Okay, so we were under the impression that Facebook login credentials were a locally-managed affair, but it looks like almost anything can break when AT&T’s involved — according to CNET, the carrier just fixed “several problems” that had users logging into the wrong Facebook account from their phones. The issue was apparently related to subscriber identification numbers being mistranslated into bad URL session IDs, and AT&T says it’s taken some security measures to prevent it from Read the full story

Popularity: 1% [?]

Did you know that the vast majority of calls carried out on the 3.5 billion GSM connections in the world today are protected by a 21-year old 64-bit encryption algorithm? You should now, given that the A5/1 privacy algorithm, devised in 1988, has been deciphered by German computer engineer Karsten Nohl and published as a torrent for fellow code cracking enthusiasts and less benevolent forces to exploit. Worryingly, Karsten and his crew of merry men obtained the binary codes by simple brute force — they fed enough random strings of numbers in to effectively guess the password. The GSM Association — which has had a 128-bit A5/3 key available since 2007, but found little takeup from operators — has responded by having a Read the full story

Popularity: 1% [?]

Well, at least the iPhone security people aren’t bored these days. A Swiss iPhone developer has published research that indicates that security vulnerabilities affecting the iPhone are not limited to jailbroken iPhones. Developer Nicholas Seriot has created a proof of concept app called SpyPhone as a demonstration of how Apple’s own APIs could be misused to read or edit a user’s address book or gain access to a user’s web surfing history or recent location information.

Read the full story

Popularity: 1% [?]

You may remember that in iPhone 3.0 a bug was discovered which kept email messages on POP accounts from being properly deleted. A demo of the bug can be seen here. At the time it was believed that Apple was aware of the issue and that a fix would likely appear in the 3.1 update.

Read the full story

Popularity: 1% [?]

According to The Mac Security Blog, the iPhone OS 3.1 update released earlier this week adds an anti-phishing feature in Mobile Safari similar to the one in it’s desktop counterpart. The feature, which is not active in the update but still present, should warn users when they are visiting a known malicious website and asks if they want to continue.

Read the full story

Popularity: 1% [?]

AT&T is dropping famed hacker-turned-security-expert Kevin Mitnick as a customer because it can’t seem to stop script kiddies from stealing his data. It’s clearly the easier solution, but is it the right one?UPDATED.

“They can’t seem to secure my account,” Mitnick told The Register. “And then instead of doing something about it, they try to kill the messenger and want to boot me off their network when all I want them to do is to secure my account so no one gets access to my phone records.”

Mitnick said the cellular account has been repeatedly breached over the years, despite a wide range of countermeasures he’s followed to prevent the attacks. In recent years, he’s committed the password to memory and has deliberately not shared it with anyone or kept it stored on a computer. …

Read the full story

Popularity: 1% [?]