Evil WiFi Hotspots Hacking Apple Pay to Steal Credit Card Information

By Brandon Stosh

Apple has been altered by mobile security researchers that a potential security flaw in iOS could lead to hackers stealing the personal credit card information of millions through Apple Pay. Due to iOS devices default setting to auto connect to Wi-Fi networks, a vulnerability in Apple pay could allow a hacker to display a fake image on the device appearing to be Apple Pay asking for your credit card information.

Today, wherever you go there are open wifi hotpots, it makes traveling easier, even when we’re are stuck without a data connection. But with the alarming amount of open hotspots, hackers are beginning to take advantage and abuse public hotspots.

Full article at: https://freedomhacker.net/evil-wifi-hacking-apple-pay-steal-credit-cards-4255/

iOS 9: Apple Introduces 6 Digit Passcodes, Stronger Encryption and Brute Force Prevention

By Brandon Stosh on June

Apple is taking their security to the next level, making it significantly harder for hackers to break into iPhones with the bundle of new features jam packed in iOS 9.

Following Apple’s announcement on iOS 9, the company has said they’ve clipped their four digit passcode for a more secure option, a new and improved six digit passcode lock.

Full article at: https://freedomhacker.net/ios-9-apple-6-digit-passcodes-stronger-encryption-brute-force-prevention-4275/


The Big Data picture – just how anonymous are “anonymous” records?

By Paul Ducklin

There are things that obviously aren’t big data, like the modest collection of pictures you took of your cat until you snapped one that made a decent computer wallpaper image.

And there are things that obviously are big data, like the giant database of Wi-Fi access points from Google’s StreetView cars that it uses to aid and abet its geolocation services.

Of course, even your cat pictures – the ones that were captured with a single short press of the BURST option on your new iPhone – probably take up several times more storage than your first computer had in total.

But they fail to make the cut as “big data” not only because they’re small by modern standards, but also because you can’t dissect, compare and contrast them to look for patterns in the whole cat world, and from that to draw inferences about one particular cat in the database.

Now, if you had pictures of 1,000,000 different cats, organised by location, that would be big data.

Full article at: https://nakedsecurity.sophos.com/2015/02/12/the-big-data-picture-just-how-anonymous-are-anonymous-records

Facebook’s DeepFace facial recognition technology has human-like accuracy

By Lee Munson

Facial recognition technology has been around for many years…

DeepFace is so accurate that there is barely a difference between its ability to identify a person and that of a real human being. The software’s algorithms are able to determine whether two different photographs feature the same person with an accuracy rate of 97.25%, regardless of the angle of the shot or the background lighting conditions.

So Facebook’s going to turn this technology on its 1.3 billion users and root out and quantify even more of the social connections implied by your photos, right? They say not.

The social network plans to use the system to identify its users in new photos as they are uploaded. If your visage appears in one of the 400 million pictures added to the network each day you’ll receive an email from Facebook alerting you.

Full article at: https://nakedsecurity.sophos.com/2015/02/06/facebooks-deepface-facial-recognition-technology-has-human-like-accuracy

Facebook’s got a new privacy policy, and it plans to share your data with partners

By Lee Munson

Late last year you may recall receiving a message from Facebook saying that its privacy policy was set to change again.

But can you remember when the new policy was due to come into effect?

Well, it’s already arrived and, if you have logged into your account at any point since its implementation on Friday, you’ve already agreed to its terms and conditions.

The new policy, which applies to European users of the social network, contains some interesting changes which have already drawn criticism.

Full article at: https://nakedsecurity.sophos.com/2015/02/02/facebooks-got-a-new-privacy-policy-and-it-plans-to-share-your-data-with-partners

People happily give away their (bad) passwords to TV reporter

By Lisa Vaas

Yes, it’s a time warp in password land, according to the yearly list of the 25 worst passwords collected by password management app company SplashData.

It’s a fresh list, but this bakery’s full of stale bread.

Welcome back, 123456 and password! You’ve been glued to the top two spots since the company first put out a list in 2011!

But wait, we have two newcomers to welcome to the top 25 worst passwords: 696969 and batman.

Full article at: https://nakedsecurity.sophos.com/2015/01/21/people-happily-give-away-their-bad-passwords-to-tv-reporter

David Cameron’s internet surveillance plans rival Syria, Russia and Iran

By Cory Doctorow for the guardian.com

13 January 2015

Cameron says there should be no means of communication that ‘we cannot read’. Let’s examine what that actually means.

What David Cameron thinks he’s saying is: “We will command all the software creators we can reach to introduce back doors into their tools for us.” There are enormous problems with this: there’s no back door that only lets good guys go through it. If your WhatsApp or Google Hangouts has a deliberately introduced flaw in it, then foreign spies, criminals, crooked police (such as those who fed sensitive information to the tabloids who were implicated in the phone-hacking scandal – and like the high-level police who secretly worked for organised crime for years) and criminals will eventually discover this vulnerability. They – and not just the security services – will be able to use it to intercept all of our communications, from the pictures of your kids in your bath you send to your parents to the trade secrets you send to co-workers.

Full article at: http://www.theguardian.com/commentisfree/2015/jan/13/david-cameron-internet-surveillance-syria-russia-iran-communication

Barack Obama and David Cameron fail to see eye to eye on surveillance

Nicholas Watt in Washington
The Guardian, Friday 16 January

Barack Obama and David Cameron struck different notes on surveillance powers after the president conceded that there is an important balance to be struck between monitoring terror suspects and protecting civil liberties.

As Cameron warned the internet giants that they must do more to ensure they do not become platforms for terrorist communications, the US president said he welcomed the way in which civil liberties groups hold them to account by tapping them on the shoulder.

Obama agreed with the prime minister that there could be no spaces on the internet for terrorists to communicate that could not be monitored by the intelligences agencies, subject to proper oversight. But, unlike Cameron, the president encouraged groups to ensure that he and other leaders do not abandon civil liberties.

The prime minister adopted a harder stance on the need for big internet companies such as Facebook and Twitter to do more to cooperate with the surveillance of terror suspects.

Full article at: http://www.theguardian.com/us-news/2015/jan/16/barack-obama-david-cameron-surveillance-terrorists

Microsoft May Soon Replace Internet Explorer With a New Web Browser

This is a slightly older article but the subject is significant enough to take note of it. 


By Davey Alba
29 December 2014 
Microsoft’s Windows 10 operating system will debut with an entirely new web browser code-named Spartan, according to a report citing anonymous sources.ZDNet’s Mary Jo Foley reports that this new browser is a departure from Internet Explorer, the Microsoft browser whose relevance has waned in recent years. According to Foley, it will be a “lightweight” browser that looks and feels more like the Google Chrome and Mozilla Firefox browsers. 

…Internet Explorer is no longer the force it once was. There was a time when it handled about over 90 percent of all web traffic on desktop and laptop machines, but according to research outfit Net Applications, its share has now dropped to 58 percent. On mobile, its share is about 2 percent.

Full article at: http://www.wired.com/2014/12/microsoft-spartan-browser/

Google vs. Microsoft — Google reveals Third unpatched Zero-Day Vulnerability in Windows

By Swati Khandelwal
Friday, January 16, 2015
Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft’s Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don’t give a damn thought.
Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix…
This is third time in less than a month when the Google’s Project Zero released details of the vulnerability in Microsoft’s operating system, following its 90-day public disclosure deadline policy. Few days ago, Google released details of a new privilege escalation bug in Microsoft’s Windows 8.1 operating system just two days before Microsoft planned to patch the bug.