How the "Internet of Things" is going to make your life simpler, easier, and more worry-free. I jest, of course... your home appliances will need cyber-security...
Over the December holidays, one of our researchers discovered proof of a much-theorized but we believe never before seen in the wild security breach.
You thought the news about banking apps was bad. Well, it's not just the banking apps...
The Starbucks mobile app, the most used mobile-payment app in the U.S., has been storing usernames, email addresses and passwords in clear text, Starbucks executives confirmed late on Tuesday (Jan. 14). The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.
IOActive have just published a report covering the security of online banking apps for mobile devices. They found that:
[Update: 4th Feb 2014 - Firefox 27 enables TLS 1.1 and 1.2 by default now]
If you think your web browser is secure, think again. If you run over to How's My SSL?, you will get a quick summary of what your browser looks like to the outside world.
Even if you keep up with the current release version, you'll be surprised to find your browser will probably get the following report:
Your SSL client is Bad.
Why? Because the latest security features in your browser includes may be installed disabled.
I briefly mentioned in a previous blog post the tracking capabilities of cookies, and how cookies can be used to do things like scan networks behind firewalls. Well, the documentation has now surfaced of how the NSA uses one particular Google cookie to track users and determine who to target for closer surveillance (i.e. attacks with software exploits).
Vermont has started Single Payer health care. This article, from 2011, aptly sums it up: Vermont Passes Single-Payer Health Care, World Doesn't End.
Americans have a problem understanding anything that doesn't fit squarely within the Democrat/Republican ideology, and the media ensures the dialog remains polarized. Fortunately, Vermont has Bernie Sanders, an Independent, to go to bat for them in the Senate. His famous quote on the subject is "if you are serious about real healthcare reform, the only way to go is single-payer."
"Nashville tuning" is where the high strings from a 12-string guitar are put on a regular 6-string guitar. The tuning is the same as a regular guitar, from low to high, E - A - D - G - B - E, but the E - A - D - G string are tuned an octave higher, requiring a smaller gauge of string. The E - B strings are tuned normally.
In a previous blog post, I mentioned that SSL proxy servers, deployed in 1999, were used for finding and monitoring the downloading of porn. In the context of that blog post, this was originally done to find employees who were wasting work time, and provide a solid reason for terminating a non-productive employee without the unions pitching a fit.
Fast forward to 2013, and that same tech is being used to "undermine a target's credibility, reputation and authority"...
Imagine what this would look like crossed with Nanobots...
inFORM - Interacting With a Dynamic Shape Display from Tangible Media Group on Vimeo.
http://www.fastcodesign.com/3021522/innovation-by-design/mit-invents-a-…
Here's a gem:
According to revelations about the QUANTUM program, the NSA can “shoot” (their words) an exploit at any target it desires as his or her traffic passes across the backbone... Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.
