MAAS History
Disclaimer
exocrine exocrine

All information Provided as is.

Tuesday
Apr262011

Condition Remains GREEN

Sony's Play Station Gaming Network (PSN) was compromised and the thieves made off with user credentials including passwords, userID, addresses, phone numbers, birthdays and credit card information. We recommend the following for any users which may have been using Sony's PSN services.

Recommendations for users of the PSN:

  • Change your passwords on sites which you used on the PSN network. Advoid sharing passwords across sites.
  • Monitor your credit card statements and purchases.
  • Remove or change your credit card information if it was used on PSN from sites such as Amazon or Apple iTunes Store.
  • Consider if you are a heavy user of PSN replacing your credit card, the cost is much less then unauthorized purchases. 

Saturday
Apr232011

Condition Remains GREEN

iOS devices for a long time, like other devices, track your location based on your preferences. Cell carriers for years have kept data which matches user>handset>tower, but government could only access it via a court order. This has only been complicated by the use of GPS location services which a host of applications and companies use for various purposes. This occurs many times without the user fully understanding the implications. A malicious actor having physical access to the device can access location data, thus administrators and users should consider these new risk and mitigation methods.

Apple iPhones keep a sqlite database of your locations based on Wifi and Cell Tower information, this information is not shared but physical access to your device or computer can allow access by a malicious actor.  

Risk re-evaluation specific to iOS devices but consider points for all mobile devices:

  • This is nothing new, a host of services use location information and you need to consider the risk individually. 
  • If the iOS devices is stolen a thief can access this data on your iPhone along with a host of other data on your phone.
  • Backup's of iOS devices which are not encrypted will allow a user with access to your computer to extract information about your iPad or iPhone including location information related to cell towers and WiFi networks. (Roughly where you have been.)
  • Remove all iOS backups from all Backup Tapes or TimeMachines.
  • iOS devices used by high profile employees overseas may become the targets of attacks specifically to gain access to their iPhones to determine their movements.
  • Backups in iTunes of iOS devices are not encrypted by default.
  • iOS devices may not be registered to wipe data remotely or with Passcode Lock.
  • The collection of data is not shared with Apple unless the user opts-in for location services.
  • Various phones and applications use location services, consider the risk before opt-in. 

What users should do to mitigate risk:

  • If traveling with an iOS device and laptop make sure to remove all old backups and then create a new encrypted backup. 
  • If traveling overseas consider leaving your iPhone at home or be prepared to destroy the device.
  • Sign up for Find My iPhone so you can remotely wipe and lock the device.
  • Do not Sync your iPhone on any public computers or computers outside your trust zone.
  • Use the Passcode Lock feature and make sure to use numbers and letters 12 characters or more. 
  • Remove old backups of iOS devices from all machines, backups and TimeMachine backups. 
  • Create a new backup of iOS devices which are encrypted. 
  • Review who and how you share location services, not all of it is bad and can be useful for certain business functions. 

Consider these risk and re-evaluate regularly. Alex Levinson has a really good write up about the subject and we included a dump of SELECT * FROM sqlite_master where type='table', please visit the reference links for more information.