itwbennett writes: According to a report on CSO Online, 'Moscow-based forensics firm Elcomsoft noticed it was able to pull supposedly deleted Safari browser histories from iCloud accounts.' Elcomsoft CEO Vladimir Katalov, writing about the finding in a blog post on Thursday, said that 'we discovered that deleting a browsing history record makes that record disappear from synced devices; however, the record still remains available (but invisible) in iCloud. We kept researching, and discovered that such deleted records can be kept in iCloud for more than a year.' Katalov added that they were also able to 'pull additional information about Safari history entries including the exact date and time each record was last visited and deleted.' For its part, Apple did not immediately respond to a request for comment. The CSO article also notes that 'Elcomsoft has previously found that Apple was saving users’ call history to iCloud, but offering no explicit way to turn the synching on or off.'
itwbennett writes: The IRS starts processing tax returns today, but early filers who claim the Earned Income Tax Credit or the Additional Child Tax Credit, won't receive their refunds until Feb. 15. The delay gives the IRS extra time to spot fraud, but it also hurts lower income Americans for whom, the "refund check is the largest payment they’ll see all year," notes CSO's Steve Ragan. A USA Today article points out that the maximum annual income to qualify for the Earned Income Tax Credit in 2016 is $50,198 for married couples who file jointly and have two children. 'Early filers who don't claim the EITC or ACTC should receive refunds in less than 21 days after their returns are accepted for processing,' writes Kevin McCoy.
itwbennett writes: Citing the involvement of Volkswagen engineers in the emissions scandal, the fake news 'epidemic' on Facebook and elsewhere, and the president elect's promise to create a Muslim registry, CIO.com's Sharon Florentine proposes that the time might be right for an 'all-encompassing set of [ethics] standards that includes the entire industry.' This isn't a new idea, and the world has certainly not gotten any less complicated. As Florentine puts it, 'there's no way to know definitively every possible outcome of the development and use of every piece of technology, every line of code.' But would having an industry code of ethics at least give some guidance to developers who feel they're being asked to do something unethical?
itwbennett writes: On Monday, Deutsche Telekom reported that close to a million customers experienced internet connection problems from the new Mirai strain infecting their routers. Now security firm Flashpoint is saying the problem is more widespread and could affect up to 5 million internet routers and modems across the globe, including in the U.K., Brazil, Iran and Thailand. It’s still unclear how many devices have been infected, but Flashpoint estimates that as many as five million devices are vulnerable. 'If even a fraction of these vulnerable devices were compromised, they would add considerable power to an existing botnet,' Flashpoint said in a Tuesday blog post.
itwbennett writes: On Sunday, malware researcher Bart Blaze discovered an attack that uses Facebook Messenger to spread Locky ransomware. 'The Ransomware is delivered via a downloader, which is able to bypass whitelisting on Facebook by pretending to be an image file,' CSO's Steve Ragan explains.
itwbennett writes: Calling regulations a 'knee-jerk reaction' and potential 'innovation killer,' Representative Greg Walden, an Oregon Republican, showed the resistance Bruce Schneier faced in when he testified before Congress about internet of things security today. And, completely missing the point about what is at risk, Walden added, 'I don't think I want my refrigerator talking to some food police.'
itwbennett writes: In a blog post published four days after the election, Facebook founder and CEO Mark Zuckerberg defended the social network as a neutral party that doesn't bear the same responsibilities as a media outlet and said that Facebook should be 'extremely cautious about becoming arbiters of truth ourselves.' But the company is walking a fine line, says CIO.com's Matt Kapko:
Politics aside, the contradictions Zuckerberg made about the social network's influence and its potential impact on users could become a glaring problem. If the content, including any misinformation, that Facebook distributes to more than 1.79 billion people every month can't influence the outcome of an election, just how effective are the $6.8 billion in ads it sold during the third quarter of 2016?
itwbennett writes: Over the course of a few weeks, Amihai Neiderman, the head of research at Israeli cybersecurity firm Equus Technologies, made a project of finding a way to compromise a wireless hotspot that he noticed on his way home from work one day. Neiderman presented his findings and reverse-engineering efforts Thursday at the DefCamp security conference in Bucharest, Romania. You can read about it here. The bottom line: a buffer overflow in a single router model could have endangered thousands of Wi-Fi users.
itwbennett writes: Using fake cell towers to track and identify mobile phone users has been rendered passe by research Piers O'Hanlon and Ravishankar Borgaonkar from the University of Oxford's Department of Computer Science. The pair found that, for the purpose of tracking only, Wi-Fi networks can also be used to trick mobile devices into exposing their IMSI numbers. That's thanks to protocol and configuration weaknesses in mobile data offloading technologies such as automatic Wi-Fi connections and Wi-Fi calling that mobile operators are increasingly adopting to reduce costs and congestion on their cellular networks.
itwbennett writes: In November 2015, two weeks before he retired, an employee at the Office of the Comptroller of the Currency, which is a part of the Department of the Treasury, downloaded a large amount of data to two thumb drives, which he is now unable to locate. The agency reported the case to Congress on Friday, saying the loss represented 'a major information security incident' and described the data as 'controlled unclassified information, including privacy information.' The FDIC has had similar problems with bank records walking out the door on removable media. In those cases, the agency considered the data breaches to be 'inadvertent' copying of personal banking information that happened when departing employees were copying personal information to removable media, Lawrence Gross Jr., according to the FDIC's CIO.