A video camera hacked by a mysterious Canadian, Twitter controversy over a bug discovery and a new bug to be patched in common applications.
Welcome to Cyber Security Today. It’s Wednesday Dec. 19th. To hear the podcast click on the arrow below:
There’s an alleged Canadian connection to the hack of an Arizona man’s home surveillance camera. Andy Gregg told the Arizona Republic newspaper a voice suddenly started talking to him from his Nest security camera. The person claimed to be a security researcher from something called the “Anonymous Calgary Mindhive” and wanted to warn him that he hadn’t properly password-protected his device – which was pretty obvious. As proof, Greg said, the mystery man told Gregg a password that he had used for multiple websites, which, apparently, is the way he got into the camera’s Internet connection. Was this really a white-hat hacker doing a good deed? Was the hacker really from Calgary? Who knows. But one lesson from this is what I’ve been saying for a while – make sure you don’t use a password on more than one device or application, and where possible, use two-factor authentication. Criminals compile lists of stolen passwords from data breaches around the world and the most common ones are their first weapons in hacks.
There’s some controversy over Twitter’s announcement Monday that it has become aware of and fixed a bug. It was on an online form people fill out when asking for help with their account. A security researcher told Tech Crunch he alerted Twitter two years ago about the problem, but it wasn’t treated as serious. The bug could have been used by someone to discover the country code of people’s listed phone numbers. The phone number itself wouldn’t be seen, but it would have shown in what country an account holder lives. That might be of use to someone. The bug could also disclose if Twitter had locked the account. In its statement Twitter said that while investigating the bug last month it found an unusually large number of inquiries on the form coming from China and Saudi Arabia. Twitter users whose country code were exposed by this issue have been told. And Twitter has also informed law enforcement.
Finally, security researchers at the China Internet provider called Tencent have discovered a security flaw in something you probably use every day but don’t know it: Software or a browser that uses a database called SQLite. The short version of this is it’s another example of why you have to keep an eye on when updates are available and install patches as soon as you can. SQLite is used by a number of operating systems, web application frameworks, applications and browsers. Its used in products from Microsoft, Adobe and Google. Google, which uses SQLite in the Chrome browser and Chromium operating system, called it a high severity issue. So, first, make sure your Chrome, Opera, Comodo Dragon and other browsers are running the latest version. Then make sure all your other software has the latest patches.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.