In-brief: Carnegie Mellon’s CERT issued a warning that many certificate authorities continue to issue domain certificates with no more proof than the right e-mail address. Updated to include comment from GlobalSign. Paul 3/27/2015
Web
Android SDK Flaw Could Enable Dropbox Data Theft
In-brief: IBM researchers say they discovered a flaw in an SDK from the cloud storage firm Dropbox that could result in Android users accidentally sending their data to a Dropbox account controlled by a malicious actor.
Was Malware Behind A Billion Dollar Heist?
In-brief: The New York Times reports on a massive online heist involving more than 100 banks worldwide and losses of between $300 million and $1 billion, according to the security firm Kaspersky Lab.
Ghost Vulnerability Replays Third Party Code Woes
In-brief: The security firm Qualys is warning of a serious and remotely exploitable vulnerability in a function of the GNU C Library (glibc) known as gethostbyname. The security hole raises more questions about dangers lurking in legacy, open source software.
FTC Report on Internet of Things Urges Security and Privacy Protections
In-brief: The FTC issued a report on Tuesday that provides guidance to U.S. businesses on protecting consumers’ privacy and security in the design and deployment of “Internet of Things” devices.
