The Shared Security Podcast Episode 67 – SpamBot Exposed, Mobile App Tracking, Smart Lock Fail

This is the 67th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded September 6, 2017. Below are the show notes, commentary, links to articles and news mentioned in the podcast:

Over 711 Million Email Addresses Exposed From SpamBot Server
Apparently, one of the largest cache of email addresses and SMTP credentials has been discovered. This list was used to distribute SPAM and banking malware. Tom and Scott recommend that you sign up for breach notifications from Troy Hunt’s “Have I been Pwned” service so you can take action to change any account passwords if necessary.

465k patients told to visit doctor to patch critical pacemaker vulnerability
What happens when your wireless pacemaker requires a firmware update to patch a serious vulnerability? You’ll need to head into your doctors office for an update.  That’s what happened to nearly 465,000 patients that have this particular brand of pacemaker.

A security researcher discovered AccuWeather app tracked, shared your location — even if you ‘opt out’
Mobile apps that share your location, even when you opt out, are very common.  This app in particular still tracks your location via wifi and doesn’t need your GPS. This is yet another reminder to read the app’s privacy policy, but to also be aware that many apps don’t disclose who they share your location data with. In related news, the popular app “Sarahah” will quietly upload your address book. This is more of a problem with older Android devices since there is no prompt to “allow” sharing of your address book with older Android operating systems.

Update gone wrong leaves 500 smart locks inoperable
Smartlock manufacturer, LockState, pushed the wrong update to approximately 500 devices which made them inoperable. This is a great lesson in regards to how not to update IoT devices and the customer service nightmare that will happen when things like this go wrong. Just remember, you take a risk when using devices like these! Especially when they are used for physical security.

Scott’s Amazing Tip of the Month… (they don’t happen very often)
Here’s how to make yourself less annoying to your friends on Facebook by turning off “New Friend Reports”.

Please send any show feedback, suggestions for future guests and topics to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening!

Play
Facebooktwittergoogle_plusredditlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *