vulnerable for the Past 10 Years The vulnerability has been present and exploitable in Steam for at least 10 years, according to Tom Court, a security researcher at Contextis, who wrote about the bug on Wednesday. Court said the bug left all 125 million Steam users vulnerable until March of this year, when Valve, the developers of Steam, patched it. In… Read More
A security vulnerability in Git that can lead to arbitrary code execution The Git community has disclosed an industry-wide security vulnerability in Git that can lead to arbitrary code execution when a user operates in a malicious repository. This vulnerability has been assigned CVE 2018-11235 by Mitre, the organization that assigns unique numbers to track security vulnerabilities in software. Git 2.17.1 and Git for Windows 2.17.1 (2)… Read More
Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs Oracle plans to drop support for data serialization/deserialization from the main body of the Java language, according to Mark Reinhold, chief architect of the Java platform group at Oracle. Serialization is the process of taking a data object and converting it into a stream of bytes (binary format), so it can be transported across a… Read More
Woman says Amazon recorded private conversation, sent it out to random contact A Portland family contacted Amazon to investigate after they say a private conversation in their home was recorded by Amazon’s Alexa — the voice-controlled smart speaker — and that the recorded audio was sent to the phone of a random person in Seattle, who was in the family’s contact list. A Portland family contacted Amazon… Read More
Comcast bug made it shockingly easy to steal customers’ Wi-Fi passwords A security hole in a Comcast service-activation website allowed anyone to obtain a customer’s Wi-Fi network name and password by entering the customer’s account number and a partial street address, ZDNet reported yesterday. The problem would have let attackers ‘rename Wi-Fi network names and passwords, temporarily locking users out’ of their home networks, ZDNet wrote.… Read More
RedHat DHCP remote root execution vulnerability A command injection bug in Red Hat’s DHCP client could allow an attacker to run any command on your computer. As root. RedHat Linux, together with its stablemates Fedora and CentOS, just patched a serious security bug. RedHat-based Linux distros include a dhclient script as part of their NetworkManager package – until the latest NetworkManager… Read More
Commonwealth Bank of Australia Tries to Explain Coding Errors Found After 4 Years The coding errors were created in July 2011 when the bank introduced an automated decision tool to process customer overdraft applications, but the problems weren’t discovered until September 2015. During the calculations that decided whether a customer could actually afford an overdraft, one software error in the decision tool’s algorithm failed to count a customer’s… Read More
Single Sign-On authentication – the bug that lets you logon as someone else Duo found that buggy SAML libraries would read the NameID string in various ways, sometimes as user@example.com (treating the comment as a terminator for the data field), and sometimes as user@example.com.test (simply treating the comment as it it were not there at all). Source: sophos… Read More