Security Roundup - 2016-03-16

In an amusing example of ‘trust but verify’, there is a story of data collection UIs not sanitizing input when displaying to users.

Last year Google Research apparently published “Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google”, and I have discovered a quick summary of the paper. Summary of the summary: online guessing attacks can be fairly effective and cheap.

Security company Staminus Communications was hacked last week. Hackers dumped the data and started with a list of “TIPS WHEN RUNNING A SECURITY COMPANY”

After last week’s mention that Google open sourced their vendor survey system, my co-worker Bennet pointed out that Facebook has a program called ‘Facebook for Work’ and they are considering how to do vendor risk assessment.

Interested in hacking your vehicle? BoingBoing has a short review of the new edition of The Car Hacker’s Handbook.

For those who love dashboards, I just discovered the Kaspersky Cyberstat board.

Written on March 16, 2016