May 30 2014

A new app clone grifter shows App Store’s weakness

The App Store page for a clone of 1Password, a popular security app that stores login information.

A 1Password clone has snuck its way into the App Store with a near-perfect replica of the real deal's logo. The clone version retails for $1.99, $16 less than the price of 1 Password developer Agile Bits' original login-storing app. The clone looks to be of dubious origin, as do a handful of other cloned apps submitted by the same developer.

Apple's walled-garden system for its App Store is meant to prevent the more nefarious forms of activity that can happen in freer markets, like the malware or ad-spam apps found in the Google Play Store. But the method for approving apps for sale has always been a black box, and lately, that box seems particularly hospitable to clones.

Read 4 remaining paragraphs | Comments

May 30 2014

TrueCrypt security audit presses on, despite developers jumping ship

TrueCrypt, the whole-disk encryption tool endorsed by National Security Agency leaker Edward Snowden and used by millions of privacy and security enthusiasts around the world, will receive a second round of safety audits despite being declared unsafe and abruptly abandoned by its anonymous developers two days ago.

Phase II of the security audit was already scheduled to commence when Wednesday's bombshell advisory dropped on the TrueCrypt SourceForge page. After 24 hours to reflect on the unexpected move, an organizer with the Open Crypto Audit Project said he saw no reason to scrub those plans. Online fundraisers to bankroll the project have raised about $70,000, well past the $25,000 organizers had initially aimed for.

"We have conferred and we are firmly going forward on schedule with the audit regardless of yesterday's circumstances," Kenn White, a North Carolina-based computer scientist and audit organizer told Ars Thursday. "We don't want there to remain all sorts of questions or scenarios or what ifs in people's minds. TrueCrypt has been around for 10 years and it's never received a proper formal security analysis. People are going to continue to use it for better or worse, and we feel like we owe the community the proper analysis."

Read 5 remaining paragraphs | Comments

May 30 2014

Bankeiya Malware Targets Users in Japan With or Without Vulnerabilities

Online banking customers in Japan are being targeted by information stealing malware distributed using exploits and files downloaded from a compromised website.

May 30 2014

Bro – Passive Open-Source Network Traffic Analyzer

While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many...

Read the full post at darknet.org.uk