WordPress posted an alert today that some plugins had been modified with suspicious backdoors – check this article if you use either AddThis, WPtouch, or W3 Total Cache
Hiding Apache2 header info
Add these to your /etc/apache2/apache2.conf then restart Apache:
LoadModule headers_module /path_to/mod_headers.so Header unset Server ServerSignature Off ServerTokens ProductOnly Header unset X-Powered-By
Location data tracked by iOS and Android devices
Security researchers discovered this week that iOS devices continuously track users physical location and store this data on the device. The data is also sync’d with your desktop if you use iTunes. What’s interesting is apparently this has been long known by Law Enforcement Agencies, who can use this data in investigations. This data is also transmitted back to Apple every 12 hours.
Android devices apparently also report location data back to Google – it sounds like WiFi MAC address location data is sent back to help triangulate a users location to provide location based services using this map of collected MAC addresses. This is similar to the MAC address collection that Google got into trouble for when they collected similar data from their StreetView cars (when they arguably collected far more than just MAC addresses and the location).
Browser security beaten in pwn2own hacker contest
Browser security topples this week, first Safari then IE8, in a contest to demonstrate the ability to execute native code and save files to the host machine’s file system via vulnerabilities in the browsers.
Safari was first to fall, followed by IE8. No results for Chrome yet, and no contestant signed up to challenge Firefox. Mobile phone browser next up.