About Over 50 Articles Library
Content: Services - Computer
Computer Security No 40: 76 Popular apps confirmed vulnerable to silent interception of TLS-protected data
Corporate - Private Computer Security
76 Popular apps confirmed vulnerable to silent interception of TLS-protected data
An analysis of iOS apps by Will Strafach, a respected mobile security expert in US, revealed 76 popular iOS applications are vulnerable and allow malicious proxies to insert invalid TLS certificates.
(TLS= Transport Layer Security, successor of SSL, is a cryptograhic protocol that provides communications security over a computer network)
These 76 apps allow a silent man-in-the-middle attack to be performed on connections which should be protected by TLS (HTTPS). There are over 18 million downloads of these apps.
Vulnerable applications (Low Risk): ooVoo, VIvaVideo, Snap upload for Snapchat, Uconnect Access, Volify, Epic! (unlimited books for kids app), Mico-Chat, Safe Up for Snapchat, Tencent Cloud, Uploader for Snapchat, etc (see the entire list at the link below).
Vulnerable applications (Medium and High Risk): will be posted in a follow up blog in the next 60 - 90 days, after reaching out to affected banks, medical providers and other developers of sensitive applications to warn them first.
Wordpress - to blog or not to blog?
Maybe it's best to restrain from blogging for a while....unless the site was patched to 4.7.2 version.
Last week, WordPress, the most popular CMS (Content Management System) in the world, used by millions of websites, patched 3 security flaws, that allow remote unauthorised hackers to modify the content of any post or page within a WordPress site.
The bug, residing in the REST API, affects versions 4.7 and 4.7.1 of the WordPress CMS, allowing the hackers to redirect visitors to malicious exploits and a large number of attacks.
The issue was discovered by Sucuri on 22nd January, patched on 27th Jan and a fix was made available in release 4.7.2 to websites. But if the site is not patched....it is vulnerable.
To read the full article: https://make.wordpress.org
If you wish to find out a site's WordPress version, without having Admin access, please read: https://premium.wpmudev.org
Google must comply with FBI data request to hand over overseas emails - US judge rules (ie WHO is reading your gmail content?)
Last week, US Magistrate Judge Thomas Rueter ruled in Philadelphia that transferring emails from a foreign server so that FBI can read them as part of a domestic fraud probe is legally sound.
"The court suggests that bringing a file back to the United States is not a seizure because Google moves data around all the time and 'this interference is de minimis and temporary'," Professor Orin Kerr wrote in the Washington Post.
Judge Rueter's decision comes seven months after the US Circuit Court of Appeals in New York found that Microsoft did not have to show foreign emails to American authorities unless investigators go through local privacy laws first, a verdict that was upheld on January 24.
Google will appeal the decision.
Google, Facebook & Yahoo are under increased pressure to do more to ensure their users' privacy in the wake of revelations about mass surveillance by NSA (National Security Agency) revealed during Barrack Obama's Presidency.
To read the full article: www.rt.com
Course on Cyber Security & Privacy for Directors and Senior Managers
Are you prepared for an attack?
Are you aware of your obligations and defence as a director or officer of the companyt?
Have you taken the necessary steps to mitigate the consequences of a cyber attack?
The topics include:
- Define and understand Cyber security
- Identify Directors Cyber obligations in the Corporate Governance context
- Discuss Cyber risk management
- What can you do as a Director and what questions to ask
- Steps required to create a Cyber Strategy (Board level)
Send your enquiries to: - firstname.lastname@example.org
Radio Stations in US hacked to play "F**k Donald Trump" on repeat across the US
Anti-Trump protesters have taken their fight against the president to another level, by exploiting a known flaw in a low power FM (LPFM) radio transmitters to play a song the radio stations did not intend to broadcast.
Hackers exploited vulnerabilities in Barix Exstreamer devices which can decode audio file formats and send them along for LPFM transmission.
Radio stations in South Carolina, Indiana, Texas, Tennessee and Kentucky, were affected and broadcast the Bompton-based rapper YG and Nipsey Hussle's anti-Trump song which was already a radio hit in some parts of the country last year.
To read more: https://radioinsight.com
Executive Interns x 2 wanted (PS we make our own coffee/tea)
Advisory Boards Group is looking to fill two Executive Intern positions.If you know anyone who would be interested please forward this email to them.
Please send applications (Resume + Cover letter) to the following email address:
Dates: 1/02/17 - 31/03/17
Memories of jokes
Have a good and cyber-safe weekend!
Moderated by Monica Schlesinger: www.advisoryboardsgroup.com.au
© About Over 50s 2017 website by aml websites online