Cyber Security Today: Nov. 23, 2018 — Don’t use company computers for holiday shopping; more bad Android apps

Although it’s tempting, don’t use company computers for holiday shopping, another post office website package tracking flaw is found and more bad Android apps in the Google Play Store.

Welcome to CyberSecurity Today. It’s Friday November 23rd. To hear the podcast, click on the arrow below:

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Today is Black Friday, the beginning for some companies of at least a week of online product sales. Those tempting sales may continue through December, and in Canada and the U.K., climax with Boxing Day sales on December 26th. I’ve already passed on tips to consumers for smarter shopping online, but this is also a time to remind listeners that you shouldn’t be shopping on company-supplied computers or smart phones. There’s lots of fake retailing websites out there looking not only to steal your personal data as you pay online, but also to infect computers with malware. You don’t want to explain a shopping “oops” to your employer And company managers, this is also a good day to remind employees about your policy that forbids employees from using company-owned devices for personal reasons.

Earlier this month I wrote a news story on of a flaw on the Canadian post office website that allowed anyone to get personal information on other customers through a tracking package capability. Well, the U.S. post office has just fixed a similar tracking problem on its website. According to security reporter Brian Krebs, any user with an account who logged in could query the system for account details belonging to any other users, such as email address, username, user ID, account number, street address, phone number, authorized users, mailing campaign data and other information. It could have been a great way to compile a list for distributing spam. Told of the problem, the post office fixed the flaw. These incidents are a warning to any company that sells products through a website: You’ve got to have tough access control to limit the ability of account holders to roam around your system. As one expert told Krebs, the U.S. post office flaw violated the first rule information security: Access control.

Attention Android users: Another group of infected games has been found and removed from the Google Play Store. Security vendor ESET said this week it found 13 apps that were supposed to let you play at driving a car or truck. Instead they download malware. As I’ve said before, your smart phone isn’t a place to be playing games. Add as few apps as possible and make sure you know where they’re coming from. Just because an app is in the Google or Apple store doesn’t mean it’s safe.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Alexa Flash Briefing. Thanks for listening.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast