April 26, 2021
David Redekop

This Week In Nerd News – April 26, 2021

Your weekly top 5 technical and security issues Nerds should pay attention to:

YouTube video

Signal CEO Hacks Cellebrite iPhone Hacking Device Used By Cops.

Cellebrite has quite a shady history, so it’s nice to see Moxie Marlinspike turn the tables in this way to shine a light.

Moxie Marlinspike, the founder of the popular encrypted chat app Signal, claims to have hacked devices made by the phone unlocking company Cellebrite, which has famously worked with cops to circumvent encryption such as Signal’s. In a blog post Wednesday, Marlinspike not only published details of new exploits for Cellebrite devices, but seemed to suggest that Signal’s code could be theoretically altered to hack Cellebrite devices en masse.

 

Read More: Signal CEO Hacks Cellebrite iPhone Hacking Device Used By Cops

 

Facebook downplays data breach in internal email.

Apparently they’ve been expecting this and the playbook is to generalize it as an industry problem!? Just this week’s reminder that there’s no net value for anyone other than Facebook’s shareholders for us to use their platforms.

An internal Facebook email, accidentally sent to Belgium-based Data News, has revealed its strategy for dealing with the leaking of account details from 533 million users.

 

Read More: Facebook downplays data breach in internal email

 

Codecov hackers breached hundreds of restricted customer sites – sources.

Just a reminder how interwoven our systems are and additional protection by way of Zero Trust is so absolutely necessary for our own protection.

Hackers who tampered with a software development tool from a company called Codecov used that program to gain restricted access to hundreds of networks belonging to the San Francisco firm’s customers, investigators told Reuters.

 

Read More: Codecov hackers breached hundreds of restricted customer sites – sources

 

Backdoored password manager stole data from as many as 29K enterprises.

The lesson here is to be careful in choosing a password manager, at the very least one that is vetted by independent security researchers.

As many as 29,000 users of the Passwordstate password manager downloaded a malicious update that extracted data from the app and sent it to an attacker-controlled server, the app-maker told customers.

 

Read More: Backdoored password manager stole data from as many as 29K enterprises

 

Academics detail ways to leak contact info of nearby iThings for spear-phishing.

While this is less of a story than it claims to be, you might be glad to know that always-on VPN infrastructure for iOS actually mitigates this, and is part of the adam:GO™ product offering.

Apple’s AirDrop has a couple of potentially annoying privacy weaknesses that Cupertino is so far refusing to address even though a solution has been offered.

 

Read More: Apple, you’ve AirDrop’d the ball: Academics detail ways to leak contact info of nearby iThings for spear-phishing

 

Did you know?

Prominent security expert Dan Kaminsky passes away at 42. It is unfortunate that so much of the article is focused on trying to convince the public that his vaccination had nothing to do with it.

Need an IT professional? Request service today.