• Skip to main content
  • Skip to primary sidebar

Shamrock Information Security

  • Home
  • About
    • Biography
      • Publications
    • Certifications
    • Company details
  • Services
    • Information Security consultancy
    • Information Security auditing
    • Information Security interim positions
    • Data Protection and GDPR Consultancy
    • Data Protection / Privacy interim positions
    • Data Governance Consultancy
    • Data Protection (Information Privacy) Certification Training
  • Contact us!
  • Blog

2016-05-23 by Drs. Andor Demarteau

The niner noteworthy stories of 2016 (week 20)

These are the noteworthy stories, in no particular order, that peaked my interest last week.

  • Apple bans benign iOS spyware detection, security info app
  • Challenging times for Ireland’s Data Protection Commissioner
  • EU-wide cybersecurity rules adopted by the Council
  • Why Google’s monopoly abuse case in Europe will run and run
  • That Time I Got Publicly ‘Hacked’
  • Health data breaches affect millions, including in Southwest Florida
  • LinkedIn resetting passwords after 117 million user credentials stolen
  • Another reason to hate videoconferences: lousy software security
  • Samsung TV data protection court case in Germany is a wake up call from the past

Apple bans benign iOS spyware detection, security info app

Cupertino says ‘potentially false data’ could come from tool reporting on running processes

Two things that I find interesting in this story is the usage of SHA1 as a hashing algorithm which has been deprecated by the National Institute of Standards (NIST) for nearly 5 and a half years now. Although stil in use everywhere, if you really want to take this seriously I would use its successor SHA2 in either the 256 or 512 bits variant. Note that this would only help detect unsigned apps or other such anomalies, in general it would not directly make a device more secure.
The second note I want to make is, why did Apple even allow this app in the AppStore in the first place? Only to torpedo it out later? They claim to check everything before it’s allowed in, apparently not or not on functionality which meant this app sneaked by their detection methods and was therefore booted later. I have seen some other prove-of-concept stuff enter the AppStore undetected before, which was real malware though concept only luckily.
It leaves me to wonder how secure Apple’s AppStore practices really are.
source: The Register (external link)

Challenging times for Ireland’s Data Protection Commissioner

For the second time in two years, the DPC’s critics are asking: who is policing Ireland’s privacy police?

Apparently nobody until now that is. This is a must read for all privacy minded readers and may have a very interesting future outcome of which a lot of giant tech companies will feel the heat in years to come for sure. Couple this to the strengthening of our privacy rights in the GDPR coming into force in 2018 and you may get an idea why this will become very significant.
source: The Irish Times (external link)

EU-wide cybersecurity rules adopted by the Council


Let’s hope it doesn’t stay with good intentions and a piece of paper alone. More to follow on this topic in an upcoming article on this site.
source: European Council – Council of the European Union press release (external link)

Why Google’s monopoly abuse case in Europe will run and run


If you are done reading this, though not directly related to privacy or information security, you may understand why this is important for at least the privacy field. If a company can get such a dominant position in search and seemingly can get away for a long time with alleged abuse of that position, who’s to say the next big international tech company can’t do the same with your personal information instead of search?
I may even argue that that’s already happening right whilst you are reading this.
source: Ars Technica UK (external link)

That Time I Got Publicly ‘Hacked’


A good read and unfortunately that 10 years later WiFI isn’t that more secure then it was back at that time. Though the issues may have changed, open WiFi networks (mostly found in business centre’s, coffee bars etc.) is still suffering the same level of insecurity as outlined in this story.
Yes I know, I pointed this out last week as well.
source: Dark Reading (external link)

Health data breaches affect millions, including in Southwest Florida


Okay, being hacked isn’t fun. But having your medical papers blown out of a garbage truck as a data leak? Please, are you that unconcerned?
For my American readers and those non-American once who may have health data in the US, I know you may not be aware you have, check out the link at the bottom of the article for more data breach information.
source: The News-Press (external link)

LinkedIn resetting passwords after 117 million user credentials stolen


No, it’s no new data breach but the same one from 2012. So yes it took nearly four years to finally figure out that the number of accounts effected wasn’t a measly 6 million but way more then that, 117 million infect, and only because apparently the person who caused the breach finally decided to sell his treasure.
Update: the Register has some more details on this which is worth reading, you can find it here (external link)
source: Mashable (external link)

Another reason to hate videoconferences: lousy software security

Hacker finds video, etc/passwd leak in Vidyo teleconf tool used by US Army, NASA and CERN

Yes there is a patch and no I don’t know if all companies and agencies running this software already applied it yet. From experience I know most organisations are lousy patchers.
Oh and if your /etc/passwd still contains actual passwords, you may have more worries then lousy security in video conferencing software.
source: the Register (external link)

Samsung TV data protection court case in Germany is a wake up call from the past


This article shows very elegantly the split us privacy professionals are in daily between consumer ease of use and protecting our personal data. The point made in the closing paragraphs of this article therefore is more interesting then the Samsung connected TV one which is the main topic of the story.
I therefore can’t but agree with the conclusion in the final sentences.
source: Deutsche Welle (external link)

Filed Under: Noteworthy Series Tagged With: InfoSec, Privacy

Primary Sidebar

Testimonials

IFS, DPC & GDPR

We were introduced to Shamrock Information Security during the development of the AVTN.TV Television News Project. As the projected demands on our systems; need to protect the company from Cyber Attacks; and ensure corporate practices were GDPR compliant increased, Shamrock became invaluable in advising us on the necessary structures and requirements. Their work is most evident within the relevant pages of the AVTN.TV Investment Proposal. I highly recommend their services, and wouldn’t hesitate to commission them in the future.

Phillip Covell, CEO, AVTN.TV

Phillip Covell
AVTN.TV

Great advice on all things to do with privacy and information security

I’ve worked with a lot of privacy and InfoSec professionals over the past couple of decades but few of them had minds as sharp and knowledgeable as those at Shamrock. For insightful and focussed advice on security/privacy matters, Shamrock is hard to beat!

William Hern
trust-hub

Training Feedback

Very knowledgeable trainer nice venue plenty of interaction possible.
If you are looking for an IAPP trainer I can commend this course to you.

Raymond Ford
GDPR Institute

CIPP/E training

I have a lot of experience this field, but there are always areas you are stronger and weaker on. Shamrock covered the exam content thoroughly, such that I was able to focus on the areas that would benefit from some revision.

I would recommend Shamrock training courses for beginners and experts alike.

David Nunn
trust-hub.com
  • Privacy
  • Cookie policy
  • Terms of service
  • Contact us!

Copyright © 2022 · Executive Pro on Genesis Framework · WordPress · Log in

Posting....