Currently Mailbox is only available for iOS and only works with Gmail, but it works to achieve “Zero Inbox.”
Until Mailbox developers are able to patch this substantial exploit, Roboscan recommends iOS users default to the native Mail app or to Gmail’s iOS app.
Yesterday, Microsoft released a preventative fix for Internet Explorer. Hackers discovered a zero day exploit. Without releasing further information on the newly discovered vulnerability, Microsoft has urged its users to install the aptly dubbed “Fix It” as soon as possible, or stop using Internet Explorer entirely until they are able to release a browser update.
Hackers are likely working on reverse-engineering the Fix It, so it’s only a temporary solution to the exploit.
After numerous attempts at contacting Facebook’s support team, IT expert Khalil Shreateh used a bug he’d discovered to post a very public message on Facebook founder Mark Zuckerberg’s Timeline. The message has since been removed, but the vulnerability allows users to post to anyone’s wall, regardless if they are not friends.
Shreateh, as noted in his blog post about the bug, tested it and submitted the bug to Facebook’s Whitehat disclosure service – one that awards users who discover security vulnerabilities $500+ per successful bug discovery. A Facebook engineer replied to Shreateh’s submission by saying “This is not a bug.”
In response to the engineer’s immediate dismissal, Shreateh used the vulnerability to post to Mark Zuckerberg’s wall with details of the bug. Within minutes, Shreateh’s account was temporarily disabled. Facebook had to acknowledge his discovery, but refused to pay for his discovery on the premise that the methods he used to unveil it violated Facebook’s Terms of Service.
Bounty programs have become standard in the tech community. Rewards can often be quite substantial. Microsoft recently launched a program that offers up to $150,000 for newly discovered vulnerabilities.
Are you a Google Chrome user? You may want to clear your saved data and passwords after hearing about the latest bug effecting Chrome users.
Though Google plans to release a patch soon, users should take a few steps to prevent any one with access to their computers from revealing their saved account passwords.
There are currently two ways to access stored account information. Importing your bookmarks from one browser to another transfers account information. On Macs, users are unable to deselect the field to disable password import. This does not effect PC users, as they have the option to disable it.
From there, you can view all of your passwords – from both browsers – by typing “chrome://settings/passwords” into the address bar. This pulls up a list of saved passwords that are hidden by default. Selecting “show” allows you to view the passwords without any verification that these accounts belong to the owner.
Go to Chrome setting to manually deleted stored passwords
Until the patch is released, Roboscan recommends Chrome users head to their Settings page and scroll down to “Manage Saved Passwords,” or type in “chrome://settings/passwords” to the address bar, to manually delete stored passwords.
It’s a good rule of thumb to never save passwords to a browser if someone else has access to your computer. If you share a PC with anyone, be sure to utilize the separate user feature and log out after each use. I have a password lock that appears after my computer has gone to sleep. Users can also use the two-factor authentication process that many sites have begun to utilize.
Users of the popular messaging app Viber were struck with a disturbing notification last week. The Syrian Electronic Army claimed responsibility for hacking into Viber’s database and website. The hackers posted a warning on their Twitter last week, recommending that Viber users delete the app from their phones.
Viber is used by over 200 million users worldwide. The website displayed a taunting message from the Syrian hackers: “Dear All Viber Users, the Israeli-based Viper is spying and tracking you.” The message has since been removed from the website.
The company denies that the hackers accessed any sensitive user information but acknowledges their website was breached due to a phishing attack on one of their employees. The Syrian Electronic Army gained access to basic user information, including the user’s country and location, their device’s make and model, and an internal ID used by the company.
In 2013 alone, the Syrian Electronic Army has taken responsibility for numerous public hacks, including hacking the Twitter profiles of the Associated Press, CBS, BBC, NPR and more. Viber promises it is working toward making sure any future attacks will be thwarted.
