Networks

Skype for Android is vulnerable

User data exposed

Richard Chirgwin Fri 15 Apr 2011 // 23:10 UTC

According to a post at Android Police, confirmed by Skype, the Android version of the popular VoIP app exposes extensive user data.

The Android Police report says user IDs, phone numbers, chat logs, and other data is exposed by the vulnerability.

User data is stored unencrypted in sqlite3 databases, and Skype for Android uses improper permissions for these databases. The user ID is stored in a static location, so once it is read, it allows access to these internal databases.

A rogue application is able to access the Skype databases, getting everything from stored user details through to chat logs. Justin Case, who published the vulnerability, has also published a proof-of-concept exploit. ®

Similar topics

Broader topics

Narrower topics

Corrections Send us news

Other stories you might like

DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers

Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

Thomas Claburn in San Francisco Wed 25 May 2022 // 21:50 UTC

DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.
Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains.
Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

Continue reading
Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work

Someone got Zuck'd

Tobias Mann Wed 25 May 2022 // 19:39 UTC

Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.
The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.
Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

Continue reading
Atos pushes out HPC cloud services based on Nimbix tech

Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

Dan Robinson Wed 25 May 2022 // 17:45 UTC

IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.
The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.
In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

Continue reading

In record year for vulnerabilities, Microsoft actually had fewer

Occasional gaping hole and overprivileged users still blight the Beast of Redmond

Richard Speed Wed 25 May 2022 // 16:11 UTC

Despite a record number of publicly disclosed security flaws in 2021, Microsoft managed to improve its stats, according to research from BeyondTrust.
Figures from the National Vulnerability Database (NVD) of the US National Institute of Standards and Technology (NIST) show last year broke all records for security vulnerabilities. By December, according to pentester Redscan, 18,439 were recorded. That's an average of more than 50 flaws a day.
However just 1,212 vulnerabilities were reported in Microsoft products last year, said BeyondTrust, a 5 percent drop on the previous year. In addition, critical vulnerabilities in the software (those with a CVSS score of 9 or more) plunged 47 percent, with the drop in Windows Server specifically down 50 percent. There was bad news for Internet Explorer and Edge vulnerabilities, though: they were up 280 percent on the prior year, with 349 flaws spotted in 2021.

Continue reading
Vehicle owner data exposed in GM credential-stuffing attack

Car maker says miscreants used stolen logins to break into folks' accounts

Jeff Burt Wed 25 May 2022 // 15:41 UTC

Automaker General Motors has confirmed the credential stuffing attack it suffered last month exposed customers' names, personal email addresses, and destination data, as well as usernames and phone numbers for family members tied to customer accounts.

Continue reading
Foxconn factory fiasco could leave Wisconsinites on the hook for $300m

What's Mandarin for 'Where's my money?'

Brandon Vigliarolo Wed 25 May 2022 // 15:11 UTC

For five years, Foxconn promised and spectacularly failed to build a much-hyped sprawling factory near Mount Pleasant, Wisconsin. Now, the area's leaders may be saddled with $300 million in bond repayments that the Taiwanese iPhone maker had promised to repay.
According to the Wall Street Journal, Foxconn agreed to pay $36 million annually across a 20-year term to pay for the surrounding infrastructure supporting the now-abandoned 3,000-acre site. Those payments are scheduled to start next tax year, and local leaders told the newspaper they're counting on Foxconn's cash to maintain the site while they try to attract another occupant.
Finding an occupant hasn't been easy. Intel, which announced a $20 billion investment in two chip factories in Ohio in January, was also considering Wisconsin for the project, with its focus on Racine, the nearest large city to the proposed Foxconn plant.

