Speakers at Virus Bulletin painted grim pictures of the threats to physical safety and civil liberties posed by commercial spyware and high-end surveillance software often sold to governments.
The macOS Keychain attack, Signal’s new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities are discussed.
Signal is testing out a new private contact discovery service that will let the app determine if a user has Signal contacts in their address book, but forbid its servers from accessing the users’ address book.
IOActive analyzed 21 mobile stock trading platforms and found vulnerabilities that put transactions and personal information at risk. Of the 13 firms notified, only two acknowledged the disclosure.