<?xml version="1.0" encoding="UTF-8"?>
 <rdf:RDF xmlns="http://purl.org/rss/1.0/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://web.resource.org/cc/" xmlns:syn="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/">
  <channel rdf:about="http://pinboard.in">
    <title>Pinboard (guardiantech)</title>
    <link>https://pinboard.in/u:guardiantech/public/</link>
    <description>recent bookmarks from guardiantech</description>
    <items>
      <rdf:Seq>	<rdf:li rdf:resource="https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6"/>
	<rdf:li rdf:resource="http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html"/>
	<rdf:li rdf:resource="https://www.aclu.org/blog/technology-and-liberty/apple-throws-down-privacy-gauntlet"/>
	<rdf:li rdf:resource="https://corporate.homedepot.com/MediaCenter/Pages/Statement1.aspx"/>
	<rdf:li rdf:resource="https://twofactorauth.org/"/>
	<rdf:li rdf:resource="http://www.howtogeek.com/190863/androids-app-permissions-were-just-simplified-now-theyre-much-less-secure/"/>
	<rdf:li rdf:resource="http://arstechnica.com/security/2014/07/wordpress-plugin-with-1-7-million-downloads-puts-sites-at-risk-of-takeover/"/>
	<rdf:li rdf:resource="http://www.theglobeandmail.com/news/national/quebec-police-crack-down-on-pair-of-organized-crime-groups/article19134465/"/>
	<rdf:li rdf:resource="http://www.scmagazineuk.com/alarm-bells-ring-for-internet-of-things-after-smart-tv-hack/article/354900/"/>
	<rdf:li rdf:resource="http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/"/>
	<rdf:li rdf:resource="http://www.cnet.com/uk/news/serious-security-flaw-in-oauth-and-openid-discovered/"/>
	<rdf:li rdf:resource="http://www.kalzumeus.com/2014/04/09/what-heartbleed-can-teach-the-oss-community-about-marketing/"/>
	<rdf:li rdf:resource="http://xkcd.com/1354/"/>
	<rdf:li rdf:resource="http://www.pcpro.co.uk/news/security/387937/dumb-cryptodefense-hackers-leave-keys-on-victims-pcs"/>
	<rdf:li rdf:resource="http://noncombatant.org/2014/03/11/privacy-and-security-settings-in-chrome/"/>
	<rdf:li rdf:resource="http://m.phys.org/news/2014-03-wpa2-wireless.html"/>
	<rdf:li rdf:resource="http://www.informationweek.com/software/operating-systems/windows-xp-security-issues-fact-vs-fiction/d/d-id/1127643"/>
	<rdf:li rdf:resource="https://news.ycombinator.com/item?id=7281378"/>
	<rdf:li rdf:resource="https://www.kickstarter.com/blog/important-kickstarter-security-notice"/>
	<rdf:li rdf:resource="http://news.netcraft.com/archives/2014/02/07/are-there-really-lots-of-vulnerable-apache-web-servers.html"/>
	<rdf:li rdf:resource="http://tonyarcieri.com/whats-wrong-with-webcrypto"/>
	<rdf:li rdf:resource="http://www.siliconbeat.com/2013/12/26/hole-found-in-samsungs-knox-security-feature/"/>
	<rdf:li rdf:resource="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone"/>
	<rdf:li rdf:resource="http://krebsonsecurity.com/2013/10/thousands-of-sites-hacked-via-vbulletin-hole/"/>
	<rdf:li rdf:resource="http://googleonlinesecurity.blogspot.co.uk/2013/10/going-beyond-vulnerability-rewards.html"/>
	<rdf:li rdf:resource="http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/"/>
	<rdf:li rdf:resource="http://www.zdnet.com/apples-advanced-fingerprint-technology-is-hacked-should-you-worry-7000020998/"/>
	<rdf:li rdf:resource="http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/"/>
	<rdf:li rdf:resource="http://gizmodo.com/apple-missed-the-best-use-for-a-fingerprint-scanner-1294669941"/>
	<rdf:li rdf:resource="http://www.csoonline.com/article/737490/enterprises-warned-against-first-true-google-phone-moto-x"/>
	<rdf:li rdf:resource="http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/"/>
	<rdf:li rdf:resource="http://www.wired.com/threatlevel/2013/08/twitter-new-two-facto/"/>
	<rdf:li rdf:resource="https://www.facebook.com/notes/facebook-engineering/secure-browsing-by-defa%20ult/10151590414803920"/>
	<rdf:li rdf:resource="http://www.koreaherald.com/view.php?ud=20130719000708"/>
	<rdf:li rdf:resource="https://code.google.com/p/android/issues/detail?id=57560"/>
	<rdf:li rdf:resource="http://www.zdnet.com/android-oems-slow-to-roll-out-bluebox-security-patch-7000018012/"/>
	<rdf:li rdf:resource="http://googlesystem.blogspot.co.uk/2013/06/no-safe-browsing-for-android.html"/>
	<rdf:li rdf:resource="http://9to5mac.com/2013/06/19/why-you-dont-want-to-use-the-default-password-for-your-iphone-personal-hotspot/"/>
	<rdf:li rdf:resource="http://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojan"/>
	<rdf:li rdf:resource="http://blog.evernote.com/blog/2013/05/30/evernotes-three-new-security-features/"/>
	<rdf:li rdf:resource="http://bits.blogs.nytimes.com/2013/06/03/malware-that-drains-your-bank-account-thriving-on-facebook/"/>
	<rdf:li rdf:resource="http://www.bbc.co.uk/news/technology-22526021"/>
	<rdf:li rdf:resource="http://www.wired.com/threatlevel/2013/05/nsa-manual-on-hacking-internet/"/>
	<rdf:li rdf:resource="http://theonion.github.io/blog/2013/05/08/how-the-syrian-electronic-army-hacked-the-onion/"/>
	<rdf:li rdf:resource="http://arstechnica.com/security/2013/04/huge-attack-on-wordpress-sites-could-spawn-never-before-seen-super-botnet/"/>
	<rdf:li rdf:resource="http://www.aclu.org/blog/technology-and-liberty/aclu-files-ftc-complaint-over-android-smartphone-security"/>
	<rdf:li rdf:resource="http://nakedsecurity.sophos.com/2013/04/11/microsoft-look-like-being-next-with-2fa/"/>
	<rdf:li rdf:resource="http://www.theverge.com/2013/3/29/4158594/password-denied-when-will-apple-get-serious-about-security"/>
	<rdf:li rdf:resource="http://blog.gsmarena.com/the-latest-security-flaw-in-sony-xperia-z-allows-you-to-bypass-its-lock-screen-in-few-simple-steps/"/>
	<rdf:li rdf:resource="http://m.imore.com/apple-rolls-out-fix-password-reset-security-hole-iforgot-site-back"/>
	<rdf:li rdf:resource="http://shkspr.mobi/blog/2013/03/new-bypass-samsung-lockscreen-total-control/"/>
	<rdf:li rdf:resource="http://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/"/>
	<rdf:li rdf:resource="http://phys.org/news/2013-03-chrome-os-thwarts-pwnium.html"/>
	<rdf:li rdf:resource="http://www.bbc.co.uk/news/technology-21697704"/>
	<rdf:li rdf:resource="http://www.computerweekly.com/blogs/open-source-insider/2013/03/the-secure-enterprise-android-dream-comes-of-age.html"/>
	<rdf:li rdf:resource="http://shkspr.mobi/blog/2013/03/samsung-lock-screen-security-flaw/"/>
	<rdf:li rdf:resource="http://evernote.com/corp/news/password_reset.php"/>
	<rdf:li rdf:resource="http://blogs.computerworld.com/desktop-apps/20845/explaining-confusion-over-flash-versions"/>
	<rdf:li rdf:resource="http://thenextweb.com/apple/2013/02/26/no-the-new-ios-6-1-lock-screen-bypass-bug-does-not-allow-access-to-the-file-system/"/>
	<rdf:li rdf:resource="http://www.90percentofeverything.com/2011/03/25/fk-captcha/"/>
	<rdf:li rdf:resource="http://www.businessweek.com/articles/2013-02-14/a-chinese-hackers-identity-unmasked#p1"/>
	<rdf:li rdf:resource="http://www.forbes.com/sites/andygreenberg/2013/01/29/disable-a-protocol-called-upnp-on-your-router-now-to-avoid-a-serious-set-of-security-bugs/"/>
	<rdf:li rdf:resource="http://arstechnica.com/security/2013/02/adobe-issues-emergency-flash-update-for-attacks-on-windows-mac-users/"/>
	<rdf:li rdf:resource="http://news.ycombinator.com/item?id=4860203"/>
	<rdf:li rdf:resource="http://arstechnica.com/security/2012/07/android-nokia-smartphone-hack/"/>
	<rdf:li rdf:resource="http://www.schneier.com/blog/archives/2012/12/terms_of_servic.html"/>
	<rdf:li rdf:resource="http://tidbits.com/article/13461"/>
	<rdf:li rdf:resource="http://nakedsecurity.sophos.com/2012/12/05/eu-domain-abuse/"/>
	<rdf:li rdf:resource="http://www.theregister.co.uk/2012/11/27/bt_phone_call_plan_privacy/"/>
	<rdf:li rdf:resource="http://www.guardian.co.uk/uk/2012/nov/20/prince-william-photos-mod-passwords"/>
      </rdf:Seq>
    </items>
  </channel><item rdf:about="https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6">
    <title>Here’s why public Wi-fi is a public health hazard &gt;&gt; Matter</title>
    <dc:date>2014-10-16T22:33:37+00:00</dc:date>
    <link>https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Maurits Martijn: <blockquote class="quoted">In his backpack, Wouter Slotboom, 34, carries around a small black device, slightly larger than a pack of cigarettes, with an antenna on it. I meet Wouter by chance at a random cafe in the center of Amsterdam. It is a sunny day and almost all the tables are occupied. Some people talk, others are working on their laptops or playing with their smartphones.

