Google Investigation Shows Apple Was Right About Face ID

Take this with a grain of salt because this tweet is all I’ve seen about this. But David Ruddock of AndroidPolice mentioned a Google investigation trying to determine if certain types of fingerprint sensors are secure.

Another CES Story: I’ve heard Google is currently investigating whether current optical fingerprint sensor designs are secure enough to be used for TrustZone auth (mobile payments, banking apps, etc). There is real concern optical FPRs may be too easy to spoof.

Although facial recognition came to Android first, it was there for convenience as a way to unlock your device. But Apple added it for security, and it looks like they bet on the right horse.

Federal HTTPS Certificates Not Renewed Because of the Government Shutdown

The U.S. Government shutdown has affected a whole host of areas in the public sector. One that might not immediately spring to mind, but is rather important nevertheless, is federal HTTPS certificates. Techcrunch had a look into the issue and compiled a list of all the federal HTTPS certificates that expired, or are about to expire. It included domains that redirect to the Congressional record and websites for agencies such as the Federal Energy Regulatory Commission. If you go to one of the sites with an already expired HTTPS certificate, such as disasterhousing.gov, you get a warning that the site might not be secure.

During the government shutdown, security experts noticed several federal websites were throwing back browser errors because the TLS certificate, which lights up your browser with “HTTPS” or flashes a padlock, had expired on many domains. And because so many federal workers have been sent home on unpaid leave — or worse, working without pay but trying to fill in for most of their furloughed department — expired certificates aren’t getting renewed. Renewing certificates doesn’t take much time or effort — sometimes just a click of a mouse. But some do cost money, and during a government shutdown, there isn’t any.

Collection 1 is a Massive New Data Breach

Troy Hunt, creator of the Have I Been Pwned? tool, wrote a blog post about the latest data breach called Collection 1.

Let’s start with the raw numbers because that’s the headline, then I’ll drill down into where it’s from and what it’s composed of. Collection #1 is a set of email addresses and passwords totaling 2,692,818,238 rows.It’s made up of many different individual data breaches from literally thousands of different sources.

To find out if your account credentials were leaked, visit haveibeenpwned.com.

EU Does not Have a Coordinated Plan to Fight Election Hacking

LONDON – The EU does not have an overall plan to deal with hackers seeking to disrupt its election in May 2019.  According to a feature in Wired, each of the 27 states who will be in the EU when the election takes place is expected to secure the vote in their own country. Consequently, smaller member states could be left vulnerable, and cyber-attacks or disinformation could have a serious effect on the election results.

If a tiny member state is left it to go alone against Russia’s state-backed hacking teams and disinformation brigades, the calculus of the European Parliament could be engineered by a third-party state to tilt in its favor. The stakes are huge, and some say the EU hasn’t faced up to the enormity of the issue.

Bounty Hunter Successfully Tracked Down a Phone

AT&T, Sprint, and T-Mobile sell access to customers’ location data. As an experiment, Joseph Cox paid a bounty hunter to locate a phone, and it worked.

The bounty hunter did this all without deploying a hacking tool or having any previous knowledge of the phone’s whereabouts. Instead, the tracking tool relies on real-time location data sold to bounty hunters that ultimately originated from the telcos themselves, including T-Mobile, AT&T, and Sprint, a Motherboard investigation has found. These surveillance capabilities are sometimes sold through word-of-mouth networks.

The technology apparently works on all mobile networks, but there was some issue with Verizon. Shady practices like this are why we need an American GDPR, as well as a better FCC.

Find Out If Your Data Was Leaked With This Data Breach Tool

A data breach tool called have i been pwned? is an app and website that helps you find out if your information was included in data breaches. It’s easy to use, just enter your email address. Have I been pwned? allows you to search across multiple data breaches to see if your personal data was compromised by any of the big hacks on record.  The app includes no  or automatic collecting of private data, searching among published databases and so-called pastes, getting real-time updated by receiving push notifications when new breaches happen, and information behind certain hacks, provided with relevant links to more information. The app has also been provided as open source software, found at GitHub. App Store: Free

WIN an iPhone 16 Pro Max!