Now that you've changed all your passwords because of the Heartbleed Bug (right?), here's something else to worry about—your smartphone might be susceptible to one of the Web's most common hacks, something called a cross-site scripting attack.
Researchers found five bar code–scanner apps with that vulnerability in the Android marketplace and three in the iPhone app store. They'll present the results at the Mobile Security Technologies workshop in San Jose in May. [Xing Jin, Tongbo Luo, Derek G. Tsui, and Wenliang Du, XDS: Cross-Device Scripting Attacks on Smartphones through HTML5-based Apps]
HTML5 apps are forecast to dominate half the market by 2016. And since bad code can hide in mp3s, photos, texts, even the names of wi-fi networks, researchers say it's time for developers to wise-up to this glitch before it goes viral.
[The above text is a transcript of this podcast.]