A selection of this week’s more interesting vulnerability disclosures and cyber security news. While we marvel at the sophisticated attacks, as with most crime, it’s the simple tricks while people have their guard down that get through. Here is a wonderful little article by the folks at SANS on one such example, yes, for most of us we might spot an obvious faked URL but for others or if we’re not paying enough attention one tap and its game over:
Following on from the recent news about Apple, Google and Amazon having humans review audio recordings, Microsoft now admits it. I understand the need for such verification to happen, however being more upfront about it wouldn’t hurt. Of course they may actually do that, and its burried in the T&C somewhere, but who reads that? Transparency, privacy and quality control are difficult to balance. How will this eventually turn out?
- Apple Suspends Siri Program After Privacy Backlash Apple’s Siri follows Amazon Alexa and Google Home in facing backlash for its data retention policies.
I’ve used ‘wardriving’ map out network perimeters before during installations and maintenance, but ‘warshipping’ is a whole new area of interesting and difficult possibilities. For example, just thinking about any logistics flow of a package end-to-end, often through controlled areas where staff might have say a mobile phone in the pocket that has Bluetooth and data switched on, or small weak wireless networks for handheld picking devices. The possibilities of something quickly latching on and the disappearing as evidence is a real defensive challenge:
The rest of the news…
- FBI, NSA to hackers: Let us be blunt. Weed need your help. We’ll hire you even if you’ve smoked a little pot in the past
- Googlers hate it! This one weird trick lets websites dodge Chrome 76’s defenses, detect you’re in Incognito mode
- Hack computers to steal someone’s identity in China? Why? You can just buy one from a bumpkin for, like, $3k
- It’s Black Hat and DEF CON in Vegas this week. And yup, you know what that means. Hotel room searches for guns
- Puzzling Gwmndy Botnet Focuses on Low-Volume Proxy Connections After infecting Fiberhome routers, its sole purpose seems to be setting up SOCKS5 proxies.
- Security Vulnerabilities Are Increasingly Putting Kids at Risk A kid’s tablet with security vulnerabilities is only the latest privacy faux pas in a children’s connected device.