Security Roundup
Tech news is currently focused on Apple—see my other piece from this edition all about Apple. And of course, the geeks amongst us are either downloading or already testing Microsoft’s just-announced Windows 10 Technical Preview (yes, they skipped Windows 9 entirely). But connected to it all is an undercurrent of security and privacy concerns. Here’s a look an overview of the new and the frightening in that niche of the tech world.
Theories are still swirling about just how the iCloud hacks were carried out. But at least some security researchers believe the hackers may have used the same forensics tools as those available to law enforcement.
Speaking of tools used by law enforcement, governments around the world are increasing their use of fake cell phone towers, known as IMSI catchers, to intercept calls, texts, and data. The devices work by pretending to be real cell towers and forcing phones in the vicinity to connect to them with weak or no encryption. Police in Florida have used the device without a warrant. Now, the manufacturer of CryptoPhone (designed to protect against the attack) claims to have found such interceptors scattered across the United States. Marketing ploy, or fair warning?
Turning to desktop operating systems, old malware with fresh paint and a new name is wreaking havoc with personal files. Cryptowall infects computers via different avenues, then begins encrypting personal files. Eventually, it demands a ransom to unlock them to the user. Security researchers figured out a way for users to decrypt their files again with the malware’s previous incarnation (Cryptolocker); here’s to hoping Cryptowall, too, can be defeated.
No IT system is perfect. But sometimes, the simplest of human errors can cause more damage than a complex or deep systems failure. Indeed, the FBI is now claiming that’s exactly how it managed to identify the location of the server that hosted the now-defunct Silk Road online drug market. Silk Road was only readily available through Tor, which anonymized the server’s IP address. However, it seems that a simple server misconfiguration allowed the FBI to harvest the server’s real IP address and thus determine its location.
The good news is that you (hopefully) are not the target of an FBI investigation, nor are you (probably) a celebrity. You’re just not worth the trouble to spy on or spend a long term hacking. Here are a few quick tips on how to protect yourself from Joe Schmoe hacker enough to make him just move on to an easier target.
Finally, a massive flaw in USB microcontroller firmware threatens a myriad of devices that most users consider too dumb and simple to be dangerous. We may be about to find out just how flawed that assumption is.
