Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup.
Cook calls for digital privacy laws, user data exposed in the Wife Lovers hack, and just another Windows zero-day. Watch this week’s episode here:
via Rachel England, Engadget: Apple CEO Tim Cook didn’t say anything new, but he said it louder and clearer, and in a bigger forum, than anyone else. When Cook demanded we combat the weaponization of data made possible (if not directly perpetrated) by big data collectors, he wasn’t just preaching to the choir. He was telling Google and Facebook to their faces. The solution, Cook says, is digital privacy laws like GDPR. Watch this segment to learn more about the rights and values Tim Cook has called on governments worldwide to protect.
via Tara Seals, Threatpost: Identity theft resulting from data breaches is bad, but extortion might be worse. Which is why the recent Wife Lovers hack is so worrying. We should note that the hack was an exercise by a pro. It’s not clear whether anyone else ever accessed the database, and the website owner has taken it offline. Little consolation, though, to those of us who have ever given our information to an organization we’d rather not be publicly associated with—and who live in a country that doesn’t recognize our right to be forgotten. Find out more about how the database was cracked and what information might have been exposed.
via Swati Khandelwal, The Hacker News: There are a few great ways to find a new job—and a lot of bad ones. It’s not clear which category “disclosing a vulnerability on Twitter” falls into, but perhaps it’s the latter. @SandboxEscaper first posted details of a Windows vulnerability on Twitter last August. But as of this week, when she posted about a new Windows zero-day, her Twitter bio still said she was unemployed. It’s in the eye of the potential employer, of course, whether discretion or just straight-up software security skills is a more valuable asset. Learn more about SandboxEscaper’s disclosure here.