STE WILLIAMS

Friday is usually a good day to bury bad news and there are a number of stories bubbling under before we all head out for the weekend.

The US Secret Service has admitted that one of its agents’ cars had been broken into by persons unknown, and a laptop was stolen, along with other items. The laptop reportedly contained floor plans for Trump’s New York home, and details of the FBI’s Clinton email server probe, but the Secret Service said that there was nothing to worry about – no classified information was allowed on the machine.

“Secret Service-issued laptops contain multiple layers of security including full disk encryption and are not permitted to contain classified information,” the agency said.

“An investigation is ongoing and the Secret Service is withholding additional comment until the facts are gathered.”

That might be true for now, but over at the CanSecWest security conference in Vancouver the hackers were winning big in its annual three-day Pwn2Own competition. On Thursday, hackers cracked Ubuntu, Adobe Reader, and Safari and netted themselves $233,000.

On Day Two of the competition, another $340,000 was scooped in prize money by hackers taking down Flash, Microsoft’s Edge and Windows operating system, macOS, Firefox, and Apple’s Safari. As part of the competition, software houses get the vulnerabilities, so hopefully the Secret Service has a good update policy.

Finally there were a couple of reported security issues – nothing on the level of JP Morgan, but annoying nevertheless. Social media app Wishbone, which lets people generate their own polls, has been cracked by people unknown and 2,326,452 full names, 2,247,314 unique email addresses and 287,502 cellphone numbers were leaked online.

If you’re concerned that you may be one of the people, you can check online. The database has been added to the excellent Have I been pwned? website, and if you have registered with Wishbone it’s a good idea to change your password anyway.

The makers of the Soundwave app has also had bad news for customers. The app maker, which was bought by popular Spotify last January, reports that if you were an early adopter of the app then you may have some problems.

It appears that a server containing production customer information was used on a test bed system, and that suffered a security breach. User names, email addresses, gender, date of birth and MD5 hashed passwords were exposed, but unless you receive a notification from Soundwave then you’re probably OK.

Have a great weekend and stay safe. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/03/18/friday_security_roundup/