17 Canadian federal depts. and agencies failed basic tests for credit card data security

Facebook
Share this

The Canada Revenue Agency, the RCMP, Statistics Canada and more than a dozen other federal departments and agencies have failed an international test of the security of their credit card payment systems. Altogether, half of the 34 federal institutions authorized by the banking system to accept credit-card payments from citizens and others have flunked the test — risking fines and even the revocation of their ability to accept credit and debit payments. Those 17 departments and agencies continue to process payments on Visa, MasterCard, Amex, the Tokyo-based JCB and China…

Share this
Read More

Rogue Move? Facebook to start flooding WhatsApp with Ads in 2019

WhatsApp launches end-to-end encryption on messages for all its users
Share this

WhatsApp has been free, but soon users can expect a significant change in their experience of WhatsApp. The Android and iOS chat app, originally released in 2009, will start to embed paid-for content in the app’s Status feature from 2019. The Status feature is similar to Stories on Instagram and Facebook, letting users upload Snapchat-style pics and videos that can be viewed for 24 hours. Facebook wants to interrupt some of these Statuses with short ads, although details are light. WhatsApp’s co-founders were famously against ads, and supportive of encrypted…

Share this
Read More

Apple cracking down on apps store, requires all to define a privacy policy

Share this

Apple is taking an unprecedented step on its store in the fight for privacy. The tech company is cracking down on apps that don’t communicate to users how their personal data is used, secured or shared. In an announcement posted to developers through the App Store Connect portal, Apple says that all apps, including those still in testing, will be required to have a privacy policy as of October 3, 2018. The rules go into effect on October 3rd. Apple says that current software without a policy won’t be removed…

Share this
Read More

South Africa’s Second biggest database leak exposes almost 1 million personal records

Share this

Barely a year after South Africa’s largest data leak was revealed in 2017, the country has suffered yet another data leak as 934,000 personal records of South Africans have been leaked publicly online. The data includes, among others, national identity numbers (ID numbers), e-mail addresses, full names, as well as plain text passwords to what appears to be a traffic fines related online system. Working together with Troy Hunt, an Australian Security consultant and founder of haveibeenpwned, along with an anonymous source that has been communicating with iAfrikan and Hunt, we’ve managed to establish that the…

Share this
Read More

Researchers have found a vulnerability in two popular email encryption protocols

Share this

European security researchers have found an alarming new vulnerability in the most common forms of email encryption. The attack, described in a report published Monday morning, lets bad actors inject malicious code into intercepted emails, despite encryption protocols designed to protect against code injection. Implemented correctly, the malicious code could be used to steal the entire contents of a target’s inbox. The vulnerability affects two of the most common email encryption protocols, PGP and S/MIME, although the degree of vulnerability depends heavily on the client’s implementation of the protocol. A…

Share this
Read More

Laundered Bitcoin Billions Linked to UK Company

Share this

A UK company has been linked to the laundering of 650,000 stolen bitcoins worth £4.5bn.The coins were taken by hackers from Tokyo-based Bitcoin exchange Mt Gox, leaving tens of thousands of customers out of pocket. It’s not clear who is in control of the London-based firm Always Efficient LLP. Mt Gox operator Mark Karpeles apologised to investors and said he was co-operating with the investigation. The FBI has charged a Russian national with laundering the stolen bitcoins. Mt Gox matched up those who wanted to buy the crypto-currency with dollars,…

Share this
Read More

Winter Olympics hit by cyber-attack

Share this

The official Winter Olympics website was taken offline after being hit by a cyber-attack, officials have confirmed. The site was affected just before the beginning of the opening ceremony in Pyeongchang, South Korea. TV and internet systems at the Games were also disrupted, though operations were restored about 12 hours later. However, a spokesman said that the International Olympic Committee would not be commenting on who might have been behind the incident. “Maintaining secure operations is our purpose,” said Mark Adams. He added that the issue was being dealt with…

Share this
Read More

Dutch DDoS mystery: Who’s behind the sudden massive wave of attacks on banks?

Share this

There is as yet no indication of who is behind the massive distributed denial of service (DDoS) attacks on Netherlands banks and government websites that ran from last weekend to Tuesday. Initial reports suggesting a Russian connection appear baseless. The attacks began just a couple of days after media reports stated that Dutch intelligence tipped off their American counterparts about state-sponsored Russian spies hacking the apparatus of the Democratic Party and stealing the infamous “leaked emails” that may have swayed the 2016 election. “This weekend’s DDoS attacks were heavier than…

Share this
Read More

Microsoft issues emergency Windows update in a move to disable Intel’s buggy Spectre fixes

Share this

Microsoft has issued another out-of-band security update this month, to deal with the issues around Intel’s Spectre firmware updates. Intel warned last week that its own security updates have been buggy, causing some systems to spontaneously reboot. Intel then buried a warning in its latest financial results that its buggy firmware updates could lead to “data loss or corruption.” Intel has been advising PC makers and customers to simply stop updating their firmware right now, until properly tested updates are available. Microsoft has gone a step further, and is issuing…

Share this
Read More

Fitness app Strava exposes the location of military bases

Share this

Strava, the popular app for tracking running, cycling and swimming, is not the most obvious go-to for exposing national secrets, but a heatmap of activity from users has been found to unearth the locations of U.S. military bases worldwide. The company’s review of 2017 showed all routes taken by its users across the world. It was released back in November 2017, but it came to the fore this weekend when Australian student Nathan Ruser noticed that trails from Strava users in certain countries made it possible to identify military from the U.S. and…

Share this
Read More