Continue reading

Original killer PC spreadsheet Lotus 1-2-3 now runs on Linux natively

As Google guru who ported it points out, the operating system did not exist when 1-2-3 came out in 1983

Liam Proven in Prague Wed 25 May 2022 // 14:00 UTC

A long lost native Unix version of the killer PC spreadsheet has not only been rediscovered, but almost unbelievably, it's been updated to create a native Linux version.
Lotus 1-2-3 was arguably the single application which made the IBM PC a success, and was launched nearly 40 years ago, on January 26, 1983. The Reg celebrated its 30th anniversary by firing it up in DOSbox, and we mourned when IBM finally killed it.
It still has admirers today, and one of them is Google bughunter Tavis Ormandy, of Project Zero. Ormandy explains how he ported Lotus 1-2-3 natively to Linux here.

Continue reading
ServiceNow takes aim at procurement pain points

Purchasing teams are a bit like help desks – always being asked to answer dumb or inappropriate questions

Simon Sharwood, APAC Editor Wed 25 May 2022 // 13:15 UTC

ServiceNow's efforts to expand into more industries will soon include a Procurement Service Management product.
This is not a dedicated application – ServiceNow has occasionally flirted with templates for its platform that come very close to being apps. Instead it stays close to the company's core of providing workflows that put the right jobs in the right hands, and make sure they get done. In this case, it will do so by tickling ERP and dedicated procurement applications, using tech ServiceNow acquired along with a company called Gekkobrain in 2021.
The company believes it can play to its strengths with procurements via a single, centralized buying team.

Continue reading
HPE, Cerebras build AI supercomputer for scientific research

Wafer madness hits the LRZ in HPE Superdome supercomputer wrapper

Dan Robinson Wed 25 May 2022 // 12:45 UTC

HPE and Cerebras Systems have built a new AI supercomputer in Munich, Germany, pairing a HPE Superdome Flex with the AI accelerator technology from Cerebras for use by the scientific and engineering community.
The new system, created for the Leibniz Supercomputing Center (LRZ) in Munich, is being deployed to meet the current and expected future compute needs of researchers, including larger deep learning neural network models and the emergence of multi-modal problems that involve multiple data types such as images and speech, according to Laura Schulz, LRZ's head of Strategic Developments and Partnerships.
"We're seeing an increase in large data volumes coming at us that need more and more processing, and models that are taking months to train, we want to be able to speed that up," Schulz said.

Continue reading
We have bigger targets than beating Oracle, say open source DB pioneers

Advocates for MySQL and PostgreSQL see broader future for movement they helped create

Lindsay Clark Wed 25 May 2022 // 11:45 UTC

MySQL pioneer Peter Zaitsev, an early employee of MySQL AB under the original open source database author Michael "Monty" Widenius, once found it easy to identify the enemy.
"In the early days of MySQL AB, we were there to get Oracle's ass. Our CEO Mårten Mickos was always telling us how we were going to get out there and replace all those Oracle database installations," Zaitsev told The Register.
Speaking at Percona Live, the open source database event hosted by the services company Zaitsev founded in 2006 and runs as chief exec, he said that situation had changed since Oracle ended up owning MySQL in 2010. This was as a consequence of its acquisition that year of Sun Microsystems, which had bought MySQL AB just two years earlier.

Continue reading
Beijing needs the ability to 'destroy' Starlink, say Chinese researchers

Paper authors warn Elon Musk's 2,400 machines could be used offensively

Laura Dobberstein Wed 25 May 2022 // 11:01 UTC

An egghead at the Beijing Institute of Tracking and Telecommunications, writing in a peer-reviewed domestic journal, has advocated for Chinese military capability to take out Starlink satellites on the grounds of national security.
According to the South China Morning Post, lead author Ren Yuanzhen and colleagues advocated in Modern Defence Technology not only for China to develop anti-satellite capabilities, but also to have a surveillance system that could monitor and track all satellites in Starlink's constellation.
"A combination of soft and hard kill methods should be adopted to make some Starlink satellites lose their functions and destroy the constellation's operating system," the Chinese boffins reportedly said, estimating that data transmission speeds of stealth fighter jets and US military drones could increase by a factor of 100 through a Musk machine connection.

Continue reading

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Security Scorecard

Biting the hand that feeds IT © 1998–2022

Do not sell my personal information Cookies Privacy Ts&Cs