TaskRabbit has been brought back to life – Security industry opinion

At the beginning of this week (Monday 16th), TaskRabbit, the IKEA-owned mobile marketplace that matches freelance labour with local demand, had its website and app hacked resulting in both shutting down and going offline. The company had offered a statement to its customers saying, “ we understand how important your personal information is and are working with an outside cybersecurity firm and law enforcement to determine the specifics.”

Aflac Duck may have helped build a company’s brand, but its CSO helped to build trust in Aflac

While a yoga-exercising, goofy, attention-loving duck who appeared in his first TV commercial back in 1999 has made Aflac a virtual household name, there are other of its corporate stars beyond the public eye at the insurance company who play vital roles in keeping the organization, its clients, critical data, and intellectual property — maybe even that of the duck’s, safe. 

Is Enumerating Resources on a Website “Hacking”?

I saw a story pop up this week which made a bunch of headlines and upon sharing it, also sparked some vigorous debate. It all had to do with a 19-year-old bloke in Canada downloading some publicly accessible documents which, as it later turned out, shouldn’t have been publicly accessible. Let’s start with this video as it pretty succinctly explains the issue in consumer-friendly terms:

Asia And Middle East Are Hotbeds For Malicious Cyber Activity

The Middle East and Asia have become the new hunting ground for malicious APT activity, with hackers using new techniques to target organisations according to new research. It was revealed that there had been a surge in the activities of Chinese-speaking hackers targeting government entities mainly in Taiwan and Malaysia, and CardinalLizard, which in 2018 increased its interest in Malaysia alongside an existing focus on the Philippines, Russia, and Mongolia. Chris Doman, Security Researcher at AlienVault commented below.

WinMagic’s Latest Software Delivers Unified Encryption And Key Management With A Single Pane Of Glass

WinMagic, a leading encryption solutions provider, today announced the launch of its latest software release, SecureDoc 8.2.  Purpose-built for a new, unified approach to encryption and key management, SecureDoc 8.2 will enable industry-leading data security across endpoints, data centres, hyper-converged infrastructures and into the cloud – and view it all from a Single Pane of Glass.

LinkedIn’s AutoFill plugin could leak user data, secret fix failed

Facebook isn’t the only one in the hot seat over data privacy. A flaw in LinkedIn’s AutoFill plugin that websites use to let you quickly complete forms could have allowed hackers to steal your full name, phone number, email address, ZIP code, company and job title. Malicious sites have been able to invisibly render the plugin on their entire page so if users who are logged into LinkedIn click anywhere, they’d effectively be hitting a hidden “AutoFill with LinkedIn” button and giving up their data.

Announcing how startups can exhibit for free at Disrupt SF with Top Picks

TechCrunch’s top goal at Disrupt SF (September 5-7) is to help early-stage founders get lots of attention, which is why every year we introduce more and better ways to make that happen. This year we’re adding TC Top Picks, a new program that will provide 60 top founders the opportunity to exhibit free of charge for one day in Startup Alley and three free Founder Passes for all three days of the show, including access to CrunchMatch, TechCrunch’s founder-investor matching service.

Components: Increasing Speed and Risk

Open source component vulnerabilities have been a hot topic in the security industry as well as in the media. It used to be the main concern in software development was making sure you testing throughout the SDLC. While this is still a crucial part of making sure your software is secure, component security has grown in importance. As Tim Jarrett, Director of product management at CA Veracode explained “Software development has changed a lot over past 10 years.”  Software today is mostly assembled rather than composed. CA Veracode’s data shows that between 80 and 90 percent of an application is made up of someone else’s code. And when there is a vulnerability in one of these components it ends up spreading to all the applications which contain that component. No wonder we are seeing such widespread proliferation of vulnerabilities and seeing major breaches.

Why Your GPS Receiver Isn’t Bigger Than a Breadbox

Advertisement

Editor’s Picks

As I drive through the vineyard-covered hills of San Luis Obispo, Calif., the tiny Global Positioning System receiver in my phone works with Google Maps to alert me to upcoming turns. The app reassures me that I’ll arrive at my destination on time, in spite of a short delay for construction.

Perspectives on Russian hacking

Russia is an endlessly fascinating subject both in and around infosec. Recent years have shifted attention away from pure malware capabilities, to psyops, social engineering, and an endless slew of mind games designed to destabilize and keep nations ever-so-slightly off balance.

For GPS, Also Thank Ivan Getting; He Got “the Damn Thing Funded”

Advertisement

In 1991, I sat down with Ivan Getting, then age 79 and retired but still serving on the boards of directors of several companies. The U.S. satellite navigation system, now referred to as GPS, then more commonly called Navstar, wasn’t complete, but covered most of the world and had proved essential to the U.S. military in the Persian Gulf War. We thought Spectrum’s readers would want  to know more about how Getting came to play such a big role in making Navstar.