Exploits Propagated Via Social Media Increase

Orome1 writes "Infection via email, traditionally the most popular vector for spreading malware, has declined in favor of greater use of social media. These include clickjacking attacks using the Facebook 'Like' button, fake Web pages positioned on search engines (BlackHat SEO), and zero-day vulnerability exploits. The rise in popularity of smart phones powered by Google's Android operating system for smart phones has been accompanied by an increase in attacks targeting these devices. A number of different threats have appeared, primarily aimed at racking up phone bills or using the geolocalization function to transmit a user's position to a third party."

Bounce around much?

[Galestar]

The title of TFA is "E-mail infections decline as exploits propagated via social media increase"

yet it likes to bounce around to

"The rise in popularity of smart phones powered by Google's Android operating system for smart phones has been accompanied by an increase in attacks targeting these devices."

Then to

There has also been a great deal of commotion around two serious zero-day flaws in Microsoft OS code, one of which was exploited to attack SCADA systems (specifically in, nuclear power stations).

This article really has nothing to say about the rise of use of social media as a vector, other than mentioning the recent twitter exploits--in the last paragraph. Why did this article make it to the front page again?

Re:Android default permissions

And actually using an Android phone says otherwise. Just install a simple app like "Text Edit" by Paul Mach - easy to find on the market. Before installing, hit the menu softkey, then the security icon that pops up. It will say "No permissions required."

Use it, save a file. Where does the file end up? On your SD card. How did it do that?

Now go to the homescreen, hit menu, applications, manage applications, text edit. Scroll down and what do we see under permissions? "modify/delete SD card contents" and "read phone state and identity". Permissions you were NOT warned about during the install.

This isn't Paul Mach's fault. I just used his app as an example. This is Google's fault and they need to fix Android security!

Duh

[Spad]

People with nefarious goals target massively popular services with shitty security and largely uninformed users. Film at 11.

Re:Android default permissions

Market and Android are one and the same. You can argue all day about how the documentation says this, and the AOSP code doesn't contain that, but at the end of the day, any Android device worth using has the Market app on it. People install apps through the market and have no idea that (#1) apps like "Text Edit" that didn't even ask for SD card permissions might save their documents on the SD card, and (#2) that any app that requests internet access will be able to upload those documents along with your phone number and ESN out to some sleazy server on the internet.

The expected behavior would be that an app that doesn't request SD card writing can't save to the SD card, and that an app that doesn't request permission to read your phone's identity won't know it.

Google has failed us. I love my Android phone, and I hope Google fixes this problem.

Statestheobviousman

[Idiomatick]

"The rise in popularity of smart phones powered by Google's Android operating system for smart phones has been accompanied by an increase in attacks targeting these devices."

In other news, the rise in people having unprotected sex resulted in a rise in pregnancies.

And a rise in the number of boaters has increased the number of boating accidents.

Social Media? Gr8

[ls+-la]

In true slashdot fashion, I haven't RTFA. However, I see a number of people saying the article mentions attacks targeted at social media, android phones, and microsoft. As I don't use any of these, I would like to tell the hackers: Great! Keep up the good work.