Podcast Episode Details
Back to Podcast Episodes
Google+ Shutdown, Weapons Systems Vulnerabilities, Voice Phishing Scams – WB38
This is your Shared Security Weekly Blaze for October 15th 2018 with your host, Tom Eston. In this week’s episode: Google+ shutdown, weapons systems vulnerabilities, and new data on voice phishing scams.
Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer.
Hi everyone, this is Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
Google announced this past week that it’s shutting down Google+, due to a bug in the “people” API that may have exposed private profile information for more than 500,000 Google+ users. The bug allowed third-party apps to have access to certain optional profile data such as name, email, address, occupation, gender, and age. This access was limited to only Google+ and not any other data you may have had with other Google services. While the bug was patched back in March, Google decided to start the process to shut down Google+, in the next 10 months. Mostly because it was found that 90% of Google+ user sessions only last about 5 seconds. Google states that even though approximately 500,000 Google+ accounts were affected by the bug and that up to 438 applications may have used this API, they found “no evidence that any developer was aware of this bug, or abusing the API, and (we) found no evidence that any Profile data was misused”.
Also included in the announcement about the Google+ bug were two other improvements targeting user privacy. First, Google is adding more fine-grained control over what account data you share with apps through the use of new individual dialog boxes. These dialog boxed will show each requested permission, one at a time, within its own dialog box. This will allow more detailed permissions to be selected instead of the traditional “all or nothing” permissions approach. Lastly, Google is limiting the ability of third-party apps requesting to receive call log and SMS data. Google will now only allow whichever default app you use for making phone calls or sending text messages to make these requests. In addition, the Android contacts permission is also changing. Going forward, apps will no longer be able to access basic interaction data like showing you your most recent contacts. In all, I don’t think Google+ will be missed by anyone but it’s good to see that Google is making these small but impactful privacy changes.
A new report released from the Government Accountability Office (or also known as the GAO) here in the United States shows that previous cybersecurity vulnerabilities identified in the Department of Defense’s newest weapons systems, were never fixed. Testing was apparently conducted on weapons systems from 2012 to 2017 and shows that these problems seem to be widespread in nearly all weapons systems under development. Some of these vulnerabilities are extremely easy to exploit. For example, guessable and default passwords were easily exploitable and in some cases the report noted that some default passwords were easily identified through simple Internet searches. The report had also stated that during tests conducted on these weapons systems “using r
Published on 7 years, 2 months ago