Cyber Security News Update 10/28/2017

It’s been a busy week, so lets jump into this cyber security news update without further ado.

Facial recognition software is neat, the idea of being able to unlock your devices by looking at them is the ultimate convenience. Facial recognition also has a host of security issues associated with it. For one thing, some programs can be defeated by a printout of the users face. A way around that kind of trickery is for the camera to measure the distance to several different parts of the “face” in question, if they’re all the same then it must be a trick. Camera technology can be an issue though, as there have been several issues over the year with extremely dark or pale skin being unrecognizable by recognition software. Microsoft’s, now dead, Kinect had an early bug where it couldn’t see people with dark skin at all due to how its sensors were calibrated. When it comes to device security, facial recognition as the sole security measure really isn’t worth it on any device containing sensitive data. All an attacker has to do once they get your device is look like you, which can be readily accomplished with makeup and simple prosthetics. Apple has now admitted that it’s facial recognition software was falling behind schedule, and to keep it on course they’ve lowered the accuracy of it. The program struggles with changes in things like hair cut, color and style as well as things like the user wearing glasses. This represents not only a security risk but an annoyance as well. Can you imagine getting a haircut and now your phone won’t unlock?
Source: Apple May Have Fudged iPhone X’s Face ID

China is known for its strict control over what content is available on the internet inside its borders. Tech giants such as Google and Facebook have both been restricted, and the Chinese government frowns upon foreign content as well. This year they’ve cracked down on Virtual Private Networks because they allow their citizens to browse the internet without the Chinese government seeing everything their doing. Forum users are required by law to use their real names, so that anything they say or do their can be tracked and recorded. Admins for social groups, such as the aforementioned forums are legally culpable for whatever the users say on their board. News agencies are required to have government approved staff on hand to see that any news reported is acceptable to the government. Apps like WhatsApp that allow users to communicate safely and without their conversations being seen are also under fire from the Chinese government as it moves in on total knowledge of what its citizens see and say online.
Source: China has launched another crackdown on the internet — but it’s different this time

Finally, the Ursnif trojan is working its way through Japan. Urnsif was launched via a mass spam attack to North America, Europe, Australia and Japan. Cyber security experts have noted an increase in novel evasion tactics and and attacks against new targets. Ursnif attacks are no longer just targeting banks and other financial institutions, it’s moved on to cloud storage spaces and other parts of the cyber-infrastructure. Japan may be the target because of its relatively short history of dealing with cyber attacks.