Android apps 'leak' personal details | BBC News Technology

Better tools are needed to help developers
secure data, say researchers

Millions of people are using Android apps that can be tricked into revealing personal data, research indicates.

Scientists tested 13,500 Android apps and found almost 8% failed to protect bank account and social media logins.
These apps failed to implement standard scrambling systems, allowing "man-in-the-middle" attacks to reveal data that passes back and forth when devices communicate with websites.

Review | OWASP iGoat Project | mYne-net

Just to review this tools...found for iOS user..heheeh..

iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

The lessons are laid out in the following steps:
1. Brief introduction to the problem.
2. Verify the problem by exploiting it.
3. Brief description of available remediations to the problem.
4. Fix the problem by correcting and rebuilding the iGoat program.

Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don't know how to fix a specific problem.

iGoat is free software, released under the GPLv3 license.

NVIDIA and Android forums hacked, user credentials stolen | Help Net Security

Following the high-profile breach of one of Yahoo's subdomain servers and the resulting leak of over 450,000 passwords stored in clear text in one of the exfiltrated databases, today was marked with the revelation of three more breaches: the official forum site of technology company NVIDIA, Androidforums.com, and Billabong.com.

Android Malware Membuat Pembelian secara terselindung Di China Mobile Market | mYne-net

Seolah-olah terdapat satu trend dimana malware pada platform Android yang mencuri wang dari pengguna entah bagaimana, sama ada melalui SMS atau perkhidmatan premium dimana secara berselindung membeli aplikasi dari pasaran mudah alih.

Security researchers are warning of yet another Android malware outbreak which has spread to nine app stores and infected 100,000 with code designed to covertly purchase apps and content from China Mobile’s Mobile Market.

Mobile security firm TrustGo explained that the MMarketPay.A Trojan could be hidden in a number of legitimate-looking applications, including those from Sina and media streaming company Funinhand, as well as travel and weather apps.

Android keylogger hack might make you shake every time your phone vibrates

ITworld.com
Malware and virus writers have turned some kind of corner.

A pair of University of California security researchers created an Android app called TouchLogger that can match the phone's vibration every time you hit a touchscreen key with the particular key you hit.

With a 70 percent accuracy rate, TouchLogger works as a keylogger that never has to actually record the keystrokes you make on your Android device.It only needs you to give it permission to use the motion sensors, which should make it sound relatively safe.

Security Alert: New DroidKungFu Variant -- AGAIN! -- Found in Alternative Android Markets

By Xuxian Jiang, Assistant Professor, Department of Computer Science, NC State University

It seems smartphone malware authors are diligent and hard-working to protect their own "intellectual property" -- malware by evolving/bringing them to the next level. After discovering the originalDroidKungFu malware in June and its variant in July, our research team, in collaboration with NetQin, recently identified a new wave of DroidKungFu-infected apps this August. The new variant is much more "advanced" than previous versions -- as it is clearly designed to evade the detection from existing mobile anti-virus software. More specifically, this variant is equipped with new protection mechanisms by (1) obfuscating remote C&C server URLs (instead of including them as plaintext in earlier versions); (2) hiding all malware-related native binaries with encryption; and (3) masquerading an embedded app as the official Google Update. These obfuscation mechanisms as well as various differences from earlier versions are a clear sign behind the rapid evoluation of Android malware.

Read More >>

Source & Full Article : http://www.cs.ncsu.edu/faculty/jiang/DroidKungFu3/