InfoSec links July 24, 2014

"Severe" password manager attacks steal digital keys and data en masse - Dan Goodin - ars technica

I’ve never liked the idea of putting my passwords in the cloud and that’s essentially what you’re doing with these web based password managers. The fact that research has determined them to be vulnerable does not sway me to put my passwords online.

Automobile Industry Accelerates Into Security - Kelly Jackson Higgins - Dark Reading

Automobile security is about to become a major thing. Unlike a computer, if a car is hacked it could mean life or death for someone. I’ve read several articles recently that give encouraging signs that some automobile makers are taking car security seriously.

Security Firm Manages To Access Deleted Data On Used Android Devices - Red Orbit

iPhone users carry on. According to this article, old Android phones do not exactly wipe the drive when a reset to factory defaults is initiated. Apparently, all that does is delete or erase the index file, so the phone can’t find the old data. Forensic tools on the other hand are very capable of finding the old data. Great if you realize you need something; not so great if you don’t need anything. The workaround is to enable encryption on the device, then do a factory reset. Encrypting the drive will make it so that when the index file is deleted the data becomes unreadable because the encryption key is lost.