SAP, a Frankfurt-based maker of business software, will release a patch on August 9 to address a potentially hazardous security flaw originally picked up by Alexander Polyakov, CTO of security firm ERPScan and one of the attendees of last week’s Black Hat Cybersecurity forum in Las Vegas.
Polyakov said he could identify systems exposed to attack simply by setting up query with Google.
“In some cases, he said, he could set up fictional accounts to access those systems, granting those users wide access to secret corporate data, and could delete some valuable data by overwriting databases with ‘trash.’”
A spokeswoman for SAP said the company is “working very closely” with Polyakov to address this issue appropriately.
Several other companies had notable software updates this week, starting with Samsung. The phonemaker held an event in New York City, where it introduced TouchWiz UX as well as a whole line-up of accessories for the Galaxy Tab. TouchWiz, which first rolled out on attendees’ tablets after they deposited them at the start of the event, represents major UI revamp: the Live Panel features widgets the user has selected, and the Mini Mode Tray pulls up the most commonly used app. TouchWiz UX also includes Samsung’s iTunes spin-off, the Music Hub.
Microsoft too announced an update this week; the latest version of Windows Phone 7, its mobile operating system. Dubbed “Mango”, it offer several new features including a voice-to-text functionality with a little twist to it. This option can be used for search, launching an app and so on, but instead of processing commands locally voice input is sent to Microsoft’s server, thus greatly improving accuracy and responsiveness.
On the security side, Microsoft’s also looking to avoid Android and Apple’s fate with data location and tracking. Microsoft’s updated its mobile software in this regard, readily learning from other industry players’ mistakes. The software giant also released .NET Gadgeteer, a so called hacker’s kit that can make certain things much easier for developers.
[...] the company. Back at the Black Hat security conference, ERPScan’s Alexander Polyakov revealed an exploit that would allow hackers to detect unprotected SAP deployments using Google, while SAP revealed a [...]
[...] SAP: Critical Security Patch Coming this Week [...]