Resources
- Secure messaging scorecard – eff.org
Many companies offer “secure messaging” products—but are these systems actually secure? EFF decided to find out, in the first phase of a new EFF Campaign for Secure & Usable Crypto. - Google Study: Email Users 36 Times More Likely To Get Scammed If Friends’ Accounts Get Hacked – consumerist.com
So you think your job is done — you’ve secured your email against hackers by thinking up the best password in the entire world. You’re safe, or so you think. But a new study from Google says that if your friends and email contacts have already been hacked, you’re much more likely to get scammed, too. - Passcode vs. Touch ID: A Legal Analysis – 9to5mac.com
Per a recent Virginia Circuit Court decision, law enforcement could not legally compel self-incrimination (and thereby violate the Fifth Amendment) by forcing anyone to reveal his passcode; however, they are legally allowed to take a suspect’s fingerprint following an arrest. Read the detailed analysis here. - Index of Hack.lu 2014 – archive.hack.lu
Here’s an archive of Hack.lu 2014. You can download all the pdf files from here.
Tools
- Nogotofail – github.com
Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. Download it from here. - KdExploitMe – github.com
A kernel driver to practice writing exploits against, as well as some example exploits using public techniques. You can download it form here.
Vulnerabilities
- Home Depot: Hackers Stole 53M Email Addresses – krebsonsecurity.com
As if the credit card breach at Home Depot didn’t already look enough like the Target breach: Home Depot said yesterday that the hackers who stole 56 million customer credit and debit card accounts also made off with 53 million customer email addresses. - What You Need to Know About WireLurker – zdziarski.com
Mobile Security company Palo Alto Networks has released a new white paper titled WireLurker: A New Era in iOS and OS X Malware. Here’s the quick and dirty about WireLurker; what you need to know, what it does, what it doesn’t do, and how to protect yourself.- WireLurker, a shock in Apple World. – marcoramilli.blogspot.com
Marco Ramilli want to stamp in his digital diary WireLurker since he has seen a “paradigm shift” on it. He find it a super fascinating peace of code where motivations are still unclear. Fascinating how simple is the thechnique used by the Malware writers to Trojanize a legitime APP. - WireLurker Mac OS X Malware Shut Down – threatpost.com
WireLurker is no more. After causing an overnight sensation, the newly disclosed family of Apple Mac OS X malware capable of also infecting iOS devices has been put to rest.
- WireLurker, a shock in Apple World. – marcoramilli.blogspot.com
Other News
- FishNet Security and Accuvant Agree to Join Forces to Enable Customers to More Effectively Address the Growing Cyber Security Threat – fishnetsecurity.com
FishNet Security and Accuvant, two leading providers of information security services and solutions, announced this week that they have signed a definitive agreement to join forces and create a new, combined company, to Have Increased Depth, Breadth, Scale and Reach to Solve the Most Complex Security Problems. - Peeping into 73,000 unsecured security cameras thanks to default passwords – networkworld.com
A site linked to 73,011 unsecured security camera locations in 256 countries to illustrate the dangers of using default passwords. The site, with an IP address from Russia, is further broken down into insecure security cameras by the manufacturers Foscam, Linksys, Panasonic, some listed only as “IP cameras,” as well as AvTech and Hikvision DVRs.
[…] post Week 45 In Review – 2014 appeared first on Infosec […]