Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - November 18, 2014

Nov 18, 2014 5:28AM PST
Whatsapp Just Switched on End-to-End Encryption for Hundreds of Millions of Users

Growing up in Soviet Ukraine in the 1980s, Whatsapp founder Jan Koum learned to distrust the government and detest its surveillance. After he emigrated to the U.S. and created his ultra-popular messaging system decades later, he vowed that Whatsapp would never make eavesdropping easy for anyone. Now, Whatsapp is following through on that anti-snooping promise at an unprecedented scale.

On Tuesday, Whatsapp announced that it's implementing end-to-end encryption, an upgrade to its privacy protections that makes it nearly impossible for anyone to read users' messages—even the company itself. Whatsapp will integrate the open-source software Textsecure, created by privacy-focused non-profit Open Whisper Systems, which scrambles messages with a cryptographic key that only the user can access and never leaves his or her device. The result is practically uncrackable encryption for hundreds of millions of phones and tablets that have Whatsapp installed—by some measures the world's largest-ever implementation of this standard of encryption in a messaging service.

Continued : http://www.wired.com/2014/11/whatsapp-encrypted-messaging/

Related:
WhatsApp Messages Get End-to-End Encryption
Open Whisper Systems helps WhatsApp achieve end-to-end encryption

Discussion is locked

- Collapse -
Most of the top 100 paid Android & iOS apps have been hacked
Nov 18, 2014 5:43AM PST

97% of the top 100 paid Android apps and 87% of the top 100 paid Apple iOS apps have been hacked, according to Arxan Technologies.

In addition to an increase in app hacks found for commonly downloaded popular free apps, their research also reveals evidence of widespread hacking of financial services, healthcare/medical, and retail/merchant apps; largely driven by hacks of Android apps.

Free app downloads are forecasted to increase at a rate of 99% to reach 253 billion downloads in 2017 and paid app downloads are projected to reach almost 15 billion, a 33% increase by 2017.

This explosion in app usage is seen across all verticals and lead by apps running on the Android mobile operating system, which continues to dominate with 85% market share.

Key findings include:

Continued : http://www.net-security.org/secworld.php?id=17645

Related : Android and iOS apps still being cloned to spread malware

- Collapse -
Apple issues Yosemite patch for Wi-Fi bug
Nov 18, 2014 5:43AM PST

Apple has issued the first patch for OS X 10.10 Yosemite, fixing, among other things, a pervasive and frustrating bug that affected Wi-Fi connectivity for some Mac users.

The bug caused Wi-Fi connectivity to drop intermittently on certain configurations of Macs and routers. Over the course of the month since Yosemite was released, the bug has generated a 1,000-plus reply thread on the Apple support forum.

Mac users that have experienced Wi-Fi performance issues running Yosemite should expect to see an improvement with this update. I've tested it on a system that was affected by the Wi-Fi bug and the problem now appears to be fixed.

Continued: http://www.zdnet.com/apple-issues-yosemite-patch-for-wi-fi-bug-7000035874/

- Collapse -
Cisco Releases Security Analytics Framework to Open Source
Nov 18, 2014 5:44AM PST

Cisco announced today that it has made available through open source a framework that integrates data analytics tools into security operations.

"The OpenSOC framework helps organizations make big data part of their technical security strategy by providing a platform for the application of anomaly detection and incident forensics to the data loss problem," wrote Pablo Salazar, a Cisco Security Solutions manager in a blog post this morning.

OpenSOC borrows some tools from Hadoop, open source software that processes large collections of distributed data for analysis. Those tools include: Kafka, a message broker; Storm, a real-time computation system; and Elasticsearch, which simplifies searches among large data sets.

Continued: http://threatpost.com/cisco-releases-security-analytics-framework-to-open-source/109415

Related:
Cisco open sources Big Data security analytics framework
Cisco Releases OpenSOC Security Analytics Framework as Open Source
Cisco hands over security analytics framework to open source development

- Collapse -
'Facebook at Work' Could Increase Security Risks
Nov 18, 2014 5:44AM PST

The 'Facebook at Work' project could raise even more security and privacy issues than the regular social network, according to Bitdefender security experts. The antivirus software specialists warn of the numerous scams that could flood the new project if the company neglects thorough security measures.

As Facebook allegedly crafts an office-dedicated social network, Bitdefender warns about e-threats that could move from the old web site to the new one, with further financial implications.

"Facebook at Work" would look very much like the existing Facebook, but would compete with LinkedIn, according to Gizmodo. The new social platform would allow employees to chat with each other, connect with professional contacts, work on documents together and share files.

Continued : http://www.hotforsecurity.com/blog/facebook-at-work-could-increase-security-risks-10835.html

- Collapse -
Link Found in Staples, Michaels Breaches
Nov 18, 2014 5:45AM PST

The breach at office supply chain Staples impacted roughly 100 stores and was powered by some of the same criminal infrastructure seen in the intrusion disclosed earlier this year at Michaels craft stores, according to sources close to the investigation.

Multiple banks interviewed by this author say they've received alerts from Visa and MasterCard about cards impacted in the breach at Staples, and that to date those alerts suggest that a subset of Staples stores were compromised between July and September 2014.

Sources briefed on the ongoing investigation say it involved card-stealing malicious software that the intruders installed on cash registers at approximately 100 Staples locations. Framingham, Mass.-based Staples has more than 1,800 stores nationwide.

Continued : http://krebsonsecurity.com/2014/11/link-found-in-staples-michaels-breaches/

- Collapse -
Apple iOS 8.1.1 Fixes Several Code-Execution Flaws
Nov 18, 2014 5:47AM PST

Apple has patched 10 vulnerabilities in iOS, including a pair of bugs that allowed arbitrary code execution and one that enables an attacker to run random binaries on a target device.

The patches come in iOS 8.1.1, a small update to the company's mobile operating system. There are several serious vulnerabilities fixed in this release, including the code-execution flaws. But it does not appear that Apple has included a patch for the vulnerability used by the WireLurker malware. That flaw enables an attacker to switch a legitimate app for a malicious one, with no indication to the user. The WireLurker malware was exploiting this vulnerability when an iOS device was connected to an infected Windows or Mac computer.

Researchers at FireEye said that the vulnerability was reported to Apple in July.

Continued: http://threatpost.com/apple-ios-8-1-1-fixes-several-code-execution-flaws/109423