HTC Phones Store World-Readable Fingerprints

If you own an HTC One phone and have been using the fingerprint sensor, it is now time to change your fingerprints. This is of course a serious issue with any biometric authentication, unless the biometric data cannot be spoofed, which is certainly not the case for fingerprints.

Advertisements

Carphone Warehouse Breached

Carphone Warehouse, one of the UK’s biggest mobile phone companies, has suffered a major breach. It’s reported that over two million customer records have been compromised, including 90,000 encrypted sets of credit card details.

If you had an account on a Carphone Warehouse website (including Talk Talk), and you used the same password anywhere else, you need to change it now. And keep an eye on your credit card statements and report anything suspicious.

Update Firefox Now

If you use Firefox, you need to update it right now. There’s a zero-day vulnerability being actively exploited. The particular exploit that has been discovered affects Windows and Linux but not OS X; however, OS X users should still upgrade.

And after you’ve upgraded, install an ad blocker. Ads are a frequent vector for this kind of exploit. You can whitelist sites you trust if you want to support them.

Update your BIOS

Well, here‘s a fun one. Your BIOS is the small computer built into your main computer that handles things like the boot sequence, and everything else that happens before you’ve loaded your operating system. And in many cases an attacker with access to your machine can write their own code to it simply by having your machine go to sleep and then waking it up again.

This is not a remote exploit, and it’s unlikely to actually affect you unless you’re being explicitly targeted. But you should update your BIOS with a fixed version, if your machine is affected. If you’re on OS X then just keeping up-to-date with your OS updates will do the trick, but on Windows you’ll need to get an update from your computer’s manufacturer, not from Microsoft. So far only some Apple and Dell machines are known to be affected.

Welcome

Information security is one of the biggest issues of our time, affecting both individuals and society as a whole. It seems like every day there’s another news story about websites being hacked or critical software vulnerabilities. As more of our lives and our infrastructure go online, things will only get worse.

And yet most of us are being asked to make decisions, both individually about our own security and collectively about society as a whole that we’re not equipped to make. Security is about trade-offs, and you can’t choose the balance between usability and security, or between cost and security, unless you understand the implications of your choices. On this blog, I hope to provide enough information that my readers can make better-informed decisions.

And it’s called Opinionated Information Security for a reason. I don’t take a neutral point-of-view, as supposedly found in Wikipedia articles. I have opinions, and I plan to share them. I hope that I will give you enough information that you can have opinions of your own, whether or not they’re the same as mine.

I’m a Mac OS X and iOS user myself, and will inevitably be better-informed on those operating systems than on Windows or Android. But I’ll try to include the basics for all consumer operating systems. If you’re using Linux, or any other Unix variant (except OS X, iOS and Android) then I’ll assume you have a higher degree of technical knowledge.