Wouter removes his laptop from his backpack, puts the black device on the table, and hides it under a menu. A waitress passes by and we ask for two coffees and the password for the WiFi network. Meanwhile, Wouter switches on his laptop and device, launches some programs, and soon the screen starts to fill with green text lines. It gradually becomes clear that Wouter’s device is connecting to the laptops, smartphones, and tablets of cafe visitors.</blockquote>]]></description>
<dc:subject>security hacking wifi</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:5ce68f231fb9/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hacking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:wifi"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html">
    <title>Everything you need to know about the Shellshock Bash bug &gt;&gt; Troy Hunt</title>
    <dc:date>2014-09-25T21:30:44+00:00</dc:date>
    <link>http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote class="quoted">Remember Heartbleed? If you believe the hype today, Shellshock is in that league and with an equally awesome name albeit bereft of a cool logo (someone in the marketing department of these vulns needs to get on that). But in all seriousness, it does have the potential to be a biggie and as I did with Heartbleed, I wanted to put together something definitive both for me to get to grips with the situation and for others to dissect the hype from the true underlying risk.</blockquote>

And when he says definitive, he is.]]></description>
<dc:subject>security linux shell bash shellshock</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:5fcf54946751/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:linux"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:shell"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:bash"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:shellshock"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.aclu.org/blog/technology-and-liberty/apple-throws-down-privacy-gauntlet">
    <title>Apple throws down privacy gauntlet &gt;&gt; American Civil Liberties Union</title>
    <dc:date>2014-09-19T16:49:42+00:00</dc:date>
    <link>https://www.aclu.org/blog/technology-and-liberty/apple-throws-down-privacy-gauntlet</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Chris Soghoian, principal technologist, on the privacy protection in iOS 8: <blockquote class="quoted">This was a big step for Apple, and one that likely required significant engineering work. What is so interesting and smart about this move is that rather than telling the government that they no longer want to help the government, they re-architected iOS so they are unable to help the government. Think of it as Apple playing a game of chicken, and the company has just thrown the steering wheel out of the window.

That's something that's going to be difficult for most tech companies to do, because so many of them have built their businesses around access to user data. If the companies can search and analyze that data, they can be forced to turn it over to the government. Apple's business model—selling expensive, luxury hardware to consumers—gives them the freedom to lock themselves out of access to their customers' data. Apple doesn't care what you store on your phone as long as you buy a new one every two years.

Although today's announcement is certainly big news, in many ways, it is far less significant than Apple's success in delivering end-to-end encrypted text, voice and video communications to the hundreds of millions of people using iMessage and FaceTime. To date, these apps have been advertised as free and easy ways for people to stay in touch with loved ones and family. However, the company could and should start advertising them as a much more secure alternative to regular telephone calls and text messages.</blockquote>]]></description>
<dc:subject>privacy security apple google</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:fcae88b08654/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:google"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://corporate.homedepot.com/MediaCenter/Pages/Statement1.aspx">
    <title>Customer update on payment breach &gt;&gt; Home Deport</title>
    <dc:date>2014-09-08T22:57:37+00:00</dc:date>
    <link>https://corporate.homedepot.com/MediaCenter/Pages/Statement1.aspx</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote class="quoted">Last Tuesday, September 2, we disclosed that we were investigating a possible breach of our payment data systems. We want you to know that we have now confirmed that those systems have in fact been breached, which could potentially impact any customer that has used their payment card at our US and Canadian stores, from April forward. We do not have any evidence that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com.
 
We apologize for the frustration and anxiety this causes our customers.
 
We also want to emphasize that you will not be responsible for any fraudulent charges to your accounts, and we’re offering free identity protection services, including credit monitoring, to any customer who has shopped at a Home Depot store in 2014, from April on.</blockquote>

The actual title of the page on which this appears is "Statement 1". These breakins are wonderful for the identity protection services in the US.

Here's more: anyone who paid using NFC (card or phone) won't have to worry. As <a href="http://digitaldebateblogs.typepad.com/digital_money/2010/12/dry.html">Dave Birch explained in 2010</a>: <blockquote class="quoted">If you scan my Barclays debit card, the data that you get from the contactless interface is not sufficient to create a cloned EMV card (contact or contactless) because it's a DDA (dynamic data authentication) card and you need the private key to forge it. The data isn't sufficient to create a cloned magnetic stripe card because it gives up the ICVV and not the CVV. The data isn't sufficient to use the card online because it doesn't give up the CV2. So all you can get, even if I don't notice you waving a POS terminal an inch from my arse, is the name, card number and expiry date (none of which are secret).</blockquote>]]></description>
<dc:subject>security payments</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:eecae477688d/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:payments"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://twofactorauth.org/">
    <title>Two Factor Auth List &gt;&gt; Twofactorauth</title>
    <dc:date>2014-09-03T11:41:18+00:00</dc:date>
    <link>https://twofactorauth.org/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[A handy list to have by you if you're wondering whether a service supports 2FA. (Though that's not the end of the security story, of course.)]]></description>
<dc:subject>security 2fa</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:b259f1bb0912/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:2fa"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.howtogeek.com/190863/androids-app-permissions-were-just-simplified-now-theyre-much-less-secure/">
    <title>Android’s app permissions were just simplified — now they’re much less secure &gt;&gt; Howtogeek</title>
    <dc:date>2014-07-07T20:34:09+00:00</dc:date>
    <link>http://www.howtogeek.com/190863/androids-app-permissions-were-just-simplified-now-theyre-much-less-secure/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote class="quoted">Google Play now groups app permissions into groups of related permissions. For example, an app that wants to read your incoming SMS messages will require the “Read SMS messages” permission. When you install it via the Play Store, you’ll see it asking for the “SMS” permission group.

Install the app and you’re giving it access to all SMS-related permissions. The app can now automatically update and gain the ability to send SMS messages without asking you.

Do you have apps on your device that you trust to read SMS messages, but not send them? Those apps can now gain the ability to send SMS messages without prompting you — all the developer has to do is update the app.

The only way to prevent this from happening is to disable automatic updates and verify app permissions manually every time an app wants to update — as if that’s a reasonable solution! If you do this, you’ll also end up using outdated versions of apps, which is another security problem.</blockquote>

A month old, but: this is caused by the latest Google Play update - so the app that has solved the fragmentation problem is now the one that could cause a serious problem around permissions. Google really needs to fix this.]]></description>
<dc:subject>security android google apps</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:40dddaa1cf97/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:apps"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://arstechnica.com/security/2014/07/wordpress-plugin-with-1-7-million-downloads-puts-sites-at-risk-of-takeover/">
    <title>WordPress plugin with 1.7m downloads puts sites at risk of takeover &gt;&gt; Ars Technica</title>
    <dc:date>2014-07-01T21:21:15+00:00</dc:date>
    <link>http://arstechnica.com/security/2014/07/wordpress-plugin-with-1-7-million-downloads-puts-sites-at-risk-of-takeover/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote class="quoted">Websites that run WordPress and MailPoet, a plugin with more than 1.7 million downloads, are susceptible to hacks that give attackers almost complete control, researchers have warned.

"If you have this plugin activated on your website, the odds are not in your favor," Daniel Cid, CTO of security firm Sucuri, <a href="http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html">warned in a blog post</a> published Tuesday. "An attacker can exploit this vulnerability without having any privileges/accounts on the target site. This is a major threat, it means every single website using it is vulnerable."</blockquote>]]></description>
<dc:subject>wordpress security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:9375bf394d5a/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:wordpress"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.theglobeandmail.com/news/national/quebec-police-crack-down-on-pair-of-organized-crime-groups/article19134465/">
    <title>More than 30 arrested after police intercept one million organized crime BlackBerry messages &gt;&gt; The Globe and Mail</title>
    <dc:date>2014-06-16T21:24:10+00:00</dc:date>
    <link>http://www.theglobeandmail.com/news/national/quebec-police-crack-down-on-pair-of-organized-crime-groups/article19134465/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>More than a million encoded BlackBerry messages have been viewed by police as part of a crackdown against Quebec organized crime.

In arresting more than 30 people Thursday, the RCMP took the rare step of publicly highlighting its interception of the Canadian company’s supposedly secure “PIN-to-PIN” communications.

…On Friday, the [Canadian] Supreme Court will weigh in on whether police need to first get a judge’s permission to compel Internet companies to disclose basic customer information, which can now be handed over without any warrant. Parliament is on the cusp of passing a law that would explicitly shield corporations from any liability they could face by yielding records to government authorities.</blockquote>]]></description>
<dc:subject>blackberry security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:e0deb78249c5/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:blackberry"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.scmagazineuk.com/alarm-bells-ring-for-internet-of-things-after-smart-tv-hack/article/354900/">
    <title>Alarm bells ring for Internet of Things after smart TV hack &gt;&gt; SC Magazine UK</title>
    <dc:date>2014-06-10T21:49:33+00:00</dc:date>
    <link>http://www.scmagazineuk.com/alarm-bells-ring-for-internet-of-things-after-smart-tv-hack/article/354900/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Yossef Oren and Angelos Keromytis from the Network Security Lab at Columbia University have found that the so-called Smart TV could be hacked using a cheap antenna and broadcast messages, and relies on an insecurity in the Hybrid Broadcast-Broadband Television Standard (HbbTV), which now features on millions of internet-connected TVs after being introduced two years ago.

HbbTV has been adopted by more than 90 percent of TV set producers, according to research outfit GFK, and allows the approximate 60 broadcasters using the standard in Europe to add interactive HTML content to DVB cable, satellite or terrestrial signals. This means that viewers can use their favourite web services via TV apps, and allows advertisers to serve up relevant ads.

But writing in a new <a href="http://www.cs.columbia.edu/~angelos/Papers/2014/redbutton-usenix-sec14.pdf">research paper</a> published this week, Oren and Keromytis have detailed that the standard is vulnerable to a “large-scale exploitation technique” that is “remarkably difficult to detect”. It is low entry too – as a budget of just $270 would be enough to target around 20,000 devices.</blockquote>]]></description>
<dc:subject>smarttv security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:779122a56e63/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:smarttv"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/">
    <title>True goodbye: ‘Using TrueCrypt Is Not Secure’ &gt;&gt; Krebs on Security</title>
    <dc:date>2014-05-29T15:21:38+00:00</dc:date>
    <link>http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>The anonymous developers responsible for building and maintaining the free whole-disk encryption suite TrueCrypt apparently threw in the towel this week, shuttering the TrueCrypt site and warning users that the product is no longer secure now that Microsoft has ended support for Windows XP.

Sometime in the last 24 hours, truecrypt.org began forwarding visitors to the program’s home page on sourceforge.net, a Web-based source code repository. That page includes instructions for helping Windows users transition drives protected by TrueCrypt over to BitlLocker, the proprietary disk encryption program that ships with every Windows version since Vista. The page also includes this ominous warning:

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”</blockquote>

Great deal of discussion as to whether the abandonment was so the developers wouldn't be obliged to put back doors in. But the warning seems to imply that they're already in there.]]></description>
<dc:subject>truecrypt security encryption</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:74dda2ff901c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:truecrypt"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:encryption"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.cnet.com/uk/news/serious-security-flaw-in-oauth-and-openid-discovered/">
    <title>Serious security flaw in OAuth, OpenID discovered &gt;&gt; CNET</title>
    <dc:date>2014-05-04T21:01:18+00:00</dc:date>
    <link>http://www.cnet.com/uk/news/serious-security-flaw-in-oauth-and-openid-discovered/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Following in the steps of the OpenSSL vulnerability Heartbleed, another major flaw has been found in popular open-source security software. This time, the <a href="http://www.cnet.com/uk/news/serious-security-flaw-in-oauth-and-openid-discovered/">holes have been found in the log-in tools OAuth and OpenID</a>, used by many websites and tech titans including Google, Facebook, Microsoft, and LinkedIn, among others.

