Account Security Lockdown

Don't let another minute pass unsecured

News in brief: Cruz’s Twitter blunder; Adobe patches Flash; Target ditches Apple

Your daily round-up of some of the other stories in the news

Ted Cruz’s Twitter blunder

News sites were abuzz earlier this week when Ted Cruz, a conservative US politician from Texas, apparently “liked” a porn movie from his Twitter account.

When SNAFUs of this sort happen on social media, the best guesses about what happened are usually [a] the account got hacked or [b] one of the social media team with access to the account made a blunder.

Recent reports suggest that the correct answer in the Cruz case is [b]: SC Magazine, for example, describes it as a “a non-malicious mistake made by a staffer”.

Our advice is simple: always log out explicitly (and get your staffers to log out) from social media sites except when you directly intend to use them, so that accidental clicks are less likely to have unexpected side-effects.

It’s more hassle to do things that way, because you need to keep logging back in, so it makes social media a bit less fun, but it can save you a lot of stress and embarrassment.

Adobe releases Flash patches

Adobe’s latest “Patch Tuesday” security fixes are out for Flash.

There are just two vulnerabilities listed, both reported by Google’s Project Zero (Google’s interest in Flash is more than just altruistic, given that both the Chrome browser and the Chrome OS operating system look after their own Flash verions).

The patched bugs are designated CVE-2017-11281 and CVE-2017-11282, and both are described as memory corruptions of critical severity that could lead to RCE, short for Remote Code Execution.

Simply put, Flash RCEs can usually be triggered by Flash files embedded in external web pages – including web pages on hacked websites you’d ordinarily trust.

In other words, just browsing to a booby-trapped page could be enough to steal data or to infect you with malware, with no tell-tale popup warnings or “Are you sure?” dialogs.

We’ve been recommending for years that you should try uninstalling Flash and disabling the built-in version of Flash in browsers like Chrome and Edge.

If truly need Flash you can always put it back, but we think you’ll quickly learn to live without it, thus freeing you up from worrying about any left-over Flash vulnerabilities that haven’t yet been found and fixed.

Target swaps Apple for Android

If you’ve visited a Target store since 2014 you will have noticed staff on the shop floor using red-covered iPod touches with scanners to check supplies, restock and carry out other shop floors tasks.

The ‘MyDevices’ are often bemoaned and mocked by employees on the r/Target Reddit page for battery, scanning and performance issues:

The worst for me is grabbing [a MyDevice] with a fully charged sled at the start of a six hour bike shift, only to have it not scan at the end of the shift

But, after three years the company is bidding farewell to Apple in favour of Android, reports Gizmodo.

The Zebra TC51 runs Android 6.0 Marshmallow and, so far, has received positive feedback from staff on the unofficial forum, The Breakroom:

Everything about them is better, android, battery life is longer, they scan faster, and they don’t have that annoying three second wait time before you can scan an item after unlocking the device.

Catch up with all of today’s stories on Naked Security

Follow @NakedSecurity

Original Source: nakedsecurity.sophos.com

Account Security Lockdown Course
Updated: September 13, 2017 — 5:51 pm
EmailSecurityOptions.com © 2017