GOP Senators revise cybersecurity bill
A group of Republican senators on Wednesday introduced a revised version of a previously proposed bill that seeks to enhance cybersecurrity by improving the sharing of information between private industry and government.
The new Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology Act (SECURE IT) is being put forth as a less regulatory alternative to another Senate bill, the Cybersecurity Act, which was introduced earlier this year by Senate Democrats.
The main difference between the two bills is that, unlike the Democratic version, the Republican version does not give any new regulatory authority to the federal government to set cybersecurity standards. The new version of SECURE IT also restricts the purposes for which government can retain and use information about cyberthreats. Read more...
lueful Scans The Apps On Your iPhone, Tells You Which Ones Are Doing Naughty Things With Your Data
Remember address book-gate? Locationgate? I-don’t-know-what-my-apps-are-doing-on-my-phone-gate? (Oh, that last one might not be a real thing.) Regardless, we’re living in age where companies are pushing us to rethink the boundaries between what we consider private, personal information and what should be public. The resulting backlash is an overreaction(-gate) when we discover that some of the data we presumed to be ours alone was actually being stored, accessed and shared by others…in many cases, “others” being mobile app developers.
Well, leave it to a security firm to capitalize on the privacy scare trend. And by capitalize, I mean launch a $4 app that tells you what the apps on your phone are doing. Introducing Bitdefender’s Clueful. Read more...
HTC Android handsets spew private data to ANY app
A data logger pushed out by HTC to Android handsets has opened up a vulnerability allowing any app with internet permissions to access private customer information.
The vulnerability was spotted by Trevor Eckhart, who informed HTC about it and waited five days for a response. Following that he decided to go public and gave Android Police the details along with demonstration code and a video showing how an application that is supposed to see almost nothing can now see almost everything.
So an application that is supposed to be restricted to accessing the internet - a common ability requested by freebie apps to collect advertisements - can also access the user's location and details of all their synchronised accounts, not to mention the list of running tasks, the state of Wi-Fi connections, and system logs.
The data is being collected by a system package called HtcLoggers.apk, installed by HTC onto a range of Android handsets for reasons that aren't clear. That logging package accumulates data all the time, but it also has an accessible interface that other applications can use to request specific information - it even has a "help" command for those who don't know what it is they want to know. Read more...