Impersonating iOS Password Prompts

Posted on By infossl
apple, impersonation, ios, passwords, Security technology, socialengineering, spoofing, vulnerabilities

This is an interesting security vulnerability: because it is so easy to impersonate iOS password prompts, a malicious app can steal your password just by asking. Why does this work? iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS operating system updates, or iOS apps … Read More “Impersonating iOS Password Prompts” »

More on Kaspersky and the Stolen NSA Attack Tools

Posted on By infossl
backdoors, israel, kaspersky, leaks, nsa, russia, Security technology

Both the New York Times and the Washington Post are reporting that Israel has penetrated Kaspersky’s network and detected the Russian operation. From the New York Times: Israeli intelligence officers informed the NSA that, in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky’s access to aggressively scan … Read More “More on Kaspersky and the Stolen NSA Attack Tools” »

Changes in Password Best Practices

Posted on By infossl
nist, passwords, Security technology

NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines. Among other things, they make three important suggestions when it comes to passwords: Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don’t help that much. It’s … Read More “Changes in Password Best Practices” »

White House Chief of Staff John Kelly’s Cell Phone was Tapped

Posted on By infossl
cellphones, eavesdropping, espionage, Security technology

Politico reports that White House Chief of Staff John Kelly’s cell phone was compromised back in December. I know this is news because of who he is, but I hope every major government official of any country assumes that their commercial off-the-shelf cell phone is compromised. Even allies spy on allies; remember the reports that … Read More “White House Chief of Staff John Kelly’s Cell Phone was Tapped” »

Yet Another Russian Hack of the NSA — This Time with Kaspersky’s Help

Posted on By infossl
cyberattack, cyberespionage, hacking, insiders, kaspersky, leaks, nsa, russia, Security technology

The Wall Street Journal has a bombshell of a story. Yet another NSA contractor took classified documents home with him. Yet another Russian intelligence operation stole copies of those documents. The twist this time is that the Russians identified the documents because the contractor had Kaspersky Labs anti-virus installed on his home computer. This is … Read More “Yet Another Russian Hack of the NSA — This Time with Kaspersky’s Help” »

HP Shared ArcSight Source Code with Russians

Posted on By infossl
Security technology

Reuters is reporting that HP Enterprise gave the Russians a copy of the ArcSight source code. The article highlights that ArcSight is used by the Pentagon to protect classified networks, but the security risks are much broader. Any weaknesses the Russians discover could be used against any ArcSight customer. What is HP Enterprise thinking? Near … Read More “HP Shared ArcSight Source Code with Russians” »

E-Mail Tracking

Posted on By infossl
academicpapers, datacollection, email, privacy, Security technology, surveillance, tracking

Interesting survey paper: on the privacy implications of e-mail tracking: Abstract: We show that the simple act of viewing emails contains privacy pitfalls for the unwary. We assembled a corpus of commercial mailing-list emails, and find a network of hundreds of third parties that track email recipients via methods such as embedded pixels. About 30% … Read More “E-Mail Tracking” »