2014-06-05 - They’re ba-ack: Browser-sniffing ghosts return to haunt Chrome, IE, Firefox
Privacy threat that allows websites to know what sites you've viewed is revived.Thoughts: If you think you are safe surfing for pornography, illegal music, or illegal software on a Windows PC or Linux Android device - think again. Your activities may be getting recorded, even if you are using "private browsing" features.
Chrome, Internet Explorer, and Firefox are vulnerable to easy-to-execute techniques that allow unscrupulous websites to construct detailed histories of sites visitors have previously viewed, an attack that revives a long-standing privacy threat many people thought was fixed.
Now, a graduate student at Hasselt University in Belgium said he has confirmed that Chrome, IE, and Firefox users are once again susceptible to browsing-history sniffing. Borrowing from a browser-timing attack disclosed last year by fellow researcher Paul Stone, student Aäron Thijs was able to develop code that forced all three browsers to divulge browsing history contents.
2014-05-13 - Malware authors target Android phones
Researchers report the number of malicious apps available on the Google Play store continues to grow. Your best defense is a security app, a cautious approach to downloads, and a close eye on your bank and credit card statements.Thoughts: Android malware, affects not only phones, but also tablets. Malware is increasingly targeting individual devices through legitimate Google application stores. If you are an Android user, avoid applications which sound "too good to be true" or not advocated by major media, educational, or trade journal sources.
2014-06-06 - “WARNING Your phone is locked!” Crypto ransomware makes its debut on Android
The rapid evolution of cryptoware that extorts hefty payments continues.Thoughts: Unlike other hacker attempts to lock and unlock phones, insecurities in the Linux/Android operating system actually allow the malware to encrypt your content (photos, documents, books, etc.) and thus possibly lose all of your data!
Security researchers have documented another first in the annals of Android malware: a trojan that encrypts photos, videos, and documents stored on a device and demands a ransom for them to be restored.
The malware also addresses users in Russian and demands that payments be made in Ukrainian hryvnias, an indication that it targets only people in Eastern Europe. Still, the trojan—with its combination of social engineering, strong encryption, and robust Internet architecture—could be a harbinger of more serious and widespread threats to come. After all, the first Android trojans to make hefty SMS charges also debuted in the same region.
2014-06-09 - iOS 8 to stymie trackers and marketers with MAC address randomization
When searching for Wi-Fi networks, iOS8 devices can hide their true identities. ...if iOS 8 devices broadcast their Wi-Fi probe requests under constantly shifting unique MAC addresses, tracking devices across stores or other venues by MAC address becomes impossible.A new security mechanism is being included in Apple mobile devices, to provide additional levels of privacy and security to users. While the article writer contemplates the reason for the security change, Network Management wonders whether Apple may be running out of allocated MAC Addresses with devices for the sheer number of iOS mobile devices that they have released or are planning on releasing!
2014-05-21 - Did hackers just breach Apple’s iCloud?
ValueWalk notes that the pair of hackers worked for five months to breach Apple’s iCloud system. The site also says that it tracked down a Twitter account that may be linked to the Doulci hacker group, highlighting a tweet in which an alleged hacker claims to have “processed” more than 5,700 Apple devices in just five minutes using the hack.Thoughts: A very unusual attack to compromise a security system so thieves can profit on selling stolen phones! This did not appear to affect anyone negatively, unless your phone was already stolen, reducing the chance of prosecuting the thief or reducing the change of having the stolen phone returned. Individual accounts appear to have been targeted - the Apple iCloud and content on supported phones/tablets appears to have remained secure/uncompromised.
2014-05-27 - Hackers can digitally hijack your iPhone and hold it for ransom
A number of iPhone, iPad and Mac owners in Western and Southern Australia awoke Tuesday morning to find that their devices had been locked using Apple’s Find My iPhone, Find My iPad and Find My Mac Features.Thoughts: While not strictly a iOS phone hack, hacking a hardware provider on Internet or a personal account on the internet which is connected to personal devices can apparently provide a way to inconvenience you. Apple protects user content (photos, documents, passwords, etc.) making it more difficult to be compromised under Apple platforms than competing platforms like PC's or Linux/Android. Be careful what passwords you choose to use on the internet. Contact Apple if you suspect something like this has occurred and receive a prompt resolution.
These features were designed to allow users to remotely locate Apple devices that have been lost or stolen, and they also allow users to lock their lost devices and display a message to aid in their recovery.
2014-06-10 - Russian Interior Ministry cuffs iPhone ransomware suspects
'Oleg Pliss', nemesis of Australian iThing owners, may be in bracelets. Russia's Interior Ministry has announced the arrest of two chaps suspected of conducting ransomware attacks on iPhones.Thoughts: People can pretty much be certain that the Apple security of their iCloud appears to have been secure, even if individual user accounts and passwords were hacked. Always be careful when using passwords on the internet.
The Ministry's statement on the arrests describes a modus operandi that sounds an awful lot like that employed by “Oleg Pliss”, an entity that last month remotely locked iThings in Australia. Apple later recommended owners of iThings and iCloud accounts reset their passwords.
The statement alleges the suspects' attacks started with phishing, which validates Apple's insistence that its iCloud service was not compromised