Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “USAF Recruiting Trojans & Worms”, 2) “Apple UDID Leak & Agency Collection Risks”, and 1) ”Philips, Police & Sony at Risk in Latest Breaches”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
Happy International Mailman Day!: It’s time for our monthly reminder … that is a reminder of what our cleartext password is for many of the default installs of Mailman out there. As we’ve mentioned before … try contacting the administrators first and tell them to change this setting. That way you are not only protecting yourself but also all their other users. Here are some instructions you can forward onto them. Basically, they need to set the send_reminders configuration value to No. If after several months and several reminders you get no response or an outright refusal, maybe try posting an obfuscated screenshot to PlainTextOffenders.com and forwarding that link onto them a few times. If none of the above suggestions work, let us know and we’ll do a quick post about it and then perhaps we can get that article syndicated and a bunch of people tweeting and liking it. Maybe that will get their attention … or maybe not. Do you belong to any Mailman lists that send you monthly password reminder email messages? Why not name and shame them in the comments below. (continued here)
Philips, Police, & Sony at Risk in Latest Breaches: Writing password breach posts is getting to be a bit tiring. With so many happening it seems we just keep pointing out the same old problems again and again. But on the other hand if bloggers and other media types don’t keep the pressure up, organizations will have less motivation to correct the problem. So with this in mine we’d like to bring you two that we had noticed. We were going to ignore them (see reason above) but then The Register put out some low profile posts on Friday so we’d figured we highlight those for awareness sake. And of course their was the Sony one we just found while writing this article. Got any ideas on how we can fix this gigantic problem? Let us know in the comments below.(continued here)
Apple UDID Leak & Agency Collection Risks: If you haven’t heard yet … apparently the UDIDs of over a million Apple devices have been posted online. Worse is that the perpetrators are claiming that this is just a small subset of the data they pulled. The entire collection is supposedly around 12 million records and contains other sensitive information, including full names, cellphone numbers, and addresses of Apple customers. Supposedly the data was pulled from an FBI “cybersecurity” agent’s laptop using a Java vulnerability. This episode is a perfect example associated with the risks of government agencies collecting information like this. Yes, it may be necessary to do their job but they MUST be extremely careful that the information doesn’t get out there. We guess the big question is, “Can we trust them to properly protect the data they are collecting?” Although collecting data like this may be necessary to do their jobs, how can government agencies lower their risks of breaches like this occurring? (continued here)
USAF Recruiting Trojans & Worms: The United States Air Force is no longer tip-toeing around it’s intentions regarding hacking of opponent networks. As part of a recent presentation and procurement effort (dubbed “Cyberspace Warfare Operations Capabilities (CWOC)“) their plan of action seems to be to gear out the military with cyber strikes that have the capability of being launched not only by the head honcho/big cheese/high chief muckamuck but also by an “operational commander.” Should malware really be placed in the hand of local generals as part of their normal toolkit? Post your comments below. (continued here)
Event iCal Subscription Feed: Periodically readers suggest that we should have an iCal feed for our local event calendar. The obvious advantage here is that they’d just subscribe to the feed and our listed events would automagically appear in their personal calendars. Well, the good news is that we’ve always had this feature … guess we just did a horrible job at advertising it. What other features are you looking for? An email list? A community wiki? Let us know in the comments below. (continued here)
Apple Devices Exposed by Possible FBI Computer Breach?: Nothing to see here … please move along … or so that’s what’s being said about the whole FBI UDID leak fiasco from earlier this week. Based on local blogger @darthnull‘s ongoing analysis there’s still no official finding on where the data came from … so it could be an FBI computer (or a personal computer owned by that cyber security agent) … or more likely from a popular iOS app developer’s machine. No one has been able to point the finger to a particular app yet though. Do you think that an FBI computer breach took place and if so, could Apple products be exposed? Post your comment below. (continued here)
Hope everyone had a wonderful week. Have a great weekend!