With everything being done over the Internet today, security vulnerabilities are something to look out for. Here is the latest you need to know:
Virgin Mobile USA Vulnerability
A security hole has been found in Virgin Mobile’s account login protocol.
Virgin Mobile USA users manage their account by logging in through an online portal which requires a mobile number and six digit PIN. Once logged in, customers can manage their account, access call detail records, update their personal information, and even change the device associated with the number.
Virgin Mobile USA’s “Manage My Account” portal was down Wednesday, September 19th while the company tried to fix their security hole.
If you have an account with them, we recommend you change your password immediately.
New Java Vulnerability
A new Java vulnerability was found recently that could provide a hacker with complete control of any compromised computer or server. It has been confirmed that Java SE 5 – Update 22, Java SE 6 – Update 35, and Java SE 7 – Update 7 are susceptible to the attack. This failure allows malicious attackers to gain complete control of their victim’s computer through a rigged website. The web browsers affected are Safari 5.1.7, Opera 12.02, Chrome 21.0.1180.89, Firefox 15.0.1, and Internet Explorer 9.0.8112.16421.
Samsung Galaxy S3 Can Be Hacked
Samsung Galaxy S3 can be hacked via NFC (Near Field Communication). The exploit was developed by four MWR Labs employees for a Samsung Galaxy 3 phone running Android 4.0.4 (Ice Cream Sandwich).
The NFC is a technology that allows data to be sent over very short distances, and allows digital wallet applications to transfer money to pay at a register. Two separate security holes were leveraged to completely take over the device and download all data from it.
The first, a memory corruption flaw, allowed two Galaxy S3s next to each to upload malicious files onto the device. This in turn allowed the team to gain code execution.
The malware then exploited a second venerability to gain full control over the device using privilege escalation. This allowed the attackers to install their customized version of Mercury, and ex-filtrate user data on the device (such as contacts, e-mails, text messages, and pictures) to a remote listener.