Apple is once again experiencing drama surrounding its iCloud service, as China has begun man in the middle attacks against iCloud users in its country. A man in the middle attack is like eavesdropping on a connection: the attack poses as a connection between the victim and the service of choice to record the information the victim sends then forward it on to the service. This makes the connection appear normal to the victim while in fact their information is being compromised. This attack against iCloud is a clear attempt by China to gain the personal information of its citizens, including data from iMessage, photos, contacts, and credentials.
There is much speculation as to the reason for the attacks. Some believe that this attack is in response to Apple’s new default security measures being placed on their mobile devices. Another possibility is that the attacks are linked to the so-called “Umbrella Revolution” currently taking place in Hong Kong. Whatever the true cause, this is not the first time China has performed such attacks and surely will not be the last.
It seems as though it’s been a double whammy for the cloud storage service, Dropbox, this week. After announcing a bug that caused peoples files to get deleted unintentionally they have been victim to a third-party breach. Hackers infiltrated a third-party service used for storing peoples Dropbox logins and made a database out of them. The hackers are taking Bitcoin donations to show more of the database.
Don’t worry, Dropbox has reset everyone’s passwords already, and most of the passwords were expired anyway. However, you should still change your password. This also goes to show the internet is a dangerous place and you should only use a typewriter. Also, buy tinfoil hats or the government will read your thoughts.
Snapchat has been quite popular among smartphone users in the past two years. It has given users the ability to send possibly embarassing photos of themselves to others without the fear of anyone else seeing them ever again. For a while, Snapchat blocked the ability to screenshot the photos, and during that time, websites like SnapSaved have allowed users to secretly save every snapchat that they receive.
That has been great for users, until now. SnapSaved.com has announced that
[We] would like to inform the public that snapsaved.com was hacked… We had a misconfiguration in our Apache server. SnapChat has not been hacked, and these images do not originate from their database.
This can spell trouble for many people. With Snapchat being used by people of all ages and many of these people using SnapSaved.com, this is a huge privacy leak. Nearly two hundred thousand Snapchats were leaked.
A blogger named Kenny Withers has been keeping updated posts of 4Chan about the leak, and claims that there is a torrent of 13GB of all the photos and videos. It is believed that a large amount of these photos are of intimate nature. This leak comes as a harsh reminder to users that even though it seems like the photo “disappears,” it really doesn’t go away.
You can read the original article here: http://nakedsecurity.sophos.com/2014/10/13/the-snappening-snapchat-images-flood-the-internet-after-snapsaved-com-hack/
In our society today, many people have a great desire for instant gratification. With technology expanding at alarming rates, consumers have grown accustomed to having the world at their finger tips at the push of a button. Cell phones are used for far more than making a quick phone call or sending a text message. Many people in our society now use cell phones for mobile banking, GPS services and mini computers among a plethora of other utilities, including flashlights.
A group of researchers at Snoopwall—a technology solution that detects and blocks spyware and malware has found that some of the most widely used flashlight apps are preforming tasks that far exceed the requirements of a flashlight. Many of the top flashlight apps request permission to use GPS location,modify storage, change display settings and view network connections among other permissions that are not at all necessary for a flashlight. The Snoopwall study showed that it did not seem to be any more safe to download from google play than it was to get them from 3rd party websites as Google Play does not closely analyze the apps it puts in the market place. All of the top 10 google play flashlights executed unnecessary functions to various degrees. Apple devices were found to be at a slightly smaller risk due to the hardened operating systems of iOS 7 and 8.
Snoopwall recommends that users who have downloaded one of the potentially malicious apps delete them and depending on the permissions the app was given, reset the phone. The company also recommends that consumers slow down and pay closer attention to the permissions that they give apps, disable GPS and bluetooth services when not in use.
The full article can be found at: http://www.tripwire.com/state-of-security/security-awareness/spying-flashlight-apps-reveal-user-inattentiveness-to-cyber-security/
the list of permissions that some of the top apps that were tested can be found here: http://www.snoopwall.com/threat-reports-10-01-2014/
The United States Cyber Command recently announced an initiative that would hire 6,000 new “cyber professionals” across the country to help protect government networks. USCYBERCOM is a branch of the Armed Forces tasked with orchestrating the defense against and response to attacks on the United States’ cyber infrastructure.
Federal and state networks alike face an ever-growing number of cyber attacks, as stated in a report released by the Department of Homeland Security last Wednesday at the start of National Cybersecurity Awareness Month. The report also stated that despite the threat posed by these attacks, government funding for cyberdefense is scarce.
House Intelligence Committee chairman Mike Rogers was reported last Wednesday saying he would like to see the United States take a more offensive strategy in cyberspace, but added that proper procedures for such offensives must first be established by the Pentagon and other such entities.
 “U.S. Cyber Command plans to recruit 6,000 cyber professionals[...]“
 “Cyber Command looks to fill 6,000 jobs”
 “Cyberattacks on State Databases Escalate”