Our security roundup series covers the week’s trending topics in the world of information security. In this compilation, we’ll let you know of the latest announcements, reports and controversies that the industry has been talking about recently.
Here’s what you don’t want to miss from the week of August 9th, 2015:
- The biggest controversy of the week goes to Oracle, after it’s CSO published a condescending blog post titled, “No, You Really Can’t,” talking down to the infosec research community, as well as its own customers. In her rant, Mary Ann Davidson went on to discourage security researchers from reverse engineering their code because Oracle can find the bugs on their own; plus, it’s against the EULA. Amidst the angry backlash from readers, Oracle took down the post, stating it didn’t “reflect its beliefs or relationship with customers.”
- Harvard student and would-be Facebook intern developed a Chrome extension that highlighted a privacy flaw in the social network’s mapping feature. Called Marauders Map, the app used available location data from Facebook’s Messenger to map out exactly where users were when they sent the message. Facebook felt this violated its terms and demanded the tool be taken down, in addition to withdrawing the student’s internship offer.
- Researchers at the University of California, San Diego, found a way to remotely hack the brakes of a 2013 model Corvette by exploiting the insurance dongle used to monitor speed and location. Though the device distributor has since issued an over-the-air security update, the researchers claim the hack could be modified to access most modern vehicles, not just Corvettes or Chevrolets.
- British mobile phone retailer Carphone Warehouse experienced a massive data breach, which exposed the personal information of up to 2.4 million customers, along with nearly 90,000 customers’ encrypted credit card data. The U.K. Information Commissioner’s Office (ICO) is investigating the incident, while the company said it’s beefing up its security to prevent further attacks.
- Dropbox introduced Universal 2nd Factor (U2F) security keys as an additional method for two-step verification, providing users stronger defense against credential stealing attacks. The popular file-sharing service said the physical key, which slots into a device’s USB port, uses cryptographic communication and only works on the legitimate Dropbox website.
- Computer manufacturer Lenovo found itself in hot water again after it was allegedly caught installing its own proprietary software on Windows PCs. Numerous users found computers were automatically downloading an application called “Lenovo Service Engine,” which would reinstall itself after a clean reboot of the operating system. The news sounds pretty similar the company’s last PR nightmare, known as ‘Superfish’ – the pre-installed software in Lenovo’s PCs and laptops that inserted adverts.
- Samsung announced the launch of its own mobile payment solution, called Samsung Pay. The feature is set to launch in South Korea, and is expected to become available in the US at the end of September with the Galaxy S6 Edge+ and the Galaxy Note 5. The move follows its acquisition of LoopPay back in February in an effort to rival its competition with Apple Pay and Android Pay.
Title image courtesy of ShutterStock