Week in review: Human sensors, IT security jobs, and hacking car charge stations
Here’s an overview of some of last week’s most interesting news, videos, reviews and articles:
Police unable to decrypt iPhones, asks Apple to do it
Court documents from a drug trial in Kentucky have revealed that the U.S. federal Bureau of Alcohol, Tobacco, Firearms and Explosives nor any other U.S. local, state, or federal law enforcement agency are able to break the hardware encryption on an iPhone 4S device or higher, so they have resorted to asking Apple to do it for them.
Can mobile devices be more secure than PCs?
Mobile devices continue to fight an inaccurate perception that they’re not as secure as traditional PCs. Entrust believes that mobile devices, when properly managed and protected, can be a highly secure platform for digital identities and online transactions.
Car and electronics shoppers at risk of escrow fraud
Cars, motorbikes and electronics top the list of items that scammers use most to swindle online shoppers in the growing underworld of escrow fraud, according to our recent study on more than 700 fake websites.
Scammers combine fake AV and bogus support calls
The scam begins with well-known pop-ups – in this case the victims are taken to a site simulating the alert – that notify the victims about a slew of malware they have on their computers. But instead of directly offering the solution for sale, the alert instructs victims to call a phone number “for immediate support”.
U.S. government tops list of malware buyers
While vocally and repeatedly tying all kinds of discovered cyber attacks to Chinese hackers, the U.S. has quietly been working on their own cyber offensive capabilities – so much so that the U.S. government has become the biggest buyer of zero-day security vulnerabilities and the tools that exploit them.
Should the G20 forum discuss Internet security?
The G20 forum — with its ability to give equal voice among nations that make up 90 percent of global GDP, 80 percent of international trade and 64 percent of the world’s population — could “propagate a simple narrative that communicates why a sustainable cyberspace is linked to GDP growth for every nation.”
Researcher refuses to help Saudi telco to spy on people
You would think that a Saudi Arabian telecom firm interested in monitoring its users’ mobile communications would not be asking a well-known pro-privacy researcher such as Moxie Marlinspike for help, but you would be wrong.
Human sensors: How encouraging user reporting strengthens security
Despite the pervasiveness of cyber-attacks threatening the enterprise security today, many organizations are still not taking advantage of their most widely deployed security asset: people.
Hacking charge stations for electric cars
In this video recorded at Hack In The Box 2013 Amsterdam, Ofer Shezaf, founder of OWASP Israel, talks about what charge stations really are, why they have to be “smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
Mobile crimeware and the global criminal marketplace
The sprawling mobile devices marketplace has spawned an industrialized mobile financial fraud plexus that today drives increasingly sophisticated criminal technical innovation to exploit the mobile devices explosion. It is funded by increasing revenues derived from potent new developments in mobile malware, according to the APWG.
Tips for validating DDoS defenses
Prolexic has issued a number of recommendations that organizations can use to validate their DDoS defenses, as well as protection services they receive from mitigation providers.
Password meters actually work
Password strength meters work, but only when users are choosing or changing passwords for “important” accounts, a group of researchers has found. They also confirmed that users are no more likely to forget a “strong” password than a “weak” one.
IT security jobs: What’s in demand and how to meet it
Let’s say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
The New Yorker launches anonymous dead-drop tool
Popular U.S. magazine The New Yorker has made available for its potential sources an anonymous dead-drop tool that allows them to send and receive messages and files to the publication’s journalists without revealing their actual identity.
Thoughts on the need for anonymity
We have to work to maintain anonymity, both in our online and offline lives.
Four LulzSec hackers handed prison sentences
Four LulzSec members have been sentenced at Southwark Crown Court for taking part in the 2011 attacks against a series of high-profile websites and publishing user information stolen in these attacks.
The Hacker’s Guide to OS X: Exploiting OS X from the Root Up
With increasing market share and popularity, OS X is getting more attention from cybercriminals and hackers alike. This book wants to ride on that rising success and provide readers the tools to exploit OS X from the root up.
A look into the EC Council hack
EC Council was reported to have been compromised by a hacker called Godzilla. Based on published materials it seems that the hacker got access to training course material of several certification programs.
Ransomware adds password stealing to its arsenal
Slowly but surely, more and more users are becoming acquainted with the existence of ransomware and when faced with one, they opt not to pay the requested “fine” and instead seek help for disinfecting their computers. But malware developers are not ready to give up on the scam.
New Mac spyware signed with legitimate Apple Developer ID
The malware was discovered on an African human rights activist’s Mac who participated in a workshop dedicated to teaching activists how to secure their devices against government and any other kind of snooping.