A selection of this week’s more interesting vulnerability disclosures and cyber security news. Development frameworks are wonderful, can’t disagree there, they do make life easier by taking away tedious process. Obviously their increased complexity in hiding this tedium from the dev means debugging can be tricky at times. So they often included some quite revealing debug modes that can help…. Only that they really are for the eyes of the dev and not the public. Switching them off when in production is a good idea don’t you think?
Biometrics again, something I’m not entirely comfortable with as a sole means of authentication. One’s body is not easy to change should some vulnerability be found in how that data can be faked. I would advocate that as the second aspect of 2FA along with existing passwords or pins it is handy, but what about something that occurred to me while reading this article, how with an automatic biometric auth/payment would we be able to have multiple accounts on a system, perhaps for business and leisure?
This week in the office we were chatting about the changes to Chrome in the way it lets you know what level of protection a site is at. Well, these two articles then appear which make use of valid certificated sites to garner trust in who you are talking to. I think the lesson to be learned is no matter what site you are on, the moment you begin to part with any PII, ensure you are where you think you are:
In other news:
- China accused of sabotaging thousands of servers at major US companies with tiny microchips hidden on motherboards
- Keyloggers Turn to Zoho Office Suite in Droves for Data Exfiltration The free online office suite software is used by more than 30 million people and is a ripe target for criminals.
- ThreatList: Password Hygiene Remains Lackluster in Global Businesses Password-sharing persists, but at least multifactor authentication usage is up.
- Virus Bulletin 2018: macOS Flaw Allows Attackers to Hijack Installed Apps This code-signing issue represents a new attack vector, according to the researcher.