COMPUTERS/INTERNET/SECURITY | WHAT REALLY HAPPENED


COMPUTERS/INTERNET/SECURITY

May 21 09:26

THANKS TO FACEBOOK, YOUR CELLPHONE COMPANY IS WATCHING YOU MORE CLOSELY THAN EVER

SOURCE: THE INTERCEPT
Among the mega-corporations that surveil you, your cellphone carrier has always been one of the keenest monitors, in constant contact with the one small device you keep on you at almost every moment. A confidential Facebook document reviewed by The Intercept shows that the social network courts carriers, along with phone makers — some 100 different companies in 50 countries — by offering the use of even more surveillance data, pulled straight from your smartphone by Facebook itself.

Webmaster's Commentary: 

The Unhinged, surveilled, State of Amerika, now has a forth arm: it is called "surveillance", and that is what that smarmy triumverate, Facebook; Twitter, and Google, collectively bring to the US government table.

May 21 09:21

US Navy wants to create archive of 350 BILLION social media posts for ‘research’ purposes

The US Navy is seeking to create an archive that will store no less than 350 billion social media posts, as part of the military branch’s “research efforts” into “modes of collective expression.”

The Department of the Navy has posted a solicitation asking contractors to bid on a project that would amass a staggering 350 billion social media posts dating from 2014 through 2016. The data will be taken from a single social media platform – but the solicitation does not specify which one.

May 21 09:15

Italian Version of Article 17 Requires LEGAL Content to Be Filtered Out

Last Friday the text of the new EU Copyright Directive was published on the Official Journal of the EU. However, due to glaring error, the Italian translation of Article 17 (formerly 13) requires online platforms such as YouTube to prevent the availability of works "that do not infringe copyright", even in cases where such works are "subject to an exception or limitation".

May 21 08:40

CITIES ARE ADOPTING REAL-TIME FACIAL SURVEILLANCE SYSTEMS

SOURCE: TECHNOCRACY.NEWS
Because there is no Federal legislation preventing its use, cities are gobbling up China-style facial recognition systems. Individual cities can easily block this surveillance technology, but citizens are sound asleep and completely oblivious to the destruction of their own civil liberties. ? TN Editor
Civil Liberties Activists trying to inspire alarm about the authoritarian potential of facial recognition technology often point to China, where some police departments use systems that can spot suspects who show their faces in public. A report from Georgetown researchers on Thursday suggests Americans should also focus their concern closer to home.

The report says agencies in Chicago and Detroit have bought real-time facial recognition systems. Chicago claims it has not used its system; Detroit says it is not using its system currently. But no federal or state law would prevent use of the technology.

Webmaster's Commentary: 

What is going to keep America safe from crime?!? I really don't think that these real-time surveillance is going to cure the problem.

What will cure it, is, initially removing the stigma and curse, of low expectations, both in schools and in families, and the common culture, for our ALL of our kids.

Remember that brilliant James Olmos film, "Stand and deliver"?!? This was based on a true story, where a high school math teacher gets his kids, primarily Hispanic, to register for a math championship, which they won;and then lost, because the school "testmeisters" believed that they had cheated, somehow, without a shred of evidence.

These kids came back for a second competition, and won again, and this time, the win was allowed to stand; one teacher had made them proud, and gave them the knowledge they were really capable of doing anything to which they set their minds.

Would that all teachers in this country believed that.

Too many of our children "graduate" from high school, illiterate; innumerate; and lack the ability for critical thinking, which are all desperately needed for anyone to succeed in this society. This has to change.

Then, we need to have a thriving economy, not just for the monied; but also, for those just starting out in the work force, so that they can get decent jobs which actually matter.

We also need strong families, and strong social/religious institutions, where kids learn to express themselves in a loving, kind, manner, to keep them from getting into gangs, where time is somewhat structured for them, but in a way that structured time, doesn't feel "like a prison".

And one thing I have noticed about kids acting out; it never seems to be at a Waldorf School; or a Montessori school; it seems to happen, over and over, at our public schools.

And the worst possible outcome of a kid acting out today, is to be sentenced to a private, juvenile detention facility.

The US's School to Prison Pipeline

May 21 07:53

"THEY HAD ME AT GUNPOINT": HERTZ CUSTOMERS KEEP GETTING ARRESTED FOR DRIVING "STOLEN" CARS

If you rent a car from Hertz, you're now on notice not to be surprised if you’re randomly pulled over and arrested for seemingly no reason at all.

This is because, according to The Drive, customers of the Florida rental vehicle company are being erroneously stopped and arrested due to a faulty computer system and plain old poor office management at the company.

