InfoSec links June 18, 2014

Employees of USAA are now banned from wearing Google Glass, other wearables - Stephen Hall - 9 to 5 Google

First, good for them. Second, this brings up an interesting topic. Why stop at Google Glasses? Cell phones, which just about everyone carries, can record audio, video and take pictures. This being a media blog, I know of several tools that could be used to record and or grab images and possibly compromise people’s data. It’s a very slippery slope banning Google Glasses, because we all carry devices in our pockets do the same thing. They’re just not attached to our head.

Twitter Users Urged To Kill Tweetdeck After Bug Alert - Thomas Brewster - TechWeek Europe

In case you missed it. A serious cross-site scripting (XSS) bug was found in TweetDeck that could potentially allow someone to take over accounts. Twitter has fixed the bug, but at the time it was recommended that you log off TweetDeck and de-authorize it from your account on Twitter’s main site. I should probably thank the person who found the bug (potentially accidentally), as it gave me an opportunity to de-authorize several other apps that I haven’t used in a while. Yes, I know, bad security person.

Gmail Bug Could Have Exposed Every User's Address - Andy Greenberg - Wired

For anyone that’s watched Top Gear, we’ve started the uncool wall at work for infosec news and other technology related items. The categories are exactly like the show: Seriously Uncool, Uncool, Cool and SubZero. This links got put on the seriously uncool wall. Not only did a Trustwave researcher discover a vulnerability in Google that allowed the harvesting of Gmail accounts fairly easily, but Google also begrudgingly gave him only $500 for his efforts. I don’t know how much a list of half a billion emails would go for on the black market, but I’m certain it would be worth more than $500.