The security vs convenience trade-off (Security News 26/08/2016)

A selection of this week’s more interesting vulnerability disclosures and cyber security news.

Its been a reasonably quiet week on the security front which I suspect is mainly due to people still digesting the Equation Group leak. In light of that I thought I would ignore the host of accusations and pick out a few articles linked to a common theme: users.

No matter what wonderful security any home or business has in place the weakest link will always be the humans. We like convenience and any hurdles that require us to remember things or do extra work before we can access our cat pictures on Facebook usually ends up being circumvented in some way. I’ve seen some amazing attempts in my career to bypass such security for both ease and malicious reasons, along with some of these articles it brings home that some of our greatest threats are in fact facing us every day even if they don’t think they are. I remember Google coming up with the idea that the security boundary is no longer at the network perimeter, but instead, the LAN should be classed as a hostile area and the perimeter should be at the device boundary. I can understand that. Its more work and planning for sure but worth a consideration even if not fully embraced.

• Lost and Stolen Devices Account for One in Four Breaches in the Financial Services Sector

• A quarter of banks’ data breaches are down to lost phones and laptops (The Register)

• Why Sharing Passwords Is Now Illegal And What This Means for Employers And Digital Businesses (Forbes)

• UK: Sage really has had it hands full this week

For all the other stuff that has been going on here we go:

• Data for 6 Million Minecraft Gamers Stolen from Leet.cc Servers Catalin Cimpanu reports
• Epic Games Forums Breached Again (InfoRiskToday)
• Hints suggest an insider helped the NSA Equation Group hacking tools leak (ArsTechnica) 
• Mail.ru Forums Hack Compromises over 25 Million User Accounts Catalin Cimpanu reports
• Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities, (Thu, Aug 25th)
• The Secret World’s Forums Have Been Breached And Passwords Cracked Alex Walker reports
• ‘NSA’ hack okshun woz writ by Inglish speeker trieing to hyde (The Register) 
• Beauty site lets anyone read customers’ personal information (The Register)
• Government caught using sophisticated one-click hacking tool in the wild (Yahoo Security)
• Hackers Steal 25 Million Accounts From Mail.Ru Domains
• How open source platform Ghost solves security and productivity for bloggers (TechRepublic)
• The Big Data Era of Mosaicked Deidentification: Can We Anonymize Data Anymore? (Forbes)
• Top facial recognition also joins the dots and sees pretend people (The Register)
• Two Model S cars were stolen despite Teslas advanced tech (Yahoo Security) 
• Google just made public Wi-Fi suck a little bit less (Yahoo Security)
• IOActive turns up the most SOHOpeless router so far (The Register)
• Intel douses Wildfire ransomware as-a-service Euro menace (The Register)
• Researchers Use MiTM Attack Against Ransomware Operator (SecurityWeek)
• Voice Message Notifications Deliver Ransomware, (Tue, Aug 23rd)