According to a blog post on Tumblr’s staff blog, a significant vulnerability put many users login information at risk or exposed. Tumblr has over 300 million monthly unique visitors.
The accounts at risk have used the iPad or iOS application and Tumblr is urging users to download the security update. The popular micro-blogging site is also asking users to update their password immediately, as well as any other accounts of theirs using the same password.
Tumblr offers a brief apology to its users saying, “Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience.”
Visit the App Store on your iOS device to update your Tumblr app immediately, and visit the desktop site to change your password.
If Android phones all ran the most recent operating system, most threats would be automatically blocked. According to Juniper Network’s Mobile Threat Center, only 4 percent of devices are running Android 4.2 – which was released six months ago.
In a report released this week by Juniper Networks, the number of malicious mobile threats has grown by 614 percent over the last year, compared to only 155 percent in 2011. Almost all mobile malware targets Androids, primarily because cyber criminals want to maximize their ROI. 67.7 percent of smartphones shipped in 2012 were Androids and 92 percent of malware threats targeted the Android OS.
According to Juniper’s MTC, 73 percent of malware exploits the mobile payment process by sending fraudulent premium SMS messages. If Android phones were updated with the latest operating system, 77 percent of these threats would likely be automatically blocked.
Jelly Bean 4.2 is available for many Android smartphones, but is not compatible with all Android devices. Visit Android’s website for more information on 4.2.
Beginning June 26th, Microsoft will launch two rewards programs, aimed toward increasing PC security in machines running Windows 8. The tech giant is offering rewards as high as $150,000 to hackers who can locate and resolve any vulnerabilities.
Hackers as young as 14 years old are eligible to enter. Windows is the predominant operating system throughout the world, and security measures already in place will prove to be difficult to break through for hackers looking for security vulnerabilities.
A rewards system this substantial is sure to attract the world’s top hacking talent. Microsoft is offering $100,000 to anyone who can identify major flaws, and an addition $50,000 for a working solution. Additionally, they are offering $11,000 rewards to anyone who finds a major vulnerability in the beta version of Internet Explorer 11.
First and foremost, you should be sure your PC is protected by an up-to-date antivirus. If you don’t have one, or are interested in trying a new software, visit our website and review our products. Roboscan Internet Security updates itself multiple times a day and does so silently – no annoying prompts, no extra work for you! You can even check out this nifty chart and see how Roboscan compares to popular antivirus software.
If you have an antivirus installed, you’ve taken the biggest precaution in keeping your PC protected from malware. Follow the tips below for extra protection.
Change your passwords periodically. Try to use letters, numbers and symbols. The more complex your password is, the less likely someone will gain access to your accounts. It’s generally a good idea not to use the same password for some accounts. For example, your online banking password should not be the same as your Facebook password.
Update your Wi-Fi password and network name. If your network at home isn’t protected, that’s absolutely essential. Contact your internet provider, or review your router’s manual for instructions on how to secure your network. Your Wi-Fi password should be updated periodically as well. A good general rule of thumb is to change your passwords with each change of season, or four times a year.
Lockdown your social media profiles. Consider going private on Twitter, reviewing your privacy settings on Facebook and deleting old social media profiles you no longer use. Awhile ago, I did a Google search on my full name and found a Friendster account from 10 years ago. Horrifying.
Don’t reveal too much of your personal information online. Have you ever had to reset a password and answer security questions to do so? Your date of birth, your mother’s maiden name, etc. can easily slip out online, and if your profiles are public, predators can piece together information about you pretty easily.
If you’re using shared computers or public networks on your devices, be very careful. Public wi-fi networks are especially dangerous, as we often won’t think twice about checking our account balances online, paying your electricity bill, or writing emails with sensitive content. If you’re shopping online, be sure the site is using a secure channel to process your billing information. Check the address bar. If the URL begins with “https,” you are good to go.
Above all, always be aware that most what you put on the Internet can be accessed by anyone, at any time. Be on defense and stay proactive.