Friday 12 April 2019

Trump Secret Service USB OpSec FAIL: ‘Spy’ Story Gets Weirder

Mar-a-Lackadaisical


That story about the Chinese woman accused of unauthorized entry to Trump’s Mar-a-Lago? It gained a weird new twist this week.

The Feds protecting the President supposedly found a USB stick and did the last thing you should ever do with an untrusted device—they stuck it into a PC. A Secret Service agent testified the PC then behaved in a “very out-of-the-ordinary” way. It’s still unclear what Yujing Zhang was attempting to do at President Trump’s private club in Florida.

On the face of it, this is really appalling operational security. But in today’s SB Blogwatch, we dig a little deeper.


Read more: securityboulevard.com/2019/04/trump-secret-service-usb-opsec-fail-spy-story-gets-weirder

Thursday 11 April 2019

Fintech fiddles as home burns: 97% of apps lack basic security

Nero ignores conflagration


This is not fine. A white-hat researcher examined 30 financial apps, looking for information security issues—worryingly, all but one of them were insecure.

The failures were mind-numbingly familiar, and dead easy to find. It’s as if the industry has learned nothing and is walking around with a sign on its back, saying, “Rob me.”

Have we learned nothing? In this week’s Security Blogwatch, we’re full of despair.


Read more: techbeacon.com/security/fintech-fiddles-home-burns-97-apps-found-insecure

Tuesday 9 April 2019

Does Microsoft Violate GDPR? European Regulator Asks Tough Questions

GDPR BadPR


EU privacy regulator investigates Microsoft. Audits contracts with EU bodies for compliance.

EDPS (the European Data Protection Supervisor) wants to ensure GDPR (the General Data Protection Regulation) is being adhered to by Microsoft and its customers inside the institutions of the EU itself, such as the Parliament and the Commission. This comes after serious allegations that Microsoft Office’s telemetry features fell afoul of GDPR.

This could get expensive for Redmond. In today’s SB Blogwatch, we search under the couch cushions, in case Satya needs a hand.


Read more: securityboulevard.com/2019/04/does-microsoft-violate-gdpr-european-regulator-asks-tough-questions

Monday 8 April 2019

Stalkerware? Spouseware? Creepware? Just Call it Horrific

Trigger warning: domestic abuse; stalking


The Electronic Frontier Foundation
(EFF) is stepping up its fight against stalkerware. It’s asking for help from AV vendors, phone platform makers and law enforcement.

Also known as spouseware and creepware, this vile trade is responsible for enabling all manner of frightening and dangerous abuse, from stalking to serious sexual assault. It’s no laughing matter.

It’s time to put an end to it. In today’s SB Blogwatch, we’re truly horrified.


Read more: securityboulevard.com/2019/04/stalkerware-spouseware-creepware-just-call-it-horrific