Exploits Propagated Via Social Media Increase 28
Orome1 writes "Infection via email, traditionally the most popular vector for spreading malware, has declined in favor of greater use of social media. These include clickjacking attacks using the Facebook 'Like' button, fake Web pages positioned on search engines (BlackHat SEO), and zero-day vulnerability exploits. The rise in popularity of smart phones powered by Google's Android operating system for smart phones has been accompanied by an increase in attacks targeting these devices. A number of different threats have appeared, primarily aimed at racking up phone bills or using the geolocalization function to transmit a user's position to a third party."
Google Android Exploits (Score:3, Interesting)
And here I am with an android phone that's running 1.5 because the vendor refuses to release any more updates for this 1-year old model of phone.
Oh, wait, that's right, I already rooted and upgraded to 2.2. Nevermind.
Bounce around much? (Score:5, Interesting)
yet it likes to bounce around to
"The rise in popularity of smart phones powered by Google's Android operating system for smart phones has been accompanied by an increase in attacks targeting these devices."
Then to
There has also been a great deal of commotion around two serious zero-day flaws in Microsoft OS code, one of which was exploited to attack SCADA systems (specifically in, nuclear power stations).
This article really has nothing to say about the rise of use of social media as a vector, other than mentioning the recent twitter exploits--in the last paragraph. Why did this article make it to the front page again?
Re:Android default permissions (Score:2, Interesting)
Yet, the application must have requested WRITE_EXTERNAL_STORAGE [android.com] in its Manifest.xml. If Market didn't tell you about it, that's a Market issue.
All applications can READ from the external storage, which is considered public. Private data, OTOH, is required to be stored on the internal storage. This is secifically mentioned in the Developer Guide. If an app is storing private data on the external storage, then you need to tell the author that he or she is stupid. You can, of course, always remove files from the public storage by connecting mounting the SD card on a PC.
Re:Android default permissions (Score:3, Interesting)
Market and Android are one and the same. You can argue all day about how the documentation says this, and the AOSP code doesn't contain that, but at the end of the day, any Android device worth using has the Market app on it. People install apps through the market and have no idea that (#1) apps like "Text Edit" that didn't even ask for SD card permissions might save their documents on the SD card, and (#2) that any app that requests internet access will be able to upload those documents along with your phone number and ESN out to some sleazy server on the internet.
The expected behavior would be that an app that doesn't request SD card writing can't save to the SD card, and that an app that doesn't request permission to read your phone's identity won't know it.
Google has failed us. I love my Android phone, and I hope Google fixes this problem.