Security experts release tool to hack Android phones!

Two security experts said on Friday they released a tool for attacking smartphones that use Google Inc's Android operating system to persuade manufacturers to fix a bug that lets hackers read a victim's email and text messages.

"It wasn't difficult to build," said Nicholas Percoco, head of Spider Labs, who along with a colleague, released the tool at the Defcon hacker's conference in Las Vegas on Friday.

Percoco said it took about two weeks to build the malicious software that could allow criminals to steal precious information from Android smartphones.

"There are people who are much more motivated to do these things than we are," he added.

The tool is a so-called root kit that, once installed, allows its developer to gain total control of Android devices, which are being activated by consumers at a rate of about 160,000 units per day, according to Google.

"We could be doing what we want to do and there is no clue that we are there," Percoco said.

The test attacks were conducted on HTC Corp's Android-based Legend and Desire phones, but he believed it could be conducted on other Android phones.

The tool was released on a DVD given to conference attendees. Percoco was scheduled to discuss it during a talk on Saturday.

Google and HTC did not immediately return calls for comment.

Some 10,000 hackers and security experts are attending the Defcon conference, the world's largest gathering of its type, where computer geeks mix with federal security officials.

Attendees pay $ 140 in cash to attend and are not required to provide their names to attend the conference. Law enforcement posts under cover agents in the audience to spot criminals and government officials recruit workers to fight computer crimes and for the Department of Defense.

Organizers of the conference say presenters release tools such as Percoco's root kit to pressure manufacturers to fix bugs.

Microsoft to Fix 34 Vulnerabilities in Windows, Office and IE

Microsoft plans  to plug no less than 34 security holes in Windows, office and Internet Explorer come June 8th, 2010. The move is part of the company’s monthly patch cycle scheduled for release on patch-Tuesday, the second Tuesday of every month. There will be a total of 10 security bulletins as a part of the June update release, three of which carry the maximum severity rating of Critical, meaning that they are designed to patch vulnerabilities, which, in the eventuality of a successful exploit could allow attackers to perform remote code execution on a vulnerable system.

“Six of the bulletins affect Windows; of those, two carry a Critical severity rating and four are rated Important. Two bulletins, both with a severity rating of Important, affect Microsoft Office. One bulletin, again with a severity rating of Important, affects both Windows and Office. One bulletin, with a severity rating of Critical, affects Internet Explorer,” revealed Jerry Bryant, group manager, Response Communications.

According to information offered by Microsoft, Windows 7 users will need to deploy no less than seven security bulletins, three of which critical, if the IE patches are also taken into consideration. However, the Redmond will not be providing any patches for Office 2010. Released to manufacturing in April 2010, Office 2010 is not affected by any of the vulnerabilities resolved with the June security bulletin release, otherwise, the software giant would have also released updates for Office 2007’s successor.

“As ever, we recommend that customers prepare for the testing and deployment of these bulletins as soon as possible. We will also be acting on two Security Advisories this month. We are closing Security Advisory 983438 (Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege) with the June bulletins. We are also addressing Security Advisory 980088 (Vulnerability in Internet Explorer Could Allow Information Disclosure),” Bryant added.