Things I Hearted this Week 5th Jan 2018

January 5, 2018 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

The opening of movies sets the tone for the rest of the film. Within the first few minutes you usually get an idea of the characters, whether it's a slow suspense, a drama, or action flick.

If the first few days of 2018 are any indication, the IT Security world has kicked off with a dizzying Michael Bay-esque opening action sequence with rapid cuts that would rival any Edgar Wright montage.

So let's jump head first right into it.

Meltdown

Step aside Heartbleed, and forget all about WannaCry, there's a new duo of attacks in town, complete with logos, websites, and tales of doom.

Facebook and India’s controversial National ID Database

Facebook has clarified that it’s not asking new users in India for their Aadhaar information while signing up for a new Facebook account.

Aadhaar is India’s biometric ID system that links the demographic information of more than a billion Indians with their fingerprints and iris scans, and stores it in a centralized government-owned database that both government agencies and private companies can access to authenticate people’s identities. The program has been slammed by critics for enabling surveillance and violating privacy.

Facebook said this was a “small test” that the company ran with a limited number of Indian users, and that its goal was to help new users understand how to sign up to Facebook with their real names.

It sounds an awful lot like the “wallet inspector” in the school playground that would also then keep my money safe for me.

Trackmageddon

Two researchers have disclosed problems with hundreds of vulnerable GPS services using open APIs and trivial passwords (123456), resulting in a multitude of privacy issues including direct tracking. Further, many of the vulnerable services have open directories exposing logged data.

For some, the vulnerabilities discovered and disclosed by Vangelis Stykas (@evstykas) and Michael Gruhn (@0x6d696368) aren't new. They were disclosed during Kiwicon in 2015 by Lachlan Temple, who demonstrated flaws in a popular car tracking immobilization device.

DHS leak

The US Department of Homeland Security has confirmed a major privacy leak affecting 247,000 employees. According to a DHS statement, it appears as though it was an inside leak, as opposed to an external hack.

Uber Malware

Android users should be on alert for a new malware variant which is posing as the Uber app, in an attempt to steal passwords.

Of course, users that download Uber have probably got low security expectations to begin with.

Guessing Smartphone PIN codes

Security researchers have discovered a brand new method that hackers can potentially use to unlock and compromise a user's smartphone using just the device's sensors. According to researchers at Nanyang Technology University (NTU) in Singapore, information gathered from six different sensors in smartphones paired with machine learning and deep learning algorithms could be used to unlock Android smartphones within only three tries.

Forever 21 breach lasted over seven months

Anyone can get breached, that’s not a bad thing. But detection controls should be designed to alert when something goes wrong… seven months is a long, long time.

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL