Global Attacks on Mobile Networks Jeopardize Privacy and Profits

There is a technology called SS7 that was developed in the 1970s which was developed for setting up phone calls and is still used today. The SS7 network was said to be used more than the internet every day without anyone realizing it. In the past people thought of a breach in this network as a passing thought, but now people have learned that they can exploit the system by issuing commands that the system was not built to receive. Once the system is exploited the person who breached the system they has the ability to make free calls, intercept calls / text messages, and track anyone wherever they are once you have their phone number.

The article then branched out to the security flaws that are currently present in adobe’s flash reader application. There was recently a zero day vulnerability that was quickly patched, but security experts aren’t very optimistic that vulnerabilities like this one will stay sealed for long within adobe flash. The problem is that adobe flash has many different areas to attack due to it being such a complex environment, and this makes it hard to keep it secure for very long if at all. In the article it said that it was projected that adobe flash will mostly be eradicated from use in 5 years.

The article then branched out again to bring awareness on the topic of false digital certificates being issued to phishing sites. These certificates are what make the padlock appear on your browser which is supposed be another security measure, it is supposed to inform the end user that a website is “safe”. The problem though is that there is a large amount of these certificates being issued to false sites, which helps these sites trick users into revealing their information to criminals because they feel the site is safe. “Despite industry requirements for increased vetting of high-risk requests, many fraudsters slip through the net, obtaining SSL certificates for domain names such as banskfamerica.com (issued by Comodo), ssl-paypai-inc.com (issued by Symantec), and paypwil.com (issued by GoDaddy),” Edgecombe continued.” (TechNewsWorld). One company that was called out on issuing many of these false certificates was CloudFare, which responded by saying they have allocated resources into quickly taking down these sites once they alerted to them.

Article:

http://www.technewsworld.com/story/82641.html

Joshua Geise — Signed

Advertisements