You may have heard about the FREAK exploit that has been talked about lately, and you might think you are secure using the bank app, or medical records app that you downloaded directly from the Apple Store or Google Play.
A new study just released has shown that isn’t quite the case, as the FREAK exploit is based on the encryption keys that the server you connect to, not the App on the phone alone.
Ars Technica has an article about the study, and points out that users of apps should contact the vendors to inquire wether they have corrected the app to prevent FREAK attacks.
WHAT SHOULD I DO?
1 – Upgrade your phone to the latest versions, as they have tried to prevent a vast majority of FREAK attacks in the latest versions. The study found that even after the update on iOS, there were still 7 apps that were vulnerable.
2 – Don’t trust public wifi for secure transactions – you never know when the guy or girl next to you at the library is actually trying to hack your bank account.
The SWAT force is called in when there is a highly volatile situation needing immediate, tactical force to deal with the situation.
However, Internet trolls have taken to using the SWAT teams around the country as their very own revenge squad. If you are active on the internet, especially in the gamer community, you need to prepare yourself for possibly being SWATted (having the SWAT team dispatched to your home to deal with a falsely reported violent encounter).
Digg.com has a very good article explaining this, and what you should know.
Jamie Oliver – The Naked Chef probably never intended his tongue in cheek title to foreshadow the use of his website to distribute malware the way that porn sites are notorious for doing.
You might remember the post earlier in the month when I warned you of how his website was infected with malware. Well, less than a month later, the bad guys have reinfected his site, this time with a better grade of malware. The arms race is real, and you must be vigilant.
For all of my readers that think they are safe from malware because they don’t go to “questionable” websites …. you are not necessarily safe. Malwarebytes has discovered that the website for Jamie Oliver has been compromised by hackers and infects the computers of visitors with a drive by infection.
The site has already been cleaned up, but this is a reminder that there is no such thing as a “safe” website.
Experts are predicting that 2015 will be the worst year ever for credit card fraud, as the US begins transitioning to the EMV card standard. The US accounts for over 47% of all fraudulent card transaction losses on 23% of all fraudulent transactions. That is primarily because we haven’t moved to the chip card standard.
So look for your bank to be issuing you a new card with a chip in it soon.
If you are thinking that Apple Pay (the secure credit card transaction method in the new iPhones) will stop this….well not so fast. Hackers have found a way to use the iPhones as accomplices. They buy credit card numbers on the black market, and load them into an iPhone, eliminating the need to create fake pieces of plastic.
If you are an Apple Pay using iPhone owner, your information in the phone is not being hacked, so don’t worry.
Infoworld has an excellent article on computer security.
To summarize it for you:
1- Patch the popular software first – and do it as soon as the patch is announced
2 – Don’t fall prey to the scams (social engineering) You are more likely to get scammed from sites you “trust” than those you don’t. Don’t EVER give information to unsolicited callers. Know what programs you have installed and ignore threat warnings from software you don’t recognize.
3-Don’t use the same password in multiple locations. If one site gets hacked, that password is added to the dictionary so it can be used to try to hack other locations.
4 – 2 Factor authentication has its benefits. Sure it is a pain in the butt, but if you are concerned about the security of your information/accounts, then the additional inconvenience is worth it.