Connect with us

Cybersecurity

iOS Users: Are your LinkedIn login credentials safe?

Published

on

iPhone and iPad users may be shocked to learn that despite the security provided by iOS, they may be unwittingly providing their LinkedIn email and password to third parties, ‘phishing’ for their details. As many people use the same email/password combination on a variety of websites and services, a smart attacker would not use that information to hijack your LinkedIn account – but to try using those login details for other websites where they can steal your funds or find personal information which could be used to blackmail you.

Earlier this month LinkedIn finally released its own SDK for iOS, ending necessary reliance on developers of integrated apps not to hijack that information. Until now, iOS apps have either integrated LinkedIn’s Javascript SDK or implemented their own iOS native OAuth 2 interface, both methods spelled out as a threat in OAuth Documentation. When websites integrate using the Javascript SDK you can tell whether your credentials are being kept safe. The SSL connection indicated in most browser bars by a padlock assures you that you’re only sharing your email and password directly to LinkedIn, who then authorize access to your profile data by the website that directed you there.

iOS Security Flaw

On the left, LinkedIn’s new SDK authorisation – on the right a commonly abused pre-existing method

Where LinkedIn integrated iOS apps have used ‘UIWebView’, a modifiable class for embedding web content to call the Javascript SDK, this allows developers both to create their own mock up of LinkedIn’s login page and collect your credentials as a middleman, or to add hidden UITextFields atop LinkedIn’s page and collect them. Where apps use their own native OAuth interface they needn’t bother with the charade; they’re already requiring you to trust them with your login details.

Security conscious iOS users should from this point in time refuse to use these methods, and only trust apps which either open LinkedIn’s iOS app for authentication or open Safari for Javascript authentication at linkedin.com.

The tip of the iOS security iceberg

While this article focuses on LinkedIn as a result of their new iOS SDK, it’s merely the tip of the iceberg – OAuth 2 is the most widely used means for an app to connect to your social media accounts, and a quick scan of the app store reveals that a significant proportion are not using the best practices referenced. While Apple’s App Store Review Guidelines suggest apps that include account registration should provide a privacy policy, in practice this is of little comfort.

This is illustrated clearly by two examples turned up by searching the App Store for ‘linkedin’ , one not widely used app designed for LinkedIn contact exchange, Wasme, which requires log in, does not provide its own privacy policy at all. Unusually it shows an address bar above the embedded login page, with a padlock suggesting security – however the address is not modifiable and the padlock no more trustworthy than the app developer. The second example which is far more widely used is Glassdoor, which provides a fairly comprehensive privacy policy which states in no uncertain terms that it shares your personal information as it sees fit…

“We may share personal information we collect with our trusted business partners. We also will share personal information with service providers that perform services on our behalf.”

…while placing the burden of figuring out which personal information it is collecting on the user.

“Depending on how you interact with Glassdoor, the personal information we collect from you may vary. … Because we request this information directly, it will be clear what types of personal information we are collecting.”

While their website uses the appropriate referrals to the social media sources for authentication, the app uses its own interface, which makes it pretty clear they reserve the right to collect and share your credentials for LinkedIn, DropBox, and Google.

Altogether this seems in stark contrast to the supposedly comprehensive iOS security Apple offers from personal data collection and dissemination found where apps that access contacts, email, geolocation or built in Facebook and Twitter permissions explicitly ask your permission on a case-by-case basis, and such a contrast in my experience causes a widespread false sense of security where third party apps are concerned. And this isn’t the first time LinkedIn and other related enterprises have been criticized for their privacy failings.

John O’Mara develops apps for iOS and has a personal interest in it’s security.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

John O'Mara is a writer of code and prose from London, UK




Feedback or Requests?

Altcoins

Zcash Price Analysis: ZEC/USD Making a Comeback Despite US Homeland Security Seeking Ability to Trace Transactions

Published

on

  • ZEC/USD makes a firm bounce, after being victim of four straight sessions of losses, 25% drop over this period.
  • US Homeland Security has put out a pre-solicitation request on private transactions, attributed to the likes of Zcash and Monero.

ZEC/USD has been victim of consecutive losses over the recent sessions. The price has declined for the past four straight days – losing around 25% in this latest fall, being forced to seek refuge at an area of demand. Prior to this pullback, between the 24-26th November ZEC/USD was finding its feet, trying to bottom out. It managed to do this within the very low $60 region, before finally catching a solid bid tone. The price went on to rally a strong 57%, up to a high on the 29th at $96.93. It was the highest price print since the 20th November, when the market was still falling.

US Department of Homeland Security on Privacy Coins

The U.S. Department of Homeland Security recently put out a request of pre-solicitation. This is for them to be able to trace private transactions, with the ability to and perform blockchain analytics on cryptocurrencies. This is attributed to privacy coins such as Zcash (ZEC) and Monero (XMR). Their intentions are to tackle illegal and nefarious transactions, which occur on privacy-oriented blockchains. “This proposal seeks applications of blockchain forensic analytics for newer cryptocurrencies, such as Zcash and Monero,” as covered in the pre-solicitation doc. 

Technical Review – ZEC/USD

ZEC/USD daily chart

As briefly touched on above, ZEC/USD was forced to retreat back into a demand area. This can be seen running from $70 down to $60. A failure of this zone providing support could have sent the price into free-fall mode. As a result, bearish momentum would have likely intensified, sending this spiraling down towards $30 territory. ZEC/USD has seen a similar fall from the back-end of November to the final stages of December 2017. This was part of that market wide sell-off that was observed. Zcash had started dropping from heights of $260.

