| | | Effective PR

IT Security

Less than month after LastPass admitted a large scale breach of its much vaunted password manager, the old man of computer security, Norton, has said that its LifeLock password manager has also been breached. Is there an industry-wide problem?

CoNet Section: 

A good thing used for bad purposes. Sometimes.

While Cobalt Strike is the market leader, it is far from the only threat assessment tool - and others are even easier for criminals to make use of - on every server, desktop and mobile platform except, it seems, Apple mobiles.

CoNet Section: 

Law enforcement can move fast - when the criminal conduct involves the reputation of governments. Reveals gaping hole in US government e-mail security - and one that, with hindsight, seems blindingly obvious.

CoNet Section: 

One of the biggest reasons for migrating away from WhatsApp is privacy. It's been a problem ever since WhatsApp was launched. Indeed, I discussed it with the founders when it was new, ish, and they said that they had deliberately designed the system to create visibility between users. When I pointed out that a combination of various features compromised personal security, that was not something that concerned them... anyone can get your phone number, they said.

CoNet Section: 

The US government's CERT division of the Department of Homeland Security has issued a statement that explains the risks and problems associated with the Petya ransomware virus and details of it.

CoNet Section: 

We are not pretending to be making any contribution to the story about this spectacularly successful virus - we're just helping spread information about it. This is from the USA Government's information service about cyber-threats, US-CERT which is part of the Department of Homeland Security.

17 May 2017

CoNet Section: 

It's proof that no one, no matter how good, can guarantee that there are no IT security risks in their products. US-CERT, the US government body that reports risks discovered in products, has its usual raft of Adobe and Microsoft products in this week's list but there is a surprising entry: data security company F-Secure, a recognised leader in the field, has made an appearance, too.

CoNet Section: 

Mahmoud Daher, an employee of The Australian Securities and Investment Commission (ASIC), has today appeared at Downing Centre Local Court charged that he effected unauthorised access to restricted data and uttering a false document contrary to money laundering, etc. law.

CoNet Section: 

AdBlock Plus, by eyeo.com, is by far the leading add-on for internet browsers whose users want to prevent the display of unwanted ads. AdBlock Plus is open that it allows certain companies to be "whitelisted" upon payment of a fee. There is absolutely nothing hidden or underhand. However, the choice of companies has, for a year, been the source of many complaints with one "promoted content" provider being the prime suspect. Taboola is the provider that has become especially hated, not because of what it does but because of who it does it for - and for some of its tech practices.

CoNet Section: 

For all aircrew and other travellers (which is, of course, pretty much all of us) - the US Border Security says that it has the same rights as Australia's Customs to examine the contents of portable data devices without warrant (remember various aircrew have been arrested over pornography on their laptops going into Aus?)

CoNet Section: 

US company SurePass says that it has developed a two-factor authentication system that avoids problems with the "RSA Breached Token Devices" so as to "deliver secure two-factor authentication via free mobile apps, text and electronic card"

hahagotcha