About Over 50 Articles Library
Content: Services - Computer
Computer Security No 48: Apple and Google phones urgent updates
Corporate - Private Computer Security
Apple and Google phones urgent updates
A researcher from the Google's Project Zero, Gal Beniamini, discovered major vulnerabilities in the Broadcom's WiFi chips of the following phones:
- Apple iPhones
"This particular firmware component comes integrated within most Google and iOS devices by default and is responsible for handling wireless networking functions within the device."
The phones are easily hackable by leveraging stack buffer overflow vulnerability, opening a gateway for the attackers to deploy malicious codes on the victims' devices and remotely execute them. This is possible as long as both perpetrator and victim are connected to the same WiFi network, be it a public WiFi hotspot or even your home network - weak passwords are not difficult to crack .
Upgrade urgently to:
iOS - version 10.3.1 patch
Google - 2017-04-05 update
The flaw still affects most Samsung flagship devices, including Galaxy S7 (G930F, G930V), Galaxy S7 Edge (G935F, G9350), Galaxy S6 Edge (G925V), Galaxy S5 (G900F), and Galaxy Note 4 (N910F), the researcher says.
To read more:https://source.android.com
Verizon's spying apps (USA)
Verizon is notorious in pre-loading its phones with "bloatware" that spies on users and it's hard to get rid of.
More recently, the giant telecom partnered with Evie Launcher to bring a new application called'AppFlash' - a universal search bar pre-installed on all Verizon Android handsets for finding apps and web content, replacing the Google search bar.
AppFlash is collecting and sending telemetry data including what you search, handset, apps and other online activities to Google, back to Verizon.
What is worse? Just like other pre-installed bloatware apps, Android users cannot uninstall AppFlash quickly, unless they have rooted their phone.
We collect information about your device and your use of the AppFlash services. This information includes your mobile number, device identifiers, device type and operating system, and information about the AppFlash features and services you use and your interactions with them.
Users can get rid of this bloatware in two ways: you can either root your device and remove the app in question, or only disable the app.
- 1. Root to remove AppFlash from Android: Since the company has made AppFlash a default app on the home screen of its Android handsets to help users search content and browse the internet, the app can not be easily uninstalled.
To uninstall AppFlash, you are required to root your Android device and then delete the app from your storage memory. But this may void the warranty.
- 2. Disable AppFlash without Root: An easier process that does not void the device warranty, is to simply disable AppFlash.
Disabling bloatware apps on newer phones is easy, as Android has a built-in way to do this, which doesn't require any root access.
Go to Settings → Apps (or 'Applications' on some phones) → AppFlash. Open it and click 'Disable,' 'Force Stop' and then 'Clear Data' as well.
Samsung's Galaxy S8 facial recognition can be tricked with a photo
"Just days after Samsung unveiled the Galaxy S8's new facial-scanning feature, someone has already successfully spoofed it. Bloggers at Marcianophone secured a S8 with their face and then tricked the phone with a selfie that was saved on another device. The S8 eventually unlocked, though it took a few seconds. Either way, you might not want to use face scanning as your primary form of phone security. Samsung has already noted that facial scanning isn't the most secure form of authentication. Using your fingerprint, iris, or a PIN is preferable. With that in mind, it's possible that Samsung is still working on the feature. The phones at its New York City event were not final products, so the company could theoretically tighten up security before shipping to the public."
To see the video of the spoof, please go to: http://www.theverge.com
Accounting for Good & ABG
Accounting for Good & ABG
A big thank you to Kirsten Forrester, the CEO of Accounting for Good, for hosting the Cyber Security for Directors and Officers module this week.
This year, Accounting For Good is celebrating 20 years of providing financial management services and support to non-profit organisations around Australia, empowering NFPs with quality information and efficient systems that allow them to focus on their mission and make sound business decisions.
Words of appreciation go to our participants who brought amazing insights into the governance of cyber protection!
Hacking smart TVs remotely
Between 85-90% of smart TVs can be hacked remotely, by exploiting the broadcasting signals.
