ICYMI: Windows deprecating SHA-1; Apps leaking data; Safe Harbour II; Auto-rooting adware; Apple Pay

Microsoft sign
Microsoft sign

Windows accelerates SHA-1 deprecation

The decline of SHA-1 certificate is set to be accelerated by Microsoft. A recent announcement on the MS Windows website details how, while Windows was set to block SHA-1 signed TSL certificates as of the first of January 2017, the computer giant has decided to speed up that process to June 2016. This decision, in part, was taken off the back of the publication of new research by an international team of crypto-analysts that showed SHA-1's heightened vulnerability. [read more]

Too many apps leak personal data to third parties, report finds

A significant number of apps are sharing data with third parties without notifying their users, according to a new report which attempts to quantify the scale of the problem. Researchers from Harvard, MIT and Carnegie-Mellon found that these apps were sharing personal information and search terms, leaving the user in the dark about what information is shared with whom. [read more]

ISSE Berlin: Safe Harbour II initial agreement expected

Agreement on proposals for Safe Harbour II is expected to be achieved by the end of January, Wojciech Wiewiorowski, the Assistant European Data Protection Supervisor (EDPS), Belgium, told some 400 delegates at Information Security Solutions Europe (ISSE 2015) in Berlin. He explained that Safe Harbour was only intended as an interim measure until the US caught up with European data regulation, a decision by the European Commission that stuck for 15 years until it was declared invalid this year. [read more]

More than 20,000 apps auto-root Android devices

New research suggests that auto-rooting adware is continuing to be a worry in the Android environment where malware automatically roots the device after installed by the user. It embeds itself as a system application and becomes almost impossible to remove. Adware is now becoming trojanised and sophisticated – a new and alarming trend. [read more]

Banks warn Apple Pay users against storing family members' fingerprints on iPhones

Apple Pay users that store other people's fingerprints on their iPhones might find their terms and conditions agreement voided, banks warned. The Apple Pay system, launched in the UK in July, uses Apple's Touch ID – the company's fingerprint scanning technology used for unlocking iPhones – to authorise retail transactions. While iPhone users can store as many as 10 fingerprints on some iPhones, to allow family members to share their devices, these settings could create several unintended consequences. [read more]