読者です 読者をやめる 読者になる 読者になる

トリコロールな猫/セキュリティ

セキュリティ情報の備忘録的まとめ。

20140417 セキュリティ情報まとめ

本日のまとめ

LaCie

LaCie (now owned by Seagate) had been compromised by a group of hackers that broke into dozens of online stores using security vulnerabilities in Adobe’s ColdFusionsoftware. In response, Seagate said it had engaged third-party security firms and that its investigation was ongoing, but that it had found no indication that any customer data was compromised.

Smartphone Anti-Theft Voluntary Commitment

The tool will enable the user to remotely wipe data from the phone and render it inoperable in case the phone is stolen or lost. Furthermore, the tool will prevent reactivation without user's permission (including factory reset attempts), but it will allow the authorized user to reverse the inoperability and restore data in case the phone is recovered.

脆弱性・アップデート情報

単発記事

Hackers attempt to BLACKMAIL plastic surgeons • The Register

A spokesman for the clinic told El Reg that the "perpetrator" compromised its systems after exploiting flaws in its website inquiry form. All sorts of personal information including potential clients’ names, addresses, dates of birth, contact details as well as details information about the type of cosmetic procedure they were inquiring about was exposed as a result of the breach.

BBC News - Galaxy S5 fingerprint scanner hacked with glue mould

SRL created its hack by lifting a real fingerprint from a smartphone screen and then carrying out a fairly elaborate process to create a mould out of glue and graphite spray. This was then swiped across the sensor that sits in the phone's home button.

The plot to kill the password | The Verge

Last Friday, Samsung's new Galaxy S5 arrived with an unexpected and underhyped feature. Like the iPhone 5S, it came with a fingerprint reader, but this reader plugs directly into PayPal, which in turn connects you to dozens of different payment systems. It’s a clever trick: instead of a password, all you need is a fingerprint, carrying you through the entire web. If it catches on, soon you won’t need a password at all.

パスワードをやめて指紋認証にしようという話。

WhatsApp Flaw leaves User Location Vulnerable to Hackers and Spy Agencies - The Hacker News

WhatsApp fetches the location and thumbnail (an image) from the Google Map service to share it as the message icon, but unfortunately WhatsApp downloads this image through an unencrypted channel from Google that could be sniffed during a Man-in-the-middle attack, as shown in the video demo.

Google Admits that It Reads your Emails - The Hacker News

Last year, Google was accused of its illegal interception of all electronic communications sent to Gmail account holders and using the gathering data to sell and place advertisements in order to serve related ads to its users. Practically, the more information you let Google collect about you, the more accurate its adverts become.

エドワード・スノーデン氏も愛用、超匿名OS「Tails」とは? : ギズモード・ジャパン

TailsはTorで接続経路を匿名化し、PGPでメールや文書を暗号化し、パスワード管理システムのKeePassXとチャット暗号化用プラグインのOff-the-Record(OTR)を使っています。