Wang Jing, a Ph.D. student at the Nanyang Technological University in Singapore, discovered that the serious vulnerability "Covert Redirect" flaw can masquerade as a log-in popup based on an affected site's domain. Covert Redirect is based on a well-known exploit parameter.

For example, someone clicking on a malicious phishing link will get a popup window in Facebook, asking them to authorize the app. Instead of using a fake domain name that's similar to trick users, the Covert Redirect flaw uses the real site address for authentication.</blockquote>

Using internet considered harmful.]]></description>
<dc:subject>oauth security bug opensource</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:4b6a0e71dea6/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:oauth"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:bug"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:opensource"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.kalzumeus.com/2014/04/09/what-heartbleed-can-teach-the-oss-community-about-marketing/">
    <title>What Heartbleed can teach the OSS community about marketing &gt;&gt; Kalzumeus Software</title>
    <dc:date>2014-04-28T10:33:28+00:00</dc:date>
    <link>http://www.kalzumeus.com/2014/04/09/what-heartbleed-can-teach-the-oss-community-about-marketing/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Patrick Mackenzie: <blockquote>Remember CVE-2013-0156?  Man, those were dark days, right?

Of course you don’t remember CVE-2013-0156.

The security community refers to vulnerabilities by numbers, not names.  This does have some advantages, like precision and the ability to Google them and get meaningful results all of the time, but it makes it very difficult for actual humans to communicate about the issues.

CVE-2013-0156 was the Rails YAML deserialization vulnerability.  ”Oh!  I remember that one!”, said the technologists in the room.  Your bosses don’t.  Your bosses / stakeholders / customers / family / etc also cannot immediately understand, on hearing the words “Rails YAML deserialization vulnerability”, that <em>large portions of the Internet nearly died in fire</em>.</blockquote>

Perhaps future CVEs should use the naming system GCHQ has, of smooshing two random words together for new projects: "Heard about Binary Giraffe?" would be a lot more memorable than "heard about the Rail YAML deserialization vuln?"]]></description>
<dc:subject>marketing security opensource</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:4f9e0e225ead/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:marketing"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:opensource"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://xkcd.com/1354/">
    <title>Heartbleed, explained &gt;&gt; xkcd</title>
    <dc:date>2014-04-11T13:47:45+00:00</dc:date>
    <link>http://xkcd.com/1354/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Put like this, it's amazing that it has taken two years to discover this bug.]]></description>
<dc:subject>security xkcd</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:f647ba57c10a/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:xkcd"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.pcpro.co.uk/news/security/387937/dumb-cryptodefense-hackers-leave-keys-on-victims-pcs">
    <title>Dumb CryptoDefense hackers leave keys on victims' PCs &gt;&gt; PC Pro</title>
    <dc:date>2014-04-02T16:39:40+00:00</dc:date>
    <link>http://www.pcpro.co.uk/news/security/387937/dumb-cryptodefense-hackers-leave-keys-on-victims-pcs</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>The aggressive CryptoLocker ransomware appeared last year, locking files on victims' computers and only offering a decryption key in return for payment of a ransom.<p>

The success of the scam – it had infected an estimated 250,000 PCs between September and December last year – has encouraged copycats, with CryptoDefense appearing in February and demanding $500 for a key to unlock files.<p>

According to security firm Symantec, the latest iteration is earning its creators $34,000 a month, but while previous versions have been uncrackable without payment, CryptoDefense includes flaws that could allow victims to escape with payment.</blockquote>

Oops, but in a good way.]]></description>
<dc:subject>cryptodefense hacking security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:a6918616eccd/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:cryptodefense"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hacking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://noncombatant.org/2014/03/11/privacy-and-security-settings-in-chrome/">
    <title>Privacy and security settings in Chrome &gt;&gt; noncombatant</title>
    <dc:date>2014-03-27T15:23:39+00:00</dc:date>
    <link>http://noncombatant.org/2014/03/11/privacy-and-security-settings-in-chrome/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Chris Palmer: <blockquote>Chrome has a lot of handy privacy and security options, but it isn’t always obvious how to use them. In this post I’ll demonstrate my favorites, and try to explain a bit about what they do.<p>

My goal with these configuration changes is to get Chrome to expose less attack surface to potentially malicious web pages, and to be less chatty on the network.</blockquote>

Palmer works at Google on Chrome security.]]></description>
<dc:subject>privacy chrome security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:518538d4b5c8/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:chrome"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://m.phys.org/news/2014-03-wpa2-wireless.html">
    <title>WPA2 wireless security cracked &gt;&gt; Phys.Org</title>
    <dc:date>2014-03-21T23:34:04+00:00</dc:date>
    <link>http://m.phys.org/news/2014-03-wpa2-wireless.html</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Achilleas Tsitroulis of Brunel University, UK, Dimitris Lampoudis of the University of Macedonia, Greece and Emmanuel Tsekleves of Lancaster University, UK, have investigated the vulnerabilities in WPA2 and present its weakness. They say that this wireless security system might now be breached with relative ease by a malicious attack on a network. They suggest that it is now a matter of urgency that security experts and programmers work together to remove the vulnerabilities in WPA2 in order to bolster its security or to develop alternative protocols to keep our wireless networks safe from hackers and malware.</blockquote>

Oh.]]></description>
<dc:subject>wpa2 wireless security charlesarthur</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:a43c479b5bb7/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:wpa2"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:wireless"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:charlesarthur"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.informationweek.com/software/operating-systems/windows-xp-security-issues-fact-vs-fiction/d/d-id/1127643">
    <title>Windows XP security issues: fact v fiction &gt;&gt; InformationWeek</title>
    <dc:date>2014-03-12T23:03:08+00:00</dc:date>
    <link>http://www.informationweek.com/software/operating-systems/windows-xp-security-issues-fact-vs-fiction/d/d-id/1127643</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>"The reality is, the absence of patches for Windows XP just exposes companies to risk," Forrester analyst David Johnson said, noting that companies must be mindful, not only of security concerns, but also of compliance obligations.<p>

For its part, Microsoft has been trumpeting for months that Windows XP is six times more likely than Windows 8.1 to contract malware. Some InformationWeek readers labeled the statistics as a scare tactic, pointing out that Microsoft has newer products it wants to sell. This cynicism isn't without merit-- but don't be too quick to label Microsoft a fearmonger. Security experts agree: You stick with XP at your own peril.</blockquote>]]></description>
<dc:subject>windowsxp security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:b63e55ba64a5/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:windowsxp"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://news.ycombinator.com/item?id=7281378">
    <title>What's the origin of Apple's SSL/TLS bug? &gt;&gt; Hacker News</title>
    <dc:date>2014-02-22T20:19:51+00:00</dc:date>
    <link>https://news.ycombinator.com/item?id=7281378</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Discussion on Hacker News of Apple's SSL/TLS bug (if you have an iOS device, update it) and how it might have occured. It's either a very spooky piece of sabotage, or a bad commit. See the diff on line 631 of <a href="https://gist.github.com/alexyakoubian/9151610/revisions">https://gist.github.com/alexyakoubian/9151610/revisions</a>. Surprisingly, neither the GCC or Clang compiler will throw a warning.]]></description>
<dc:subject>apple security hacking</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:d9fc1a6098e0/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hacking"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.kickstarter.com/blog/important-kickstarter-security-notice">
    <title>Important Kickstarter Security Notice &gt;&gt; The Kickstarter Blog</title>
    <dc:date>2014-02-16T21:33:08+00:00</dc:date>
    <link>https://www.kickstarter.com/blog/important-kickstarter-security-notice</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.<p>

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.<p>

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.</blockquote>

Change your Kickstarter password if you have one. Facebook logins not compromised.]]></description>
<dc:subject>kickstarter security password charlesarthur</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:fb6587eb61c9/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:kickstarter"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:password"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:charlesarthur"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://news.netcraft.com/archives/2014/02/07/are-there-really-lots-of-vulnerable-apache-web-servers.html">
    <title>Are there really lots of vulnerable Apache web servers? &gt;&gt; Netcraft</title>
    <dc:date>2014-02-12T14:59:50+00:00</dc:date>
    <link>http://news.netcraft.com/archives/2014/02/07/are-there-really-lots-of-vulnerable-apache-web-servers.html</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>The most recent security vulnerabilities affecting Apache were addressed in version 2.4.5, which included fixes for the vulnerabilities described in <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1896">CVE-2013-1896</a> and <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2249">CVE-2013-2249</a>. Depending which Apache modules are installed, and how they are used, earlier versions may be vulnerable to unauthorised disclosure of information and disruption of service. The previous release in the 2.4 branch (2.4.4), also addressed <a href="http://www.apache.org/dist/httpd/CHANGES_2.4"> several cross-site scripting (XSS) vulnerabilities</a> in various modules; such vulnerabilities can severely compromise a web application by facilitating remote session hijacking and the theft of user credentials. Nonetheless, millions of websites still appear to be using vulnerable versions of Apache, including versions which are no longer supported.</blockquote>

TL:DR "yes".]]></description>
<dc:subject>apache security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:a1bdf7cf4bd9/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:apache"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://tonyarcieri.com/whats-wrong-with-webcrypto">
    <title>What’s wrong with in-browser cryptography? &gt;&gt; Tony Arcieri</title>
    <dc:date>2013-12-31T09:40:25+00:00</dc:date>
    <link>http://tonyarcieri.com/whats-wrong-with-webcrypto</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Why not put cryptography in the browser? Isn’t it inevitable? This is a perpetual refrain from various encryption products which target the browser (names and addresses intentionally omitted). While the smarter ones try to mitigate certain classes of attacks by shipping as browser extensions rather than just a web site that a user types into their address bar, there is definitely a push to a model where you can get the latest greatest crypto code by typing a friendly address into your URL bar.<p>

What’s wrong with this? And will WebCrypto fix it? I don’t think so. Let’s look at the good, the bad, and the ugly of in-browser cryptography and the WebCrypto API.</blockquote>

