Proprietary Software and Terrible Security

posted by Roy Schestowitz on Sep 17, 2022

• Push notification two-factor auth considered harmful

  I think that issuing everyone in the company a Yubikey and making every internal system work with that would be a better option. I think this because of the core problem of phishing: it works best when you are less vigilant. Many two factor authentication mechanisms lend themselves to phishing because of how they work. Here are my cynical thoughts about some common ones.

• [Cracker] claims to breach Uber, security researcher says

  “It seems like they've compromised a lot of stuff,” said Sam Curry, an engineer with Yuga Labs who communicated with the hacker. That includes obtaining complete access to the Amazon and Google-hosted cloud environments where Uber stores its source code and customer data, he said.

• Cyber Resilience Act: Protecting digital security works differently

  Today, the EU Commission presented the “Cyber Resilience Act”, draft legislation which would oblige manufacturers of products “with digital elements” to guarantee cyber security throughout the entire product life cycle.[1] This way, the Commission wants to ensure that digital products are designed more securely from the beginning of the devices‘ life cycle and contain fewer vulnerabilities in order to be better equipped against cyber attacks.

• Education technology harvesting children's data - UK report

  The foundation told RNZ small countries like New Zealand should follow the likes of the Netherlands, and look to curb education technology that spies on children.

  Its investigation concludes that just how exposed kids are varies between schools, but in general digital classrooms are flouting data protection laws to exploit children's data "for commercial gain".

• Police investigating series of frauds, computer break-ins linked to error at S Bank

  The perpetrators, for example, exploited the vulnerability to access the online banking services of other customers, use their log-in credentials to access other online services and to make unauthorised payments, indicates a press release issued by S Bank on Tuesday. The system error, it said, enabled a “small group of customers” to log in to the online banks of others “in certain circumstances”.