Security, Privacy and IoT: The Week of March 18th, 2017

Security

One of the most significant stories of the week is a claim by a hacking group that they have several hundred million Apple account credentials and will use them to remotely wipe devices on April 9th if Apple doesn’t pay up. While it seems unlikely, there are simple precautions you can take which you should already be doing – use a unique strong password on your Apple account (one you don’t use anywhere else) and turn on 2 factor authentication. I’ll write up more about this soon. For now, you can read the original coverage at Motherboard and a follow-up at ZDNET.

Continue reading

Personal Security Questions Are Bullshit

I hadn’t flown on United Airlines for a long time. But in August 2016,  I booked a flight with them and tried to manage it via my United.com account. That was a mistake. Instead of providing real, useful security (like multi-factor authentication or Touch ID on the iPhone app), United insisted that I set up five personal security questions before I could access my account. All I needed to do was check in, but United decided they’d like me to do a pointless security dance for them.

Continue reading

Security, Privacy and IoT: The Week of March 12th, 2017

Security

Google has launched several new tools for Google Cloud Platform and G Suite (formerly Google Apps):

https://blog.google/topics/google-cloud/bolstering-security-across-google-cloud/

Got a Nintendo Switch? Then you also have a vulnerable version of WebKit. The Switch shipped with an old version of WebKit with known vulnerabilities.

Continue reading

Security, Privacy and IoT: The Week of March 6th, 2017

Security

The biggest story in security this week is Wikileaks’ dump of CIA documents, reminding people that yes, the CIA is a spy agency and that yes, spy agencies would want to have cracking tools.

The big takeaways are that they have tools for hacking specific devices. Wikileaks spun this as the CIA being able to crack Signal and Whatsapp, but nothing in the documents indicates that – it’s more that the CIA can take control of the phone’s or computer’s OS – once that’s done, they can compromise any app without breaking its protocol.

Continue reading

Security, Privacy and IoT: The Week of February 27th, 2017

Security

If you want a phone that’s less likely to be broken into simply because it does much less, the Nokia 3310 may be for you. No App Store and no wifi reduce its attack surface to whatever vulnerabilities are built into Nokia’s software and its baseband firmware.

https://arstechnica.com/gadgets/2017/02/nokia-3310-hands-on-its-hard-not-to-like-this-modern-take-on-the-feature-phone/

Continue reading

%d bloggers like this:
var _gaq = _gaq || []; var pluginUrl = '//www.google-analytics.com/plugins/ga/inpage_linkid.js'; _gaq.push(['_require', 'inpage_linkid', pluginUrl]); _gaq.push(['_setAccount', 'UA-239812-12']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'stats.g.doubleclick.net/dc.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();