OneStopTesting - Quality Testing Jobs, eBooks, Articles, FAQs, Training Institutes, Testing Software, Testing downloads, testing news, testing tools, learn testing, manual testing, automated testing, load runner, winrunner, test director, silk test, STLC

Forum| Contact Us| Testimonials| Sitemap| Employee Referrals| News| Articles| Feedback| Enquiry
 
Testing Resources
 
  • Testing Articles
  • Testing Books
  • Testing Certification
  • Testing FAQs
  • Testing Downloads
  • Testing Interview Questions
  • Career In Software Testing
  • Testing Jobs
  • Testing Job Consultants
  • Testing News
  • Testing Training Institutes
  •  
    Fundamentals
     
  • Introduction
  • Designing Test Cases
  • Developing Test Cases
  • Writing Test Cases
  • Test Case Templates
  • Purpose
  • What Is a Good Test Case?
  • Test Specifications
  • UML
  • Scenario Testing
  • Test Script
  • Test Summary Report
  • Test Data
  • Defect Tracking
  •  
    Software testing
     
  • Testing Forum
  • Introduction
  • Testing Start Process
  • Testing Stop Process
  • Testing Strategy
  • Risk Analysis
  • Software Listings
  • Test Metrics
  • Release Life Cycle
  • Interoperability Testing
  • Extreme Programming
  • Cyclomatic Complexity
  • Equivalence Partitioning
  • Error Guessing
  • Boundary Value Analysis
  • Traceability Matrix
  •  
    SDLC Models
     
  • Introduction
  • Waterfall Model
  • Iterative Model
  • V-Model
  • Spiral Model
  • Big Bang Model
  • RAD Model
  • Prototyping Model
  •  
    Software Testing Types
     
  • Static Testing
  • Dynamic Testing
  • Blackbox Testing
  • Whitebox Testing
  • Unit Testing
  • Requirements Testing
  • Regression Testing
  • Error Handling Testing
  • Manual support Testing
  • Intersystem Testing
  • Control Testing
  • Parallel Testing
  • Volume Testing
  • Stress Testing
  • Performance Testing
  • Agile Testing
  • Localization Testing
  • Globalization Testing
  • Internationalization Testing
  •  
    Test Plan
     
  • Introduction
  • Test Plan Development
  • Test Plan Template
  • Regional Differences
  • Criticism
  • Hardware Development
  • IEEE 829-1998
  • Testing Without a TestPlan
  •  
    Code Coverage
     
  • Introduction
  • Measures
  • Working
  • Statement Coverage
  • Branch Coverage
  • Path Coverage
  • Coverage criteria
  • Code coverage in practice
  • Tools
  • Features
  •  
    Quality Management
     
  • Introduction
  • Components
  • Capability Maturity Model
  • CMMI
  • Six Sigma
  •  
    Project Management
     
  • Introduction
  • PM Activities
  • Project Control Variables
  • PM Methodology
  • PM Phases
  • PM Templates
  • Agile PM
  •  
    Automated Testing Tools
     
  • Quick Test Professional
  • WinRunner
  • LoadRunner
  • Test Director
  • Silk Test
  • Test Partner
  • Rational Robot
  •  
    Performance Testing Tools
     
  • Apache JMeter
  • Rational Performance Tester
  • LoadRunner
  • NeoLoad
  • WAPT
  • WebLOAD
  • Loadster
  • OpenSTA
  • LoadUI
  • Appvance
  • Loadstorm
  • LoadImpact
  • QEngine
  • Httperf
  • CloudTest
  •  
    Languages
     
  • Perl Testing
  • Python Testing
  • JUnit Testing
  • Unix Shell Scripting
  •  
    Automation Framework
     
  • Introduction
  • Keyword-driven Testing
  • Data-driven Testing
  •  
    Configuration Management
     
  • History
  • What is CM?
  • Meaning of CM
  • Graphically Representation
  • Traditional CM
  • CM Activities
  • Tools
  •  
    Articles
     
  • What Is Software Testing?
  • Effective Defect Reports
  • Software Security
  • Tracking Defects
  • Bug Report
  • Web Testing
  • Exploratory Testing
  • Good Test Case
  • Write a Test
  • Code Coverage
  • WinRunner vs. QuickTest
  • Web Testing Tools
  • Automated Testing
  • Testing Estimation Process
  • Quality Assurance
  • The Interview Guide
  • Upgrade Path Testing
  • Priority and Severity of Bug
  • Three Questions About Bug
  •    
     
    Home » Testing News » Android bug allowing SOP bypass a 'privacy disaster,'

    Android bug allowing SOP bypass a 'privacy disaster,'

    A D V E R T I S E M E N T


    Researchers are warning Android users of a major vulnerability that impacts a vital browser security mechanism called Same-Origin Policy (SOP).

