ICT Security-Sécurité PC et Internet

Zwei Stundenten ist es gelungen, aus einer Smart-Brille ein Tool zu bauen, das persönliche Daten von Passanten preisgibt. Mehr dazu erfahren Sie hier.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

A previously undisclosed flaw in Nike's website allowed anyone with a few lines of code to read server data like passwords, which could have provided greater access to the company's private systems.

An 18-year-old researcher Corben Leo discovered the flaw late last year and contacted Nike through the company's dedicated email address for reporting security flaws, which it advertises on its bug bounty page.

After hearing nothing back for more than three months, Leo contacted ZDNet, which also alerted the company to the vulnerability.

The bug exploited an out-of-band XML external entities (OOB-XXE) flaw that abused how Nike's website parses XML-based files, allowing the researcher to read files directly on the server. OOB-XXE flaws are widely seen as esoteric and difficult to carry out, but can be used to gain deep access to a server's internals.

Gaining access to a server's files can disclose other avenues for exploitation, such as remote code execution or pivoting to other connected servers or databases.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

Fitnesstracker Strava verrät Lage von Militärstützpunkten
Strava ist der Hersteller einer Fitnesstracking-App, die via GPS von Smartphones verfolgt, wann und wo ein Benutzer trainiert. Ziel ist eine Art soziales Netzwerk für Sportler. Damit können jedoch auch militärische Geheimnisse verraten werden.

Die Website Strava hat im November 2017 eine sogenannte Heat Map veröffentlicht, welche die Aktivitäten ihrer Nutzer aus der ganzen Welt zeigt. Dabei wurden über eine Milliarde Aktivitäten erfasst. Die Karte zeigt, wie häufig Menschen an bestimmten Punkten der Erde trainieren und ihre Daten mit Strava teilen. Ein Analytiker weist nun darauf hin, dass die Karte es ermöglichen könnte, Standorte von Militärstützpunkten und die Routinen des Personals zu identifizieren.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables

Mängel beim Datenschutz: Neun große Anbieter von Wearables und Fitness-Apps erhalten eine Abmahnung von Verbraucherschützern. Betroffen sind Apple, Garmin, Fitbit, Jawbone, Polar, Runtastic, Striiv, UnderArmour und Withings.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

Unmanaged wearables infiltrating the enterprise

Centrify has announced results from an onsite survey conducted at the RSA Conference 2016 regarding the prevalence of wearables in the enterprise and the growing concern they pose for IT security.

First and foremost, 69 percent of wearable device owners say they forego login credentials, such as PINs, passwords, fingerprint scanners and voice recognition, to access their devices.

56 percent of wearable owners use their devices to access business apps such as Box, Slack, Trello, Dropbox, Salesforce, Google Docs, Microsoft Office or a combination of those.

Perhaps most alarming, despite the lack of login credentials and ready access to corporate data, 42 percent of wearable owners cite identity theft as their top security concern when it comes to their devices.

Lack of IT management and device control comes in second (34 percent) and a general increase in breaches of sensitive work data or information comes in third (22 percent).

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

Sportswear maker Adidas announced a data breach yesterday evening, which the company says it impacted shoppers who used its US website.

The company says it became aware of the breach on Tuesday, June 26, when it learned that an unauthorized party was claiming to have acquired the details of Adidas customers.

"According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords," an Adidas spokesperson said.

"Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted," he added.

The company said it's still investigating the breach with law enforcement and security firms.

A few millions impacted

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables

A secretive special air service base has been inadvertently revealed by a fitness app that has created a heatmap of running routes around the country.

A SAS base in Hereford, along with a nuclear deterrent naval base and the government's spy agency GCHQ has been placed on a heatmap of Strava's customers, including the profiles of several people who regularly run to-and-from the highly sensitive buildings. 

The buildings appear on a global, interactive map created by Strava, which is an app that allows users to track cycling or running speeds and distances and share them with friends. But unbeknown to many of its users, Strava has used their location data to in a worldwide heatmap including three trillion coordinates, titled "Where We Play".

"When sensitive sites, such as the GCHQ, are quite literally highlighted by GPS activity, it raises concern not only for the individual connected to the device, but the institution as a whole. The UK’s security services must be hyper-aware of what they’re sharing – regardless of what may be labelled as ‘excluded’ within the device. If a device or application has the capability to share location in any respect, it signifies a breach in security protocols."

Learn more / En savoir plus / Mehr erfahren:

https://gustmees.wordpress.com/2012/11/05/naivety-in-the-digital-age/

https://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables

BRUSSELS (Reuters) - Some smartwatches for children sold in Europe pose security risks, including potentially allowing hackers to take control of and track a watch, the EU’s main consumer lobby said on Wednesday, following a new report by one of its members.

The affected smartwatches, which use the Global Position System (GPS) to allow parents to track their child’s location and communicate with them through their mobile phones, do not have sufficient protection, or firewalls, to stop computer hackers, the Norwegian Consumer Council said.

The council also accused some manufacturers of violating EU data protection laws by not stating clearly the risks in their terms and conditions.

“These watches should not find their way into our shops,” Monique Goyens, the director general of the European Consumer Organisation BEUC - of which the Norwegian council is a member - said in a statement.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables

The Internet of Things (IoT) opens up a sea of new opportunities for revenue and growth, but it is also a security challenge, IT pros have said.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=wearables

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars