A selection of this week’s more interesting vulnerability disclosures and cyber security news. While we marvel at the sophisticated attacks, as with most crime, it’s the simple tricks while people have their guard down that get through. Here is a wonderful little article by the folks at SANS on one such example, yes, for most of us we might spot an obvious faked URL but for others or if we’re not paying enough attention one tap and its game over:
Following on from the recent news about Apple, Google and Amazon having humans review audio recordings, Microsoft now admits it. I understand the need for such verification to happen, however being more upfront about it wouldn’t hurt. Of course they may actually do that, and its burried in the T&C somewhere, but who reads that? Transparency, privacy and quality control are difficult to balance. How will this eventually turn out?
I’ve used ‘wardriving’ map out network perimeters before during installations and maintenance, but ‘warshipping’ is a whole new area of interesting and difficult possibilities. For example, just thinking about any logistics flow of a package end-to-end, often through controlled areas where staff might have say a mobile phone in the pocket that has Bluetooth and data switched on, or small weak wireless networks for handheld picking devices. The possibilities of something quickly latching on and the disappearing as evidence is a real defensive challenge:
The rest of the news…