Rafael Scheel (Senior Penetration Tester & Security Researcher at Oneconsult AG) gave an introduction to IoT cyber security and showed in a live hacking demo, at the European Broadcasting Union Cyber seminar, an attack which allows to remotely takeover bulks of smart TVs over the TV stream signal.
How it works:
If you would like to watch the demo (over 1 hour), please go to: https://www.youtube.com/watch?v=bOJ_8QHX6OA
(image sources: The Register, Techviral)
Blockchain & CryptoCurrencies
We are starting a series about Blockchain and Cryptocurrencies, We will discuss the Blockchain technology, cryptocurrencies and Bitcoin in particular (only in the fortnightly Private Security newsletters - even numbers #48, 50, etc).
In 2008, Satoshi Nakamoto published a paper on The Cryptography Mailing list at metzdowd.com describing the Bitcoin protocol. Previous papers on cryptographic systems had been published since 1982. In 2009, the Bitcoin was born. Bitcoins are built upon the blockchain technology.
"Blockchain is to Bitcoin, what the internet is to email. A big electronic system, on top of which you can build applications. Currency is just one." - Sally Davies, FT Technology Reporter
Blockchain technology is a de-centralised general ledger, where transactions can be visible and recognised by the nodes (public blockchain).
A block chain is a transaction database shared by all nodes participating in a system based on the Bitcoin protocol. A full copy of a currency's block chain contains every transaction ever executed in the currency. With this information, one can find out how much value belonged to each address at any point in history.
Every block contains a hash (digital fingerprint) of the previous block. This has the effect of creating a chain of blocks from the genesis block to the current block. Each block is guaranteed to come after the previous block chronologically because the previous block's hash would otherwise not be known. Each block is also computationally impractical to modify once it has been in the chain for a while because every block after it would also have to be regenerated. These properties are what make double-spending of bitcoins very difficult. The block chain is the main innovation of Bitcoin.
Since 2011, companies started to accept payments in Bitcoin (Wikileaks and others). The list of companies that accept Bitcoin payments can be found at:
The list includes: Kmart, Tesla, Microsoft, Dell, Virgin Galactic, etc.
Why is Blockchain important?
There are three reasons to understand about Blockchain (source: Delloitte):
Blockchain technology does not have to exist publicly. It can also exist privately - where nodes are simply points in a private network and the Blockchain acts similarly to a distributed ledger. Financial institutions specifically are under tremendous pressure to demonstrate regulatory compliance and many are now moving ahead with Blockchain implementations. Secure solutions like Blockchain can be a crucial building block to reduce compliance costs.
Block-chain technology is broader than finance. It can be applied to any multi-step transaction where traceability and visibility is required. Supply chain is a notable use case where Blockchain can be leveraged to manage and sign contracts and audit product provenance. It could also be leveraged for votation platforms, titles and deed management - amongst myriad other uses. As the digital and physical worlds converge, the practical applications of Blockchain will only grow.
The exponential and disruptive growth of Blockchain will come from the convergence of public and private Blockchains to an ecosystem where firms, customers and suppliers can collaborate in a secure, auditable and virtual way.
Cyber Security & Privacy suite for Directors and Executives
On 13 Feb 2017, legislation passed through the Australian Parliament which will establish a Mandatory Data Breach Notification scheme. This gives Australian companies one year to get ready and ensure that a cyber strategy, processes and tactical plans are in place.
Recent lawsuits against directors worldwide, claiming negligence, lack of due diligence and/or duty of care (Worldwide Corporation, Target US, etc) highlight the need for directors to take immediate action.
The fact that 60% of organisations go out of business within 6 months of an attack and that the average cost for a breach is $4m illustrate the significance of this threat.
Are you prepared to discuss cyber at Board level? Are you aware of your obligations and defence as a director or officer of the company? Have you taken the necessary steps to mitigate the consequences of a cyber attack?
ABG offers the Cyber suite of course modules:
- Cyber threats and defences Module - Tactical plans
- Directors and Officers Module - Strategy
- Risk Management Workshop for Cyber
- Cyber Crisis simulation
Send your enquiries to firstname.lastname@example.org
Memories of jokes
Moderated by Monica Schlesinger: www.advisoryboardsgroup.com.au
© About Over 50s 2017 website by aml websites online