Why it’s the perfect time to encourage women to pursue careers in cyber security; a vulnerability is discovered in the world’s most-popular ecommerce platform; and a strange quirk is discovered by some surprised Android TV users.
Welcome to Cyber Security Today. It’s Wednesday, March 6th. I’m Brian Jackson, editorial director at IT World Canada. I’m filling in for Howard Solomon while he’s at RSA this week, but make sure to subscribe to this feed so you can get his special episodes from the conference.
International Women’s Day is this Friday. One McAfee blogger based in India wants it to be an opportunity to get more women interested in careers in cyber security. This is an area that needs to recruit from a wider diversity spectrum. Cyber security skills are so in demand that there will be a shortfall around the world in coming years. India alone will need 1 million such professionals by next year. The blogger also points out that many employers are offering more flexible workdays as a way to make it easier for parents to maintain employment. Too many women get a start in technical careers like this, but leave the field while still in junior or mid-level positions. Having the option to work from home sometimes might help prevent that.
Fortinet’s ForiGuard Labs team has discovered a vulnerability in the web’s most-popular ecommerce platform. WooCommerce, an open source platform built on WordPress, suffered from an XSS vulnerability. An attacker could have slipped in malicious code to a WooCommerce website inside the title and caption fields of an uploaded image. WooCommerce has responded by patching the problem. For ecommerce site operators out there, make sure your software is always up to date, no matter what platform you’re using. And for WordPress sites in general, always be careful about who has access to put content on your system. If it’s not absolutely crucial, it’s best to lock it out.
Google has temporarily disabled the ability to view Google Photos on Android TV devices after some users reported a strange bug revealing hundreds of Google accounts. Android Police reports at least two users of Android TV devices – one made by Vu (that’s V-U) and another made by iFFalcon. One user was setting up ambient mode to display some of his photos when he noticed the app was reporting hundreds of linked accounts. According to Vu Technologies, the problem is related to the Google Home app on some versions of Android TVs. For now, the bug has been fixed, but at the loss of some functionality to Android TV users for the time being. It’s not clear if the breach went beyond just seeing a list of Google Profiles, as no users reported actually being able to see the photos of other users. Here’s my advice on the whole smart TV thing – just don’t buy one. Buy a high quality screen from whatever brand you like, then plug a streaming device like Google Chromecast into the back. These devices update automatically, and often, so you don’t have to manage patches. And there’s less code involved in the operating system, so there’s less that can be exploited.