After all the recent revelations about the NSA and their surveillance and encryption-foiling activities, would it surprise you to know that the agency or its British counterpart GCHQ also impersonated Google, Yahoo and Microsoft in Man-in-the-Middle attacks aimed at intercepting user communications? Ryan Gallagher over at The Slate was the first to report on the revelation for the English speaking public by digging into the reporting of Brazilian TV show Fantastico, whose reporters had a chance to go through a set of documents leaked by NSA whistleblower Edward Snowden to Guardian journalist Glenn Greenwald: However, in some cases GCHQ and the NSA appear to have taken a more aggressive and controversial route—on at least one occasion bypassing the need to approach Google directly by performing a man-in-the-middle attack to impersonate Google security certificates.
Getting your Android apps from Google Play is always a better bet than picking them up from third party online marketplaces, but you also can't be completely sure you won't stumble upon malicious or at least extremely annoying apps.
However hard Google works to prevent malicious apps from being offered on Google Play, its official online Android market, some always get through.
Brad Smith, Microsoft’s general counsel, announced that Google and Microsoft are tired of waiting for the US government to allow them to publish sufficient data relating to Foreign Intelligence Surveillance Act (FISA) orders.
Phishers have lately shown a penchant for using the "secure / confidential document / message" lure for making users share their login credentials.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.