Domain: lookout.com
Stories and comments across the archive that link to lookout.com.
Comments · 7
-
Technical analysis
-
Re: Serious to get into developer path
Frankly, I think there is a Vas Deferens between THIS [techcrunch.com] and THIS [pcworld.com].
There is also a vast difference between the availability of tools to properly scan for and detect malware on Android and tools to do the same on iOS; without filesystem access, they simply do not and can not exist on iOS. That might explain it, dontcha think?
Oh, and BTW, XCodeGhost DOESN'T seem to affect the U.S. App Store, only China.
That's not entirely correct. About 90% of affected apps are chinese-only, but there are a number of affected apps in the US and global app stores. Further, while Lookout and other solutions can actually scan apps for malicious content on Android, due to sandboxing and lack of filesystem access, these solutions can only scan for app names and versions known to be infected on iOS; and that capability has even been removed from iOS 9. Interesting, no?
The Vas Deferens thing is a puerile joke I have used since I was a teenager, sorry.
I couldn't find any references to infected Apps in the U.S. Store, hence the comment.
Apple is in the best position to scan Apps on their own servers, anyway; so who cares about what anyone else can do? Lack of direct access to the Filesystem in iOS has significantly decreased the attack surface for malware, and has no doubt made the platform safer for everyone. It's a PHONE, get over it!
and WHY does EVERYTHING with Apple HAVE to be some big, dark CONSPIRACY? -
Re: Serious to get into developer path
Frankly, I think there is a Vas Deferens between THIS [techcrunch.com] and THIS [pcworld.com].
There is also a vast difference between the availability of tools to properly scan for and detect malware on Android and tools to do the same on iOS; without filesystem access, they simply do not and can not exist on iOS. That might explain it, dontcha think?
Oh, and BTW, XCodeGhost DOESN'T seem to affect the U.S. App Store, only China.
That's not entirely correct. About 90% of affected apps are chinese-only, but there are a number of affected apps in the US and global app stores. Further, while Lookout and other solutions can actually scan apps for malicious content on Android, due to sandboxing and lack of filesystem access, these solutions can only scan for app names and versions known to be infected on iOS; and that capability has even been removed from iOS 9. Interesting, no?
-
Re:I ran it
I ran it too and what the app told me wasn't immediately useful. When I checked on Google Play, others had said the same. So I installed Lookout Security's Stagefright detector and it not only told me my devices were vulnerable, it also linked to helpful instructions to change my settings and avoid the problem.
You can install it from here: https://play.google.com/store/...
Lookout's blog page has details about the app and how to make sure your messaging apps are safe from the exploit: https://blog.lookout.com/blog/...
If you use a third-party messaging app you will have to follow the general instructions given on the blog page to find the settings specific to your particular app. I should point out that Textra has already fixed the problem from their end. Here's what the app showed me: http://i.imgur.com/36G7o0t.png
I don't know if it's possible for someone to remotely install the Stagelight vulnerability on your device and then use the device to send exploited messages to everyone on your Contacts list, but if I thought of that then you can bet someone else will. -
Re:Good luck with that.
Really? You're comparing someone stealing your credit card number to this?
No solution is completely secure because humans have to interact with it. The best solution balances the needs of security while promoting ease of use. Credit cards are easy to use but wildly insecure. Applepay is easier to use and MORE secure. Even if we had Chip+Pin active last year, it would not have stopped the (Target, Home Depot, Neiman Marcus, etc.) breaches. The POS terminals were hacked, so the PIN data was sent to the bad guys along with the credit card data.
Since the only thing the POS terminal gets from Applepay is a one-time use token, the hacks would have been ineffective had Applepay been in use. -
Re:lookout who?
Hello,
From what I recall, Lookout Mobile Security was founded in San Francisco in 2008. They started as an iOS shop, but moved over to Android, and their security product is probably one of the most used on that platform. I do not recall having any contact with employees, but they publish some decent research on their blog at https://blog.lookout.com/.
Regards,
Aryeh Goretsky
-
Re:i would sue
Wait, cell towers have nothing to do with GPS, other than supplying almanac data. This Almanac data helps the phone locate the satellites faster.
The only time the address of the cell tower would come into play is if the owner or the thief shut off the GPS.
End users can't get the location of their cell phone without installing some software ahead of time, Such as Lookout or Find My IPhone.
Further, If the owner turns their GPS off, or the thief turns it off, those apps would only be able to report a rough triangulation of the last known position IF ANYTHING at all.
Neither Sprint nor Clark County can be responsible here, the company making the App is at fault if it is reporting a location that was based ONLY on the last tower it saw, without making this clear to the owner checking the web for their phone's location.