Friday, May 20, 2022

Cyber Security Today: December 19, 2018 — A video camera hacked, Twitter controversy, new bug to be patched

A video camera hacked by a mysterious Canadian, Twitter controversy over a bug discovery and a new bug to be patched in common applications.

Welcome to Cyber Security Today. It’s Wednesday Dec. 19th. To hear the podcast click on the arrow below:

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

There’s an alleged Canadian connection to the hack of an Arizona man’s home surveillance camera. Andy Gregg told the Arizona Republic newspaper a voice suddenly started talking to him from his Nest security camera. The person claimed to be a security researcher from something called the “Anonymous Calgary Mindhive” and wanted to warn him that he hadn’t properly password-protected his device – which was pretty obvious. As proof, Greg said, the mystery man told Gregg a password that he had used for multiple websites, which, apparently, is the way he got into the camera’s Internet connection. Was this really a white-hat hacker doing a good deed? Was the hacker really from Calgary? Who knows. But one lesson from this is what I’ve been saying for a while – make sure you don’t use a password on more than one device or application, and where possible, use two-factor authentication. Criminals compile lists of stolen passwords from data breaches around the world and the most common ones are their first weapons in hacks.

There’s some controversy over Twitter’s announcement Monday that it has become aware of and fixed a bug. It was on an online form people fill out when asking for help with their account. A security researcher told Tech Crunch he alerted Twitter two years ago about the problem, but it wasn’t treated as serious. The bug could have been used by someone to discover the country code of people’s listed phone numbers. The phone number itself wouldn’t be seen, but it would have shown in what country an account holder lives. That might be of use to someone. The bug could also disclose if Twitter had locked the account. In its statement Twitter said that while investigating the bug last month it found an unusually large number of inquiries on the form coming from China and Saudi Arabia. Twitter users whose country code were exposed by this issue have been told. And Twitter has also informed law enforcement.

Finally, security researchers at the China Internet provider called Tencent have discovered a security flaw in something you probably use every day but don’t know it: Software or a browser that uses a database called SQLite. The short version of this is it’s another example of why you have to keep an eye on when updates are available and install patches as soon as you can. SQLite is used by a number of operating systems, web application frameworks, applications and browsers. Its used in products from Microsoft, Adobe and Google. Google, which uses SQLite in the Chrome browser and Chromium operating system, called it a high severity issue. So, first, make sure your Chrome, Opera, Comodo Dragon and other browsers are running the latest version. Then make sure all your other software has the latest patches.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast