The niner noteworthy stories of 2016 (week 19)

These are the noteworthy stories, in no particular order, that peaked my interest last week.

Adjust your Facebook, Twitter privacy settings, judge tells jurors in Oracle-Google Java trial

Shut the doors to your social media goldmine

So how much can we expect a company like Google to play fair in legal cases when their own money is at stake and their wealth of data collection can help them? This judge advising the jurors not to google anything may be further true to the facts then we would like to think.
Oh and don’t use a gmail account or an android phone for that matter either whilst your at it.
source: The Register (external link)

Google warns of breach

Normally this isn’t something new, Google is known to do security research and publish bugs and zero-day vulnerabilities from time to time. However in this case, it itself is falling victim to a data leak at it’s employee benefits provider. Interesting bit of news.
source: The Register (external link)

US regulators probe Apple, Google, Verizon & others on security patches

Okay, so is this a genuine attempt by the US FTC and FCC to make mobile devices more secure? Or, forgive me my sceptical remark, are they doing this to obtain valuable insights in the software makers’ way of patching vulnerabilities so they can predict how long they have to benefit? Decide for yourself keeping the recent Apple vs. FBI case in mind.
source: Apple Insider (external link)

DNS root zone key boost

For those with some cryptographic knowledge this is welcome news. Although I must admit that DNSSec (DNS Secure) is not available for all domains and is hardly new as the article states. Though it will be a significant step forward if or when it is implemented globally.
Why not directly 4096 bits you may ask? Apparently this increase may already break DNS according to Verisign. Late september this year wil tell us more.
source: The Register (external link)

Hackers Can Unlock Any HID Door Controller with One UDP Packet

And no it isn’t that easy as in the movies. Though from a company selling security equipment I would have expected better testing and security-by-design practices.
source: softpedia.com (external link)

36 firms at risk from that unpatched 2010 SAP vuln? Try 500+

Fixing Java-related bug trickier than it sounds, claims ERP security firm

Yes and updating/upgrading apparently as well too. In the update by this article SAP states that the vulnerability is no longer present in newer versions of the software. SAP also states that disabling it in older versions may break custom implementations at clients’ sites.
Okay so patching is hard, upgrading maybe difficult. But that last bit is interesting as SAP thrives on customisation of their product for it to work for your company. Interesting right?
source: The Register (external link)

Your Instagram Photos Are Leaking

If you still believe that publicly available unencrypted wifi hotspots are safe? Please read this article and read it carefully.
And yes, this may hold for your company’s wireless network as well. If you want to know for sure, drop me a note via the contact form.
source: PCMag.com (external link)

NCA decryption refused

Finally some good news too. Against the backdrop of the US government demanding decryption of everything, the British legal system blocked an attempt to gain access to encrypted data last week.
Now don’t think they are nice guys all of a sudden, you only have to look at their snoopers charter to see otherwise. Though this small news bite by itself is a hopeful glimmer.
source: The Register (external link)

How I found a huge data leak of a company during a college lecture

Sijmen is a great security guy and known for some interesting reads (including an older article on the lack of security on telco terminals as well as telecom selling desks within the Mediamarkt stores).
Here is another interesting titbit from his weblog. Only thing I can say is, read it and act accordingly.
source: Sijmen Ruwhof (ruwhof.com) (external link)