Twitter February 2016


Return to Twitter Index page

Happy Leap Year Day!

February 29, 2016  Apple wins in New York as judge declines to force them to comply with All Writs Act.   This update   Start of the Story   Tweet
February 29, 2016  20160229-f22Apple not alone with problems in handling time changes. The International Date Line repulsed F-22 Raptor air supremacy fighters enroute to Kadena AFB forcing return to Hickam AFB.   Story  Tweet

February 29, 2016  20160229-snapSnapChat CEO to payroll: Send me information, including SSNs, on our employees. Done! Problem? Yeah, it wasn’t the CEO, but a spear-phisher. Don’t take unusual actions based on incoming communications.   Story  Tweet
February 29, 2016  20160229-shootDid we expose ourselves? Did US intelligence services create backdoors in US-made networking equipment? Did what we gain pale compared to what others grabbed on a larger scale?   Story  Tweet
February 29, 2016  It used to be if a computer wasn’t connected to the internet it was safe, isolated by what was termed the “air gap” between systems. No more.   Story  Tweet
February 28, 2016  20160228-taxeFiling? Beware, some big names don’t do well in protecting your information.   Story  Tweet
February 28, 2016  20160228-appleiPhone users – fingerprint scanner spoofed with PlayDoh, really.   Story  Section on Biometric Security  Tweet
February 28, 2016  20160228-kidsResearcher finds unsecured database with kid info including location, texts, images. Tells company who secures database rapidly then excoriates the researcher. Company gets FTC/COPPA violation and displays really poor manners.   Story  Tweet

February 27, 2016  20160225-hospIs your hospital focused on protecting you or your data? A two year study, including benign attacks on a dozen facilities were analyzed and the results made into actionable guidance for hospitals to improve security for you!   Story  Tweet

February 27, 2016  20160227-ucbFinancial information for 80,000 students, staff, and vendors were exposed in a hack of the financial systems at University of California at Berkely.   Story  Tweet
February 27, 2016  20160227-appleUpdate: iPhone users: The 1970 bricking has a wider date range. The good news: next iOS should prevent it. For brick recovery see  this update  Start of the Story  Tweet  (Delay due to blizzard re privacy vs surveillance sorry!)

February 26, 2016  20160224-caPII for 10M California kids is about to be released, with weak security, to lawyers.What could possibly go wrong?   Story  Tweet

February 26, 2016  IRS raised number affected. May 2015:100k. August 2015:344k. February 2016:700k. Any more? What took so long?   This update  Start of the story  Tweet

February 25, 2016  20160225-appleMultiple updates in the Surveillance vs Privacy case between the FBI and Apple.  Bill Gates clarifies position vs what was reported by media Update    Can Apple be compelled to write code? Update    At least one Congressman agrees with Apple Update    Would this set a new precedent? If so, is that precedent justified? Update    Apple is creating a new and more secure iPhone. Update    Start of the Story    Tweet

February 25, 2016  20160225-leafNissan Leaf App found to have near-zero access controls allowing internet control over many functions. Nissan told months ago.   Story  Update 1: App Disabled  Update 2: Not Everywhere  Tweet
February 24, 2016  20160224-w2Good news: New employee got a whiff of something bad, got a confirming sniff and stopped a compromise.   Story  Tweet
February 23, 2016  20160223-orwellIn their court papers and press releases the DOJ & FBI have repeatedly referred to their request of Apple as a one-time event. Records unsealed in another court show this is just their most recent request.   This Update   Start of the Story   Tweet

February 23, 2016  20160223-sbc-fbiSan Berdardino officials were acting at request of FBI in attempting a reset. MotionToCompel indicated RemotePasswordChange was completed, but MDM software had not been installed. How? What? Who?   Story   Tweet

February 23, 2016  OPM Info Chief resigns and her appearance before Congress gets canceled. Will we ever learn what happened from the inside perspective?  This Update  Start of the Story  Tweet

February 22, 2016  20160222-appleMultiple events:  A respected researcher: this is a headlong leap into a bad place. Story  FBI press release Story  Apple letter describing past, requests of them in the present, what it means for the future and apparent acceptance of invitation to move from Judiciary to Legislative branch of government. Story   Start of the Story  Tweet

