Thursday, February 16, 2017

Security Smorgasbord, vol 7 no 1

Boy, it's been long time since I've done one of these.

Protecting yourself from phishing attacks in email.  "Phishing" is a technique where a Bad Guy tries to trick someone into giving up information or installing malicious code.  It is usually done via email or social media.  Microsoft has a really good article on how to detect that someone is trying to do this to you.

Google: Android security is pretty darn good, despite what you've heard.They claim to have data and everything.  The claim is that most people who get malware on their Android device did it by downloading something dodgy on purpose:
It also fitted a pattern he had noticed, that there isn't really any complex malware out there in the wild infecting Android devices. Software nasties tend to be sleazy apps, installed by punters, that do unpleasant things in the background, rather than malicious code that silently infects devices via webpages, text messages, and so on. 
“Most of the abuse we get isn’t interesting from a security perspective,” he said. “We see spamming ads for fake antivirus stuff but it’s really basic social engineering. Even if malware is installed it seldom involved privilege escalation, it primarily just downloads other apps.” 
The same thing seems to be happening in Apple's iOS world, too, he said. 
Remember Borepatch's First Law Of Security: "Free Download" is internet-speak for "Open your mouth and close your eyes".

The secret chat app used by Donald Trump's people.  I'm not sure how much I'd trust it, but then again I'm not sure how much I'd trust anything.  Actually, I am pretty sure how much I trust anything (answer: not much).  Still, this does seem to minimize a number of opportunities for Opsec failures.

Life, the Universe, and Everything about security.  The answer means that you don't really understand the question, but there are some of security's Hall Of Famers here talking about it all.

No comments: