Security Researcher claims Uber’s app is literally Malware

The popular ride-sharing service Uber has been hit by various controversies lately, but now the things gone even worse for the company when a security researcher made a worrying discovery this week and claims, "Uber’s app is literally malware."

Researcher, who runs a cyber security firm in Arizona, just reverse-engineered the code of Uber’s Android application and come to the conclusion that it is a malware. He discovered that the app "calls home" and sends data back to the company.

The ride-hailing company is in disputes of handling privacy of its customers data. A Phoenix-based security researcher Joe Giron found that a surprising amount of users’ data is being collected by the company’s mobile application for Android.

The ride-driving company might have some legitimate reason to make use of most of this collected information in the app, perhaps for fraud detection or an intelligence-gathering tool. But, the problem is that the information is being sent and collected by Uber’s servers without any knowledge or permission of the app user. Neither the extent of the data the Uber app collects seems to go beyond the data set shown on its permissions screen.

Here we present you a long list of everything the Uber Android app can have about its users, revealed by a thread on Ycombinator:

• Accounts log (Email)
• App Activity (Name, PackageName, Process Number of activity, Processed id)
• App Data Usage (Cache size, code size, data size, name, package name)
• App Install (installed at, name, package name, unknown sources enabled, version code, version name)
• Battery (health, level, plugged, present, scale, status, technology, temperature, voltage)
• Device Info (board, brand, build version, cell number, device, device type, display, fingerprint, ip, mac address, manufacturer, model, os platform, product, sdk code, total disk space, unknown sources enabled)
• GPS (accuracy, altitude, latitude, longitude, provider, speed)
• MMS (from number, mms at, mmss type, service number, to number)
• NetData (bytes received, bytes sent, connection type, interface type)
• PhoneCall (call duration, called at, from number, phone call type, to number)
• SMS (from number, service number, sms at, sms type, to number)
• TelephonyInfo (cell tower id, cell tower latitude, cell tower longitude, imei, iso country code, local area code, meid, mobile country code, mobile network code, network name, network type, phone type, sim serial number, sim state, subscriber id)
• WifiConnection (bssid, ip, linkspeed, macaddr, networkid, rssi, ssid)
• WifiNeighbors (bssid, capabilities, frequency, level, ssid)
• Root Check (root staus code, root status reason code, root version, sig file version)
• Malware Info (algorithm confidence, app list, found malware, malware sdk version, package list, reason code, service list, sigfile version)

 Uber responded to the issue and said in a statement to Cult of Mac, "Access to permissions including Wifi networks and camera are included so that users can experience full functionality of the Uber app. This is not unique to Uber, and downloading the Uber app is of course optional."

Read More

GLOBE Telecoms released an official statement regarding web defacement

A group of hackers defaced the website of a telecommunications company this week, allegedly over its poor Internet service.

For several moments, the group calling itself "Blood Security Hackers" defaced the pages in the website of Globe Telecoms.

Globe Telecom explained that the hacks were conducted on sites run by a third party affiliated with the telco. Globe also assured the public that no sensitive information was stolen and that immediate action has been undertaken to shore up the security breach.

GLOBE Telecoms released an official statement regarding web defacement.

http://www.globe.com.ph/press-room/globe-statement-on-web-defacement

At around 10:00 pm yesterday, November 27, Globe Telecom detected a defacement in four Globe websites hosted by a third party vendor Movent. All four websites (mybusiness.globe.com.ph, duo.globe.com.ph, payroll.globe.csme.com and update.globe-csme.com) have been taken down immediately so we can conduct the appropriate security checks.

"The server where the four websites are hosted is managed by a third party partner and outside of the Globe Corporate and Enterprise Network, where appropriate preventive and detective controls are in place. The attack is isolated on their end and was brought about by an unpatched vulnerability which is currently being addressed. Rest assured, our security incident response teams are currently investigating and conducting forensics in various areas to make sure that the incident is properly managed," said Globe Chief Information Security Officer Anton Bonifacio.

Globe assures its customers that no critical customer data have been compromised as these information are not stored in the affected websites. The said websites are used for advertising and marketing purposes only and are not connected to any of the private internal customer systems. Globe also said that its own Globe-hosted websites were not compromised.

 

 Up to now 3 of the said website still under maintenance :

Read More

Glassesonline Quality Eyewear Store

Looking for branded Eye wear ?
Checked Out this site !! http://www.glassesonline.com.ph/

You can buy  quality  Eye-wear at low prices,  As Philippine's first online glasses store, they offer a wide selection of high quality prescription eyeglasses, frames, contact lenses and branded sunglasses for both men and women.


Here's  my Original Ray Ban  from Glasses Online.

Great customer service and flexible returns all over Philippines.
They actually contact you for confirmation that you receive your item or any problem on delivery.

Sign up Now!! on their website to receive updates on promotions, new products and amazing discounts!

Read More

Win a brand new Mitsubishi Mirage by playing ECO DASH available for download via App Store and Google Play!

Mitsubishi Philippines likes to share with you Eco Dash, free and new game app that gives Filipino players a chance to win a Mitsubishi Mirage for the grand prize and an iPad mini for the monthly top 5 winners with the highest scores!

Mitsubishi Motors Philippines Corporation (MMPC) is taking its digital campaign to an exciting spin with the Mirage
Eco Dash Game application.

Mirage Eco Dash lets players drive their very own Mitsubishi Mirage as they navigate obstacles, collect coins and
power-ups in a mad dash to be on the top of the online Eco Dash leaderboards. What sets this game app apart from
the others is that it gives its players a chance to win exciting prizes monthly. At the end of every month until February
2015, the top 5 players will be given an iPad Mini. To make this even more exciting and worth spending your time,

MMPC is giving away a brand new Mirage GLS MT for the top player on the culminating event. MMPC will have a
Mirage Eco Dash finals event wherein the top 10 in the leaderboards by end of February 2015 plus the 3 wildcard
winners from the offsite mall competition which will be done in Manila, Cebu and Davao, will compete to determine
the overall champion and win the Mirage GLS MT grand prize.
“With the Mirage Eco Dash, we hope to provide our players with a fun and challenging game that rewards their time
spent on the game” Mr. Froilan Dytianquin – MMPC Vice President for Marketing Services said. “We also want to let
them know more about the Mirage thru in-game trivia that will appear when you’re playing the Mirage Eco Dash. The
Mirage has been a popular choice among our young car enthusiasts, young professionals and even to those who are
just starting their own families” Mr. Dytianquin added. The Mirage Eco Dash game also embodies certain features of
the Mirage such as its fuel efficiency, eco friendliness and that with the different accessories that you can add this
small car is a fun car to own and drive.
The Mirage Eco Dash game was officially launched during the opening of the 5
th
Philippine International Motor Show
at the World Trade Center in Pasay City. Personalities like Ellen Adarna, Rico Blanco and Marki Stroem gave their fans
and the media something to share on Social Media as they competed to see who the better Eco Dasher was.

Mirage Eco Dash is available for free from the App Store and Google Play. Like and check-out the Mitsubishi Mirage
Eco Dash Facebook fan page for detailed mechanics on how you can win a brand new Mirage GLS MT.

Read More