Information Security News
Australia, your lack of cyber transparency disturbs me
While the government continues to play secret squirrel, the infosec industry is getting into transparency. At CeBIT Cyber Security, the very next speaker after the DSD's Franzi was John Suffolk, global cyber security officer for Huawei. As a Chinese ...
If you think your pictures, contacts, and other data are protected by the two-step verification protection Apple added to its iCloud service in March, think again. According to security researchers in Moscow, the measure helps prevent fraudulent purchases made with your Apple ID but does nothing to augment the security of files you store.
To be clear, iCloud data is still secure so long as the password locking it down is strong and remains secret. But in the event that your account credentials are compromised—which is precisely the eventuality Apple's two-factor verification is intended to protect against—there's nothing stopping an adversary from accessing data stored in your iCloud account. Researchers at ElcomSoft—a developer of sophisticated software for cracking passwords—made this assessment in a blog post published Thursday.
"In its current implementation, Apple’s two-factor authentication does not prevent anyone from restoring an iOS backup onto a new (not trusted) device," ElcomSoft CEO Vladimir Katalov wrote. "In addition, and this is much more of an issue, Apple’s implementation does not apply to iCloud backups, allowing anyone and everyone knowing the user’s Apple ID and password to download and access information stored in the iCloud. This is easy to verify; simply log in to your iCloud account, and you’ll have full information to everything stored there without being requested any additional logon information."
Mobile Application Security: New SANS Survey Results Revealed
The Herald | HeraldOnline.com
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...
Securing Credit Card Voice Transactions
Infosecurity Magazine (US) (blog)
Semafone, quite uniquely, is founded by a trio of “non infosec guys.” Critchley describes himself as a “call centre guy who understands security and compliance problems” and an entrepreneur, but not an information security professional. To put it quite ...
Talking Infosec Awareness and Training with Kaspersky Labs' David Emm
Infosecurity Magazine (US) (blog)
Talking Infosec Awareness and Training with Kaspersky Labs' David Emm. Shortly before the chaos of Infosecurity Europe, I joined David Emm, senior security researcher at Kaspersky Lab, for lunch in a lovely quiet gastro pub in the Oxfordshire countryside.
Posted by InfoSec News on May 30http://news.xinhuanet.com/english/world/2013-05/29/c_132416837.htm
Posted by InfoSec News on May 30http://news.techworld.com/applications/3449583/hackers-exploit-ruby-on-rails-vulnerability-to-compromise-servers-create-botnet/
Posted by InfoSec News on May 30http://arstechnica.com/tech-policy/2013/05/nypd-cop-arrested-accused-of-paying-4000-to-hack-fellow-officers-e-mail/
Posted by InfoSec News on May 30https://www.computerworld.com/s/article/9239613/Drupal_resets_account_passwords_after_detecting_unauthorized_access
Posted by InfoSec News on May 30http://www.bbc.co.uk/news/technology-22699871