Naked Security

A wrap-up of the news and talks from CanSecWest 2012 in Vancouver. I highlight talks on pen testing, social authentication, vulnerability mitigation and the Duqu command and control servers.

Police have arrested a 27-year-old man, suspected of defacing and hacking into the website of Britain's largest single abortion provider.

Messages are spreading between Facebook users, claiming that members of the social network have lost all respect for popular songstress Rihanna after watching a video.

A Sunday Times report found that many smartphone apps are collecting too much personal data and then sending it outside the EU to the US, Israel, China and India. But do these countries meet EU data protection standards?

Day 2 at CanSecWest was dominated by mobile security talks. The highlights included anti-rooting technologies used in Android, iOS and a look at NFC enabled mobile phone security.

Unlike the Chet Chat, where we cover a range of recent news items without much depth, in the Techknow programme we pick one topic and consider it in more detail. So if you're one of the regular Chet Chat listeners who's been asking for this sort of podcast: here you are!

All healthcare providers and insurers need to know the onus is on them when it comes to training and securing personal information.

Proceed with caution if you're thinking of downloading and installing Anonymous OS, the purported new operating system from the Anonymous collective.

Have you received an event invitation today about how free iPhone 5s are being given away on Facebook? Beware!

Will you be in Wellington, New Zealand, on 27 March 2012? If so, join us for Anatomy of an Attack! Learn how cybercrooks think and operate and you will be much better placed to defend yourself.

SophosLabs has seen proof-of-concept code on Chinese websites which attempts to exploit the recently announced Microsoft RDP vulnerability. Patch your copies of Windows now.

There are many security implication we as IT guys need to think about when we host applications externally. Here is a list of things to ask your provider to reduce the risk of a data or malware breach.

You think malvertising's bad on Google now? It used to be a whole lot worse.

The story of the Pimpin Hoes Daily gang founder Dante Dears, his pattern-locked Samsung phone, the feds, google, and subpoenas. Why couldn't the FBI get into the locked phone? Get the popcorn - this is interesting.

Within hours of the release of Apple's new iPad scammers are sending out bogus emails claiming you have won a free iPad 3 (which doesn't exist).

Think a passphrase of multiple, random dictionary words is as unguessable as long strings of gibberish, but easier to remember? Not necessarily, according to a recent study.

Even fake anti-virus distributors need tech support as is shown in this frequently asked questions document captured from a Russian affiliate network. According to these criminals, social engineering is your best bet for selling fake software.