A major flaw in iOS allows any Enterprise signed Ad-Hoc app to silently replace any non-system iOS app and steal user data, Google now owns a NASA airfield, Gnome battles for its trademark & China hacks the US Postal service.

Plus Mozilla beefs up TOR & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Masque Attack: All Your iOS Apps Belong to Us | FireEye Blog

In July 2014, FireEye mobile security researchers have discovered that an iOS app installed using enterprise/ad-hoc provisioning could replace another genuine app installed through the App Store, as long as both apps used the same bundle identifier. This in-house app may display an arbitrary title (like “New Flappy Bird”) that lures the user to install it, but the app can replace another genuine app after installation. All apps can be replaced except iOS preinstalled apps, such as Mobile Safari. This vulnerability exists because iOS doesn’t enforce matching certificates for apps with the same bundle identifier. We verified this vulnerability on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, for both jailbroken and non-jailbroken devices. An attacker can leverage this vulnerability both through wireless networks and USB. We named this attack “Masque Attack”.

China suspected of breaching U.S. Postal Service computer networks

Chinese government hackers are suspected of breaching the computer networks of the United States Postal Service, compromising the data of more than 800,000 employees — including the postmaster general’s.

The intrusion was discovered in mid-September, said officials, who declined to comment on who was thought to be responsible. The FBI is leading the investigation into the hack.

The news, announced by U.S. Postal Service, came as President Obama arrived Monday in Beijing for high-level talks with his counterpart, President Xi Jinping, as well as for an economic summit.

Mozilla will start hosting Tor relays as part of Polaris privacy push

Mozilla will give the Tor Project a capacity boost as part of the Firefox maker’s new strategic privacy initiative, Polaris, which it unveiled on Monday as part of its tenth anniversary celebrations.

The Polaris initiative will see Mozilla work alongside partners such as the Tor Project and the Center for Democracy & Technology (CDT) to promote online privacy, largely through the inclusion of new features in Firefox. In a Monday blog post, Mozilla said it wants to “accelerate pragmatic and user-focused advances in privacy technology for the web,” which appears to denote a focus on user-friendliness.

Also on Monday, Mozilla added the privacy-focused DuckDuckGo search engine as a pre-installed option for Firefox users across Windows, Mac, Linux and Android. There’s also a new Firefox feature called Forget, which gives users a simple way to clear out all tracking information covering the last five minutes, two hours or 24 hours – as opposed to going through a relatively technically-phrased list asking whether users want to clear cookies, history and so on.

Google now runs an airfield after signing a 60-year NASA lease

It’s official: following months of negotiations, Google now has an airfield to call its own. The company’s Planetary Ventures wing has signed a lease with NASA that lets it manage Moffett Federal Airfield, including three hangars, two runways and even a golf course. The 60-year (!) deal will have the internet giant shell out $6.3 million per year in upkeep, and a total of $1.16 billion in rent.

Open-Source Vs Groupon: GNOME Battle To Protect Their Trademark – OMG! Ubuntu!

Groupon, famed for its ‘deal-of-the-day’ website, recently unveiled a “tablet-based platform” called ‘GNOME’, and has filed requisite trademark filings — 10 so far — seeking ownership of the name.

Naturally, this has the GNOME Foundation ‘concerned’. GNOME is a registered trademark of the foundation, and has been since 2006. This mark was issued under a number of sections, including ‘operating system’ — which the Chicago-based Groupon is also claiming against.

Could it just be that they’ve never heard of GNOME before?

Help the GNOME Foundation defend the GNOME trademark