An incoming call from Edward Snowden, cyberattacks against Ukraine, iOS 7.1 patches for Webkit and malicious apps, selling student personal data, and a WhatsApp mishap are among this weeks top #infosec reads.
Edward Snowden, exiled former CIA contractor, showed up at the South by South West conference Monday via Google hangouts. In front of a crowd of 3,500, he stressed that he acted in the interest of national security, and advocated the importance of encryption in light of the new evidence of the NSA's cyber-surveillance.
As a follow-up to the takeover of Crimea by unidentified troops in unmarked uniforms, Ukraine is now reporting a variety of cyberattacks on their government's computer networks. SC Magazine UK quotes Dr Thomas Rid, Reader in War Studies, Kings College London as saying “Russia is the suspect for both the physical and cyber-attacks, but there is no concrete evidence to support the suspicions.”
Apple's iOS 7.1 release fixes at least 41 bugs, including 19 in Webkit. Some of the vulnerabilities resolved mitigate attacks from malicious apps, as well as a MITM that tricked users into downloading malicious apps via Enterprise App Download.
The Guardian alleges that the UK Universities and Colleges Admission Service sold personal data of one million students and parents to mobile phone operators O2 and Vodafone, Microsoft and Red Bull. A “commercial arm” of UCAS earned £millions from sharing emails and addresses. UCAS claims its data collection and “opt out” opportunity comply with the laws. privacy lobby group Big Brother Watch concedes but claims their methods are underhanded.
WhatsApp, recently acquired by Facebook, is reported to save on the users' SD card in their phone. Any Android application can read the SD card if the user allows access to it. Because of this, private messages on the SD card can be accessed by developers of any Android app, not just WhatsApp, so long as they have the user's permission to access the SD card.