• Skip to main content
  • Skip to primary sidebar

Shamrock Information Security

  • Home
  • About
    • Biography
      • Publications
    • Certifications
    • Company details
  • Services
    • Information Security consultancy
    • Information Security auditing
    • Information Security interim positions
    • Data Protection and GDPR Consultancy
    • Data Protection / Privacy interim positions
    • Data Governance Consultancy
    • Data Protection (Information Privacy) Certification Training
  • Contact us!
  • Blog

2016-05-17 by Drs. Andor Demarteau

The niner noteworthy stories of 2016 (week 19)

These are the noteworthy stories, in no particular order, that peaked my interest last week.

  • Adjust your Facebook, Twitter privacy settings, judge tells jurors in Oracle-Google Java trial
  • Google warns of breach
  • US regulators probe Apple, Google, Verizon & others on security patches
  • DNS root zone key boost
  • Hackers Can Unlock Any HID Door Controller with One UDP Packet
  • 36 firms at risk from that unpatched 2010 SAP vuln? Try 500+
  • Your Instagram Photos Are Leaking
  • NCA decryption refused
  • How I found a huge data leak of a company during a college lecture

Adjust your Facebook, Twitter privacy settings, judge tells jurors in Oracle-Google Java trial

Shut the doors to your social media goldmine

So how much can we expect a company like Google to play fair in legal cases when their own money is at stake and their wealth of data collection can help them? This judge advising the jurors not to google anything may be further true to the facts then we would like to think.
Oh and don’t use a gmail account or an android phone for that matter either whilst your at it.
source: The Register (external link)

Google warns of breach


Normally this isn’t something new, Google is known to do security research and publish bugs and zero-day vulnerabilities from time to time. However in this case, it itself is falling victim to a data leak at it’s employee benefits provider. Interesting bit of news.
source: The Register (external link)

US regulators probe Apple, Google, Verizon & others on security patches


Okay, so is this a genuine attempt by the US FTC and FCC to make mobile devices more secure? Or, forgive me my sceptical remark, are they doing this to obtain valuable insights in the software makers’ way of patching vulnerabilities so they can predict how long they have to benefit? Decide for yourself keeping the recent Apple vs. FBI case in mind.
source: Apple Insider (external link)

DNS root zone key boost


For those with some cryptographic knowledge this is welcome news. Although I must admit that DNSSec (DNS Secure) is not available for all domains and is hardly new as the article states. Though it will be a significant step forward if or when it is implemented globally.
Why not directly 4096 bits you may ask? Apparently this increase may already break DNS according to Verisign. Late september this year wil tell us more.
source: The Register (external link)

Hackers Can Unlock Any HID Door Controller with One UDP Packet


And no it isn’t that easy as in the movies. Though from a company selling security equipment I would have expected better testing and security-by-design practices.
source: softpedia.com (external link)

36 firms at risk from that unpatched 2010 SAP vuln? Try 500+

Fixing Java-related bug trickier than it sounds, claims ERP security firm

Yes and updating/upgrading apparently as well too. In the update by this article SAP states that the vulnerability is no longer present in newer versions of the software. SAP also states that disabling it in older versions may break custom implementations at clients’ sites.
Okay so patching is hard, upgrading maybe difficult. But that last bit is interesting as SAP thrives on customisation of their product for it to work for your company. Interesting right?
source: The Register (external link)

Your Instagram Photos Are Leaking


If you still believe that publicly available unencrypted wifi hotspots are safe? Please read this article and read it carefully.
And yes, this may hold for your company’s wireless network as well. If you want to know for sure, drop me a note via the contact form.
source: PCMag.com (external link)

NCA decryption refused


Finally some good news too. Against the backdrop of the US government demanding decryption of everything, the British legal system blocked an attempt to gain access to encrypted data last week.
Now don’t think they are nice guys all of a sudden, you only have to look at their snoopers charter to see otherwise. Though this small news bite by itself is a hopeful glimmer.
source: The Register (external link)

How I found a huge data leak of a company during a college lecture


Sijmen is a great security guy and known for some interesting reads (including an older article on the lack of security on telco terminals as well as telecom selling desks within the Mediamarkt stores).
Here is another interesting titbit from his weblog. Only thing I can say is, read it and act accordingly.
source: Sijmen Ruwhof (ruwhof.com) (external link)

Filed Under: Noteworthy Series Tagged With: Cryptography, InfoSec, Privacy

Primary Sidebar

Testimonials

IFS, DPC & GDPR

We were introduced to Shamrock Information Security during the development of the AVTN.TV Television News Project. As the projected demands on our systems; need to protect the company from Cyber Attacks; and ensure corporate practices were GDPR compliant increased, Shamrock became invaluable in advising us on the necessary structures and requirements. Their work is most evident within the relevant pages of the AVTN.TV Investment Proposal. I highly recommend their services, and wouldn’t hesitate to commission them in the future.

Phillip Covell, CEO, AVTN.TV

Phillip Covell
AVTN.TV

Great advice on all things to do with privacy and information security

I’ve worked with a lot of privacy and InfoSec professionals over the past couple of decades but few of them had minds as sharp and knowledgeable as those at Shamrock. For insightful and focussed advice on security/privacy matters, Shamrock is hard to beat!

William Hern
trust-hub

Training Feedback

Very knowledgeable trainer nice venue plenty of interaction possible.
If you are looking for an IAPP trainer I can commend this course to you.

Raymond Ford
GDPR Institute

CIPP/E training

I have a lot of experience this field, but there are always areas you are stronger and weaker on. Shamrock covered the exam content thoroughly, such that I was able to focus on the areas that would benefit from some revision.

I would recommend Shamrock training courses for beginners and experts alike.

David Nunn
trust-hub.com
  • Privacy
  • Cookie policy
  • Terms of service
  • Contact us!

Copyright © 2022 · Executive Pro on Genesis Framework · WordPress · Log in

Posting....