Paranoid Technology All things cybersecurity

20Jan/20Off

Security Predictions (& Resolutions) for 2020

Our predictions from 2018, were still valid for 2019, so we skipped a year 😉 Since the decade has come to a close, sharing predictions for 2020 and beyond seems in order… starting with a strategic view of the trends and emerging business problems affecting CISOs today…

Predictions for 2020
1. Year of the IoT CISO – we did not reach Gartner’s 20 billion connected devices by 2020, but we are almost there… The attack surface is increasing rapidly – from personal wearables to medical devices to connected cars to toasters and more – as the proverb goes “where there’s entropy there is chaos” 😉 At least initially…

2Feb/13Off

Twitter Gets Hacked

twitter-birdRight after New York Times and Wall Street Journal, Twitter joins the list of companies recently hacked by advanced hackers.  Unlike New York Times, Twitter did not point to a country for the attack source. On its blog Twitter announced late Friday:

26Oct/12Off

Apple’s Phone Disabling Patent (by Geo-fencing)

Apple was recently granted a patent, which allows them to block certain functions of a device based on geo-location. Apple claims that the technology will be used to limit phone activity in occurrence of a certain event. What that "certain event" is open to debate, but it certainly seems like a more elegant way of blocking phone signals/functionality than what they did in the transit protests of San Francisco in 2011.

See the video from Timcast.com:

Read the patent extract below:

4Sep/12Off

FBI has 12 million iPhone user information – You are being tracked!??

According to a posting by Anonymous to paste.bin, FBI has requested 12 million some odd iPhone user's information from Apple and using this for a tracking project initiated earlier this year. For details see the source @ the pastebin.com.

Thank you DigiBitch for sharing this one!

28Aug/12Off

Smartphones and Facial Recognition

Smartphones are getting smarter! According to a research firm called ABI their latest study revealed 20 per cent of annual shipments of the devices will include such technology before 2012 draws to a close.

As far as smartphone models, the Samsung Galaxy SIII was highlighted as the most noteworthy device to boast the capability. However we may not see it on the store shelves after Apple's epic court victory against Samsung awarding them $1.06 billion and potentially forcing Samsung to remove its 8 products off the store shelves in the U.S.

28Feb/12Off

Remove Your Google Search History Before Google’s New Privacy Policy Takes Effect

Do you want Google to track your Web activity? If you are Gmail, Google Docs, Google+ user and have not specifically stopped the Web History tracking setting, you probably are being tracked. As it stands currently the data is separated across Google sites, but as of March 1st it will be shared across Google applications for Google to provide you a better user experience 😉 For details see Google's new privacy policy. Do you want to put a stop this?

25Feb/12Off

New Android Remote Exploit

It is the hottest trend in the security market right now, finding holes in smartphones... Seems that smart phones have more security holes than earlier versions of MS Internet Explorer. 🙂 This time a stealth-mode security start-up company called CrowdStrike found a hole that enables an attacker to take over an Android phone.

24Feb/12Off

XSS Flaw discovered in Skype’s Shop

An independent security researcher Ucha Gobejishvili from Georgia has detected a cross site scripting (XSS) vulnerability on Skype's shop application. The vulnerability effects shop.skype.com and api.skype.com; it allows allows an attacker to hijack cookies via required user interaction. Successful exploitation of the bug can result in session hijacking and account steal.

Upon successful exploitation the vulnerability allows an attacker to hijack cookies via required user interaction, leading to complete session hijacking and stealing of the account.

Gobejishvili has informed Skype of the vulnerabilities and is currently investigating.

24Feb/12Off

Google Bouncer

In the shadow of ever increasing mobile threats on February 2nd Google announces a program code named Bouncer - Bouncer aims to scan the Android app market and detect applications that can disrupt a user's Android experience. In this announcement Google emphasizes avoiding a manual approval process is very important to them, hence the automated program. Here’s how it works:

16Feb/12Off

Four out of Every 1,000 Public Keys Provide No Security

Another must share - found this on Ars Technica - According to researchers four out of every thousand public keys provide no security, this does not mean everything over SSL is broken, but the findings sure are an eye opener, here is the article:

An astonishing four out of every 1,000 public keys protecting webmail, online banking, and other sensitive online services provide no cryptographic security, a team of mathematicians has found. The research is the latest to reveal limitations in the tech used by more than a million Internet sites to prevent eavesdropping.