Most of the ugly is the fact that it's in a browser. He specifically has a go at Kim Dotcom's MEGA and its promises of security.]]></description>
<dc:subject>security browser</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:356076519a8e/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:browser"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.siliconbeat.com/2013/12/26/hole-found-in-samsungs-knox-security-feature/">
    <title>Hole found in Samsung’s Knox security feature &gt;&gt; SiliconBeat</title>
    <dc:date>2013-12-27T22:50:15+00:00</dc:date>
    <link>http://www.siliconbeat.com/2013/12/26/hole-found-in-samsungs-knox-security-feature/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>The hole could allow hackers to intercept email, browser activity and other activity originating from within the Knox environment.<p>

“Knox symbolizes state-of-the-art in terms of secure mobile architectures, and I was surprised to find that such a big ’hole‘ exists and was left untouched,” said Mordechai Guri, a Ph.D. student in the Cyber Security Labs at Israel’s Ben-Gurion University of the Negev, who discovered the vulnerability. “This weakness has to be addressed immediately, before it falls into the wrong hands.”<p>

Knox creates a secure, password-protected virtual space within Samsung devices that’s supposed to allow the devices to connect to similarly secured corporate and government computers and access sensitive files without fear that those files might leak out to the outside world.<p>

But thanks to the security hole, a user could install an app in the regular, non-secure area of the phone that could compromise all the phone’s communications, including those made within the Knox container, according to Cyber Security Labs researchers. In addition to exposing sensitive data, the hole could potentially be used to upload malicious files from a compromised phone to corporate or government servers, according to the Wall Street Journal.</blockquote>

Odd that the Pentagon didn't discover this during its testing of Knox before giving it certification.]]></description>
<dc:subject>samsung knox security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:4000d51ec2d5/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:samsung"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:knox"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
    <title>The second operating system hiding in every mobile phone &gt;&gt; OS News</title>
    <dc:date>2013-11-14T14:00:45+00:00</dc:date>
    <link>http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Thom Holwerda: <blockquote>This operating system is stored in firmware, and runs on the baseband processor. As far as I know, this baseband RTOS is always entirely proprietary. For instance, the RTOS inside Qualcomm baseband processors (in this specific case, the MSM6280) is called AMSS, built upon their own proprietary REX kernel, and is made up of 69 concurrent tasks, handling everything from USB to GPS. It runs on an ARMv5 processor.<p>

The problem here is clear: these baseband processors and the proprietary, closed software they run are poorly understood, as there's no proper peer review. This is actually kind of weird, considering just how important these little bits of software are to the functioning of a modern communication device. You may think these baseband RTOS' [real time operating systems] are safe and secure, but that's not exactly the case. You may have the most secure mobile operating system in the world, but you're still running a second operating system that is poorly understood, poorly documented, proprietary, and all you have to go on are Qualcomm's Infineon's, and others' blue eyes.</blockquote>

What's the betting that the NSA and GCHQ are very, very familiar with these RTOSs - and their bugs?]]></description>
<dc:subject>security mobile baseband charlesarthur</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:9a70e6fd8916/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:mobile"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:baseband"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:charlesarthur"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://krebsonsecurity.com/2013/10/thousands-of-sites-hacked-via-vbulletin-hole/">
    <title>Thousands of sites hacked via vBulletin hole &gt;&gt; Krebs on Security</title>
    <dc:date>2013-10-15T11:27:12+00:00</dc:date>
    <link>http://krebsonsecurity.com/2013/10/thousands-of-sites-hacked-via-vbulletin-hole/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Brian Krebs: <blockquote>Attackers appear to have compromised tens of thousands of web sites using a security weakness in sites powered by the forum software vBulletin, security experts warn.<p>

In a blog post in late August, vBulletin maker Internet Brands Inc. warned users that failing to remove the “/install” and “/core/install” directories on sites running 4.x and 5.x versions of the forum software could render them easily hackable. But apparently many vBulletin-based sites didn’t get that memo: According to security firm Imperva, more than 35,000 sites were recently hacked via this vulnerability.</blockquote>

People don't change defaults - even people who are setting up websites and so might be thought of as specialist. ]]></description>
<dc:subject>vbulletin security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:e737ceed12a0/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:vbulletin"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://googleonlinesecurity.blogspot.co.uk/2013/10/going-beyond-vulnerability-rewards.html">
    <title>Going beyond vulnerability rewards &gt;&gt; Google Online Security Blog</title>
    <dc:date>2013-10-10T09:46:34+00:00</dc:date>
    <link>http://googleonlinesecurity.blogspot.co.uk/2013/10/going-beyond-vulnerability-rewards.html</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Michael Zalewski of Google's security team: <blockquote>We thought about simply kicking off an OSS bug-hunting program, but this approach can easily backfire. In addition to valid reports, bug bounties invite a significant volume of spurious traffic - enough to completely overwhelm a small community of volunteers. On top of this, fixing a problem often requires more effort than finding it.
So we decided to try something new: provide financial incentives for down-to-earth, proactive improvements that go beyond merely fixing a known security bug. Whether you want to switch to a more secure allocator, to add privilege separation, to clean up a bunch of sketchy calls to strcat(), or even just to enable ASLR - we want to help!</blockquote>

Prizes range from $500 to, of course, $3,113.7. (Thanks #Knowles2 for the pointer, which we dereferenced.)]]></description>
<dc:subject>google security bounty</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:6304986ef506/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:bounty"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/">
    <title>Data broker giants hacked by ID theft service &gt;&gt; Krebs on Security</title>
    <dc:date>2013-09-25T18:52:01+00:00</dc:date>
    <link>http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Until very recently, the source of the data sold by SSNDOB has remained a mystery. That mystery began to unravel in March 2013, when teenage hackers allegedly associated with the hacktivist group UGNazi showed just how deeply the service’s access went. The young hackers used SSNDOB to collect data for exposed.su, a Web site that listed the SSNs, birthdays, phone numbers, current and previous addresses for dozens of top celebrities — such as performers Beyonce, Kayne West and Jay Z — as well as prominent public figures, including First Lady Michelle Obama, CIA Director John Brennan, and then-FBI Director Robert Mueller.</blockquote>

Uh-oh.]]></description>
<dc:subject>privacy security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:cb4fcb198049/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:privacy"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.zdnet.com/apples-advanced-fingerprint-technology-is-hacked-should-you-worry-7000020998/">
    <title>Apple's advanced fingerprint technology is hacked; should you worry? &gt;&gt; ZDNet</title>
    <dc:date>2013-09-23T17:19:42+00:00</dc:date>
    <link>http://www.zdnet.com/apples-advanced-fingerprint-technology-is-hacked-should-you-worry-7000020998/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Ed Bott: <blockquote>If your data is valuable enough for an attacker to go to the trouble of stealing a super-high-resolution photo of your fingerprint and molding a fake finger, you probably should be using multi-factor authentication. And in fact the iPhone already does that. Your fingerprint enrollment information is stored in a secure area in the A7 processor that powers the iPhone 5s. If someone manages to steal your fingerprint, they also need to steal your phone. That fake finger by itself won’t work with another iPhone unless you also have your Apple account credentials.<p>

Windows 8.1, which was released to manufacturing a month before iOS 7 but won’t hit shelves until October, has similar technology. A fingerprint identification framework designed for use with the same type of reader as is found in the new iPhone (a big improvement over older swipe-based fingerprint readers) is built into Windows 8.1. It can be combined with the Trusted Platform Module (TPM) in a Windows 8.1 device to create a virtual smartcard that makes spoofing of enterprise network credentials very difficult.</blockquote>

The Chaos Computer Club's hack is probably going to make zero difference to the number of people who actually use the fingerprint unlock system on the iPhone 5s. ]]></description>
<dc:subject>apple ios7 security fingerprint</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:9dd63e041f96/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:ios7"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:fingerprint"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/">
    <title>Researchers can slip an undetectable trojan into Intel’s Ivy Bridge CPUs &gt;&gt; Ars Technica</title>
    <dc:date>2013-09-18T21:47:45+00:00</dc:date>
    <link>http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>In a <a href="http://people.umass.edu/gbecker/BeckerChes13.pdf">recently published research paper</a>, scientists devised two such backdoors they said adversaries could feasibly build into processors to surreptitiously bypass cryptographic protections provided by the computer running the chips. The paper is attracting interest following recent revelations the National Security Agency is exploiting weaknesses deliberately built-in to widely used cryptographic technologies so analysts can <a href="http://arstechnica.com/security/2013/09/nsa-attains-the-holy-grail-of-spying-decodes-vast-swaths-of-internet-traffic/">decode vast swaths of Internet traffic</a> that otherwise would be unreadable.
<p>The attack against the Ivy Bridge processors sabotages random number generator (RNG) instructions <a href="http://electronicdesign.com/learning-resources/understanding-intels-ivy-bridge-random-number-generator">Intel engineers added to the processor</a>. The exploit works by severely reducing the amount of entropy the RNG normally uses, from 128 bits to 32 bits.</blockquote>]]></description>
<dc:subject>hardware intel security encryption</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:d27e0729f597/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hardware"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:intel"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:encryption"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://gizmodo.com/apple-missed-the-best-use-for-a-fingerprint-scanner-1294669941">
    <title>Apple missed the best use for a fingerprint scanner &gt;&gt; Gizmodo</title>
    <dc:date>2013-09-12T09:20:35+00:00</dc:date>
    <link>http://gizmodo.com/apple-missed-the-best-use-for-a-fingerprint-scanner-1294669941</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Every cop or theft victim or, frankly, person with a functioning human brain, knows that the first thing any iPhone thief does now is turn the phone off, so that you can't track down the phone with Find My iPhone. Because if they don't, the cops show up. By making turn off a secure function, your phone would be trackable for as long as the battery holds out.<p>

It's crazy that a feature like this hasn't been put into place already, right? Even just with the passcode? So much effort has gone into features like Find My iPhone and Windows Phone's Find My Phone and Android Device Manager, and yet you skirt around them just by turning off the damn phone.</blockquote>

Yes. Why hasn't anyone implemented this?]]></description>
<dc:subject>smartphone security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:9f1874c6eb11/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:smartphone"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.csoonline.com/article/737490/enterprises-warned-against-first-true-google-phone-moto-x">
    <title>Enterprises warned against first true Google phone, Moto X &gt;&gt; Computer and Security Online</title>
    <dc:date>2013-08-22T21:30:13+00:00</dc:date>
    <link>http://www.csoonline.com/article/737490/enterprises-warned-against-first-true-google-phone-moto-x</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>"It's engineers gone wild," said Roger Entner, principal analyst for Recon Analytics. "The engineers are [saying], 'Oh, wouldn't this be a really cool idea,' but don't think through the repercussions."<p>