The majority of mix-ups are a result of Hertz reporting stolen vehicles to the police when they were actually being legitimately rented by customers, causing major issues for anyone that is spotted in the vehicle, include unwitting and unknowing customers, and their passengers.

Webmaster's Commentary: 

The answer is simple; never rent from Hertz again, until the problem gets solved.

Here is a link to their corporate governance:

Hertz: executive officers

Please write (or email them politely, no nastigrams, please) and let them know YOU know the mess they are in, and until, and unless there is both a public apology, and a very public paying of these illegal fines for innocent people who got caught up in this, that under no circumstances, will you ever, again, rent or lease a car from them.

I have to wonder, in fact, just when the class action lawsuits against Hertz over this glaring flaw in their software, will start to happen, although there is another one, already making its way through the court system:

Hertz Class Action Claims Fraud Over Damages

Hertz, not sorry: FIX THESE INSANE GLITCHES IN YOUR SOFTWARE, PLEASE.

May 21 07:43

BALTIMORE RANSOMWARE NIGHTMARE COULD LAST WEEKS MORE, WITH BIG CONSEQUENCES

SOURCE: ARSTECHNICA.COM
It's been nearly two weeks since the City of Baltimore's networks were shut down in response to a ransomware attack, and there's still no end in sight to the attack's impact. It may be weeks more before the city's services return to something resembling normal—manual workarounds are being put in place to handle some services now, but the city's water billing and other payment systems remain offline, as well as most of the city's email and much of the government's phone systems.

The ransomware attack came in the midst of a major transition at City Hall. Mayor Bernard C. “Jack” Young assumed office officially just days before the attack, after the resignation of former mayor Catherine Pugh, who is facing an ever-expanding corruption investigation. And some of the mayor's critical staff positions remained unfilled—the mayor's deputy chief of staff for operations, Sheryl Goldstein, starts work today.

Webmaster's Commentary: 

Just brilliant, Baltimore; you were warned that this was coming, by someone who actually knew what they were talking about, and yet took no measures to protect your city, or citizens.

IF I were a citizen of Baltimore, I would be voting with my feet right now, and "get the heck out of Dodge"; I would be willing to bet you one whole cent, that this is not the last time this will happen in this city, which chose to be unprepared to deal with the issue.

May 21 07:35

MILLIONS OF INSTAGRAM INFLUENCERS HAD THEIR PRIVATE CONTACT DATA SCRAPED AND EXPOSED

SOURCE: TECHCRUNCH.COM
A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online.

The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by the hour.

From a brief review of the data, each record contained public data scraped from influencer Instagram accounts, including their bio, profile picture, the number of followers they have, if they’re verified and their location by city and country, but also contained their private contact information, such as the Instagram account owner’s email address and phone number.

Webmaster's Commentary: 

Amazon: OUCH, come on, you (should be) better than that!!

And BTW, those "product liability" lawsuits will be coming, and not in the far future either. When this was a nascent technology, just in its "incubator phase of development.", one might understand the value of this.

But not, thank you very much, in 2019.

May 20 17:15

Massive online database left MILLIONS of Instagram influencers' personal information exposed

A security researcher has discovered a massive online database that exposes the personal contact information of nearly 50 million influencers and brands.

According to a report from TechCrunch, researcher Anurag Sen discovered the database contained the personal contact information of 'prominent food bloggers, celebrities and other social media influencers.'

Sen alerted the site to the list's existence in an attempt to find its creator and get it secured, TechCrunch noted.

TechCrunch reports that the information in the database appears to have been scraped from publicly available social media accounts and was traced back to a social media marketing firm Chtrbox based in Mumbai, India.

Chtrbox, which pays influencers to post sponsored content onto their pages, also included information on what a post with each person listed in the database would cost, including their number of followers, likes, and reach.

May 20 14:15

THANKS TO FACEBOOK, YOUR CELLPHONE COMPANY IS WATCHING YOU MORE CLOSELY THAN EVER

Among the mega-corporations that surveil you, your cellphone carrier has always been one of the keenest monitors, in constant contact with the one small device you keep on you at almost every moment. A confidential Facebook document reviewed by The Intercept shows that the social network courts carriers, along with phone makers — some 100 different companies in 50 countries — by offering the use of even more surveillance data, pulled straight from your smartphone by Facebook itself.

May 20 10:15

Windows 10 version 1903: Is it safe to install yet?

"Once burned, twice shy." That's good advice if you're working around a hot stove. It's an equally wise strategy for anyone responsible for administering Windows 10 PCs.

