US Emergency Alert System Has a Minor Bug
Homeland Security has issued an alert that there are critical vulnerability in the Emergency Alert System encoder and decoder devices. If left unpatched, it would allow a hacker to issue fake warnings of emergencies. The EAS is the nationwide alert system that is used to warn citizens of natural disasters and other emergencies. Credit: The Hacker News
Maker of Smart Locks Forgot to Validate SSL (TLS) Certificates
Smart lock maker NUKI did not implement SSL certificate validation on its lock. As I keep saying about all things smart, they are software based and software has bugs. Even the space shuttle and the Webb telescope have bugs. In this case, there are a lot of bugs, starting with their SSL certificate. Since there is no validation, any one will do. There are also a whole bunch of other bugs. So, in case you actually care about the security of whatever that dumb lock is supposedly protecting, I suggest you not use it. Credit: Hackread
NY Financial Regulator (DFS) Strikes Again
In this case, it was against Carnival Cruise lines. You might ask how come they are regulated by New York’s financial regulator. Fair question – one I asked. It is because they sell insurance to customers. Actually, not any more. They must have decided that the profit they were getting from selling insurance was not worth actually having good security. Since they have been hacked several times, that might be a reasonable conclusion. Cost them $5 Mil to figure that out. Credit: National Law Review
Samsung Creates “Nosy Tech Support Mode” – Everyone Should
Ever worry about some nosy tech looking at those private documents and pictures on your phone, tablet or computer? Maybe they are sensitive company documents or maybe they are nude pictures of a friend. Or, of you. Now Samsung is using their “Knox” encryption technology (as in Fort Knox) to allow you to lock down folders before you let the techs loose on your system. They call it Repair Mode. I think that is a great idea. In fact, every company should offer a feature like this. Credit: ZDNet
T-Mobile. Security. Those Two Words Cannot be in the Same Sentence
A bow-former T-Mobile retail store owner netted $25 million and a jail sentence for unlocking stolen phones and phones under contract for a fee. He phished other T-Mobile employees to use their IDs to unlock these phones. T-Mobile’s security practices continue to amaze. Credit: The Register