Posts about

Threats (5)

Capitalising on Uber's London Misadventure

October 17, 2017

Rival Cab Companies Are Quick to Move, But Cyber Criminals May be Quicker Read Full Story

Unintentional Unpinning with Firebase

August 28, 2017

Google's Firebase provides comprehensive set of analytics services for developers to integrate with their apps. On Android the basic functionality is enabled simply by integrating the desired plugins. No code changes required. Read Full Story

Swipe Left to Scrape

May 2, 2017

Yesterday morning security forums reported news that an AI researcher had published a dataset of 40,000 photos that had been scraped from the dating app Tinder. The purpose was simply to extract a real world data set that can be used for training Convolutional Neural Networks (CNN) to tell the difference between men and women. This seems innocent enough, although the author's choice of variable naming caused a bit of a stir. He quickly changed the variable name "hoe" to "subject" soon after the story broke. Apparently this original naming was inherited from the Tinder Auto-Liker code. Read Full Story

Richer Client, Poorer Security?

April 19, 2017

(Image courtesy of Steve F) Read Full Story

Adapting OAuth2 for Internet of Things (IoT) API Security

March 30, 2017

On Friday, 21 October 2016, multiple waves of distributed denial of service (DDoS) attacks shut down major internet services across the United States and Europe. The attacking botnet army consisted mainly of printers, IP cameras, residential gateways, and baby monitors infected with Mirai malware. Mirai targets IoT devices, and though each individual IoT device was not very powerful, taken together these devices did significant damage. For many mainstream internet users, the need for strong IoT security became painfully obvious. Read Full Story

There's a Fake App for That

January 10, 2017

The well-respected Coach brand stands for authenticity, innovation, and relevance. They are a luxury brand, so you might be a bit surprised to find in mid-October that the Coach mobile app in the iTunes App Store was offering an extra 20 percent off bags, shoes and accessories. Act fast but watch out, because Coach doesn't really have an iPhone app! Read Full Story

The Rise of DDoS

October 18, 2016

The attack on the website of Brian Krebs and the release of the Mirai malware source code demonstrates the challenges that face the anti-bot world. At its peak, the Krebs on Security DDoS attack was generating 620Gbps of traffic, mostly from IoT devices. With the ever increasing number of internet connected devices, and their current security shortcomings, it should come as little surprise that the scale of DDoS attacks is increasing. Read Full Story

Securing Pokémon

July 26, 2016

A massive success, a staggered worldwide release, ravening hordes of eager adults (and children) with an obsessive urge to catch ’em all. I am of course talking about Pokémon GO from Niantic. Read Full Story