Security, Privacy and IoT: The Week of March 6th, 2017

Security

The biggest story in security this week is Wikileaks’ dump of CIA documents, reminding people that yes, the CIA is a spy agency and that yes, spy agencies would want to have cracking tools.

The big takeaways are that they have tools for hacking specific devices. Wikileaks spun this as the CIA being able to crack Signal and Whatsapp, but nothing in the documents indicates that – it’s more that the CIA can take control of the phone’s or computer’s OS – once that’s done, they can compromise any app without breaking its protocol.

More

Security, Privacy and IoT: The Week of February 27th, 2017

Security

If you want a phone that’s less likely to be broken into simply because it does much less, the Nokia 3310 may be for you. No App Store and no wifi reduce its attack surface to whatever vulnerabilities are built into Nokia’s software and its baseband firmware.

https://arstechnica.com/gadgets/2017/02/nokia-3310-hands-on-its-hard-not-to-like-this-modern-take-on-the-feature-phone/

More

Security, Privacy and IoT: The Week of February 13th

I’m experimenting with compiling a list of interesting articles each week – I’ll compile a list of articles that caught my eye. I’m trying to keep this quick and maintain a high signal-to-noise ratio.

Security

Adobe Flash Critical Security Update

Adobe has released Flash Player version 24.0.0.221 for Windows, macOS and Linux. It fixes “critical vulnerabilities that could potentially allow an attacker to take control of the affected system”. If you have Flash installed on your computer, update it immediately. Also update Chrome.

Except for the copy of Flash that comes with Chrome, I haven’t had Flash installed on my Mac in years and I don’t miss it at all.

https://helpx.adobe.com/security/products/flash-player/apsb17-04.html

More

Password Dumps: How To Protect Yourself

By now you’re probably used to reading about web sites getting broken into, exposing millions of accounts. How do you protect yourself and how can developers protect their users?

More