Latest news from Naked Security (2019/02/11)

Crypto mirror on the wall, who’s the smartest of them all?

Can scientists out-perform sports stars, musicians and politicians in recognition and influence? You bet they can!

McDonalds app users hatin’ it after being hacked by hungry hamburglars

At least two users of the McDonalds mobile app aren’t lovin’ it after thieves hijacked their accounts and ordered hundreds of dollars of food for themselves.

Secret Service busts online car sales crime ring

They posed as military needing to offload cars before deployment, allegedly posting bogus ads on Craigslist, eBay, and AutoTrader.

What comes after air gaps? DARPA asks world for ideas

According to DARPA, air gapping computers and data is a security idea that has run its course and urgently needs to be replaced.

Get-rich-quick social media scams are turning teens into money mules

Young people are being talked into handing over their bank details with the promise of some easy cash.

You can now unsend messages in Facebook Messenger

Facebook Messenger has made available the ability to unsend, or in their words “remove for everyone” your mis-sent messages.

Monday review – the hot 24 stories of the week

From the FBI-supporting DNA kit company, to the privacy bug in gay dating app Jack’d, and everything in between. It’s weekly roundup time.

Latest news from Naked Security (2019/02/08)

Android vulnerabilities open Pie to booby-trapped image attacks

A trio of bugs could have opened Android 7, 8 and 9 to remote attackers wielding booby-trapped image files. Here’s what you need to know…

iPhone apps record your screen sessions without asking

Absent from privacy policies, the tracking came to light after a breach with Air Canada’s mobile app, then password slurping from Mixpanel.

Child abuse imagery found in cryptocurrency blockchain

For the second time in a year, illegal child abuse images have been spotted inside a blockchain. According to a post by web blockchain payments system Money Button, on 30 January its service was abused to place “illegal content” inside the Bitcoin Satoshi Vision (BSV) ledger, a recent cryptocurrency hard fork from Bitcoin Cash [BCH]. […]

Student gets creative with data accidentally blasted out by university

A university employee accidentally emailed a spreadsheet containing personal information on every one of the college’s 4,557 students.

Police demands Waze stop pinpointing their checkpoints

Waze users are helping intoxicated drivers to evade checkpoints and could thus be “engaging in criminal conduct,” say police.

Facebook ordered to keep apps separate unless users opt in to sharing

So much for creating a three-headed Cerberus marketing-happy chat dog! Also, we’ll soon see the who-what-huh? behind the ads we’re shown.

Latest news from Naked Security (2019/02/07)

Serious Security: Post-Quantum Cryptography (and why we’re getting it)

Here’s why NIST is running a competition to find algorithms for a Post-Quantum Cryptographic world…

KeySteal could allow someone to steal your Apple Keychain passwords

The researcher says it works without root or administrator privileges and without password prompts. But he’s not revealing how it works to Apple because there’s no money for him in its invite-only/iOS-only bounties.

Anyone want to lay claim to the USB drive found in seal poo?

It still works, you know. And there are photos and videos on it.

Chrome extension warns users their login credentials have been breached

Google’s released a Chrome extension, Password Checkup, that’s designed to warn users when they enter a username and password the company has detected in a data breach.

Unlimited crypotocurrency? Zcash fixes counterfeiting flaw

Privacy-focused cryptocurrency Zcash has fixed a flaw that would have allowed anyone with knowledge of it to produce counterfeit currency.