Apple finally sounded off on its phone tracking imbroglio on Wednesday
telling iPhone customers that “it’s the location, stupid.” The company
claims its tracking feature is designed to collect data on cell towers
and wifi hotspots, not users.
Current versions of the SpyEye Trojan now include functionality designed to steal sensitive data from individuals surfing the Web with Chrome and Opera browsers according to a Brian Krebs report.
A group of researchers has developed a new application that can hide sensitive data on a hard drive without encrypting it or leaving any obvious signs that the data is present. The new steganography system relies on the old principle of hiding valuables in plain sight.
Data leaked from lost, stolen or recycled IT equipment is a major, major issue. News reports about the reams of data that can be retrieved from the hard drives and memory of second hand PCs are nothing new. Organizations like the IEEE have been calling attention to the insecure storage of data for more than a decade. Enterprising reporters have subsequently found that all kinds of devices – from discarded cell phones to printers and scanners – might continue to carry.
If there’s one thing that scientists and statisticians both hate, its weird data. And that’s what the folks at Verizon were dealing with when they tallied the results of their 2011 Data Breach Report which found a stunning 97% drop in the number of lost records, even as the number of reported breaches rose precipitously.
By Moxie MarlinspikeIn the early 90’s, at the dawn of the World Wide Web, some engineers
at Netscape developed a protocol for making secure HTTP requests, and
what they came up with was called SSL. Given the relatively scarce body
of knowledge concerning secure protocols at the time, as well the intense pressure everyone at Netscape was working under,
their efforts can only be seen as incredibly heroic. It’s amazing that
SSL has endured for as long as it has, in contrast to a number of other
protocols from the same vintage. We’ve definitely learned a lot since
then, though, but the thing about protocols and APIs is that there’s
very little going back.
The recent attack on Comodo and several of its associated registration authorities has spurred quite a bit of re-examination of the way that the Web’s certificate authority infrastructure works–or doesn’t. One interesting result of this work is that the folks at the Electronic Frontier Foundation have discovered that there are tens of thousands of legitimate certificates issued by CAs for unqualified names such as “localhost” or “Exchange,” a practice that could simplify some forms of man-in-the-middle attacks.
Evidently the kids are not alright. At least, that is when it comes to the increasingly lucrative identity theft black market.
UPDATE: Call it ‘dancing with the girl that brought ‘ya,’: two weeks after it disclosed a serious security breach at its RSA Security Division, tech firm EMC said it was buying NetWitness, a threat analysis firm that helped it detect the breach in the first place.
RSA confirmed on Friday that the attack that compromised the company’s high-value SecurID product was essentially a small, targeted phishing campaign that included a payload of a malicious Flash object embedded in an Excel file.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
