Short Security Round-Up

I meant to pen this post a few days ago, but hopefully better late than never…and it gives me the opportunity to add additional items.  Again, in reverse order…

Not really a security exposure…but at least a legal one.  Imagine using functionality provided by a programming platform, only to get threatened with a lawsuit from a patent troll who says your platform’s license to their technology doesn’t cover you.  If Lodsys is successful, it should give all us programmers (and companies that provide software) cause for concern:

“Lodsys: Apple already licensed, developers must too”

What will be really interesting is if it comes out that Apple knew, when they turned on in-app purchasing, that their developers would be exposed.  I am assuming not, but if so…

UPDATE: Here’s a great legal/philosophical discussion of the Lodsys situation:

“What app developers need to know about Lodsys and the in-app upgrade button patent problem”

As is this:

“Lodsys claims to supply building blocks but actually jeopardizes the entire mobile apps ecosystem”

Next, Dropbox is a great service to share files between all your computers and devices.  InfoWorld shares a scary reality in “Dropbox caught with its finger in the cloud cookie jar”:

Yes, you read that correctly. Dropbox now asserts that it can decrypt and pass your data on to a third party if Dropfox feels it needs to do so, in order to protect its property rights.

InfoWorld’s quote from Dropbox’s new Terms of Service is even more concerning:

We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights.

It’s one thing, caught in a legal morass, to be ordered to share docs, e-mail, etcetera…at least you have control of them as you fight to keep them confidential.  If your company (or any of your employees) puts business files on Dropbox’s servers for convenience…it appears Dropbox will cough them up without second thought.  (As I think about it, I suppose I agree that the “property rights” clause is the most worrisome part of that TOS excerpt.)

Next up is something that shouldn’t surprise anyone…yet another Adobe Flash security-related update…although at least this time it seems to be a proactive one to make “Flash easier to manage and secure”:

“Adobe Boosts Privacy Protections with Flash Player Update” (from Threatpost).

Punch line:  Always update Flash when given the opportunity.

Two left.  First, a bug (now fixed) in Facebook means that other sites might have a token that would allow them to authenticate as you (thus you should heed the advice in the article’s title):

“Symantec: Change your Facebook password now”

Finally…recent Skype news has almost entirely been about Microsoft’s purchase of them for a ton-o-money, but more important (for now) to Skype Mac users is that if you haven’t recently updated your software:

About a month ago I was chatting on skype to a colleague about a payload for one of our clients.  Completely by accident, my payload executed in my colleagues skype client.

(From PureHacking‘s “Skype 0day vulnerabilitiy discovered by Pure Hacking.“)

Skype has plugged the hole…use “Skype|Check for Updates” to get the plug.  (To confirm, it only affects the Mac…not Linux…not Windows.)

(This article has been cross-posted at TixxTech.)

Comments are closed.

Powered by WordPress | Designed by Elegant Themes