Week in review: Cheap cellphone tracking, Apple’s Gatekeeper, and Google secretly bypasses Safari’s “no tracking” settings
Here’s an overview of some of last week’s most interesting news and articles:
Privacy pitfalls of online dating
It used to be that you were pretty much anonymous on the Internet if you chose to be, but those halcyon days are now gone, and you should think about whether it’s safe to post something online many times over. Take dating sites for example. Are you absolutely certain that once you’ve deleted your profile on one of them your information and your photos are deleted forever? Unfortunately, the answer is no.
Mobile hacks to increase with SDR adoption
Digital Assurance warned that mobile communications operating over radio systems such as GSM, WiMax and DECT are likely to become more heavily targeted as Software Defined Radio (SDR) technology becomes more sophisticated, cheaper and more widely available.
Tax payers unaware of identity theft risks
While consumers remain concerned about identity theft, there are some common misconceptions about the risk of preparing and submitting their tax documents, and many are engaging in risky behaviors online that could lead to identity theft.
Best practices for online banking security
There are two common misconceptions about online banking security which are holding financial institutions back from offering their customers the best services possible.
Twitter turns on HTTPS by default
The option to always use HTTPS was made available to users back in March 2011, but they had to turn it on for themselves by changing their account settings – something that tech neophytes surely wouldn’t think of doing without prompting.
Infosec pros maintain job stability
The information security profession offers not only stability but upward mobility, according to the 2012 Career Impact Survey released by (ISC)2. Only seven percent of information security professionals were unemployed at any point during 2011, with nearly 70 percent reporting a salary increase, and 55 percent expecting to receive an increase in 2012.
Horde FTP server hacked, files modified to include backdoor
The three files that were modified to include a backdoor are Horde 3.3.12, Horde Groupware 1.2.10 and Horde Groupware Webmail Edition 1.2.10.
Mozilla wants CAs to stop issuing and revoke MITM certificates
A heated debate has unfolded after Trustwave made public their decision to revoke a subordinate root certificate it issued to a company that allowed it to intercept their employees’ private email communication.
Confidential data at risk even with policies in place
A new survey by Xerox and McAfee, reveals that more than half of employees say they don’t always follow their company’s IT security policies or aren’t even aware of the policies – leaving the security of customer credit card numbers, financial reports, and HR and tax documents at risk.
The escalating cost of US cybersecurity plans
When US President Barack Obama called on the Congress for laws that would protect the country’s citizens, businesses and infrastructure from various cyber threats, it sounded like a welcome (if overdue) call to arms. Unfortunately, what most people didn’t immediately realize is that cyber defense is likely to cost a huge amount of money.
The new and improved Kelihos botnet
As announced by Kaspersky Lab researchers and confirmed by Microsoft, the C&C and backup infrastructure of the original Kelihos/Hlux botnet is still down after their joint action that resulted in its sinkholing. Temporarily beheaded, the botnet doesn’t send out spam, but Kaspersky’s researchers have noticed that its operators currently seem more interested in building a new one than wrestling the control of the old one from the hands of the researchers.
Apple preparing a safer version of OS X
The next version of OS X called Mountain Lion will be available this summer. Among the many new features, it will come with Gatekeeper that will help prevent users from unknowingly downloading and installing malicious software.
Why is residual risk so important?
The term “residual risk’ is mandatory in the risk management process according to ISO 27001, but is unfortunately very often used without appreciating the real meaning of the concept.
Social mobile apps found storing users’ contacts without permission
A week ago, app developer Arun Thampi made public his discovery that Path – a popular iOS app that allows users to keep a journal of their everyday life and share it with others through a number of social networks – copies the entire contents of the users’ address books and sends them to the company servers without asking the users for permission or, indeed, notifying them of it in any way. What’s more, it was further discovered that the Twitter app does the exact same thing, and the information is stored on Twitter’s servers for 18 months before being deleted.
Thwarting attacks with genetically-inspired computer configuration systems
In creating an algorithm that searches for and implements more secure computer configurations, computer science associate professor Errin Fulp and graduate student Michael Crouse from the Wake Forest University in North Carolina have been inspired by genetics.
Open source tool detects videoconferencing equipment vulnerabilities
Qualys’ Ses Wang explains the underlying videoconferencing protocol, how it is vulnerable, and how an open source tool he developed detects the vulnerability.
Secret ad code allows Google to bypass Safari’s “no tracking” settings
Once again, Google has been caught doing something that it shouldn’t be doing: using code in their ads to intentionally bypass the privacy settings of Safari users in order to track their browsing behavior.
Fake Facebook notification delivers keylogger
The email address of the sender is spoofed to make it look like it has been sent by the social network, and the message contains only an image implying that the recipient needs to install Silverlight (Microsoft’s answer to Adobe Flash) in order to view the content.
Hackers can find you by tracking your cellphone
Finding out people’s approximate whereabouts by tracing their cellphone signal is something that service providers can easily do, as cellular networks track its subscribers all the time in order to ensure adequate service delivery. We also take for granted that law enforcement and intelligence agencies have easy access to that information by getting court orders that force service providers to share that information with them. But is it possible for other people – most of all, is it possible for criminals – to do the same?