Group items tagged

"The disclosure points to a problem security researchers have been warning about for years: that despite its reputation for building what is seen by millions of customers as a secure product, some believe Apple's closed culture and fear of negative press have harmed its ability to provide security for those targeted by governments and criminals. "Apple's self-assured hubris is just unparalleled," said Patrick Wardle, a former NSA employee and founder of the Mac security developer Objective-See. "They basically believe that their way is the best way. And to be fair … the iPhone has had incredible success. "But you talk to any external security researcher, they're probably not going to have a lot of great things to say about Apple. Whereas if you talk to security researchers in dealing with, say, Microsoft, they've said: 'We're gonna put our ego aside, and ultimately realise that the security researchers are reporting vulnerabilities that at the end of the day are benefiting our users, because we're able to patch them.' I don't think Apple has that same mindset.""

The US National Security Agency (NSA) knew of the Heartbleed flaw in the widely used OpenSSL security tool and exploited it for year - instead of blowing the whistle so that the patch could be flawed."

"1. 123456 (Unchanged from 2013) 2. password (Unchanged) 3. 12345 (Up 17) 4. 12345678 (Down 1) 5. qwerty (Down 1) 6. 234567890 (Unchanged) 7. 1234 (Up 9) 8. baseball (New) 9. dragon (New) 10. football (New) 11. 1234567 (Down 4) 12. monkey (Up 5) 13. letmein (Up 1) 14. abc123 (Down 9) 15. 111111 (Down 8) 16. mustang (New) 17. access (New) 18. shadow (Unchanged) 19. master (New) 20. michael (New) 21. superman (New) 22. 696969 (New) 23. 123123 (Down 12) 24. batman (New) 25. trustno1 (Down 1)"

"The secure email service used by US whistleblower Edward Snowden has shut down rather than comply with orders from US security services - and is also legally barred from speaking out. The owner and operator of Lavabit, Ladar Levison, took the service down yesterday "for maintenance" before revealing today that the real reason was demands from US intelligence."

"According to a report by Sophos, malware and spam are on the rise on social networks such as Twitter, MySpace, Facebook and LinkedIn. In the last year, 57% of users report they have been spammed via social networking sites, an increase of 70.6% compared to last year. Furthermore, 36% of users claim they've been sent malware via social networking sites, which is a rise of 69.8% from last year. On the other hand, CEOs of companies are concerned that their employees' usage of social networks is posing a security risk for their company. Sophos has surveyed more than 500 organizations, discovering that 72% of them think social networks are a danger for their companys, with 60% of them tagging Facebook as the biggest security risk, followed by MySpace, Twitter and LinkedIn. Graham Cluley, senior technology consultant for Sophos, says that Facebook is the biggest threat because it's the biggest social network out there, but he also places some of the blame on Facebook's own privacy rules. "When Facebook rolled-out its new recommended privacy settings late last year, it was a backwards step, encouraging many users to share their information with everybody on the internet," he says. Interestingly enough (and contrasted to some of the reports we've seen lately), Cluley thinks that simply barring access to Facebook is not the solution. "Social networks can be an essential part of the business mix today," he says, "and the answer is not to bar staff from participating in them but to apply some 'social security' instead.""

" respite was thanks to a sloppy bit of programming from the worm's creator, who'd left a killswitch in the code: newly infected systems checked to see if a certain domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) existed before attempting to spread the infection; by registering this domain, security researchers were able to freeze the worm.The respite was thanks to a sloppy bit of programming from the worm's creator, who'd left a killswitch in the code: newly infected systems checked to see if a certain domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) existed before attempting to spread the infection; by registering this domain, security researchers were able to freeze the worm. But a day later, it's back, and this time, without the killswitch. Security researchers running honeypots have seen new infections by versions of the worm that can spread even when the iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com domain is live."

"Cybercriminals are targeting people using Apple products as they are more likely to have disposable income, a security expert has warned. Blogger Graham Cluley said that while malware was more common on Windows, Apple customers could not "afford to be lackadaisical" about security. On Monday, he reported a text message scam that tried to trick people into handing over account information. Apple's support site warns customers not to enter details on spoof sites."

"Experts now believe that criminals could 3D-print hands complete with fingers and fingerprints to defeat security precautions at banks, airports and police stations."

"It's an old cliché of security researchers: fingerprints might appear more secure than passwords. But if your password gets stolen, you can change it to a new one; what happens when your fingerprint gets copied?"

"Now they might finally get this thanks to a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking."

"Now, there's a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps-four Alexa "skills" and four Google Home "actions"-that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. Behind the scenes, these "smart spies," as the researchers call them, surreptitiously eavesdropped on users and phished for their passwords."

Facebook has rushed to fix a security flaw that allowed users to eavesdrop on the live chats of their friends and see their pending friend requests

"Facebook had not spotted Adebowale's message containing "graphic" threats, so the security services were not told. The report by the parliamentary intelligence and security committee (ISC) said if the message had been passed to MI5 it could have prevented the murder of the soldier."

"Quantum computing may offer potential benefits to the financial services industry, but it also poses risks. Banks rely on encryption to keep their transactions and customer data secure. This involves scrambling and unscrambling data using keys made of very large numbers - tens, if not hundreds, of digits long."

"In a collaboration between CyberNews Sr. Information Security Researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, suspicious backdoors have been discovered in a Chinese-made Jetstream router, sold exclusively at Walmart as their new line of "affordable" wifi routers. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any devices connected to that network. "

"TeslaCrypt ransomware with new features that are impossible to crack, according to Cisco's Talos security arm. That means user infected with the latest version (3.01) of the malware can no longer use white hat-engineered software to get their files back. Until someone finds a new solution -- and that seems unlikely -- victims will have to pay."

""What is emerging is that [Aadhaar] is being used to create a panopticon, a centralized database that's linked to every aspect of our lives - finances, travel, birth, deaths, marriage, education, employment, health, etc.," Reetika Khera, an Indian economist and social scientist, told VICE News. Security concerns have plagued the system for years, but in recent weeks criticism has grown deafeningly loud. Earlier this month, as part of the Supreme Court case on privacy, an activist's freedom of information request suggested that foreign firms were being given "full access" to the classified data - including fingerprints and iris scans."

"In Los Angeles, the theft of computers from a county contractor's office that contained personal data for over 342,000 patients has led to a call for tighter security."

"A new strain of ransomware has been targeting government agencies and educational institutions in the United States, through scam emails that pretend to be something important. The malware, dubbed as 'MarsJoke' by Proofpoint security researchers, reportedly began a large-scale email campaign which distributed the cryptomalware last week. The developers are sending out emails which seems to be masked as a message from an airline company."

Technology: iPhone Firms involved: Dutch Online Bank ING. SE issues: Privacy Policies & Standards Securities