Security researchers warned of a serious vulnerability in a GPS service by the China-based firm ThinkRace exposes sensitive data in scores of GPS services, more than two years after the hole was discovered and reported to the firm. (Update: added comment from John van den Oever, the CEO of one2track B.V – PFR 1/3/2018)
domain
Update: Photo Bombed Retailers CVS and Costco Admit Customer Data Stolen
In-brief: Pharmacy chain CVS and discount chain Costco acknowledged this week that a July security incident involving a third party firm that provides online photo processing and printing services resulted in the theft of some customer data. (Updated to add comment from Staples and CVS. PFR Sept. 16, 2015)
Panic in the Nursery: Research finds Baby Monitors make Easy Targets
In-brief: Researchers from the security firm Rapid7 revealed the findings of a survey of common wireless baby monitors and nanny-cams, and found a host of serious and, in some cases, remotely exploitable vulnerabilities.
Iran Games Google’s 2FA in Attacks on EFF, Others
In-brief: Hackers believed to be linked to the government of Iran are using sophisticated attacks on Google’s two-factor authentication technology to break into the e-mail accounts of individuals within the country and in the Iranian diaspora, according to Citizen Lab.
Update: CAs Still Accepting E-mail as Proof of Domain Ownership
In-brief: Carnegie Mellon’s CERT issued a warning that many certificate authorities continue to issue domain certificates with no more proof than the right e-mail address. Updated to include comment from GlobalSign. Paul 3/27/2015