After the disastrous rollout of Windows 10 version 1809, you should indeed be extremely wary of touching that hot stove. Microsoft had grown cocky after a handful of relatively trouble-free feature updates to Windows 10, and had even bragged about how quickly it was able to roll out those semi-annual feature updates. That hubris caught up with them in late 2018.

May 20 09:28

Huawei confirms it has built its own operating system just in case US tensions disrupt use of Google’s Android

The Chinese company has developed a proprietary OS as tensions between the company and the US government could impact the availability of US-made operating systems used on Huawei devices, Huawei’s mobile chief Richard Yu Chengdong, said in an interview with German publication Die Welt.
Yu’s comments confirm an earlier report

by the South China Morning Post in April 2018, which revealed the existence of a years-long project to build an alternative to Google’s Android OS. Huawei started building its own operating system after a US investigation into Huawei and ZTE Corp in 2012, a person familiar with the matter said in the report.

May 20 09:25

Huawei Responds to Android Ban

It seems like both Huawei and Google aren’t exactly certain about what’s going to happen going forward. The plan forward is a big uncertainty for both the companies and Huawei being one of the biggest phone makers in the world, that’s a huge problem for the entire market.

May 20 09:14

Netizen Report: Amid WhatsApp Attacks, Advocates Launch Legal Challenge Against Israeli Malware Maker

By Netizen Report Team

The Advox Netizen Report offers an international snapshot of challenges, victories, and emerging trends in technology and human rights around the world. This report covers news and events from May 10 – 17, 2019.

On May 13, WhatsApp users in multiple countries were targeted with malicious software developed by the Israeli company NSO group and deployed by governments that had purchased the software...

May 20 09:00

Have Consumers Already Lost the Online Privacy War?

By Sam Bocetta

Technology has increasingly come to occupy a central role in our lives. Growing numbers of people, however, have expressed concerns over how much of our privacy we’ve sacrificed for the sake of convenience.

Networks are under assault from cyber attacks like never before, resulting in frequent, massive data breaches. Perhaps even more significantly, companies seem to be gathering data on customers, often without their knowledge, in an effort to more precisely target their advertising...

May 19 21:20

WHY DOES NASA NEED ACCESS TO OHIO’S FACIAL RECOGNITION SYSTEM AND DATABASE?

More than 4,500 individuals at federal and local law enforcement agencies currently have access to a facial recognition database hosted by the Ohio Attorney General’s office, including at the Federal Bureau of Investigation, Immigration and Customs Enforcement, and the National Aeronautics and Space Administration.

May 19 21:16

5G DANGER: HUNDREDS OF RESPECTED SCIENTISTS SOUND THE ALARM ABOUT HEALTH EFFECTS AS 5G NETWORKS GO UP NATIONWIDE

Even though many in the scientific community are loudly warning about the potential health effects that 5G technology could have on the general population, Verizon and AT&T are starting to put up their 5G networks in major cities all across the nation. Today, the total number of cell phones exceeds the entire population of the world, and the big cell phone companies are making a crazy amount of money providing service to all of those phones. And now that the next generation of cell phone technology has arrived, millions of cell phone users are looking forward to better connections and faster speeds than ever before. In fact, President Trump says that 5G networks will be up to 100 times faster than the current 4G networks that we are using right now…

May 19 21:07

CHICAGO AND DETROIT HAVE BOUGHT REAL-TIME FACIAL RECOGNITION SYSTEMS

Civil liberties activists trying to inspire alarm about the authoritarian potential of facial recognition technology often point to China, where some police departments use systems that can spot suspects who show their faces in public. A report from Georgetown researchers on Thursday suggests Americans should also focus their concern closer to home.

May 19 17:29

South Korea will ditch Microsoft Windows for Linux

Windows 7 support will end in January of next year, and that is a huge problem for both business and home users that are still running the aging operating system. Can't these people just upgrade to Windows 10? Well, yeah, but many just don't want to. Windows 10 has extreme telemetry that many people consider to be spying. As a result, they simply don't trust Microsoft's latest operating system. Not to mention, for businesses and organizations with many computers, the upgrade to Windows 10 could prove to be a costly affair.

And now, as a result of the upcoming death of Windows 7 support, the South Korean government has reportedly decided to ditch Microsoft Windows entirely. According to The Korea Herald, the Asian country's government will switch from Windows 7 to a Linux-based operating system.

May 19 17:27

Google 'restricts Huawei's use of Android'

New smartphones made by the company will also lose access to Google's app store and software such as Gmail, the news agency's story says.

