Black Hat security conference trims insecure features from its mobile app

Black Hat security conference trims insecure features from its mobile app

Black Hat has disabled features of its mobile application because attackers could have logged in as legitimate attendees, posted messages in their names and spied on the messages they sent.

The problem was discovered by mobile security vendor Lookout who detail the problem in a blog that says the method of registration and password resets were flawed.

“[W]e’ve removed user-to-user messaging functionality and activity feed updates out of an abundance of caution,” a spokesperson for the conference organizer UBM said in an email.

The problems stemmed from the fact that new accounts were created without email verification, and that even when users reset their passwords, authentication tokens weren’t revoked. So attackers logged in already could stay logged in.

To read this article in full or to leave a comment, please click here

Black Hat security conference trims insecure features from its mobile app

SwiftKey's typing predictions may have leaked users' emails

SwiftKey’s typing predictions may have leaked users’ emails

SwiftKey, a popular keyboard app, has suspended a syncing feature that may have leaked users’ emails to strangers.

The problem has been popping up through the app’s prediction bar. A few users on Reddit have noticed that it’s been offering strange suggestions — including emails they’ve never seen and foreign language terms they’ve never used.

“And now, I’m getting someone else’s German predictions,” wrote one user, who recently rooted a Samsung Galaxy S6 phone. “I have never typed German in my entire life.”

The problem might be related to how SwiftKey collects data on the words and phrases users type. That data is then analyzed and used to predict the customer’s typing habits, including what emails they tend to enter — only in this case those predictions are possibly being shared to others.  

To read this article in full or to leave a comment, please click here

SwiftKey’s typing predictions may have leaked users’ emails

FBI said to investigate possible hack of another Democratic Party organization

FBI said to investigate possible hack of another Democratic Party organization

The FBI is said to be investigating yet another suspected hack of a Democratic Party organization, this time of the Democratic Congressional Campaign Committee that raises funds for Democrats running for the House of Representatives.

The previously unreported hack of the DCCC is likely to have been aimed at gathering information on donors rather than steal funds, four sources told Reuters.

The intrusion is likely to raise fresh concerns about Russia trying to meddle in the U.S. elections. Another hack of the Democratic National Committee, suspected by security investigators to have been perpetrated by Russians, led to an embarrassing dump on Friday of leaked emails that showed that the Democratic Party’s national strategy and fund-raising committee had favored Hillary Clinton over Senator Bernie Sanders, her rival in the presidential nomination campaign.

To read this article in full or to leave a comment, please click here

FBI said to investigate possible hack of another Democratic Party organization

Microsoft makes Windows 10 hardware change for PC security

Microsoft makes Windows 10 hardware change for PC security

Microsoft is rolling out a change in minimum hardware requirements for Windows 10 PCs and mobile devices, and expects hardware makers to comply in order to make their devices more secure.

Starting Thursday, PC makers should include a hardware-based security feature called TPM (Trusted Platform Module) 2.0 in Windows 10 PCs, smartphones and tablets.

The TPM 2.0 feature will be beneficial for users as it will do a better job of protecting sensitive information on a PC. A TPM 2.0 security layer — which can be in the form of a chip or firmware — can safeguard user data by managing and storing cryptographic keys in a trusted container.

To read this article in full or to leave a comment, please click here

Microsoft makes Windows 10 hardware change for PC security