Tuesday, September 16, 2014

75% of Android Phones Vulnerable to Web Page Spy Bug

A Metasploit module has been developed to easily exploit a dangerous flaw in 75 percent of Android devices that allows attackers to hijack a users' open websites...
Tod Beardsley, a developer for the Metasploit security toolkit dubbed the "major" flaw a "privacy disaster".

"What this means is any arbitrary website - say, one controlled by a spammer or a spy - can peek into the contents of any other web page," Beardsley said.

"[If] you went to an attackers site while you had your web mail open in another window, the attacker could scrape your email data and see what your browser sees.

"Worse, he could snag a copy of your session cookie and hijack your session completely, and read and write web mail on your behalf." (more)

Solution: Use a Firefox or Chrome browser.