Top 5 #InfoSec Reads: April 19-24
Is it Spam? A 419 Scam Moves to Skype

Top 5 #InfoSec Reads: April 26 - May 3

An upsurge in botnet-based attacks, Android closes security gap on iOS, Facebook faces down the EU nations, Raspberry Pi gets a new OS, and yet another embarrassing surveillance revelation are this week's top 5 #infosec reads.

botnet attacks on the rise; PoS systems still at risk of threats

A Dell SecureWorks report, Banking Botnets Persist Despite Takedowns, finds that despite global anticrime efforts to takedown botnets (Gameover Zeus ,  Operation Tovar, Shylock), botnet based attacks against point of sale systems remain a persistent and serious threat. Perhaps more seriously, botnet attackers are casting a wider net against financials, targeting more than 1,400 financial institutions across more than 80 countries. Dell SecureWorks notes an increase in the use of the initial downloaders ("droppers") known as Kegotip, Chanitor, Upatre, and Lerspeng and increased activity from the Dyre, Gozi/Vawtrak, and Bugat v5 botnets. If you must bank online from a Windows system, dedicate an old laptop for banking purposes only. For a $50 investment, you can bank from a Linux build on a Raspberry Pi. Both are small investments with big risk mitigation returns.

Why Android 5.0 doesn't measure up to iOS 8 security

Lisa Phifer packs a lot of important takeaways for corporate mobile device administrators in this article. Apple's single biggest advantage over Android? Tight curation of App Store, which greatly reduces the malware threat. Does Android for Work close the gap between iOS and Android? A bit: Google's added means for admins to prevent sideloading and restrict apps on company-owned or administered Android devices. Data protection measures? Both Google and Apple are improving, but Lisa points out that Apple's big advantage here is legacy, "Every iPhone and iPad manufactured since 2009 supports hardware-based AES-256 bit encryption, which the end user cannot disable. Android 5.0 supports hardware-based AES-128 bit encryption, but many devices running Android don't support encryption."

Facebook threatens Europe with fewer features due to fragmented regulation

Multi-national online services complain constantly about regulatory excesses but as this article notes, Facebook, et. al., must contend with per country fragmented and inconsistent sets of requirements. FB's chief of public policy perhaps speaks for most multi-nationals when he argues that operating as a pan-European business should be done subject to one coherent set of pan-European rules instead of having to "comply with 28 independently shifting national variants." The EU apparently acknowledges and intends to address the issue as part of its Digital Agenda for 2020 (2020... really): the EU's Single Digital Market hopes to define a consistent business environment across member states.  

 Windows 10 for IoT

I love the Raspberry Pi. I have two on my network. One serves as a name resolver, a privacy/content proxy, and firewall log server. The other runs an intrusion detection system. What I don't have yet is a Pi for experimenting with Internet of Things applications. After reading this article and watching the video of Microsoft's Pi-powered B15 robot, I'm eager to make time, purchase a Pi 2, and install the Windows 10 IoT Core Insider Preview. 

German prosecutor to investigate state spy agency’s partnership with the NSA

Let's briefly recap.

September 2013:  Der Spiegel reports that NSA is monitoring smart phones.

October 2013: Der Spiegel reports that NSA is monitoring Chancellor Merkel's smart phone, that the Chancellor placed a "strongly worded phone call to US President Barak Obama" regarding the alleged monitoring: 62% of Germans approve of Merkel's comments on spying allegations, where she asserts, "Spying between friends, that's just not done".  

June 2014: The Guardian reports that Germany opens inquiry into claims NSA tapped Angela Merkel's phone.

April 2015The Verge reports that German intelligence helped the NSA spy on European politicians and defense contractors.

May 2015:  The Verge reports that German prosecutor to investigate state spy agency’s partnership with the NSA.

Takeaway? "Spying between friends" seems to be trending.


Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)