Updates to Anti-Social Media
Sophos: Facebook battles tiny startup over privacy accusations John E. Dunn remarks:
“You can argue Six4Three’s allegations either way … they’re another example of the way the company perfectly understood the value of its user data and wanted to monetise it.”
“Alternatively, by restricting third parties, Facebook was simply reigning in risky access that privacy advocates believe should never have been allowed in the first place.”
ESET: UNICEF now using cryptocurrency mining for fundraising – “So far in 2018, the NGO has launched two charity campaigns with the aim of raising funds through cryptocurrency mining.”
Technode: Qihoo 360 discovers high-risk security issues in EOS, says 80% digital wallets have problems – “Blockchain platform EOS is facing a series of high-risk security vulnerabilities, according to Chinese cybersecurity company Qihoo 360 […] EOS is a blockchain-based, decentralized system that enables the development, hosting, and execution of commercial-scale decentralized applications (dApps) on its platform.”
Updates to GDPR page
The Register: Businesses brace themselves for a kicking as GDPR blows in – “Securing company data just got even harder”
The Register: Softbank’s ‘Pepper’ robot is a security joke – “Big-in-Japan ‘bot offers root access through hard-coded password and worse bugs too”
Sophos: California tests digital license plates. Is tracking cars next? – Lisa Vaas comments: ‘Yes, now we can add license plates to the pile of “do we really need xyz IoT thing,” which already includes internet-enabled fridges, toasters, washing machines and coffee makers.’ And mentions quite a few of the issues that this initiative raises. What could go wrong?
Interesting paper: Post-Spectre Threat Model Re-Think
Updates to Mac Virus
(1) Bleeping Computer: Malware Found in the Firmware of 141 Low-Cost Android Devices – “Two years after being outed, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach.”
Dr Web report from 2016: Doctor Web discovers Trojans in firmware of well-known Android mobile devices – “Doctor Web’s security researchers found new Trojans incorporated into firmwares of several dozens of Android mobile devices. Found malware programs are stored in system catalogs and covertly download and install programs.”
Avast report from 24th May 2018: – “The Avast Threat Labs has found adware pre-installed on several hundred different Android device models and versions, including devices from manufacturers like ZTE and Archos. The majority of these devices are not certified by Google.”
(2) Meanwhile, Sophos’ Matt Boddy has been looking at how to find out the answer to the question Are your Android apps sending unencrypted data? He says:
“My concerns led me to do some network analysis on popular Android apps, following the methodology set out in the OWASP Mobile Security Testing Guide.
I’ll tell you what I did, what I discovered and how you can do it too.”
Updates to Anti-Malware Testing
AMTSO has issued press releases – AMTSO Membership Approves Major Step Forward in Testing Standards and AMTSO Announces Full Adoption of Testing Protocol Standard following the approval by a majority of AMTSO members of its Draft Standards and authorization of a working group at the recent AMTSO meeting.
No information at present on exactly how the voting went, which I’d like to have seen in the interests of transparency.