The ease-of-use features in the Moto X, designed and built by Google-owned Motorola, are likely to tickle consumers while haunting IT security pros. First is the always-on microphone, which a person can use to activate the device using trigger words, such as "OK Google Now," to make phone calls or access services and features. The feature is possible through a special, low-power chip developed by Motorola that keeps the microphone on without draining the battery.<p>

The always-ready microphone, coupled with the massive amount of data collection, makes the Moto X a valuable target for cybercriminals and cyberspies, who are already heavily focused on developing malware to take control of Android devices.</blockquote>

No need for plastic cups or laser microphones.]]></description>
<dc:subject>motox security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:eae6d8854c13/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:motox"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/">
    <title>World's biggest data breaches &amp; hacks &gt;&gt; Information Is Beautiful</title>
    <dc:date>2013-08-07T22:08:39+00:00</dc:date>
    <link>http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>World's Biggest Data Breaches: Selected losses greater than 30,000 records</blockquote>

David McCandless, of "Information is Beautiful" fame, gets to work. Some of the biggest aren't what you'd expect.]]></description>
<dc:subject>hacks visualization data security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:2158e5cc27d0/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hacks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:visualization"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:data"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.wired.com/threatlevel/2013/08/twitter-new-two-facto/">
    <title>Twitter's killer new two-factor solution kicks SMS to the curb &gt;&gt; Wired.com</title>
    <dc:date>2013-08-07T17:39:20+00:00</dc:date>
    <link>http://www.wired.com/threatlevel/2013/08/twitter-new-two-facto/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>The new two-factor system works like this. A user enrolls using the mobile app, which generates a 2048-bit RSA keypair. The private key lives on the phone itself, and the public key is uploaded to Twitter’s server.<p>

When Twitter receives a new login request with a username and password, the server sends a challenge based on a 190-bit, 32 character random nonce, to the mobile app — along with a notification that gives the user the time, location, and browser information associated with the login request. The user can then opt to approve or deny this login request. If approved, the app replies to a challenge with its private key, relays that information back to the server. The server compares that challenge with a request ID, and if it authenticates, the user is automatically logged in.</blockquote>

Think that's clever? Wait until you read the solution for how it does it when you <em>don't</em> have your phone.]]></description>
<dc:subject>twitter security 2fa</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:255902c268ab/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:twitter"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:2fa"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.facebook.com/notes/facebook-engineering/secure-browsing-by-defa%20ult/10151590414803920">
    <title>Secure browsing by default &gt;&gt; Facebook</title>
    <dc:date>2013-08-02T05:29:22+00:00</dc:date>
    <link>https://www.facebook.com/notes/facebook-engineering/secure-browsing-by-defa%20ult/10151590414803920</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>We now use https by default for all Facebook users. This feature, which we first introduced as an option two years ago, means that your browser is told to communicate with Facebook using a secure connection, as indicated by the "https" rather than "http" in https://www.facebook.com. This uses Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL), and makes the communication between your browser and Facebook servers more secure.</blockquote>

One has to wonder whether the NSA knew about this ahead of time.]]></description>
<dc:subject>facebook security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:e31c8c99c3cf/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:facebook"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.koreaherald.com/view.php?ud=20130719000708">
    <title>Korea grapples with massive personal data theft, regulatory mess &gt;&gt; The Korea Herald</title>
    <dc:date>2013-07-22T21:20:26+00:00</dc:date>
    <link>http://www.koreaherald.com/view.php?ud=20130719000708</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>IT experts have suggested an array of factors behind those large-scale security lapses, with some blaming government-led overregulation such as the “public key certificate” system that is supposed to prevent such security breaches.<p>

Many Korean websites depend on Internet Explorer’s cumbersome “ActiveX” platform, posing another risk factor. KAIST professor Lee Min-hwa said, “ActiveX is a program that momentarily disarms the computer to download codes from an outside source, which can be abused by hackers seeking to plant malicious codes.”<p>

Lee, one of the key patrons of President Park Geun-hye’s signature science and technology-based “creative economy,” said that Korea’s dependence on the ActiveX-based public key certificate system created a “black hole” in cyber security.</blockquote>

Between 18.6m and 105m user details have been leaked since January 2008 (it's impossible to know if there's overlap between the largest, Auction in January 2008, and the others). South Korea has a population of 50m - so probably plenty of overlap.]]></description>
<dc:subject>activex security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:7b93f47fabe6/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:activex"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://code.google.com/p/android/issues/detail?id=57560">
    <title>Issue 57560 - android - &quot;Backup and restore&quot; should offer encrypted backups - Android &gt;&gt; Google Project Hosting</title>
    <dc:date>2013-07-18T13:39:16+00:00</dc:date>
    <link>https://code.google.com/p/android/issues/detail?id=57560</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>The "Back up my data" option in Android is very convenient. However it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests for data.<p>

You could implement this the same way Chrome's sync feature is implemented, with two options:<p>

* Encrypt synced passwords with your Google credentials<br />* Encrypt all synced data with your own sync passphrase<p>…While using Android requires a certain amount of trusting Google, I don't think it's rational to expect users to trust Google with their plaintext passwords when Google can be compelled to give this data to the US government when they request it.</blockquote>]]></description>
<dc:subject>android security nsa</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:189c69da7688/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:nsa"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.zdnet.com/android-oems-slow-to-roll-out-bluebox-security-patch-7000018012/">
    <title>Android OEMs slow to roll out Bluebox Security patch &gt;&gt; ZDNet</title>
    <dc:date>2013-07-14T21:01:02+00:00</dc:date>
    <link>http://www.zdnet.com/android-oems-slow-to-roll-out-bluebox-security-patch-7000018012/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Steven Vaughan-Nichols: <blockquote>The scary news was that <a href="http://www.zdnet.com/security-firm-claims-99-percent-of-android-apps-open-to-takeover-7000017672/">Bluebox Security had worked out a way to break Android's security model</a>. In theory, this could be exploited with almost any Androids apps. The hopeful news was that <a href="http://www.zdnet.com/google-releases-fix-to-oems-for-blue-security-android-security-hole-7000017782">Google quickly released a patch for the security hole to phone original equipment manufacturers (OEM)s</a> . The annoying news is that almost none of the OEMs have released the patch.<p>OEMs are being painfully slow about releasing the Bluebox Security patch, but Bluebox itself has released a scanner app for it.
<p>Worse still, there's now a <a href="http://www.zdnet.com/proof-of-concept-for-android-flaw-found-patches-start-rolling-out-7000017859">proof of concept for the security hole</a>. This proof of concept means that as surely as the sun will rise in the east in the morning we'll soon see real malware using it.</blockquote>

The Samsung Galaxy S4 and HTC One have been updated; no worries there. Actually carrying out the attack would almost certainly only be feasible through sideloaded apps.]]></description>
<dc:subject>android security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:c0612b954535/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://googlesystem.blogspot.co.uk/2013/06/no-safe-browsing-for-android.html">
    <title>No Safe Browsing for Android &gt;&gt; Unofficial Google Blog</title>
    <dc:date>2013-06-26T12:03:22+00:00</dc:date>
    <link>http://googlesystem.blogspot.co.uk/2013/06/no-safe-browsing-for-android.html</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Google says that <a href="http://googlesystem.blogspot.com/2013/06/1-billion-google-safe-browsing-users.html>1 billion people</a> use the Safe Browsing service in Chrome, Firefox and Safari to protect against phishing and malware. "Approximately one billion people use Google Safe Browsing. We help tens of millions of people every week protect themselves from harm by showing warnings to users of Google Chrome, Mozilla Firefox and Apple Safari when they attempt to navigate to websites that would steal their personal information or install software designed to take over their computers."<p>

Unfortunately, almost no Android user is protected by this service. </blockquote>

Nor on iOS, though apparently it once was.]]></description>
<dc:subject>google android malware security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:bdc2c3d10f4f/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:malware"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://9to5mac.com/2013/06/19/why-you-dont-want-to-use-the-default-password-for-your-iphone-personal-hotspot/">
    <title>Why you don’t want to use the default password for your iPhone personal hotspot &gt;&gt; 9to5Mac</title>
    <dc:date>2013-06-20T04:47:19+00:00</dc:date>
    <link>http://9to5mac.com/2013/06/19/why-you-dont-want-to-use-the-default-password-for-your-iphone-personal-hotspot/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Ben Lovejoy:

<blockquote>Researchers at the University of Erlangen in Germany found that Apple uses a dictionary of 52,500 words from an open-source Scrabble game to generate the passwords, with random numbers appended to them, but appears to be using only 1,842 words at present. Although that allows for a unique password for each iOS device, password strength is low.<p>

Using a single computer, it took a maximum of 49 minutes to crack a password, but using an array of just four powerful processors would enable 100% success in just 50 seconds. They called on Apple to switch to true randomly-generated passwords to boost security.</blockquote>

You might get hacked, but at least you'll have a 272-point score.]]></description>
<dc:subject>apple security passwords</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:ad79c5cadb20/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:passwords"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojan">
    <title>The most sophisticated Android Trojan &gt;&gt; Securelist</title>
    <dc:date>2013-06-07T22:20:44+00:00</dc:date>
    <link>http://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojan</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Roman Unucheck at Kaspersky: <blockquote>the cybercriminals found an error in the Android operating system which relates to the processing of the AndroidManifest.xml file. This file exists in every Android application and is used to describe the application’s structure, define its launch parameters, etc. The malware modifies AndroidManifest.xml in such a way that it does not comply with Google standards, but is still correctly processed on a smartphone thanks to the exploitation of the identified vulnerability. All of this made it extremely difficult to run dynamic analysis on this Trojan.<p>

The creators of Backdoor.AndroidOS.Obad.a also used yet another previously unknown error in the Android operating system. By exploiting this vulnerability, malicious applications can enjoy extended Device Administrator privileges without appearing on the list of applications which have such privileges. As a result of this, it is impossible to delete the malicious program from the smartphone after it gains extended privileges.</blockquote>

And with that the fun is only just beginning. This is reckoned to be one of the worst pieces of Android malware yet identified.]]></description>
<dc:subject>android security malware</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:f8c074482be5/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:malware"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://blog.evernote.com/blog/2013/05/30/evernotes-three-new-security-features/">
    <title>Evernote’s three new security features &gt;&gt; Evernote blog</title>
    <dc:date>2013-06-05T22:37:24+00:00</dc:date>
    <link>http://blog.evernote.com/blog/2013/05/30/evernotes-three-new-security-features/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>The security and privacy of your data are our top priority at Evernote. Today, we’re happy to announce the availability of three new security features:<p>

