Another Leaky Cloud – Dropbox gets Breached

It seems as though it’s been a double whammy for the cloud storage service, Dropbox, this week. After announcing a bug that caused peoples files to get deleted unintentionally they have been victim to a third-party breach. Hackers infiltrated a third-party service used for storing peoples Dropbox logins and made a database out of them. The hackers are taking Bitcoin donations to show more of the database.

Don’t worry, Dropbox has reset everyone’s passwords already, and most of the passwords were expired anyway. However, you should still change your password. This also goes to show the internet is a dangerous place and you should only use a typewriter. Also, buy tinfoil hats or the government will read your thoughts.

http://9to5mac.com/2014/10/13/hackers-claim-to-have-a-database-of-nearly-7-million-dropbox-credentials-service-denies-it-was-breached/

You May Soon Regret Sending that Snapchat

Snapchat has been quite popular among smartphone users in the past two years. It has given users the ability to send possibly embarassing photos of themselves to others without the fear of anyone else seeing them ever again. For a while, Snapchat blocked the ability to screenshot the photos, and during that time, websites like SnapSaved have allowed users to secretly save every snapchat that they receive.

That has been great for users, until now. SnapSaved.com has announced that

[We] would like to inform the public that snapsaved.com was hacked… We had a misconfiguration in our Apache server. SnapChat has not been hacked, and these images do not originate from their database.

This can spell trouble for many people. With Snapchat being used by people of all ages and many of these people using SnapSaved.com, this is a huge privacy leak. Nearly two hundred thousand Snapchats were leaked.

A blogger named Kenny Withers has been keeping updated posts of 4Chan about the leak, and claims that there is a torrent of 13GB of all the photos and videos. It is believed that a large amount of these photos are of intimate nature. This leak comes as a harsh reminder to users that even though it seems like the photo “disappears,” it really doesn’t go away.

You can read the original article here: http://nakedsecurity.sophos.com/2014/10/13/the-snappening-snapchat-images-flood-the-internet-after-snapsaved-com-hack/

Flashlight Apps do more than shine light

In our society today, many people have a great desire for instant gratification. With  technology expanding at alarming rates, consumers have grown accustomed to having the world at their finger tips at the push of a button. Cell phones are used for far more than making a quick phone call  or sending a text message. Many people in our society now use cell phones for mobile banking, GPS services and mini computers among a plethora of other utilities, including flashlights.

A group of researchers at Snoopwall—a technology solution that detects and blocks spyware and malware has found that some of  the most widely used flashlight apps are preforming tasks that far exceed the requirements of a flashlight. Many of the top flashlight apps request permission to use GPS location,modify storage, change display settings and view network connections  among other permissions that are not at all necessary for a flashlight. The Snoopwall study showed that it did not seem to be any more safe to download from google play than it was to get them from 3rd party websites as Google Play does not closely analyze the apps it puts in the market place. All of the top 10 google play flashlights executed unnecessary functions to various degrees. Apple devices were found to be at a slightly smaller risk due to the hardened operating systems of iOS 7 and 8.

Snoopwall recommends that users who have downloaded one of the potentially malicious apps delete them and depending on the permissions the app was given, reset the phone. The company also recommends that consumers  slow down and pay closer attention to the permissions that they give apps, disable GPS  and bluetooth services when not in use.

The full article can be found at: http://www.tripwire.com/state-of-security/security-awareness/spying-flashlight-apps-reveal-user-inattentiveness-to-cyber-security/

the list of permissions that some of the top apps that were tested can be found here: http://www.snoopwall.com/threat-reports-10-01-2014/

Ryan Stadtlander

United States Cyber Command Broadens Reach

The United States Cyber Command recently announced an initiative that would hire 6,000 new “cyber professionals” across the country to help protect government networks. USCYBERCOM is a branch of the Armed Forces tasked with orchestrating the defense against and response to attacks on the United States’ cyber infrastructure.

Federal and state networks alike face an ever-growing number of cyber attacks, as stated in a report released by the Department of Homeland Security last Wednesday at the start of National Cybersecurity Awareness Month. The report also stated that despite the threat posed by these attacks, government funding for cyberdefense is scarce.

House Intelligence Committee chairman Mike Rogers was reported last Wednesday saying he would like to see the United States take a more offensive strategy in cyberspace, but added that proper procedures for such offensives must first be established by the Pentagon and other such entities.

[1] “U.S. Cyber Command plans to recruit 6,000 cyber professionals[...]“

http://www.homelandsecuritynewswire.com/dr20141006-u-s-cyber-command-plans-to-recruit-6-000-cyber-professionals-as-u-s-mulls-offensive-cyber-strategy

[2] “Cyber Command looks to fill 6,000 jobs”

http://article.wn.com/view/2014/10/02/Cyber_Command_looks_to_fill_6000_jobs/

[3] “Cyberattacks on State Databases Escalate”

http://www.govtech.com/security/Cyberattacks-on-State-Databases-Escalate.html

Data Encryption to be Enabled by Default in Anroid L

Since 2011, Google’s smartphone operating system, Android, has given users the option to encrypt the data on their devices. Encrypting your Android device prevents anyone without your set password from reading the information stored on your device if they manage to break in or intercept any data. Very few people know about the existence of this feature, and fewer still even enable it. However, Google recently announced that their next, upcoming version of Android, currently known as Android L, will have this feature enabled by default. This announcement came shortly after Apple’s announcement that they would be expanding security for its iCould storage system, which was recently breached and resulted in several nude photos of various celebrities being leaked. The moves made by both companies help to ensure the protection of the privacy of their users. Slated to be released in October, Android L will require users to create a password during the activation process in order to automatically set up device encryption before any data can be accessed. This means that users will no longer have to worry about any of their information, pictures, videos, communication, and any other data becoming exposed to those with malicious intent, and they also will not have to think about remembering to turn on this feature.

 

Source: http://www.techtimes.com/articles/15978/20140921/data-encryption-will-be-default-in-android-l-to-keep-out-snoopers.htm