iPad bomb plot allegedly led to electronic device ban on flights

A plot allegedly involving an iPad bomb was one of the factors which sparked US and UK restrictions on bringing electronic devices larger than a smartphone into the passenger cabin of flights traveling from the Middle East.

It’s unclear if the alleged bomb was inside an iPad knockoff or used an iPad shell, but the tablet filled with explosives was not in itself enough to trigger the electronic device ban. An unnamed source told The Guardian that the US and UK bans “were not the result of a single specific incident but a combination of factors.”

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

Microsoft's Docs.com is sharing dangerously sensitive personal files, information

If you use Microsoft’s Docs.com to store personal documents, stop reading this and make sure you aren’t inadvertently leaking your private information to the world.

Microsoft sets any documents uploaded to the document sharing site as public by default—though it appears that many users aren’t aware of it. That means anyone can search Docs.com for sensitive personal information that wasn’t manually set private. PCWorld found social security numbers, health insurance ID numbers, bank records, job applications, personal contact details, legal correspondence, and drivers license numbers with just a few minutes of searching.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

IDG Contributor Network: Saks self-leaked customer data unencrypted, violating multiple rules


Source: Computerworld.com | Security

UK official wants police access to WhatsApp messages

A senior U.K. official is asking that law enforcement be given access to encrypted messages on WhatsApp and similar services, a demand that is likely to fuel an ongoing debate over whether companies should create backdoors into their encryption technologies for investigators.

Khalid Masood, the terrorist who killed four people outside Parliament on Wednesday, had sent a message on WhatsApp shortly before the attack, according to reports.

“We need to make sure that organizations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate with each other,” Home Secretary Amber Rudd said on BBC One’s Andrew Marr Show on Sunday.

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

Critical flaw alert! Stop using JSON encryption

A vulnerability in a JSON-based web encryption protocol could allow attackers to retrieve private keys. Cryptography experts have advised against developers using JSON Web Encryption (JWE) in their applications in the past, and this vulnerability illustrates those very dangers.

Software libraries implementing the JWE, or RFC 7516, specification suffer from a classic Invalid Curve Attack, wrote Antonio Sanso, a senior software engineer at Adobe Research Switzerland and part of the Adobe Experience Manager security team. The JSON Web Token (JWT) is a JSON-based open standard defined in the OAuth specification family used for creating access tokens, and JWE is a set of signing and encryption methods for JWT. Developers using JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) are affected.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

Experts Doubt Hackers’ Claim Of Millions Of Breached Apple Credentials

Security experts say they are skeptical that a group called Turkish Crime Family actually possess a cache of hundreds of millions of Apple iCloud account credentials.
Source: Threatpost.com | Privacy

US bans electronics larger than smartphones in cabins on certain flights

The U.S. Department of Homeland Security has ordered that passengers on flights departing for the U.S from 10 airports in the Middle East and Africa will have to carry personal electronics larger than a smartphone as checked baggage, citing increased terror threats.

Giving the approximate size of a commonly available smartphone as a guideline for passengers, the DHS said that laptops, tablets, e-readers, cameras, portable DVD players, electronic game units larger than smartphones, and travel printers or scanners were the kind of personal electronics that would not be allowed in the cabin and would have to be carried as checked baggage.

Approved medical devices may be brought into the cabin after additional screening. The size of smartphones is well understood by most passengers who fly internationally, according to the DHS, which in any case asked passengers to check with their airline if they are unsure whether their smartphone is impacted.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

U.S. bans electronics larger than smartphones in cabins on some flights

The U.S. Department of Homeland Security has ordered that passengers on flights departing for the U.S from 10 airports in the Middle East and Africa will have to carry personal electronics larger than a smartphone as checked baggage, citing increased terror threats.

Giving the approximate size of a commonly available smartphone as a guideline for passengers, the DHS said that laptops, tablets, e-readers, cameras, portable DVD players, electronic game units larger than smartphones, and travel printers or scanners were the kind of personal electronics that would not be allowed in the cabin and would have to be carried as checked baggage.

Approved medical devices may be brought into the cabin after additional screening. The size of smartphones is well understood by most passengers who fly internationally, according to the DHS, which in any case asked passengers to check with their airline if they are unsure whether their smartphone is impacted.

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

Vastly improve your IT security in 2 easy steps

It’s a rough number, but I’d wager that 99 percent of computer security risk in most organizations can be attributed to two root causes: social engineering and unpatched software.

I’m not talking about pure numbers of success exploits, but overall impact. Many CISOs and threat intelligence analysts have told me that 100 percent of the biggest events at their company involved social engineering. Certainly, bad breaks enter your environment through other means, which is why we still need to secure our servers, encrypt our disks, and prevent physical intrusions. But in terms of the biggest impact, most organizations can tie those events to two root causes.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

Mozilla beats rivals, patches Firefox's Pwn2Own bug

Mozilla last week patched a Firefox vulnerability just a day after it was revealed during Pwn2Own, the first vendor to fix a flaw disclosed at the hacking contest.

“Congrats to #Mozilla for being the first vendor to patch vuln[erability] disclosed during #Pwn2Own,” tweeted the Zero Day Initiative (ZDI) Monday. ZDI, the bug brokerage run by Trend Micro, sponsored Pwn2Own.

Mozilla released Firefox 52.0.1 on Friday, March 17, with a patch for the integer overflow bug that Chaitin Security Research Lab leveraged in an exploit at Pwn2Own on Thursday, March 16. The Beijing-based group was awarded $30,000 by ZDI for the exploit, which combined the Firefox bug with one in the Windows kernel.

To read this article in full or to leave a comment, please click here


Source: Computerworld.com | Security

Predict – Prevent – Detect – Analyse – Respond | Cyber Security