Wednesday, 2 September 2015

It’s a Vulnerable World: late August 2015

The big names in our last roundup—Apple, Tor, Internet of Thingsseem to be reappearing a short two weeks later, but the bad news doesn’t end there. Security vulnerabilities revealed in late August include open source ransomware and Microsoft adopting Google-level data collection.
Preferring convenience to safety, investment management company Vanguard continues to allow users to login, even with misspelled security answers.

British Gas’s Hive Active Heating app was renamed a “burglar’s dream” when a study revealed that the Internet of Things technology does not encrypt user data. British Gas has since agreed to employ encryption.
Twitter, bot, Twitterbot, Mexico, Turkey, Egypt, Syria, activist
Twitter bots have the power to silence activists.
Pro-government Twitter bots prevented Mexican activists from sharing information and pushed #YaMeCanse out of the platform’s trending topics; such actions have been taken against Turkish, Egyptian and Syrian protesters in the past. 
A Trend Micro security researcher reported that stolen credit card information—such as that from the recent Ashley Madison data dump—is highly desirable to cybercriminals, as it is commonly used to pay for the ebullet proof hosting services (BPHS) used to spread malware. 

The newly released Windows 10 has made headlines for the degree to which it sends user data back to Microsoft. As InfoWorld wisely pointed out, like it or not, the data Microsoft is collecting is akin to what Google has been doing all along.

The United States’ NSA and the United Kingdom’s GCHQ have acknowledged that today’s encryption would be powerless against tomorrow’s quantum computing. Although not an immediate threat, such computers will exist in the next half century.

Turkish security researcher Utku Sen published open source ransomware on GitHub, along with the disclaimer: “While this may be helpful for some, there are significant risks. The Hidden Tear may only be used for Educational Purposes. Do not use it as a ransomware!”

Dark web drug market Agora suspects the current protection provided by Tor is insufficient to maintain its anonymity and has temporarily gone offline as it strengthens its security. Researcher Nicolas Christin reminds us, “Tor is not a magic box that provides you a cloak of invisibility, Harry Potter style.”

Vint Cerf, Father of the Internet, Heidelberg Laureate Forum, Turing Award, internet freedom, open internet
"Father of the Internet" Vint Cerf is worried.
Apple designed iOS 9 to default to rigorous security standards for app developers, but also published the code to disable such encryption. Google shortly thereafter further spread the word on the privacy workaround. 
At the Heidelberg Laureate Forum, Turing Award winner and “Father of the Internet” Vint Cerf spoke with knowledge, experience and perhaps foresight when he said, “I worry a lot about the potential loss of openness and freedom on the Internet.”
KeyRaider malware has stolen login credentials from 225,000 mostly-Chinese, jailbroken iPhones. The incident reminds us of what can go wrong when security features are removed in order to access otherwise-inaccessible apps. 
If we’ve missed any vulnerabilities, let us know in the comments below. Surf secure and stay Rando!

No comments:

Post a comment