Two-Step Verification<br />Access History<br />Authorized Applications</blockquote>

Which big services now don't have two-step authentication?]]></description>
<dc:subject>evernote security 2fa</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:be468f96db3e/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:evernote"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:2fa"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://bits.blogs.nytimes.com/2013/06/03/malware-that-drains-your-bank-account-thriving-on-facebook/">
    <title>Malware that drains your bank account thriving on Facebook &gt;&gt; NYTimes.com</title>
    <dc:date>2013-06-04T16:21:16+00:00</dc:date>
    <link>http://bits.blogs.nytimes.com/2013/06/03/malware-that-drains-your-bank-account-thriving-on-facebook/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Zeus is a particularly nasty Trojan horse that has infected millions of computers, most of them in the United States. Once Zeus has compromised a computer, it stays dormant until a victim logs into a bank site, and then it steals the victim’s passwords and drains the victim’s accounts. In some cases, it can even replace a bank’s Web site with its own page, in order to get even more information– such as a Social Security number– that can be sold on the black market.<p>

The Trojan, which was first detected in 2007, is only getting more active. <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/zeuszbot-malware-shapes-up-in-2013/">According to researchers at the security firm Trend Micro</a>, incidents of Zeus have risen steadily this year and peaked in May.</blockquote>

And malicious links to it are now appearing on Facebook. Beware: it seems the "Russian Business Network" is back in, well, business.]]></description>
<dc:subject>facebook malware security zeus</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:4c85af9c7417/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:facebook"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:malware"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:zeus"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.bbc.co.uk/news/technology-22526021">
    <title>Former Lulzsec hacker Jake Davis on his motivations &gt;&gt; BBC News</title>
    <dc:date>2013-05-16T21:18:32+00:00</dc:date>
    <link>http://www.bbc.co.uk/news/technology-22526021</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Jake Davis, who went by the online alias Topiary, says he now regrets "95% of the things I've ever typed on the internet".<p>

"It was my world, but it was a very limited world. You can see and hear it, but you can't touch the internet. It's a world devoid of empathy - and that shows on Twitter, and the mob mentality against politicians and public figures. There is no empathy.<p>

"So it was my world, and it was a very cynical world and I became a very cynical person."</blockquote>

Davis was, and is, witty and insightful. He has to serve 12 months in a youth offenders' facility; let's hope it passes quickly.]]></description>
<dc:subject>hackers hacking lulzsec security charlesarthur</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:16ea3c143c60/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hackers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hacking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:lulzsec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:charlesarthur"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.wired.com/threatlevel/2013/05/nsa-manual-on-hacking-internet/">
    <title>Use these secret NSA Google search tips to become your own spy agency &gt;&gt; Wired.com</title>
    <dc:date>2013-05-09T18:51:27+00:00</dc:date>
    <link>http://www.wired.com/threatlevel/2013/05/nsa-manual-on-hacking-internet/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Kim Zetter: <blockquote>The book was published by the Center for Digital Content of the National Security Agency, and is filled with advice for using search engines, the Internet Archive and other online tools. But the most interesting is the chapter titled “Google Hacking.”<p>

Say you’re a cyberspy for the NSA and you want sensitive inside information on companies in South Africa. What do you do?<p>

Search for confidential Excel spreadsheets the company inadvertently posted online by typing “filetype:xls site:za confidential” into Google, the book notes.<p>

Want to find spreadsheets full of passwords in Russia? Type “filetype:xls site:ru login.” Even on websites written in non-English languages the terms “login,” “userid,” and “password” are generally written in English, the authors helpfully point out.</blockquote>

And plenty more, err, helpful advice. (Thanks @ClarkeViper for the link.)]]></description>
<dc:subject>google hacking security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:4f731d1b6857/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:google"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hacking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://theonion.github.io/blog/2013/05/08/how-the-syrian-electronic-army-hacked-the-onion/">
    <title>How the Syrian Electronic Army hacked The Onion &gt;&gt; The Onion Tech Blog</title>
    <dc:date>2013-05-09T09:08:11+00:00</dc:date>
    <link>http://theonion.github.io/blog/2013/05/08/how-the-syrian-electronic-army-hacked-the-onion/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>This third and final phishing attack compromised at least two more accounts. One of these accounts was used to continue owning our Twitter account.<p>

At this point the editorial staff began publishing articles inspired by the attack. The second article, <a href="http://www.theonion.com/articles/syrian-electronic-army-has-a-little-fun-before-ine,32324/">Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Deaths At Hands Of Rebels</a>, angered the attacker who then began posting editorial emails on their Twitter account. Once we discovered this, we decided that we could not know for sure which accounts had been compromised and forced a password reset on every staff member’s Google Apps account.</blockquote>
]]></description>
<dc:subject>onion security twitter sea hacking google</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:0d771bd38c3c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:onion"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:twitter"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:sea"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hacking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:google"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://arstechnica.com/security/2013/04/huge-attack-on-wordpress-sites-could-spawn-never-before-seen-super-botnet/">
    <title>Huge attack on WordPress sites could spawn never-before-seen super botnet &gt;&gt; Ars Technica</title>
    <dc:date>2013-05-07T14:01:51+00:00</dc:date>
    <link>http://arstechnica.com/security/2013/04/huge-attack-on-wordpress-sites-could-spawn-never-before-seen-super-botnet/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Began in April; still ongoing. If you have a Wordpress site or blog then you should make sure that it's hardened. (Although by this time it might be too late, and you need to take remedial action.) Many sites are adding CAPTCHAs as front-end login pages.]]></description>
<dc:subject>blog botnet security wordpress</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:628f988f5600/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:blog"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:botnet"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:wordpress"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.aclu.org/blog/technology-and-liberty/aclu-files-ftc-complaint-over-android-smartphone-security">
    <title>ACLU files FTC complaint over Android smartphone security &gt;&gt; American Civil Liberties Union</title>
    <dc:date>2013-04-22T20:00:59+00:00</dc:date>
    <link>http://www.aclu.org/blog/technology-and-liberty/aclu-files-ftc-complaint-over-android-smartphone-security</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Chris Soghoian: <blockquote>Yesterday, we filed a complaint with the Federal Trade Commission (FTC) asking the agency to investigate the major wireless carriers for failing to warn their customers about unpatched security flaws in the software running on their phones. These companies—AT&T, Verizon, Sprint and T-Mobile—have sold millions of smartphones to consumers running versions of Google’s Android operating system. Unfortunately, the vast majority of these phones never receive critical software security updates, exposing consumers and their private data to significant cybersecurity-related risks.<p>

In a <a href="http://www.aclu.org/technology-and-liberty/ftc-complaint-smartphone-security">16-page complaint</a> filed with the FTC, we argue that the major wireless carriers have engaged in “unfair and deceptive business practices” by failing to warn their customers about known, unpatched security flaws in the mobile devices sold by the companies.
</blockquote>]]></description>
<dc:subject>android security malware</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:26567b4149c0/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:malware"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://nakedsecurity.sophos.com/2013/04/11/microsoft-look-like-being-next-with-2fa/">
    <title>Microsoft looks like being next with two-factor authentication &gt;&gt; Naked Security</title>
    <dc:date>2013-04-14T20:58:58+00:00</dc:date>
    <link>http://nakedsecurity.sophos.com/2013/04/11/microsoft-look-like-being-next-with-2fa/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Paul Ducklin, on what look like leaked screenshots of Microsof's 2FA: <blockquote>It's not clear exactly what the "Don't ask me for a code" tickbox is for, but it looks as though you will be able to exempt your most commonly-used device (say, your day-to-day laptop) from needing 2FA-protected logins.<p>

I hope that's not the case, because 2FA adds real value if you use it as a matter of routine, not if you use it only in special cases.<p>

Sure, you can argue that an oft-used and cherished laptop is less likely to get you into trouble with a keylogger than, say, a PC in an internet cafe or a kiosk at the airport.<p>

But if you care about security, you won't read your email, personal or business, on kiosks or in internet cafes at all.<p>

And if you genuinely cherish that oft-used laptop, and your oft-used accounts, you'll want only the best levels of security every time you use them.</blockquote>]]></description>
<dc:subject>2fa security microsoft</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:3872ae8cf6d1/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:2fa"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:microsoft"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.theverge.com/2013/3/29/4158594/password-denied-when-will-apple-get-serious-about-security">
    <title>Password denied: when will Apple get serious about security? &gt;&gt; The Verge</title>
    <dc:date>2013-03-29T19:38:34+00:00</dc:date>
    <link>http://www.theverge.com/2013/3/29/4158594/password-denied-when-will-apple-get-serious-about-security</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>When <em>Ars Technica</em> investigated <a href="http://arstechnica.com/apple/2012/03/how-safe-is-icloud-data-ars-investigates/">security issues in iCloud</a> last year, it found that "your data is <em>at least</em> as safe as it is when stored on any remote server, if not more so," but that its weaknesses lay in Apple's lack of disclosure of its security processes (even <em>Ars</em>' assessment depends on a fair amount of guesswork), its <a href="http://arstechnica.com/apple/2012/04/apple-holds-the-master-key-when-it-comes-to-icloud-security-privacy/">prioritization of ease-of-use</a> over full security, and its retention of encryption keys to iCloud data on its own servers. Apple's defense has traditionally been that its security processes are "industry-standard." But in the still-young consumer cloud, Apple is one of the leading companies helping to define that standard.</blockquote>

Good article pointing out how one email/password combination is the key to a huge number of services. But that's also the case for Google (email, documents, phone services, Play), Microsoft (email, cloud, store, Xbox). Everyone is vulnerable in some way.]]></description>
<dc:subject>apple security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:1a01be8657f6/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://blog.gsmarena.com/the-latest-security-flaw-in-sony-xperia-z-allows-you-to-bypass-its-lock-screen-in-few-simple-steps/">
    <title>The latest security flaw in Sony Xperia Z allows you to bypass its passcode lockscreen in few simple steps &gt;&gt; GSMArena Blog</title>
    <dc:date>2013-03-26T07:12:08+00:00</dc:date>
    <link>http://blog.gsmarena.com/the-latest-security-flaw-in-sony-xperia-z-allows-you-to-bypass-its-lock-screen-in-few-simple-steps/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>The software glitches in iOS 6.x devices, Samsung Galaxy Nexus, Samsung Galaxy S III, Galaxy Note II and few other Samsung Galaxy devices had allowed the users to bypass the lock screen of their devices. Now, a latest security flaw in Sony Xperia Z allows you to bypass its lock screen in few simple and easy steps.</blockquote>

