AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/06/2021

1 – Vishing — Phone Call Attacks and Scams

When you think of a cyber criminal you probably think of an evil mastermind sitting behind a computer, launching sophisticated attacks over the internet. While some of today’s cyber criminals do use advanced technologies, many simply use the phone to trick their victims. There are two big advantages to using a phone: Unlike other attacks, there are fewer security technologies that can detect and stop a phone call attack; also, it is much easier for criminals to convey emotion and build trust over the phone, which makes it easier to trick their victims. Let’s learn how to spot and stop these attacks.

 

2 – Twitter’s latest robo-nag will flag “harmful” language before you post

On Wednesday, members of Twitter’s product-design team confirmed that a new automatic prompt will begin rolling out for all Twitter users, regardless of platform and device, that activates when a post’s language crosses Twitter’s threshold of “potentially harmful or offensive language.” This follows a number of limited-user tests of the notices beginning in May of last year. Soon, any robo-moderated tweets will be interrupted with a notice asking, “Want to review this before tweeting?” Earlier tests of this feature, unsurprisingly, had their share of issues. “The algorithms powering the [warning] prompts struggled to capture the nuance in many conversations and often didn’t differentiate between potentially offensive language, sarcasm, and friendly banter,” Twitter’s announcement states. The news post clarifies that Twitter’s systems now account for, among other things, how often two accounts interact with each other—meaning, I’ll likely get a flag for sending curse words and insults to a celebrity I never talk to on Twitter, but I would likely be in the clear sending those same sentences via Twitter to friends or Ars colleagues.

 

3 – Epic v. Apple turns into Windows v. Xbox

Is an iPhone more like a PC or an Xbox? That question was asked — implicitly and explicitly — over and over on the third day of Epic v. Apple testimony. The antitrust trial started on Monday with some heady pronunciations about Fortnite, the game and/or metaverse at the heart of the case. Yesterday, both sides argued about whether iPhones and iPads were truly locked down. And today, Apple and Epic delved into one of the biggest questions of the trial: whether saying iOS violates antitrust law would make every major game console an unlawful monopoly too. Apple’s attorneys issued a dire warning to Sony, Nintendo, and Microsoft during its opening statement, saying that their business models were all fundamentally similar. “If Epic prevails, other ecosystems will fall too,” they warned. But today, Epic called up Microsoft’s Xbox business development head Lori Wright as a sympathetic witness. In response to a line of questioning, Wright divided computing devices into “special-purpose” and “general-purpose” devices — in a way that clearly defined iPhones as the latter.

 

4 – Data leak makes Peloton’s Horrible, No-Good, Really Bad Day even worse

Peloton is having a rough day. First, the company recalled two treadmill models following the death of a 6-year-old child who was pulled under one of the devices. Now comes word Peloton exposed sensitive user data, even after the company knew about the leak. No wonder the company’s stock price closed down 15 percent on Wednesday. Researchers at security consultancy Pen Test Partners on Wednesday reported that a flaw in Peloton’s online service was making data for all of its users available to anyone anywhere in the world, even when a profile was set to private. All that was required was a little knowledge of the faulty programming interfaces that Peloton uses to transmit data between devices and the company’s servers.

 

5 – World Password Day, Yet Another Holiday Reminding Us We Should Really Change ‘That’ Password

The Annual World Password Day painfully reminds us that the concept of people choosing their own passwords seems flawed. Thankfully, things are getting better, and password security is evolving with new tools, but the need for a World Password Day remains. People often say that they don’t have anything that criminals want. Yet, deep down they know that’s not true. Users have passwords for everything, email services, video streaming platforms, school accounts, and so on. Passwords usually guard personal information or metadata about people. That wouldn’t happen unless some of the information is of value to someone. Despite all that, people also treat passwords as something that takes up time and effort. It’s a burden on our daily lives, so we take shortcuts, like using the same password on multiple services or choosing simple passwords that are easy to remember.

Related Posts