February 22, 2016  20160222-mintLinux Mint update: How hack was done, very limited exposure, forum compromised, beware spear-phishing.   This Update  Start of the Story    Tweet
February 21, 2016  20160222-sbcApple mobile device management (MDM) would have remotely unlocked phone and done a lot more. The county paid for it, but apparently never installed it.   This Update  Start of the Story  Tweet
February 21, 2016  20160221-mintBecoming a target is a price you pay for being a leader in Linux distributions. Linux Mint was hacked and malware installed in the distribution. Excellent communication and response by the organization.   Story   Tweet

February 20, 2016  20160220-passcodeUpdate: re Apple v FBI. It isn’t the murderer’s passcode that needs cracking. The iPhone 5C passcode was changed after it was in the custody of law enforcement.  This Update   Start of the Story  Tweet

February 20, 2016  20160220-iotTwo epic failures adding to the Inherent Danger on the Internet of Things.  One is a home security system that radiates its PIN without encryption and you can’t update it. Story.  The other a DVR that sends still images around the world and you can’t stop it.  Story.  Tweet

February 19, 2016  20160219-McAfeeIn the fray between the FBI and Apple, now comes cybersecurity legend John McAfee with an offer to obtain access the phone so Apple does not need to weaken security for all of us. IMO …   This Update  Start of the Story   Tweet

February 19, 2016  20160219-bruteApple users: Protect your privacy. Defeat brute force attacks or delay them for years. See the simple technique and the math behind it.  Story   Tweet
February 19, 2016  20160219-compelUpdate; 10:06am Pacific Time – After just three days prosecutors file motion for judge to “compel” Apple to “comply”. Is that calm or kerosene on the fire? What says her Honor?   This Update  Start of the Story   Tweet

February 19, 2016  20160219-why_nowUpdate: Apple v FBI. Why is the DOJ making this effort now? Waiting for a truly evil target that would gather little sympathy? Or, was there a concerted effort to crack security of crooks and citizens alike?   This update  Start of the Story  Tweet

February 18, 2016  Update to Apple vs FBI. Additional information on privacy, opening more doors, liability loses focus, new liability, a reference work, and a perhaps in-applicable quote from one founder of our Nation.   This Update  Start of the Story   Tweet

February 18, 2016  20160218-iotWould you hire a convicted embezzler to manage your funds? So why get a “security” device that works for crooks while it works for you? Knowledge is power, beware the Inherent Danger in the Internet of Things.   Story   Tweet

February 17, 2016  20160217-appleFacts, tools, considerations, implications and an opinion regarding privacy and cybersecurity for the smartphones of law-breakers as well as the law-abiding.  Story   Tweet
February 17, 2016 Update  20160217-hospitalHollywood Presbyterian Medical Center paid the ransom and got a discount. Crooks unlocked files and all is well, for now.   Story   Tweet
February 16, 2016  20160216-hospitalThree hospitals hit with ransomware. One inconvenienced, two thrown back to 1970s-era capabilities. Urgent care moves further from critical patients. Prepared or not? Pay or not?   Story   Tweet

February 16, 2016  20160216-glibcThis internet core function from November 2008 has a significant vulnerability that was publicly demonstrated just yesterday. What problems are out there that we don’t know?   Story   Tweet

February 16, 2016  According to Visa CEO Scharf just 17% of physical transaction merchants are EMV capable. Why so few? Was the purpose of EMV to protect consumers? Why are merchants and consumers unhappy?   Story   Tweet

February 16, 2016  20160216-pumpkinA talking, flame shooting pumpkin on the internet of things. What could possibly go wrong?   Story   Tweet

February 16, 2016  Is the cloud a secure cyber storage place? Teacher: Maybe not so much. Certainly not the place to store … personal … pictures, videos, userids, passwords, address books etc.   Story   Tweet

February 15, 2016  The average age of a cyber-suspect is 17, but this 59 year old is keeping up the other end.   Story   Tweet

February 15, 2016  Did Angler bring you the new ransomware Hydracrypt or Umbrecrypt? Don’t pay! Read this for available decryption tools.  Story   Tweet

February 15, 2016  A UK court found that GCHQ can hack computers, phones etc. in the UK or abroad. Appears to accept intrusive nature with a balance. Other nations unhappy. So are a lot of people.   Story   Tweet

February 15, 2016  Voting Estonia stocks at Nasdaq are to be done using blockchain security which got a significant crack earlier this month.  Story   Tweet

February 14, 2016  20160213-1mTweet @mastercard & @visa – tell them a better way exists that does not require new hardware for providers, merchants or consumers and adds functionality beyond anything available. See   Story   Tweet