Upside Targets

Looking to the north, eyes will be on a retest of the 29th November high up at $96.93. Within this area, a new acting zone of resistance is seen. Previously, this was a demand territory for buyers; it had firmly been providing support, which was in play since September. This was then firmly broken on 20th November, tracking from $106 down to $95. This is an area the bulls must now try and break down for greater upside opportunities. Furthermore, an upside target would be $140 in the near-term. ZEC/USD was last trading here between 8-13th November, before resuming chunky downside.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 80 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Altcoins

Cardano (ADA) Has Big Security Boost as Trezor Ready to Support ADA

Published

on

  • Hardware wallet manufacturer set to support Cardano’s ADA, which is a big security boost.
  • ADA/USDT still demonstrates some near-term vulnerabilities to the downside. 

Trezor Set to Support Cardano’s ADA

IOHK were very much pleased to announce, that Trezor are currently undergoing preparation to support Cardano (ADA). Trezor are a globally known hardware wallet, which facilitates cryptocurrencies to be stored. They are renowned for the security and being able to store the key to the wallet safely. The company is a large manufacturer of hardware wallets. A huge boost in security for the foundation’s native token, something token holders should be pleased about.

The update came from the Cardano founder, Charles Hotkinson, via his Twitter account, indicating this could be the case before the month of November. Separately, Trezor themselves tweeted, “have you ever wondered what we are working on? Have a look at our newly created roadmap, where you can see all the new stuff that is coming up! https://wiki.trezor.io/Roadmap It lists other tokens which will be receiving support in addition to Cardano’s ADA that day. This includes the likes of Monero (XMR), Stellar (XLM), Ripple (XRP), Zencash (ZEN) and Zcash (ZEC).

What Next for Cardano?

The Cardano Founder, Charles Hoskinson, was recently speaking about how the team is going to be providing more insightful updates. He noted that they will soon start the creation and posting of videos with their future projects.

There is much anticipation from token holders regarding the imminent 1.4 update. Given Cardano’s growing number of users, this is said to be a large factor to the development of a new update from the foundation. This 1.4 update is expected to help Cardano gain further traction in bringing in more users to its platform and the use of its native token.

Technical Review ADA/USDT – 4-hour Chart

ADA/USDT 4-hour chart

Downside pressure continues to keep ADA/USDT at bay. The lack of announcement from Cardano with regards to its ecosystem update, as mentioned above, perhaps could be also taking its toll on the price. It is currently running within its 8th consecutive trading session in the red. No sign of bounce yet.

ADA/USDT price action remains stuck and dictated within this triangular pattern formation. The market bears, with the current losing streak, are set to test the key near-term support to the downside. This is seen at the lower part of the above-mentioned pattern, tracking at $0.0728 area, also within a touted demand zone. A breach potentially seen here, could see a very fast move back down to 18th September low area, around $0.0620. As a result, it is hard to ignore that the current technical set up, suggest of vulnerabilities.

In terms of resistance, this can be seen at the upper part of the pattern, tracking at $0.0800 mark. Enough upside momentum could see a breakout higher, back towards $0.0950 territory, price last within this proximity on 23rd September. Further north, any breach of the mentioned areas, $0.10000, will quickly be back in the picture.

ADA/USDT daily chart

To conclude as mentioned above, the near-term support $0.0728, is vital for ADA/USDT to hold. A failure of comfort here, could open the doors to a fresh wave of selling pressure.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
3 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 5 (3 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 80 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Altcoins

EOS Price Forecast: EOS/USD Heading for Another 300% Move?

Published

on

  • EOS/USD price action via the 4-hour chart view has formed a bullish flag pattern.
  • The price is moving around levels seen back end of March to early April, before a bull run of over 300%.

The past six sessions for EOS/USD have been erratic to say the least. It has been subject to a high amount of volatility, swinging aggressively in both directions. There has been a lack of commitment from either the bear or bull camps of late. As the market continues to trade with such behavior, it appears to be trying to find its feet, ahead of a potential chunky firm trend.

EOS DApp Hacked Again

An EOS based gambling DApp, EOSBet has been hacked, with $338,000 being reported as stolen. This isn’t the first time; just back in September, hackers managed to get away with a reported 40,000 worth of EOS, which at the time had a value of $200,000. It has been said that they were able to exploit their smart contracts, having found security vulnerabilities.

Technical Review – 4-hour Chart View

EOS/USD 4-hour chart

EOS/USD price action has formed a bullish flag pattern, which began taking shape on 15th October, after the aggressive price behavior stabilized. The bulls at the time ran the price well up into $6 territory. Consequently, it then met the breached ascending trend line, failing to move back above this area. This followed the sharp breakthrough to the downside, which occurred on 11th October. As a result, a drop of over 15% was seen, forcing EOS/USD to retreat in a demand area, within the $5.0000 level proximity.

Looking to the upside, small near-term resistance is seen at around $5.6100, which is the upper trend line of the mentioned bull flag pattern. A breakout will likely open the doors to a retest of the broken ascending trend line, tracking around $6.1100. Support can be eyed at $5.4600, which marks the lower trend line of the flag. Furthermore, should this fail to hold, EOS/USD could likely fall back down to the serving demand area, within the lower $5.0000 territory.

April 2018 Bull Run

EOS/USD April bull run

In April of this year EOS/USD entered a chunky bull run, gaining over 300%. From the back end of March until 11th April, the price had been stuck within consolidation mode. Resulting in the price trading within a tight range, at levels of where the price is currently seen today.

Something quite astonishing started to unfold. Between the period of 11th April to the 29th April, a bull run of around 290% was seen. Over this time frame EOS/USD went from $5.9500 up to a high of around $23.0811. The price is currently demonstrating a similar behavior to that of what was seen during the mentioned period. It is interesting to note that the price did have historical levels to break through, as it had already run higher during the period of December 2017 and came back down. Finally, this is not to say EOS/USD will observe the same bull run. However, it is an interesting observation to be aware of.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 80 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending