Dropbox says Android security flaw fixed

Dropbox, the popular online file storing system and conveyed the message that it fixed a security flaw that could have allowed hackers to capture data stored in its service on Android devices via compromised third-party apps.

Dropbox, which has more than 300 million users, said it fixed the vulnerability a few months ago in the software it provides to third parties making apps that work with Dropbox.

It said most Android developers had already updated to the latest version of its software after being notified by Dropbox of the problem as early as December. Dropbox reminded any remaining developers working with the old version to update.

According to Dropbox, the software flaw meant that under certain circumstances a hacker could use a compromised third-party app to save another user’s data to the hacker’s Dropbox account. Dropbox said no data already stored on its service was ever vulnerable.

“There are no reports or evidence to indicate the vulnerability was ever used to access user data,” Dropbox said in a blog on its website.

Researchers at International Business Machines Corp initially discovered the flaw, and informed Dropbox, according to both companies.

Credits: channelnewsasia

Google Play Music Increases Cloud Storage Limit To 50,000 Songs

Google has bumped the storage limit for its locker service for Google Play Music from 20,000 to 50,000 songs, giving users more than double the capacity to store their own collection in the cloud, over and above the extensive streaming library that makes up Google Play Music’s own category. The extended library allowance is a free upgrade for users, meaning people get the additional capacity without having to sign up for more Drive storage or anything like that.

The bump in available space is easy to take advantage of, and applies automatically if you’re already hosting your collection in Google’s cloud. If you haven’t yet used Google Play Music’s locker service, however, it’s pretty easy to get started, using the instructions provided by Google below:

Sign in to Google Play Music with your Google account – Go to your computer and visit play.google.com/music. Sign up if needed.
Claim your free storage – If you’d like to try the Google Play music subscription service too, click “Get Started”. Otherwise, click “No Thanks” to continue with the free storage.
Add your music collection – The setup process will guide you through adding the Chrome app*, which provides seamless uploading. You can choose to simply upload your entire iTunes library or select other music folders. You can upload 50,000 songs for free.
Access your music at any time on multiple devices – You can stream or download music to your Android, iPhone, or iPad for easy offline listening. It’s also all available on the web when you’re on your computer. And when you upgrade to a new computer or the latest mobile device, your music comes along too. You’ll never be without your favorite artists again!

*Not using Chrome? The setup process at step 3 will instead guide you through installing Music Manager where you can still add 50,000 songs.

You can listen to them from all supported devices, that is.And even download them to your Android or iOS device for offline listening.

Content Credits: Techcrunch and gsmarena

Apple now allows everyone to create, save files in iCloud

One of the things Apple had working against them when it came to creating files for use in the cloud was actually creating files in the cloud itself. Though you could save a Pages document or presentation made via Keynote in iCloud, creating one via iCloud wasn’t really a thing. Until now.

Today, Apple is rolling out file creation in iCloud, all via a browser.

Now, you don’t even need access to an OS X or iOS device to use Pages, Keynote, or Numbers.

Find your way to a browser, log into iCloud, and away you go. Though all services still have their ‘beta’ tag, creating documents in the cloud is pretty simple and straightforward.

Editing tools are all there, and closely mimic the standalone app for OS X. Though it’s not a carbon copy, it’s much more than a simple text editor in the cloud. Pages, Keynote, and Numbers are all fairly well built for the cloud.

This aligns Apple a bit more with Microsoft Office 365 and Google Drive. Though we’re sure Apple users will still want to go the normal route for file creation, this option at least lets them actually work in the cloud rather than access files stored in the cloud.

Apple says iCloud.com supports all major browsers, so there aren’t a lot of folks who will be left out, here. New web-only accounts will be limited to 1GB storage.

What we find via iCloud is free to use for anyone, but Apple is limiting some features for iOS or OS X users. If you want to save to iCloud from the desktop, for instance, you’ll need an Apple device.

Even with the beta tag, Apple’s iCloud services for Pages, Keynote, and Numbers is actually pretty good. It’s probably about as useful for simple documents as anything else out there.

Content Credits: slashgear.com

Google releases CLOUD based Web App Vulnerability Scanner and Assessment Tool

Google unleashed its own free web application vulnerability scanner tool, which the search engine giant calls Google Cloud Security Scanner, that will potentially scan developers’ applications for common security vulnerabilities on its cloud platform more effectively.

SCANNER ADDRESSES TWO MAJOR WEB VULNERABILITIES:

Google launched the Google Cloud Security Scanner in beta. The New web application vulnerability scanner allows App Engine developers to regularly scan their applications for two common web application vulnerabilities:

Cross-Site Scripting (XSS)
Mixed Content Scripts

Despite several free web application vulnerability scanner and vulnerability assessment tools are available in the market, Google says these website vulnerability scanners are typically hard to set up and “built for security professionals,” not for web application developers that run the apps on the Google App Engine.

While Google Cloud Security Scanner will be easier for web application developers to use. This web application vulnerability scanner easily scans for Cross-Site Scripting (XSS) and mixed content scripts flaws, which the company argues are the most common security vulnerabilities Google App Engine developers face.

GO FOR WEB VULNERABILITY SCAN NOW

The developers can access the Cloud Security Scanner under Compute > App Engine > Security in Google’s Developers Console. This will run your first scan. It does not work with App Engine Managed VMs, Google Compute Engine, or other resources.

Google notes that there are two typical approaches to such security scans:

Parse the HTML and emulate a browser – This is fast; however, it comes at the cost of missing site actions that require a full DOM or complex JavaScript operations.
Use a real browser – This approach avoids the parser coverage gap and most closely simulates the site experience. However, it can be slow due to event firing, dynamic execution, and time needed for the DOM to settle.

Security Engineering head Rob Mann says that their web vulnerability scanner uses Google Compute Engine to dynamically create a botnet of hundreds of virtual Chrome workers that scan at a max rate of 20 requests per second, so that the target sites won’t be overloaded.

“Cloud Security Scanner addresses the weaknesses of [real and emulated browsers] by using a multi-stage pipeline,” Mann wrote in a blog post. “As with all dynamic vulnerability scanners, a clean scan does not necessarily mean you’re security bug free.”

The search engine giant still recommended developers to look into manual security review by a web app security professional, just to be on the safer side. However, the company hopes its vulnerability scanner tool will definitely provide a simple solution to the most common App Engine issues with minimal false positives.

Content Credits: Hackernews