The big names in our last
roundup—Apple, Tor, Internet of
Things
—seem
to be reappearing a short two weeks later, but the bad news
doesn’t end there. Security vulnerabilities revealed in late August
include open source ransomware and Microsoft adopting Google-level data
collection.
Preferring convenience to safety, investment management
company
Vanguard continues to allow users to login, even with misspelled security answers.
British Gas’s Hive Active Heating app was renamed a “burglar’s dream” when a study
revealed that the Internet of Things technology does not encrypt user data. British
Gas has since agreed to employ encryption.
 |
| Twitter bots have the power to silence activists. |
Pro-government Twitter bots prevented Mexican activists from sharing information and
pushed #YaMeCanse out of the platform’s trending topics; such actions have been
taken against Turkish, Egyptian and Syrian protesters in the past.
A Trend Micro security researcher reported that
stolen credit card information—such as that from the recent Ashley Madison data dump—is highly
desirable to cybercriminals, as it is commonly used to pay for the ebullet proof
hosting services (BPHS) used to spread malware.
The newly released
Windows 10 has made headlines for the degree to which it sends user data back to
Microsoft. As InfoWorld wisely pointed out, like it or not, the data Microsoft
is collecting is akin to what Google has been doing all along.
The United States’ NSA and the United Kingdom’s GCHQ have
acknowledged that today’s encryption would be powerless against tomorrow’s
quantum computing. Although not an immediate threat, such computers will exist in
the next half century.
Turkish security researcher Utku Sen published
open source ransomware on GitHub, along with the disclaimer: “While this may be
helpful for some, there are significant risks. The Hidden Tear may only be used
for Educational Purposes. Do not use it as a ransomware!”
Dark web drug market Agora suspects the current
protection provided by Tor is insufficient to maintain its anonymity and has
temporarily gone offline as it strengthens its security. Researcher Nicolas
Christin reminds us, “Tor is not a magic box that provides you a cloak of
invisibility, Harry Potter style.”
 |
| "Father of the Internet" Vint Cerf is worried. |
Apple designed iOS 9 to default to rigorous security standards for app
developers, but also published the code to disable such encryption. Google
shortly thereafter further spread the word on the privacy workaround.
At the Heidelberg Laureate Forum, Turing Award winner and
“Father of the Internet” Vint Cerf spoke with knowledge, experience and perhaps
foresight when he said, “I worry a lot about the potential loss of openness and freedom on the Internet.”
KeyRaider malware has stolen login credentials from 225,000
mostly-Chinese,
jailbroken iPhones. The incident reminds us of what can go wrong when security
features are removed in order to access otherwise-inaccessible apps.
If we’ve missed any vulnerabilities, let us know in the
comments below. Surf secure and stay
Rando!
No comments:
Post a Comment