Monday, April 27, 2015

Apps creators keep raiding our privacy

Unencrypted passwords and applications exaggeratedly invading our privacy. The Security expert Troy Hunt has studied what kind of data are taking some mobile apps from our devices and he ensures he is impressed. We will discuss it, along with a failure which has jeopardized 25,000 iOS system apps, an interesting security maturity test for organizations and Twitter efforts to address the horrible scourge of cyberbullying.

According to the expert Troy Hunt, the nerve of mobile apps at the time of collecting our information, without the own app's operation requiring it, is so great that even PayPal service's app, which happen to be a serious service, incurs some invasive behaviors. Why would Paypal want our router ID, model and name of our phone, IP address, geolocation, SSID and storage space? "PayPal, do you really need to know all that?" Wonders Hunt.
Speaking of apps and security, a critical failure in 25,000 Apple's App Store apps leaves them with no HTTP's protection in order to prevent sensitive data theft. The bug lies in the AFNetworking library and allows monitoring and modifying data, although digital certificates were used. The most pessimistic forecasts points up to 50,000 apps affected, including those of Microsoft, Bank of America, Wells Fargo and JPMorgan Chase. SourceDNA has created a tool to detect whether our apps are affected or not.

In another vein, has come to our attention a security maturity tests collection, intended to be completed and understood by business managers. The author is veteran journalist Brian Krebs, and allows to have a relaxed time investigating which technologies, processes, philosophy or people do we have in our teams, to determine whether we belong to advanced INFOSEC use organizations, progressive or, to put it elegantly, "basic " organizations.

And as usual, just a cybersecurity issue to finish, which is usually quite invisible to the media, although security forces know it's a real plague: bullying in networks, called "cyberbullying", done mainly on social networks, and still being teenagers a good part of their actors. Twitter has developed a new filter so that those who are affected can weather this threat, it blocks the threatening messages -which sinks the victim's self-esteem so much-, and keeps them away from their eyes.

We send applauses to Twitter and other social networks from here  for being so sensitive to this very serious problem worldwide connected to networks.


Post a Comment