Security roundup – May 2015

Recent security breaches at mSpy and AdultFriendFinder are a gift for Internet extortionists. mSpy hasn’t helped matters by first denying the problem, and then trying to downplay its impact.

A serious vulnerability called Logjam has been discovered in the Diffie-Hellman Key Exchange software, which is used to secure communications on many web and email servers. Meanwhile, despite its many flaws, it’s still a good thing that the web is moving towards HTTPS encryption everywhere.

In the world of network-attached hardware, malware called Linux/Moose is exploiting vulnerabilities in routers and spreading across the Internet. A security flaw in NetUSB is making many consumer routers vulnerable.

A serious vulnerability in many virtual hardware platforms, including Oracle’s popular VirtualBox, is making life difficult for many service providers.

Those of you who monitor traffic arriving at your home or work network are no doubt aware that your network is being constantly scanned for vulnerabilities. Brian Krebs rightly points out that much of this scanning activity is not malicious.

And finally, before you exchange that Android device, you should know that even if you’ve performed a full reset, your personal data is not being completely erased.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.