IT Security

Less than month after LastPass admitted a large scale breach of its much vaunted password manager, the old man of computer security, Norton, has said that its LifeLock password manager has also been breached. Is there an industry-wide problem?

A good thing used for bad purposes. Sometimes.

While Cobalt Strike is the market leader, it is far from the only threat assessment tool - and others are even easier for criminals to make use of - on every server, desktop and mobile platform except, it seems, Apple mobiles.

Law enforcement can move fast - when the criminal conduct involves the reputation of governments. Reveals gaping hole in US government e-mail security - and one that, with hindsight, seems blindingly obvious.

One of the biggest reasons for migrating away from WhatsApp is privacy. It's been a problem ever since WhatsApp was launched. Indeed, I discussed it with the founders when it was new, ish, and they said that they had deliberately designed the system to create visibility between users. When I pointed out that a combination of various features compromised personal security, that was not something that concerned them... anyone can get your phone number, they said.

The US government's CERT division of the Department of Homeland Security has issued a statement that explains the risks and problems associated with the Petya ransomware virus and details of it.

We are not pretending to be making any contribution to the story about this spectacularly successful virus - we're just helping spread information about it. This is from the USA Government's information service about cyber-threats, US-CERT which is part of the Department of Homeland Security.

17 May 2017

It's proof that no one, no matter how good, can guarantee that there are no IT security risks in their products. US-CERT, the US government body that reports risks discovered in products, has its usual raft of Adobe and Microsoft products in this week's list but there is a surprising entry: data security company F-Secure, a recognised leader in the field, has made an appearance, too.

Mahmoud Daher, an employee of The Australian Securities and Investment Commission (ASIC), has today appeared at Downing Centre Local Court charged that he effected unauthorised access to restricted data and uttering a false document contrary to money laundering, etc. law.

AdBlock Plus, by eyeo.com, is by far the leading add-on for internet browsers whose users want to prevent the display of unwanted ads. AdBlock Plus is open that it allows certain companies to be "whitelisted" upon payment of a fee. There is absolutely nothing hidden or underhand. However, the choice of companies has, for a year, been the source of many complaints with one "promoted content" provider being the prime suspect. Taboola is the provider that has become especially hated, not because of what it does but because of who it does it for - and for some of its tech practices.

For all aircrew and other travellers (which is, of course, pretty much all of us) - the US Border Security says that it has the same rights as Australia's Customs to examine the contents of portable data devices without warrant (remember various aircrew have been arrested over pornography on their laptops going into Aus?)