Much, much easier than the iPhone or Samsung bypasses. No obvious protection.]]></description>
<dc:subject>sony security lockscreen</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:d50f30af923f/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:sony"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:lockscreen"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://m.imore.com/apple-rolls-out-fix-password-reset-security-hole-iforgot-site-back">
    <title>Apple rolls out fix for password reset security hole, iForgot site back up | iMore.com</title>
    <dc:date>2013-03-23T17:51:10+00:00</dc:date>
    <link>http://m.imore.com/apple-rolls-out-fix-password-reset-security-hole-iforgot-site-back</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Nick Arnott: <blockquote>Apple’s iForgot password reset page is now back online, and iMore has verified that the security hole, <a href="http://www.imore.com/newly-discovered-security-hole-lets-attacker-reset-your-apple-id-only-your-birthday-and-email">discovered earlier today in Apple’s password reset page</a>, has been closed.<p>

Previously, after providing a victim’s Apple ID and date of birth, an attacker could send a URL to Apple that would change the password for that account, without needing to answer any security questions. In response, Apple blocked access to the password reset page, and a short while later took the entire site down in light of another loophole that still allowed the attack to be performed.<p>

This vulnerability came at an interesting time, just a day after Apple began to roll out its two-step verification system. Users who had already enrolled in the new system seem to have been immune from the password reset vulnerability.<p>

Unfortunately some users were held in a three-day waiting period for enabling two-step verification, while others live in countries where two-step verification is not currently available.</blockquote>

About six hours from publicity to fix (though there's no way of knowing how long it might have been exploited before that (although <a href="http://www.vaibs.in/csrf-vulnerablity-on-apple-forgot-password-page/">the page</a> which detailed it was dated 22 March, the same day. Basically, it shows how risky GET is in URLs used for logins.]]></description>
<dc:subject>apple security password</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:537b3d2601f1/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:password"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://shkspr.mobi/blog/2013/03/new-bypass-samsung-lockscreen-total-control/">
    <title>New Samsung security flaw – disable lockscreen, get total control &gt;&gt; Terence Eden</title>
    <dc:date>2013-03-20T22:20:02+00:00</dc:date>
    <link>http://shkspr.mobi/blog/2013/03/new-bypass-samsung-lockscreen-total-control/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[The latest to occur only in Samsung's lockscreen, but not in stock Google: <blockquote>I have discovered another security flaw in Samsung Android phones. It is possible to completely disable the lock screen and get access to any app - even when the phone is "securely" locked with a pattern, PIN, password, or face detection. Unlike another recently released flaw, this doesn't rely quite so heavily on ultra-precise timing.</blockquote>

You do have to be pretty precise, though. But he unlocks the phone in less than 3 minutes. If it had been stolen, that might be enough. Samsung says it is "aware of it" - just as Apple has rolled out iOS 6.1.3, which removes its lockscreen bypass. (Thanks @rquick for the pointer; Eden also told us.)]]></description>
<dc:subject>mobile security samsung smartphone hacking</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:17ac7acb4198/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:mobile"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:samsung"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:smartphone"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hacking"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/">
    <title>The world has no room for cowards &gt;&gt; Krebs on Security</title>
    <dc:date>2013-03-19T06:11:44+00:00</dc:date>
    <link>http://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Brian Krebs: <blockquote>It’s not often that one has the opportunity to be the target of a cyber and kinetic attack at the same time. But that is exactly what’s happened to me and my Web site over the past 24 hours. On Thursday afternoon, my site was the target of a fairly massive denial of service attack. That attack was punctuated by a visit from a heavily armed local police unit that was tricked into responding to a 911 call spoofed to look like it came from my home.</blockquote>

Writing about hackers isn't the way to a quiet life.]]></description>
<dc:subject>internet security hackers krebs</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:6d16de1e71ee/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:internet"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hackers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:krebs"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://phys.org/news/2013-03-chrome-os-thwarts-pwnium.html">
    <title>Chrome OS thwarts attack attempts in Pwnium challenge &gt;&gt; Phys.org</title>
    <dc:date>2013-03-11T17:32:10+00:00</dc:date>
    <link>http://phys.org/news/2013-03-chrome-os-thwarts-pwnium.html</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Hackers at a please-hack-me contest at the CanWest security conference in Vancouver, BC, went home empty-handed. The contest during the Vancouver three-day conference on digital security ended up with enlightened participants capable of attempts nonetheless missing out on a massive pile of cash—the bounty was $3.14159 million — the reward for their efforts if successful. They were unable to break into Google's Chrome OS. This Pwnium 3 contest invited hackers to penetrate any holes they could find in the Chrome operating system.</blockquote>

Impressive. (Thanks @sputnikkers for the link.)]]></description>
<dc:subject>chromeos malware hacking security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:998ba6e43122/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:chromeos"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:malware"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hacking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.bbc.co.uk/news/technology-21697704">
    <title>Frozen Android phones give up data secrets &gt;&gt; BBC News</title>
    <dc:date>2013-03-07T20:54:20+00:00</dc:date>
    <link>http://www.bbc.co.uk/news/technology-21697704</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Freezing an Android phone can help reveal its confidential contents, German security researchers have found.<p>

The team froze phones for an hour as a way to get around the encryption system that protects the data on a phone by scrambling it.<p>

Google introduced the data scrambling system with the version of Android known as Ice Cream Sandwich.<p>

The attack allowed the researchers to get at contact lists, browsing histories and photos.</blockquote>

There's something delicious about using a freezer to attack Ice Cream Sandwich. (Thanks @challengingviews for the link.)]]></description>
<dc:subject>android security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:c5eae4c52955/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.computerweekly.com/blogs/open-source-insider/2013/03/the-secure-enterprise-android-dream-comes-of-age.html">
    <title>The secure enterprise Android dream awakens? &gt;&gt; Open Source Insider</title>
    <dc:date>2013-03-04T21:57:45+00:00</dc:date>
    <link>http://www.computerweekly.com/blogs/open-source-insider/2013/03/the-secure-enterprise-android-dream-comes-of-age.html</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Open source technology is not necessarily any less secure than proprietary.<p>

There - we've said it, do you feel better?<p>

Industry protagonists, commentators, analysts, evangelists and (god forbid) even bloggers cum technical journalists (scum of the Earth of course) have been advocating the wider "robustness" (cringes at industry marketing-speak term) of Linux and open platforms for a long time now.<p>

Let's look at the facts...</blockquote>

And carry on to the next one..]]></description>
<dc:subject>android security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:2d47ab631357/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://shkspr.mobi/blog/2013/03/samsung-lock-screen-security-flaw/">
    <title>Samsung lock screen security flaw &gt;&gt; Terence Eden</title>
    <dc:date>2013-03-04T12:06:35+00:00</dc:date>
    <link>http://shkspr.mobi/blog/2013/03/samsung-lock-screen-security-flaw/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Here's a rather nifty security flaw I discovered on Samsung's Android 4.1.2. It allows you - in limited circumstances - to run apps and dial numbers even when the device is locked.<p>…this attack is of limited value. That's one of the reasons why I've disclosed it.<p>

Making a call relies on the phone having a direct dial widget on the home screen.<p>

Running the apps is also of limited use - they go into the background immediately. If the app performs an action on launch (like recording from the microphone, switching on the flash, playing music, interacting with a server) that action will occur.</blockquote>

Also tested by us on a Samsung Galaxy S3; it's real. The home screen is there, but you have to be very quick to hit the home screen before the lock screen is reasserted. This seems to arise from Samsung's TouchWiz tweak of having "In Case of Emergency" (ICE) contacts; stock Android doesn't offer that.]]></description>
<dc:subject>samsung touchwiz security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:dbbf50712e7a/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:samsung"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:touchwiz"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://evernote.com/corp/news/password_reset.php">
    <title>Security Notice: Service-wide Password Reset &gt;&gt; Evernote</title>
    <dc:date>2013-03-02T22:17:33+00:00</dc:date>
    <link>http://evernote.com/corp/news/password_reset.php</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>Evernote's Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service…<p>In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.<p>

The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)<p>

While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure. </blockquote>

Evernote? Why?]]></description>
<dc:subject>evernote security hacker charlesarthur</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:b7be16d88e64/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:evernote"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hacker"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:charlesarthur"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://blogs.computerworld.com/desktop-apps/20845/explaining-confusion-over-flash-versions">
    <title>Explaining the confusion over Flash versions &gt;&gt; Computerworld Blogs</title>
    <dc:date>2013-02-28T21:03:37+00:00</dc:date>
    <link>http://blogs.computerworld.com/desktop-apps/20845/explaining-confusion-over-flash-versions</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[From August 2012. Clear as mud. (Thanks @LazioLazio for the link.)]]></description>
<dc:subject>flash security malware</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:a4e9707cb59d/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:flash"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:malware"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://thenextweb.com/apple/2013/02/26/no-the-new-ios-6-1-lock-screen-bypass-bug-does-not-allow-access-to-the-file-system/">
    <title>No, the new iOS 6.1 lock screen bypass bug does not allow access to your iPhone's file system &gt;&gt; The Next Web</title>
    <dc:date>2013-02-26T22:15:25+00:00</dc:date>
    <link>http://thenextweb.com/apple/2013/02/26/no-the-new-ios-6-1-lock-screen-bypass-bug-does-not-allow-access-to-the-file-system/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Matt Panzarino: <blockquote>Earlier today, word began getting around that there was a <a href="http://arstechnica.com/apple/2013/02/researchers-find-yet-another-way-to-get-around-ios-6-1-passcode/">new way to bypass the iOS 6.1 lock screen</a> and that this one was even worse, allowing full access to the user portion of the file system. Well, that’s not exactly true, as we’ve uncovered with some simple tests.<p>

The lock screen bug does in fact exist, and it works as advertised, bypassing the lock and bringing you to a blank black screen with just the status bar. But it allows you no access to anything, not pictures, not contacts and certainly not the file system.</blockquote>

