Heartbleed関連
- Heartbleed bug fix: Tor isn’t a safe haven either | BGR
- Heartbleed Software Snafu: The Good, the Bad and the Ugly - Scientific American
- ニュース - OpenSSLの「心臓出血」脆弱性、被害報告が相次ぐ:ITpro
- Hackers from China waste little time in exploiting Heartbleed
- OpenBSD から見て Heartbleed は氷山の一角に過ぎない | スラッシュドット・ジャパン Submission
- “Heartbleed”で秘密鍵を盗むのは難易度高、攻撃活動も現状では少数 -INTERNET Watch
シマンテックの安達徹也氏(Trust Servicesプロダクトマーケティング部上席部長)によると、攻撃の難易度という観点では、パスワードやクレジットカード番号の方は比較的簡単に窃取できるのに対し、秘密鍵はハードルが比較的高いという。
LaCie
- BBC News - LaCie warns of suspected credit card data breach
- LaCie discloses details about year-long security breach | The Verge
- French hard-drive maker LaCie cops to YEAR LONG card data leak • The Register
- Hardware Giant LaCie Acknowledges Year-Long Credit Card Breach — Krebs on Security
LaCie (now owned by Seagate) had been compromised by a group of hackers that broke into dozens of online stores using security vulnerabilities in Adobe’s ColdFusionsoftware. In response, Seagate said it had engaged third-party security firms and that its investigation was ongoing, but that it had found no indication that any customer data was compromised.
パーソナルデータ検討会
医療機器における情報セキュリティに関する調査(2013年度)
標的型攻撃
Microsoft Threat Modeling Tool 2014
Smartphone Anti-Theft Voluntary Commitment
- [original] Smartphone Anti-Theft Voluntary Commitment
- Apple, Google, Microsoft Embrace the Fight Against Smartphone Theft
The tool will enable the user to remotely wipe data from the phone and render it inoperable in case the phone is stolen or lost. Furthermore, the tool will prevent reactivation without user's permission (including factory reset attempts), but it will allow the authorized user to reverse the inoperability and restore data in case the phone is recovered.
単発記事
Hackers attempt to BLACKMAIL plastic surgeons • The Register
A spokesman for the clinic told El Reg that the "perpetrator" compromised its systems after exploiting flaws in its website inquiry form. All sorts of personal information including potential clients’ names, addresses, dates of birth, contact details as well as details information about the type of cosmetic procedure they were inquiring about was exposed as a result of the breach.
BBC News - Galaxy S5 fingerprint scanner hacked with glue mould
SRL created its hack by lifting a real fingerprint from a smartphone screen and then carrying out a fairly elaborate process to create a mould out of glue and graphite spray. This was then swiped across the sensor that sits in the phone's home button.
The plot to kill the password | The Verge
Last Friday, Samsung's new Galaxy S5 arrived with an unexpected and underhyped feature. Like the iPhone 5S, it came with a fingerprint reader, but this reader plugs directly into PayPal, which in turn connects you to dozens of different payment systems. It’s a clever trick: instead of a password, all you need is a fingerprint, carrying you through the entire web. If it catches on, soon you won’t need a password at all.
パスワードをやめて指紋認証にしようという話。
WhatsApp Flaw leaves User Location Vulnerable to Hackers and Spy Agencies - The Hacker News
WhatsApp fetches the location and thumbnail (an image) from the Google Map service to share it as the message icon, but unfortunately WhatsApp downloads this image through an unencrypted channel from Google that could be sniffed during a Man-in-the-middle attack, as shown in the video demo.
Google Admits that It Reads your Emails - The Hacker News
Last year, Google was accused of its illegal interception of all electronic communications sent to Gmail account holders and using the gathering data to sell and place advertisements in order to serve related ads to its users. Practically, the more information you let Google collect about you, the more accurate its adverts become.
エドワード・スノーデン氏も愛用、超匿名OS「Tails」とは? : ギズモード・ジャパン
TailsはTorで接続経路を匿名化し、PGPでメールや文書を暗号化し、パスワード管理システムのKeePassXとチャット暗号化用プラグインのOff-the-Record(OTR)を使っています。
あとで読むかも
- Financial Services Companies Facing Varied Threat Landscape | Threatpost | The first stop for security news
- 一部お客様のドメインに関しましてご報告とご協力のお願い
- 「リーブ21」公式サイト、不正アクセスで改ざん サイト停止 - ITmedia ニュース
- ニュース - 2013年は大規模データ侵害の年、シマンテックがセキュリティ脅威発表:ITpro
- 【PC遠隔操作事件】C#でのプログラム作成能力を巡って(第6回公判メモ)(江川 紹子) - 個人 - Yahoo!ニュース
- XP最後のアップデート公開へ、攻撃発生のWord脆弱性も修正と予告 - ITmedia ニュース
- エフセキュアブログ : インターネット監視の隠れた危険性