May 19 07:58

FACEBOOK ADMITS ISRAELI SOCIAL MANIPULATION COMPANY SPENT $800,000 TO INFLUENCE AFRICAN ELECTIONS

SOURCE: ZERO HEDGE
In keeping with their spectacular reputation of violating privacy and rigging elections, Facebook has said that it removed "hundreds of accounts" from Facebook and Instagram that were used to influence elections in Africa, according to CNN. Only it wasn't Russia who was behind this latest intervention, but Israel.
Archimedes Group, an Israeli company, reportedly spent more than $800,000 in advertising (far more than the Kremlin allegedly spent on its "ad campaign" to crush Hillary Clinton and get Trump elected) and ran accounts that had nearly 3 million followers, for the purpose of targeting African elections. The group primarily targeted Nigeria, Senegal, Togo, Angola, Niger and Tunisia.

For perspective, the $800,000 reportedly spent by the group compares to the $100,000 that has been claimed by the U.S. mainstream media to have been spent for ‘Russian bots’ used to allegedly sway the 2016 US presidential election, according to RT.

Webmaster's Commentary: 

Color me completely unsurprised at this revelation.

Most the worlds's precious, and yet-to-be-exploited commodities, can be found in Africa; it is no wonder Israel sought to exploit those elections for economic gain.

May 19 07:47

POLICE ARE COPYING AND PASTING BODY PARTS IN FACE RECOGNITION SEARCHES

The NYPD is sometimes photoshopping random facial features onto suspect photos, and then searching those images using face recognition tech. Source: https://www.flawedfacedata.com/

In two reports published this week, Georgetown University Law School’s Center on Privacy and Technology joins the ACLU of Massachusetts in calling for a moratorium on the government’s use of face surveillance technology, citing alarming new findings about law enforcement’s use of the tool nationwide.

Webmaster's Commentary: 

This is full-frontal "Minority Report", gone haywire.

May 18 12:00

Scott Adams: Buttigieg, Fake News, How to Frame Immigration, Abortion, Climate

Comments at: https://twitter.com/ScottAdamsSays/status/1129748787868700673

Border psychology: Telling people we’ll be sending them back soon
A simple tweet that reduces those swarming our border
President Trump uses psychology to protect our homeland
President Trump has a highly criticized style, BUT…
Future Presidents will be compared to his energy, results
President Trump does counter-narrative things ALL the time
Enemy press and Dems push “racist” narratives about him
President’s actions and priorities counter their narratives
The essential claim for needing immigration reform
If your incentives aren’t correct, immigration is a disaster
GOOD FRAMING: Heartbeat bills, a beating heart equals life
GOOD FRAMING: immigration policies like those in…Canada, Japan
Merit based policies like our friends in Canada and Japan

May 18 09:55

AI-Generated Joe Rogan Voice is a Warning From the Future

By John Vibes

In 2017, a startup called “Lyrebird” made headlines with AI-generated replications of celebrity voices that were extremely convincing.

Tracks posted to SoundCloud featured the voices of Donald Trump, Barack Obama, and Hillary Clinton making a pitch for the Lyrebird’s new technology. In the video, a Fake President Trump voice says, “They can make us say anything now.”

While the story gathered some attention initially, it quickly disappeared from the news cycle, except for just about one place, The Joe Rogan Experience Podcast...

May 18 08:18

Thought Crimes? Facial Recognition Technology Is Invading The U.S.; San Fran Passes Historic Privacy Bill; Man Arrested In UK For Hiding Face

By Aaron Kesel

You can’t run, you can’t hide; facial recognition technology is advancing at a quickening pace, it’s becoming more widespread and accurate, and we are entering the path of no return.

A report from Georgetown researchers states that agencies in Chicago and Detroit have bought real-time facial recognition systems. Meanwhile, a privacy bill failed to pass in San Francisco. Elsewhere, in the UK an unidentified man was arrested for hiding his face from facial recognition technology and was gifted an insane disorderly behavior fine of £90...

May 17 16:20

Tesla Model 3: Autopilot engaged during fatal crash

A preliminary report into a fatal accident involving a Tesla Model 3 in the US has found Autopilot had been engaged 10 seconds before the crash.

The Tesla was travelling above the speed limit when it crashed into a truck towing a trailer in March 2019.

The roof of the car was sheared off in the accident and the driver was killed.

According to the report, the driver did not appear to have his hands on the wheel and neither he nor the Autopilot took any evasive action.

May 17 11:50

More Chaos: Baltimore City Cryptocurrency Ransomware Attack Paralyzes Real Estate Industry

Last week, we reported the Baltimore City government was paralyzed by cryptocurrency ransomware, which infected computers associated with severs tied to the city's communication network.

