![\"hat.min\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/08\/05111538\/hat.min_-1.png\")
<\/a><\/p>\nHacker Conference Previewing<\/strong><\/p>\n The Black Hat and DEF CON security conferences begin next week, so we\u2019ll begin our weekly news recap by looking forward:<\/p>\n Briefings to look forward to include Kaspersky Lab security expert Vitaly\u00a0Kamluk\u2019s\u00a0talk, in which he will revisit the\u00a0Absolute\u00a0Computrace\u00a0vulnerability<\/a>, which we wrote about during the Security Analysts Summit back in February.<\/p>\n Security researcher Joshua Drake will present on a tool he\u2019s built that could revolutionize the study of Android security. The tool essentially\u00a0clusters together as many different Android devices<\/a>\u00a0\u2013 each with\u00a0it\u2019s\u00a0own slightly different propriety operating system \u2013 as he could find. In this way, he believes, security researchers will have a more complete view of the vast Android operating system. Another interesting Android briefing will be that of\u00a0Bluebox\u00a0Security\u2019s Jeff\u00a0Forristal, whose research suggests that there is a\u00a0critical vulnerability in millions of Android devices<\/a>\u00a0that allows a malicious app to impersonate a trusted application, enabling an attacker to insert malicious code into legit apps or even wrest control of an affected device.<\/p>\n As for DEF CON, they\u2019ll be hosting\u00a0a router hacking contest\u00a0<\/a>at this year\u2019s event. The router to be hacked is the SOHO Wi-Fi router. The rules are listed on the\u00a0SOHOpelessly\u00a0Broken website. Contestants must identify and demonstrate their zero-day exploit during DEF CON. Prizes will be awarded, but we aren\u2019t sure what they are yet.<\/p>\n Trouble for the World\u2019s Largest Social Network<\/strong><\/p>\n Back to the news that\u2019s already happened: Facebook had its good and bad this week.<\/p>\n First, on Monday, a conglomeration of privacy advocates in the U.S. and Europe requested that\u00a0Facebook be made to hold off on the implementation of its new targeted advertisement policy<\/a>. In the past, Facebook\u2019s advertisements were based almost entirely on the pages its users liked. Last month, the social network made a puzzling announcement, saying they would give users more control over the ads they see while also beginning to collect information about their users\u2019 broader Web-surfing behavior.<\/p>\n The groups that issued the complaint to the FTC are hoping to delay or altogether stop Facebook\u2019s move toward mining information from users outside Facebook\u2019s domain. The groups are saying that Facebook\u2019s program \u201cdirectly contradicts its previous statements\u201d about privacy and user tracking and that the network misled users last month when it said they would be able to control which ads they would see.<\/p>\n The next day,\u00a0per\u00a0Threatpost<\/a>, Facebook fixed\u00a0a vulnerability\u00a0in its Android app that could have allowed an attacker to cause a denial-of-service condition on a device or run up the victim\u2019s mobile bill by transferring large amounts of data to and from the device. So, if you run Facebook on Android, make sure you install the latest update if you haven\u2019t done so already.<\/p>\n It also turns out that the mobile version of Facebook\u2019s wildly popular photo-sharing service Instagram doesn\u2019t deploy full encryption. Because of this, users are at risk of exposing their browsing behavior and having their session cookies stolen, which could ultimately lead to account hijacks on both Android and iOS. Facebook and Instagram are aware of the issue and say they will fix the problem, but have not yet committed to a date for that fix. Read more at\u00a0Threatpost<\/a>\u00a0and on the\u00a0Kaspersky Daily<\/a>.<\/p>\n Advanced Persistent Threats<\/strong><\/p>\n It also emerged this week that Chinese advanced persistent threat (APT) hackers set their sights on defense contractors involved in the development of Israel\u2019s notorious \u201cIron Dome\u201d missile defense system. They\u00a0reportedly<\/a>\u00a0stole detailed schematics for a particular type of anti-ballistic missile, information about rockets, and pages upon pages of other mechanical documents from a trio of Israeli defense contractors between 2011 and 2012.<\/p>\n Another allegedly Chinese APT group\u00a0hacked into one of Canada\u2019s premier research and technology organizations<\/a>, forcing them offline.\u00a0Threatpost\u2019s\u00a0Chris Brook writes that the attack was so serious that the organization is being forced to rebuild its entire system. Canada is not yet saying when the attack took place nor is it divulging what was taken.<\/p>\n In Other News<\/strong><\/p>\n Senator Patrick\u00a0Leahy\u00a0(D-VT)\u00a0introduced a bill<\/a>\u00a0that aims to curtail\u00a0NSA\u00a0surveillance power by ending the bulk collection of\u00a0metadata\u00a0and placing more oversight on the Foreign Intelligence Surveillance Court.\u00a0WhisperSystems\u00a0released Signal, an iPhone app that will let users make\u00a0free\u00a0encrypted phone calls<\/a>. Last but not least, for a little more than six months, attackers were on the Tor network trying to\u00a0de-anonymize\u00a0users who operate or use Tor hidden services<\/a>.<\/p>\n