Author Archives: Paul Bischoff

“Big Deal” Whatsapp Bug Finally Fixed, Says Facebook

Facebook Inc’s WhatsApp messenger service said on Wednesday it has fixed the latest bug on its platform that allowed hackers to take over users’ applications when they answered an incoming video call.

The announcement follows reports from technology websites ZDnet and The Register that the vulnerability, which affected WhatsApp applications on Apple and Android smartphones, was discovered in late August and was fixed by Facebook in early October.

Paul Bischoff, Privacy Aadvocate at Comparitech:

“I’m sceptical of the claim that this attack could allow a hacker to remotely take over the victim’s device and access their conversations. The proof of concept describes a memory heap overflow that causes the app to crash due to memory corruption but does not indicate that it would allow remote hijacking. How could a hacker take over an app if it’s just crashed?

That being said, WhatsApp has already patched the vulnerability, so users should be sure to update the app to prevent it from happening.

WhatsApp has had its fair share of high-profile vulnerabilities crop up in the past couple of years. As the most popular chat app in the world, it makes sense that it’s put under a microscope so that every possible vulnerability is discovered sooner or later. On the whole, however, WhatsApp provides reasonably secure end-to-end encryption for the average user, and I would certainly recommend it to privacy-conscious people.”

The ISBuzz Post: This Post “Big Deal” Whatsapp Bug Finally Fixed, Says Facebook appeared first on Information Security Buzz.

Trump Administration Takes Steps Towards New Data Privacy Policy

Following the news that the Trump administration has taken its first steps towards crafting a nationwide data privacy policy, Paul Bischoff, Privacy Advocate at Comparitech, discusses whether a uniform national approach is realistic, why this is important and the possible implications for consumers and companies.

Paul Bischoff, Privacy Advocate at Comparitech:

“A uniform approach to data privacy is achievable. Most states are moving in the same direction when it comes to online privacy protections. Some are just further ahead than others. For example, as of this year, all states now have breach disclosure laws.

Internet companies often do not require their physical location to be in the same place as where they are incorporated. It’s too easy for these companies to simply choose a state with fewer privacy laws because they don’t require a physical presence in that state.

Overall, I think the focus of discussion should be on this outcome: “users should be able to exercise control over the personal information they provide to organizations.” The degree and scope of control that a user has could have huge implications for both consumers and companies. It could force a lot of internet companies to rethink their business models, especially advertising-based ones that rely on targeted data. Companies will also have to create systems to deal with user requests for information in order to comply.”

The ISBuzz Post: This Post Trump Administration Takes Steps Towards New Data Privacy Policy appeared first on Information Security Buzz.