Fall 2015 security topics

October is a great month and one of my favorite seasons. As the consumer holiday shopping season comes up, the amount of disclosures seem to scale up as well. Granted the last year continues a steady stream of disclosures on bugs, exploits, and patches that may address them. Allow me to take a moment to point out that malware distribution through advertising networks, is not only a thing but has become pretty common. This has been one of those things I suspected, but have more recently seen to become a common attach vector.

Speaking of security, we certainly live in a world where more than windows platforms are targeted. Be it flash, java, or some other variant… issues arise. Social network sites like to do post-reactive security. However putting up a condition based lock for something originally designed to be accessible, tends to lead into the additive protection being side-stepped. For some odd reason, security in the design phase seems to remain under-looked or overlooked completely. Scale also is a factor, since getting the scope of all use is difficult to do, before implementation and feature requests come into play.

Rambling aside, let’s note the more common infection of linux machines being herded into botnets. A nice technical read at the link.
Mobile phones are not immune either. Android has it’s abandoned versions (4.3 and lower) and apple iOS has patches until a device is considered ‘end of life’. Keeping in mind the patches, only cover the disclosed and more publicly disclosed exploits. So yes, mobile phones are being used as attack vectors.

Cryptography wise, your key is great, but when the machine gets exploited, your credentials to that encrypted drive have (multiple) risks of being stolen. If a government can do it, you should bet individuals or 3rd party contracting groups have the same or potentially more means to do the same.

Finally, you can enjoy some art of the security nature.