    The bug � called a "privacy disaster" by Tod Beardsley, an engineering manager at Rapid7 who blogged about the issue Monday � is serious because SOP, "the cornerstone of web privacy," can be bypassed via exploitation, he explained.

    While Google has patched the issue, Beardsley told SCMagazine.com in a Tuesday interview, it could still take months for many users to get the update through their device manufacturers or service providers. The bug, CVE-2014-6041, could allow a saboteur to circumvent the Android Open Source Platform (AOSP) browser's Same-Origin Policy (SOP), a concern that impacts approximately 75 percent of Android users who run platforms older than version 4.4.

    In addition to Android users with lower-end prepaid phones being vulnerable (where AOSP may be shipped as the default browser as opposed to Chrome, for instance), tech savvy users, who simply prefer the AOSP browser, could be targets for attackers, Beardsley said.

    "The Android Open Source Platform browser generally has a reputation of working much faster," Beardsley told SCMagazine.com. "People get it because it's a stripped-down browser. But I looked at about five or six Google results pages on how to get it on your phone, and none of them mention that it's no longer supported [by Google]," he said.

    On Sept. 1, researcher Rafay Baloch initially disclosed the vulnerability  on his blog, providing a proof-of-concept exploit. Rapid7 also investigated the issue and soon joined the fray in warning users about the threat.

    "By malforming a javascript: a URL handler with a prepended null byte, an attack can avoid the Android Open Source Platform (AOSP) Browser's Same-Origin Policy (SOP) browser security control," Beardsley wrote in his Monday blog post. "What this means is, any arbitrary website (say, one controlled by a spammer or a spy) can peek into the contents of any other web page," he explained.

    When visiting an attacker's site with another application open, such as webmail, "the attacker could scrape [the victim's] email data and see what [their] browser sees," Beardsley continued. "Worse, he could snag a copy of your session cookie and hijack your session completely, and read and write webmail on your behalf."

    On Tuesday, SCMagazine.com reached out to Google about the vulnerability, but did not immediately hear back from the company.

    In his blog post, Beardsley said that he would post a video demonstration of the exploit later in the week. In the meantime, Rapid7 has published a Metasploit module which is available in all versions of Metasploit penetration testing software.



    More Testing News
    1 2 3 4 5 6 >> Next



    Looking for Software Testing eBooks and Interview Questions? Join now and get it FREE!
    discussionDiscussion Center
    Discuss
    Discuss

    Query

    Feedback
    Yahoo Groups
    Y! Group
    Sirfdosti Groups
    Sirfdosti
    Contact Us
    Contact
    Recommended Resources
    • Testing Interview Questions - http://www.coolinterview.com/type.asp
    • Testing Tools Interview Questions - http://www.coolinterview.com/type.asp
    • What is Software Testing?- http://en.wikipedia.org/wiki/Software_testing
    • Software QA & Testing Resource Center- http://www.softwareqatest.com/
    • Testing Faqs- http://www.testingfaqs.org/
     
    A D V E R T I S E M E N T
       
       

    Members Login


    Email ID:
    Password:


    Forgot Password
    New User
       
       
    Testing Interview Questions
  • General Testing
  • Automation Testing
  • Manual Testing
  • Software Development Life Cycle
  • Software Testing Life Cycle
  • Testing Models
  • Automated Testing Tools
  • Silk Test
  • Win Runner
  •    
       
    Testing Highlights

  • Software Testing Ebooks
  • Testing Jobs
  • Testing Frequently Asked Questions
  • Testing News
  • Testing Interview Questions
  • Testing Jobs
  • Testing Companies
  • Testing Job Consultants
  • ISTQB Certification Questions
  •    
       
    Interview Questions

  • WinRunner
  • LoadRunner
  • SilkTest
  • TestDirector
  • General Testing Questions
  •    
       
    Resources

  • Testing Forum
  • Downloads
  • E-Books
  • Testing Jobs
  • Testing Interview Questions
  • Testing Tools Questions
  • Testing Jobs
  • A-Z Knowledge
  •    
    Planning
    for
    Study ABROAD ?


    Study Abroad


    Vyom Network : Free SMS, GRE, GMAT, MBA | Online Exams | Freshers Jobs | Software Downloads | Programming & Source Codes | Free eBooks | Job Interview Questions | Free Tutorials | Jokes, Songs, Fun | Free Classifieds | Free Recipes | Bangalore Info | GATE Preparation | MBA Preparation | Free SAP Training
    Privacy Policy | Terms and Conditions
    Sitemap | Sitemap (XML)
    Job Interview Questions | Placement Papers | SMS Jokes | C++ Interview Questions | C Interview Questions | Web Hosting
    German | French | Portugese | Italian