My views on things
IT Security
Criminals are having a field day with smartphones built to please and gain market shares
07 months ago
Let’s face it. The most popular smartphones on the market today are loved for their fun and useful features, not because they protect your privacy. They were not designed with security in mind, even though they hold so much information about an individual or an organization. And it’s worse if you jailbreak it in order to be able to customise it.
Some security researchers say all smartphones are vulnerable to malware and this could lead to identity theft, among other things. And it’s true, even though BlackBerrys offer better protection than iPhones (no sandbox) or Androids (no review system), it’s still possible to trick a user to go visit an infected website that could help leak information.
Choose your smartphone and the content you will put on it wisely. Treat everything that is on it as public information or just remove data you’d rather not see fall in the wrong hands, whomever they may belong to 
Guardian article about malware:
http://www.guardian.co.uk/money/2011/jul/22/smartphones-hacked-zeus-malware
Guardian article about how easy it is to steal your data if you leave the Wifi on your phone constantly on:
http://www.guardian.co.uk/technology/2011/apr/25/wifi-security-flaw-smartphones-risk
Spotify has been displaying malicious ads
011 months ago
Streaming music service Spotify has been displaying malicious ads to users of their Free version. The ads lead to websites that used the Blackhole Exploit Kit to infect users with the Windows Recovery fake AV application.
Source: Help Net Security
Here we go again: TripAdvisor hacked, member emails stolen
011 months ago
Tripadvisor members have probably received an email from the CEO, explaining that their member’s list has been accessed by a third party.
It’s just one more company to add to the long list of those who have had their client’s list leaked.
It will make spammers very happy, but again, the positive thing is that, at least, they’ve come forward, unlike some other companies I’ve used in the past which just don’t even bother to acknowledge the fact that there has been a leak…
More articles about the same topic: Lush, Trapster
lush.co.uk was hacked and your credit card details stolen… Is your data safe?
11 year ago
Just another example of how unsafe “the cloud” can be. What surprises me is how little companies care about security. I often ask cloud providers about their security measures and the typical answer is that they protect the connection to their servers with SSL which is “very secure”. This is probably enough to reassure a novice consumer that heard from his bank that SSL is the way to go to protect online transactions, but what about the data that is stored on the servers? Most don’t encrypt it unless required by law (credit card details).
There are so many stories nowadays about data theft by rogue employees or hackers, that I’m still amazed that people trust their most sensitive data with companies like Dropbox, Apple, Evernote, Google, Facebook, Sugarsync, etc., These guys have your password. They can look at all your most private documents or pictures unless you encrypt them before you send them. Sure, it’s so convenient to be able to have access to everything from everywhere, to share documents with your mates, etc., but just remember that it makes data thieves very happy as well.
Be safe online, provide a minimum of information, use email address aliases, encrypt your data, use services like Jungledisk or Wuala.
Trapster got hacked, but at least they came through
11 year ago
If you have an account with Trapster, you should go there and change your password now. Leaks of sensitive information happen all the time, but it’s not so common for companies to communicate about it, even when it’s required by law (UK, EU, etc.).
So many little and not so small companies just don’t care about data leaks when they should. Sometimes, they don’t even realize until a customer lets them know.
And, as a consumer, how can you know? Well, unless you use this trick or that one, it’s not that easy to be able to tell what the source of the leak is. And even if you tag your connections, you never know whether some shady website owner sold your data or whether a server got hacked or simply if the person doing the mailings got his Outlook account scanned by a bot…
