The researchers said they’d expected to find “that smartphone devices will retain data from these storage services,” but didn’t know to what extent any leftover “artifacts” might include recoverable information. So they studied three popular cloud storage service apps running on the iPhone and on an HTC Desire running the Android operating system.
Here’s what they found: “Using mobile forensic toolkits, data can be recovered from a smartphone device which has accessed a cloud storage service,” they said. “The results from the experiment have shown that it is possible to recover files from the Dropbox, Box and SugarSync services using smartphone devices.” In addition, artifacts left by those services’ mobile apps in some cases allowed the researchers to gain a “proxy view” of files not stored on the device, but stored by the cloud service.
via Beware Smartphone Lurkers: Cloud Storage File Remnants – Security –.
Microsoft last week warned IT administrators that critical vulnerabilities in code licensed from Oracle could give attackers access to Exchange Server 2007 and Exchange Server 2010 systems.
Oracle patched the vulnerabilities in its “Oracle Outside In” code libraries as part of a massive update on July 17 that fixed nearly 90 flaws in its database software.
via Microsoft warns of critical Oracle code bugs in Exchange.
Earlier this summer, authorities busted a skimmer operation that stole $3 million from ATM users at a Capitol One bank in Manhattan.
“Everyone is at risk,” says the agent. “The loss could potentially be from hundreds of dollars up to hundreds of thousands of dollars,” and all your money can be gone within a few hours
via The Consumerist » Secret Service Says ATM Card Skimmers Are More Popular Than Ever.
A tool for testing if Web application firewalls WAFs are vulnerable to around 150 protocol-level evasion techniques was released at the Black Hat USA 2010 security conference on Wednesday
via Tool released at Black Hat contains 150 ways to bypass Web application firewalls.
The government’s effort to prosecute corporate espionage was dealt a setback today when a federal appeals court ruled that downloaded code did not qualify as stolen under a federal theft statute
via Code can’t be stolen under federal law, court rules | Security & Privacy – CNET News.
The Compliance Checker runs an assessment on ESX/ESXi hosts managed by vCenter
The assessment is based on a predefined subset of 29 of the vSphere 4.1 Security Hardening Guide rules and is run against the first 5 ESX/ESXi hosts found on the target vCenter
via VMware: VMware Security & Compliance: VMware’s CP&C releases another free Compliance Checker!.
Fraudulent accounts range from a low of 5 percent to an astonishing 40 percent of users. Scammers are registering accounts by the millions as they perpetrate fake “friend requests,” deceptive tweets, and the like, while the black market for bulk social networking accounts is growing exponentially.
via Debut Impermium Index Reveals Surprising Trends in Social Web Spam Attacks | Impermium.