February 14, 2016  20160214-mazarThe very bad MazarBot, the GCHQ and the NSA have what in common? One text message and your phone is theirs. You can stop one of them.   Story   Tweet
February 14, 2016  20160214-vtechHappy Valentine’s Day! An update to VTech who exposed 700,000+ children and 5,000,000 adults. “We’re Back!” and as a special thank you we’re shifting liability for future breaches over to you.   Story   Start of the story  Tweet

February 11, 2016  20160213-appleAre you kidding me? Another way to turn your iPhone into a brick just by setting an allowed time. There is good news, bad news, and really bad news.  Story   Tweet
February 11, 2016  20160213-kohlCrooks leverage your account to generate Kohl Cash at order time, then they trade KC for gift cards. You return the stuff when it gets to you. By then the crooks are long gone. Just the kind of crime NC3 was designed to defeat.  Story   Tweet

February 13, 2016  20160213-irsThese days “security” and “Internal Revenue Service” seem to be words that don’t fit well together.   Story   Tweet
February 12, 2016  20160212-win10 Two controlled tests running 8 and 30 hours on a Win10 machine with no user activity. In the least case Win10 connected to someone 90 times an hour. To who? What for?   Story   Tweet
February 12, 2016  20160212-ad Surfing the net without adblocks is like eating fugu. You won’t die, but if you lose the gamble you might wish you had. A discussion on the need for AdRevenue vs ConsumerRisk.   Story   Tweet
February 11, 2016  20160211-good Good News: Google boots Flash.   Story   Tweet
February 11, 2016  Keeping your Bitcoins in a brain wallet? Maybe not such a good idea as blockchain security just took significant hit.   Story   Tweet
February 11, 2016  20160211-what Good News: White Hat Hackers strike again.  Story   Tweet

February 11, 2016  James Clapper, US TopSpy, suggests IoT can be used for a long list of activities.   Story   Tweet

February 11, 2016  Sparkle updater used by third parties for Apple OS X has vulnerabilities. Over 700 apps use Sparkle. Do you have one?   Story   Tweet

February 11, 2016  20160211-nypd NYPD used Stingrays over 1,000 times between 2008 and mid-2015 without a warrant. New Yorkers with cell phones are being swept up along with crooks.  Story   Tweet
February 10, 2016  20160211-feds Good news: With ENCRYPT Act of 2016 Congress acts toward preventing States from requiring encryption back doors. Story  Story Started with Blackberry/PGP with many updates   Tweet

February 10, 2016  January catchups: Over 1.1 million compromised in 8 incidents. 950,000 compromised at Centene, St. Louis based health care provider can’t find hard drives Story    50,000 tax records lost Ohio/RITA Story    140,000 exposed at Southern New Hampshire University Story    29,324 compromised at Indiana University Health Story    29,156 compromised at St. Luke’s. Story    20,764 exposed at Blue Shield of California Story    28,209 exposed at New West Health Services of Montana Story    15,000 compromised at from Bailey’s Inc. Story    Tweet

February 9, 2016  20160209-gag Can you sign away your Freedom of Speech? Is there a gag order on disseminating bad news? Sadly, yes. Restore your right to bitch (truthfully) about dreck!  Story   Tweet

February 9, 2016   20160209-fred “Running Fred” was a pleasant game until unscrupulous developers turned it into something akin to the Running Dead, zombies that will never, ever stop terrorizing your life, won’t ever truly die and operate faster than we can.   Story   Tweet

February 8, 2016  20160208-29k 29,000 FBI & DHS personnel exposed. Was it a hack or not?  Story   Update   Tweet

February 8, 2016  5 articles on exploits that affected an unknown number of people.    Nothing spreads a virus like a Trane! A cautionary tale of an internet connected device with a bug, a lack of response from the manufacturer, and a lack of easy updates. Story    ATM cards with rollback, use over, and over, and over … Story    TMZ joins the unhappy group of real companies whose revenue comes partly from malvertising. How profitable is it? Is the company responsible for malware served up by that company web host? Where is the balance? Story    Survey Says: You’ve been scammed. You get an email from a big name asking for your help and feedback. Are you really taking a survey or are you being socially manipulated into providing information to a crook? Story    T9000 cyber espionage system, what it learns about you (and tells its boss) is … unsettling. Story    Tweet 1of2    Tweet 2of2

