Welcome to your weekly recap of news and other interesting items. This week's Rehashed will include Vine stars who borrow Twitter accounts, Snowden's invention, patches, and HIPAA. There will be no Rehashed next week, as Salted Hash will be heading to Las Vegas for BSides Las Vegas, Black Hat, and DEF CON.
Vine / pop-rap star asks fans for Twitter passwords:
His name is Jack Johnson, and he started on Vine. His career soon exploded, and now he's a pop-rap star with nearly four million followers on Twitter. Recently, as a way to connect with fans, he requested that they DM him their Twitter passwords. As expected, many did, and they were rewarded with personal videos and messages.
I get it. It's a stunt to give the fans a personal connection and a way to show them that they matter. From everything I've been able to research; Jack Johnson adores his fans, and goes out of his way to interact with them. But this was the dumbest stunt imaginable.
First, unless those DMs were deleted, or the fans changed their password, Jack's Twitter account is now a database. Anyone who can get into it will be rewarded with a potential victim pool of four million, plus any of the accounts that are sill using the shared password. Even if the DMs were deleted, anyone who happens to take over a Twitter account with a large following – especially pop stars – now has precedent to pull the same stunt, with proof that it works.
My fear is that #HackedByJohnson will turn into #HackedBecauseOfJohnson
HHS offers HIPPA guidance for Ransomware:
The Department of Health & Human Services has issued guidance for Ransomware. However, in addition to tips, HHS also said that infection is considered a breach because "unauthorized individuals have taken possession or control of the information."
Edward Snowden – Inventor:
Whistleblower Edward Snowden has developed a concept iPhone case that could prevent government tracking. He says the case is designed to alert the user if their phone's radio is activated.
Oracle pushes patches for more than 200 vulnerabilities:
On Wednesday, Oracle pushed fixes for 276 vulnerabilities in more than 80 products. This month's release marks the largest Oracle has shipped to date. Moreover, 17 of the high-risk vulnerabilities in this massive release impact third-party software vendors including Microsoft.
In related news, Dell patched several flaws in its central management system for their SonicWALL enterprise security appliances.
Cicis Pizza reports card data breaches at 130 restaurants:
Cicis Pizza said their POS systems were infected by malware targeting card data. The chain's investigation determined that 130 stores were impacted. The earliest known infection was in 2015, but most of the intrusions happened this past March. Customers are advised to watch their credit card statements for fraud.
That's all for this week!
Remember, if you have thoughts on something that should be added to Rehashed, email me and let me know. Such additions can include links to news items, blog posts, code samples, cool scripts, etc.