<em>Two</em> ways to bypass the lock screen? ]]></description>
<dc:subject>ios apple security charlesarthur</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:9c5f17d48275/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:ios"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:charlesarthur"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.90percentofeverything.com/2011/03/25/fk-captcha/">
    <title>F**K CAPTCHA &gt;&gt; Harry Brignull</title>
    <dc:date>2013-02-22T15:40:44+00:00</dc:date>
    <link>http://www.90percentofeverything.com/2011/03/25/fk-captcha/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Brignull is a user experience designer and consultant: <blockquote>Users were directed to the sign-up form direct from the homepage before they could interact with the product. As you can see, there was a CAPTCHA at the bottom of the form (powered by reCAPTCHA). <strong>With this design, they had a conversion rate of roughly 48%. They then removed the CAPTCHA, and it boosted the conversion rate up to 64%. In <a href="http://www.90percentofeverything.com/2009/07/24/why-conversion-rate-uplift-percentages-can-be-confusing/">conversion rate lingo</a>, that&#8217;s an uplift of 33.3%!</strong> They replaced the CAPTCHA with <a href="http://haacked.com/archive/2007/09/11/honeypot-captcha.aspx">honeypot fields</a> and <a href="http://docs.jquery.com/Tutorials:Safer_Contact_Forms_Without_CAPTCHAs">timestamp analysis</a>, which has apparently proven to be very effective at preventing spam while being completely invisible to the end user.</blockquote>]]></description>
<dc:subject>security spam captcha</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:0fe9b8412708/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:spam"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:captcha"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.businessweek.com/articles/2013-02-14/a-chinese-hackers-identity-unmasked#p1">
    <title>A Chinese hacker's identity unmasked &gt;&gt; Businessweek</title>
    <dc:date>2013-02-18T06:52:03+00:00</dc:date>
    <link>http://www.businessweek.com/articles/2013-02-14/a-chinese-hackers-identity-unmasked#p1</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>[Joe] Stewart says he meets more and more people in his trade focused on China, though few want that known publicly, either because their companies have access to classified data or fear repercussions from the mainland. What makes him unusual is his willingness to share his findings with other researchers. His motivation is part obsession with solving puzzles, part sense of fair play. “Seeing the U.S. economy go south, with high unemployment and all these great companies being hit by China … I just don’t like that,” he says. “If they did it fair and square, more power to them. But to cheat at it is wrong.”</blockquote>

The internet forgets nothing.]]></description>
<dc:subject>china hacking security malware</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:beb82e0e14dd/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:china"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:hacking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:malware"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.forbes.com/sites/andygreenberg/2013/01/29/disable-a-protocol-called-upnp-on-your-router-now-to-avoid-a-serious-set-of-security-bugs/">
    <title>Disable This Buggy Feature On Your Router Now To Avoid A Serious Set Of Security Vulnerabilities - Forbes</title>
    <dc:date>2013-02-08T12:39:16+00:00</dc:date>
    <link>http://www.forbes.com/sites/andygreenberg/2013/01/29/disable-a-protocol-called-upnp-on-your-router-now-to-avoid-a-serious-set-of-security-bugs/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>You’ve probably never checked whether your Internet router is set by default to use a harmless-sounding protocol called Universal Plug and Play. If it does, now’s a good time to turn it off.<p>

The protocol, abbreviated UPnP, lets computers, printers, and other devices make themselves easily discoverable to a network router. But new research by the security firm Rapid7 shows that it could also let hackers easily discover and exploit those routers, too. And the problem is “universal,” indeed: A wide-ranging scan of the Internet show that it affects as many as 50 million unique devices.</blockquote>

Rapid7 has released a <a href="http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp">scanning tool</a> (Windows only, so far) to let you find out whether your devices are vulnerable.]]></description>
<dc:subject>internet security malware</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:5bf15ce4e9a0/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:internet"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:malware"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://arstechnica.com/security/2013/02/adobe-issues-emergency-flash-update-for-attacks-on-windows-mac-users/">
    <title>Adobe issues emergency Flash update for attacks on Windows, Mac users &gt;&gt; Ars Technica</title>
    <dc:date>2013-02-08T07:15:25+00:00</dc:date>
    <link>http://arstechnica.com/security/2013/02/adobe-issues-emergency-flash-update-for-attacks-on-windows-mac-users/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Would we be better off without it?]]></description>
<dc:subject>flash windows malware security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:4ed1797429fc/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:flash"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:windows"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:malware"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://news.ycombinator.com/item?id=4860203">
    <title>I'm one of the lead devs on the Chrome Windows sandbox... &gt;&gt; Hacker News</title>
    <dc:date>2013-01-22T11:30:13+00:00</dc:date>
    <link>http://news.ycombinator.com/item?id=4860203</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Justin Schuh says XP is a dog - a dead one - when it comes to security: <blockquote>Seriously, I've spent many weeks trying to wring every last bit of security I can out of XP, and I really do think that Chrome does the best anyone possibly could on that front. But in the end XP is just an OS that's far past its security expiration date, and running it at all means taking a big risk.</blockquote>

Are you still using it? (Via Ed Bott)]]></description>
<dc:subject>windowsxp security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:0220c42022e0/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:windowsxp"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://arstechnica.com/security/2012/07/android-nokia-smartphone-hack/">
    <title>July 2012: Android, Nokia smartphone security toppled by NFC hack &gt;&gt; Ars Technica</title>
    <dc:date>2013-01-22T06:50:07+00:00</dc:date>
    <link>http://arstechnica.com/security/2012/07/android-nokia-smartphone-hack/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>By exploiting multiple security weakness in the industry standard known as Near Field Communication, smartphone hacker Charlie Miller can take control of handsets made by Samsung and Nokia. The attack works by putting the phone a few centimeters away from a quarter-sized chip, or touching it to another NFC-enabled phone. Code on the attacker-controlled chip or handset is beamed to the target phone over the air, then opens malicious files or webpages that exploit known vulnerabilities in a document reader or browser, or in some cases in the operating system itself.</blockquote>

The attack can work against Jelly Bean too, to drive the phone via NFC to a specific web page with an exploit. It's a dilemma: have NFC enabled so it's convenient, or have it disabled so you have to turn it on to make use of it only when you want (which implies having to unlock your phone and drill down through the settings to activate it).]]></description>
<dc:subject>android nokia nfc security malware</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:aba17094ace8/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:android"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:nokia"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:nfc"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:malware"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.schneier.com/blog/archives/2012/12/terms_of_servic.html">
    <title>Terms of Service as a Security Threat &gt;&gt; Schneier on Security</title>
    <dc:date>2013-01-04T16:31:50+00:00</dc:date>
    <link>http://www.schneier.com/blog/archives/2012/12/terms_of_servic.html</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Bruce Schneier: <blockquote>Those [T&C] paragraphs sure sound like Prezi can do anything it wants, including start a competing business, with any presentation I post to its site. (Note that Prezi's <a href="http://prezi.com/-xhkitvsivku/prezi-terms-of-use/">human readable - but not legally correct - terms of use</a> document makes no mention of this.) Yes, I know Prezi doesn't currently intend to do that, but things change, companies fail, assets get bought, and what matters in the end is what the agreement says.<p>

I don't mean to pick on Prezi; it's just an example. How many other of these Trojan horses are hiding in commonly used cloud provider agreements: both from providers that companies decide to use as a matter of policy, and providers that company employees use in violation of policy, for reasons of convenience?</blockquote>

(Thanks @rquick for the link.)]]></description>
<dc:subject>cloud security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:1fec0553d3a1/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:cloud"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://tidbits.com/article/13461">
    <title>Examining Apple’s security efforts in 2012 &gt;&gt; TidBits</title>
    <dc:date>2012-12-20T21:18:14+00:00</dc:date>
    <link>http://tidbits.com/article/13461</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[Rich Mogull: <blockquote>The slightest Apple security or privacy glitch creates an instant media frenzy, the online equivalent of the local news telling parents that drinking water will poison their children. 2012 also saw the first widespread, albeit non-damaging, Mac malware. “BYOD” (bring your own device) is the biggest hot-button issue in enterprise security, and is predominantly driven by user demands to support iPhones, iPads, and Macs. I can no longer walk into a meeting with enterprise IT without at least some Macs or iPads in the room, officially supported or not.<p>

This is a nearly complete reversal from just five years ago…<p>Another strong indicator of iOS security is that digital forensics firms, those who produce the software used by law enforcement to recover data from mobile phones and computers, are as yet unable to crack data protected by the highest level of iOS encryption enabled by default (for email and participating apps) when you set a good passcode.</blockquote>

He reckons Apple security generally is better now than at any time he's been examining it.]]></description>
<dc:subject>apple ios security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:78fced122d5c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:apple"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:ios"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://nakedsecurity.sophos.com/2012/12/05/eu-domain-abuse/">
    <title>Abuse of .EU domains by malware gangs continues despite Registrar notification &gt;&gt; Naked Security</title>
    <dc:date>2012-12-05T21:30:04+00:00</dc:date>
    <link>http://nakedsecurity.sophos.com/2012/12/05/eu-domain-abuse/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[What the world really needs is a lot more TLDs and even more registrars. Isn't it?]]></description>
<dc:subject>security malware</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:86654e844660/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:malware"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.theregister.co.uk/2012/11/27/bt_phone_call_plan_privacy/">
    <title>BT.com blats small privacy bug, ignores GAPING HOLE &gt;&gt; The Register</title>
    <dc:date>2012-11-28T22:32:25+00:00</dc:date>
    <link>http://www.theregister.co.uk/2012/11/27/bt_phone_call_plan_privacy/</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>BT has squashed a mild website privacy bug reported by a Reg reader - but the telco has refused to address a related issue that allows anyone to add paid-for features to any BT landline.<p>

The latter problem, described by the telco as a "customer convenience", can be exploited using just a property's postcode and phone number to cause mischief and inconvenience.<p>

However, the other flaw, which revealed the full name of the landline account holder, has been fixed.</blockquote>

Ouch.]]></description>
<dc:subject>bt security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:ad65f2b11b16/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:bt"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.guardian.co.uk/uk/2012/nov/20/prince-william-photos-mod-passwords">
    <title>Prince William photos slip-up forces MoD to change passwords &gt;&gt; The Guardian</title>
    <dc:date>2012-11-21T12:16:48+00:00</dc:date>
    <link>http://www.guardian.co.uk/uk/2012/nov/20/prince-william-photos-mod-passwords</link>
    <dc:creator>guardiantech</dc:creator><description><![CDATA[<blockquote>The photographs, which included those of the prince sitting at a computer with a document on his desk, and another of him attending a briefing, had to be replaced and new versions launched with sensitive details pixelated out.<p>

As a precaution, the MoD has been forced to reset the user names and passwords of some RAF staff on its internal system.</blockquote>

Moral: don't pin usernames and passwords to the wall. ]]></description>
<dc:subject>mod password security</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:guardiantech/b:6b2e47cdc2da/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:mod"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:password"/>
	<rdf:li rdf:resource="https://pinboard.in/u:guardiantech/t:security"/>
</rdf:Bag></taxo:topics>
</item>
</rdf:RDF>