“Using Framesniffing, it’s possible for a malicious webpage to run search queries for potentially sensitive terms on a SharePoint server and determine how many results are found for each query,” said Paul Stone, senior security consultant at Context. “For example, with a given company name it is possible to establish who their customers or partners are; and once this information has been found, the attacker can go on to perform increasingly complex searches and uncover valuable commercial information.”
Context researchers tested SharePoint 2007 and 2010 and found that by default, they do not send the X-Frame-Options header that instructs web browsers to disallow framing. This leaves these applications open to both Framesniffing and Clickjacking. As a result, any website that knows the URL of the SharePoint installation can load it in a frame and carry out these attacks, even if it is only accessible on an Intranet.
Following the discovery of this vulnerability, Context contacted Microsoft and was told: “We have concluded our investigation and determined that this is by-design in current versions of SharePoint. We are working to set the X-Frame options in the next version of SharePoint.”
Framesniffing can also be used to harvest confidential data from public websites, such as LinkedIn that don’t protect against framing. An attacker using a malicious website could build a profile of visiting users by piecing together small pieces of information leaked from different websites. For example, the product IDs of previously bought items from a shopping site could be combined with a person’s user ID from a social networking site.
Context’s blog published today at www.contextis.com/research/blog/framesniffing, includes a video that shows an attacker extracting sensitive information from a fictional corporate SharePoint installation. In the blog, Context also provides five simple steps to protect a website from this attack by adding the X-Frame-Options header. While Mozilla updated its Firefox web browser last year to prevent Framesniffing, the latest versions of Internet Explorer, Chrome and Safari are still vulnerable.
Fortunately, protecting a website from this attack is a simple matter of adding the X-Frame-Options header and in its blog, Context provides step-by-step instructions on how to do this. “Users of the Firefox browser are already protected against this attack,” said Stone. “We encourage other browser vendors to apply similar protection to their browsers but in the meantime, the onus is on individual websites to add framing protection via X-Frame-Options.”
View the original article here
The Samsung Galaxy Tab 10.1 sports a 10.1-inch WXGA PLS TFT HD display with 1280 x 800 resolution. It has a 1GHz dual-core NVIDIA Tegra 2 processor and runs Android Honeycomb (3.2) OS. The tablet has a 3.2MP rear-facing camera with auto-focus and 720p video recording along with a 2MP front-facing one. Users will have 32GB of internal memory to store music, movies, photos, and other files on the device. It is also lightweight and slim, weighing in at a little over 1lbs and measuring 0.34 inches in thickness.
The Android-powered tablet will run on U.S. Cellular’s 4G LTE network, which boasts speeds up to 10 times faster than 3G. It is the first device introduced in U.S. Cellular’s 4G LTE device line-up.
Customers can purchase the device for $499.99 after a $100 mail-in rebate. But for those living in markets currently covered by the 4G LTE network, there is an additional $100 mail-in rebate, bringing the total price down to $399.99. Check out the U.S. Cellular website for detailed information on pricing.
View the original article here
Aside from the usual ICS update, which will launch in April, Sony will bundle in additional photo functionality, like the ability to activate the tablets' cameras directly from their lock screen, edit photos in the gallery application, and take panoramic photos. The update also allows Sony Tablet users to watch programs they’ve recorded on their compatible Blu-Ray recorders with a downloadable app.
Another feature Sony adds is "Small Apps." Users will be able to launch a small calculator, remote control, or browser window on top of their currently running app.
In addition to the ICS upgrade for the Tablet P and the Tablet S, Sony announced a Wi-Fi-only version of the Tablet P for 5,000 Yen (roughly $600) on April 21. The Wi-Fi-only Tablet P will be customizable as customers can purchase an interchangeable front and back panel ranging in colors such as black, white, gold, pink, and blue. This is the same Tablet P that is available now, except without the 3G radio.
View the original article here
The quad-core tablet will ship running Android 4.0 (Ice Cream Sandwich) and will sport a 10.1-inch display with a 1280 x 800 resolution. Other features include Dolby Mobile 3 audio, micro HDMI and micro USB 2.0 ports, 1 GB of RAM, and 32 GB of flash storage (expandable via a microSD card slot).
The tablet’s cameras include a 1-megapixel front-facing camera with zoom and a 5 megapixel rear-facing camera that allows users to take snapshots while recording video. The Iconia A510’s connectivity capabilities include 802.11 a/b/g/n Wi-Fi and Bluetooth 2.1+ EDR. And to keep the A510 from running out of juice at the worst possible time, the tablet comes with a 9800mAh battery, allegedly one of the highest capacities in the industry, to provide users with up to 12 hours of video playback.
Acer proudly touts the A510’s productivity features as well, which include preloaded copies of Polaris Office 3.5, Evernote, and Adobe Flash 11. Perhaps most useful, though, is the inclusion of the Acer Print app, which allows users to wirelessly print from their tablet and is supposedly compatible with “87 percent of brand name printers on the current market.”
In a rather unique design choice, the Iconia A510 will be a “special Olympic Games Tablet Edition of the Acer Iconia Tab line,” according to a press release. As such, the tablet’s soft-touch chassis will be branded with both the Acer and Olympic logos (the rings) to celebrate Acer’s sponsorship of the upcoming 2012 Olympic Games.
Preorders have already begun for the A510, with prices starting at $449.99 for the 32 GB model, which is available in either silver or black. No word yet on whether or not there will be other models with varying storage capacities and, if so, how much they will go for.
View the original article here
In the last week, Localytics said that only 6 percent of all sessions on iPads were coming from cellular networks, the rest coming from Wi-Fi. The numbers show how the majority of the public aren’t interested in having 3G or 4G on their devices.
However, Localytics did find out that those who did have cellular chips in their iPads used both Wi-Fi and the cellular networks equally. On devices with 3G connectivity, it accounts for 45 percent of all usage. For 4G iPads, it accounts for 36 percent of all usage, at the moment.
One reason that customers aren’t in favor of coughing up more money to receive an iPad with 3G or 4G connectivity may be because of capped data plans. The arrival of 4G LTE access on the new iPad led to users watching videos, burning through their pre-allotted gigabytes of data usage very quickly.
View the original article here
Subscribe to:
Posts (Atom)