February 8, 2016  Many information items.    Good News: Dyre trojan operators – BUSTED! Story    Ounce for ounce your smartphone is more valuable than silver. Do you protect it? Does it have things you really don’t want on it? Story    We can’t counter all unknown threats with known solutions. Read about a change in orientation to proactively create prevention without, or before, detection. Story    Sometimes you don’t have to steal money to take it. Story    Apple iOS9 users beware “WiFi Assist” default setting. Story    Don’t get your strings pulled by an urgent call from “the police”. Story    Tweet 1of2  Tweet 2of2

February 7, 2016  Apple iOS8&9 users beware! LockScreen? What LockScreen? A bypass not hard to do if you can get brief physical access.   Story   Tweet

February 7, 2016  Three information items  Tweet   How & Vote! How does malware get into Google Play Store? Vote on presentations for RSA 2016 before 2/9/2016!
Story   Arbitration pendulum swings. Back in December 2015 we wrote about how the Supreme Court upheld the inclusion of mandatory arbitration effectively stripping smaller plaintiffs from forming class actions. Story   Update: eBay will fix bug, at least partly. Story

February 6, 2016  three information items  Tweet  eBay has a vulnerability allowing attackers bypass a key restriction that prevents user posts from pushing JavaScript code to be executed on end-user devices. eBay has no plans to fix it. Story   TaxSlayer and TaxAct, both tax preparation software companies, reported unusual activity involving their customers. Not a breach, apparently attempts using user names and passwords obtained in other ways. Story   C&C server for nasty banking trojan Dridex was itself hacked to deliver anti virus softwware instead. Much appreciated! Probably still not legal. Story

February 5, 2016  20160205-appleAn iPhone6 with third party repairs may function fine until the iOS9 update which detects the repairs and turns the iPhone6 into a very expensive brick from which there is no recovery. Per Apple this is a “security related feature”.   Story  Tweet

February 5, 2016  20160205-netgearNetgear routers found vulnerable two different ways that can compromise your network and attached devices.   Story   Tweet

February 4, 2016  Update. “Every step you fake”, how wearables can endanger you or fake-boost your workouts. A study from a Canadian non-profit organization shows how smartwatch apps expose usernames and passwords and can be packed with fake data to lower insurance rates.  Story  Tweet

February 4, 2016  20160204-ucf 63,000 exposed at the University of Central Florida including employees back to the 1980s. How the breach was discovered was not disclosed.  Story   Tweet

February 4, 2016  Recycled UserID and passwords expose 20 million in Taobao, China’s Amazon-like consumer-to-consumer marketplace.   Story   Tweet

February 4, 2016  20160204-wp WordPress developers – major surge in malware being delivered to your visitors. Read this now and pass it on to your hosting company.  Story  Tweet

February 3, 2016  20160203-3cvc Tweet  Founder of Liberty Reserve alternative currency: Guilty of Money Laundering.  Story   Silk Road / Bitcoin Swiper re-arrested before he can flee to non-extradition country. Story   Mass SMS spammer taking a multi year “vacation” in prison. Story

February 3, 2016  20160203-f35 Engine and airframe maintenance information for the very expensive F-35 Joint Strike Fighter can’t be accessed because US Cyber Command requires better security than the Lockheed Martin database provides. Story   Tweet

February 3, 2016  Update to the December 2015 Safeway compromise. Would you recognize this as a point-of-sale (POS) terminal as a rigged with a skimmer? Story   Tweet

February 3, 2016  Building environment systems can be portals for hackers. Story   Tweet

February 3, 2016  Update to SCADA selfies. More examples including guide to Stuxnet. Story   Tweet

February 3, 2016  Update to 12/17/2015 Landry’s breach: Affected 46 Landry brands at 350 locations in 34 states, Washington DC and Canada. Some info, not enough. Story   Tweet

February 2, 2016  20160202-eagle20160202-alcm

Drone Hunting Eagles
Air Launched Canine Missiles

Truly we are embracing the wealth of experience nature has provided.
These Stories     Tweet
February 2, 2016  20160202-iot More devices aimed at children and that use the internet were found by someone other the company to leak information that can be used to track kids or read communications. Both companies were responsive, but how, in early 2016 are such vulnerabilities still being delivered to consumers?  Story  Tweet
February 1, 2016  20160201-pgpUpdate: A well researched and presented counterpoint to a “national need for backdoors to encryption”. This update  One start to the story  Tweet


[ Some tweets tweaked for clarity
or revised URLs -ed ]
Return to Twitter Index page