Insights For Success

Strategy, Innovation, Leadership and Security

InfoSec

250,000 twitter accounts hacked

InfoSecEdward Kiledjian
It has been a bad week for popular websites (getting hacked). Now Twitter has come forward and acknowledged that 250,000 accounts were hacked. The attacker may have had access to email addresses, encryption passwords and session tockens.
What is worrisome is that Twitter has claimed that the attack was "extremely sophisticated" and that they saw this same pattern of attach against other sites. Twitter is being proactive and is forcing users of those affected accounts to immediately change their passwords  (those affected should have received an email from the company).
Stay vigilant. Use unique tough to guess passwords and change your passwords often.
Read the twitter blog entry here.

Whatsapp breaking Canadian privacy laws

InfoSecEdward Kiledjian

It seems everyone’s favorite cross-platform  Instant Messaging app has is violating Canadian  privacy laws (according to the Office of the Privacy Commissioner of Canada). The OPC found that on all devices (except IOS 6), the App requires access to the users address book to function. This means that non WhatsApp user information is being stored on the WhatsApp servers without the permission of these users.

WhatsApp is “trying to meet” Canadian regulations by adding encryption and other protections but the OPC believes they are not yet compliant with Canadian law and will continue monitoring the firms progress. Their official monitoring statement says:

"Under Canada’s PIPEDA, the OPC will monitor the company’s progress in meeting commitments made in the course of investigation. In most cases, companies are cooperative in meeting their obligations, and WhatsApp has demonstrated a willingness to fully comply with the OPC’s recommendations."

You can read the the official report fropm the Office of the Privacy Commissioner of Canada here.

How to properly lock down your Facebook privacy settings

InfoSecEdward Kiledjian

Facebook has gone to great length to make sure everyone know that Graph Search won’t reveal anything that isn’t already visible to the person conducting the search. However people may be able to find information about you because of privacy setting misconfigurations you may have made.

It is a great time to make sure you have properly locked down your Facebook privacy settings. Click on the little gear icon (upper right hand side) and choose “Privacy Settings”.

First

Then

Then

The ” Who can see my stuff “ section controls who can see your information when conducting a Graph Search. 

The on the left hand side, click on Timeline and tagging to check out the other important security settings.

 Once there, check out these settings:

 

As much as possible, I would recommend limiting most settings to Friends.

 

 

Employees leaking information to competitors

InfoSecEdward Kiledjian

As an infosec leader working for a large multinational, a lot of risks keep me up at night. Most execs still believe (mistakenly) that the biggest risks come from the outside. Imagine my interest when I learned that AMD is suing 6 former employees because it believes they leaked over 100,000 documents ("trade secret materials relating to developing technology") to NVIDIA.

The complaint says these employees took the info with them when they switched employers. AMD claims to have uncovered evidence of their claim using “forensically revealed data”. As expected, the company intends to aggressively protect its Intellectual Property using litigation and the court system.

 

Silent Circle enables secure VOIP calling from Android

InfoSecEdward Kiledjian

I wrote about Silent Circle in October and was excited to learn that they recently released an Android app and enabled Out of Circle calling. Silent Circle will enable secure voice, text, email and video chatting from any Silent Circle client to another (Android -> Android or Android -> iPhone).

The app can be downloaded from the Google Play Store. Using their service is simple and straightforward. You download the app, create an account and then pay the $20 monthly service fee. As soon as this is done, you will be able to call Silent Circle to Silent Circle securely regardless of where in the world you are (over WIFI, 3G or 4G).  

They also added an "Out-Circle Access" which will enable Silent Circle users to call regular phone lines. You link is encrypted from the device until the Silent Circle boundary (which is a nice feature for people working in some questionable countries). This feature costs an additional $29 a month but includes unlimited calling to Canada, US and Puerto Rico.

Here is the full Press Release

 

Silent Circle Releases Silent Phone For Android And Out-Circle Access (via PR Newswire)

Private encryption service developed by PGP inventor Phil Zimmermann protects voice and video calls on both Android and iOS devices across cellular and Wi-Fi networks Download image WASHINGTON, Jan. 16, 2013 /PRNewswire/ -- Silent Circle, a global private encrypted communications firm revolutionizing…