A new report from The Baltimore Sun shows the hack has disrupted city servers for the eighth straight day. This time, essential systems required for transacting real estate deals have gone offline, throwing the entire industry across the city into chaos, which means no homes can currently be bought or sold.

May 17 09:10

What You Need to Know About the Latest WhatsApp Vulnerability

By Eva Galperin

If you are one of WhatsApp’s billion-plus users, you may have read that on Monday the company announced that it had found a vulnerability. This vulnerability allowed an attacker to remotely upload malicious code onto a phone by sending packets of data that look like phone calls from a number not in your contacts list. These repeated calls then cause WhatsApp to crash. This is a particularly scary vulnerability because the does not require that the user pick up the phone, click a link, enter their login credentials, or interact in any way...

May 17 08:13

Hacktivist attacks dropped by 95% since 2015

Threat intelligence analysts have long said that hacktivism was dead but new data published by IBM X-Force today confirms the complete collapse of hacktivism scene, with activity levels going down by 95% since 2015.

May 16 11:02

TINY SPIES: THIS INSECT-LIKE FLYING ROBOT IS SMALLER THAN A PENNY

A team of engineers from the University of Southern California in Los Angeles built a four-winged flying robot called Bee+, which weighs just 95 grams and sports a footprint smaller than a penny.

May 16 10:50

Hackers for hire get government stamp of approval

HackerOne announced it is one step closer to achieving coveted approval for operating on federal networks.

The San Francisco-based “hacker-powered security” company said May 15 it had achieved Federal Risk and Authorization Management Program (FedRAMP) In Process status for Tailored Low impact Software-as-a-Service (Li-SaaS).

A release noted that the “In Process” status signifies the addition of HackerOne’s full suite of solutions into the FedRAMP marketplace. These solutions include bug bounty, vulnerability disclosure and compliance solutions.

The company said it expects to achieve FedRAMP Authorized status, the final stage, by 2020.

May 16 10:48

White House Rolls Out Website To Report Silicon Valley Censorship

The White House has launched a new tool for people to use if they feel they have been unfairly discriminated against over social media.

The Trump Administration is fighting for free speech online.

No matter your views, if you suspect political bias has caused you to be censored or silenced online, we want to hear about it!

Those who feel they have been wrongly banned, censored or suspended on platforms such as Facebook or Twitter can go to "wh.gov/techbias" where the following mesage will greet them:

"SOCIAL MEDIA PLATFORMS should advance FREEDOM OF SPEECH. Yet too many Americans have seen their accounts suspended, banned, or fraudulently reported for unclear “violations” of user policies.

No matter your views, if you suspect political bias caused such an action to be taken against you, share your story with President Trump."

Webmaster's Commentary: 

Sounds great, but way too little and way to late for people whose sites have already been deplatformed, and demonetized.

How is the government going to handle that, and will we see lawsuits against the companies which did this in the first place, like Google, Twitter, or Facebook?!?

I wouldn't hold my breath, because the data these companies have stored, and shared with Federal government officials, has made them the unofficial 4th arm of governmental activities: surveillance.

May 16 10:08

US Adults Spend Crushing Amount Of Cash Playing Video Games

American adults spend enormous amounts of money playing video games, mostly on smartphones, and at a rapidly increasing pace, according to Reuters.

According to annual research from the Entertainment Software Association, over 164 million US adults play video games - a figure that's 20% more than a year ago and over 85% more than in 2015.

A staggering $43.4 billion spent in 2018 was mostly on content, as opposed to hardware and accessories. Of pay-to-play games, “Call of Duty: Black Ops III”, “Red Dead Redemption II” and “NBA 2K19” took the top spots for most units sold but the list did not include free games such as “Fortnite.”

“Games are striking an important chord with American culture,” said Stanley Pierre-Louis, ESA’s acting president and chief executive officer. “That’s what makes it the leading form of entertainment today.”

May 16 09:53

FBI Tells The Governor Of Florida About Election Hacking, But Says He Can't Tell Anyone Else

I thought this was America, but whatever. Secrecy in all things government, despite the (often misheld) presumption that our public servants will be open and honest about issues that affect us.

It's no secret voting systems and databases are not secure. These are problems that date back 15 years, but have shown little improvement since. Election interference is just another tool in the nation-state hacking kit, and the US is far from immune from these attacks.

Federal agencies investigating election interference are at least speaking to officials in states affected by these efforts. But those officials are apparently not allowed to pass on this information to those affected the most: voters.

Gov. Ron DeSantis met with the FBI and the U.S. Department of Homeland Security last Friday to discuss the revelation in Robert Mueller’s report that “at least one” Florida county had its election information accessed by Russian hackers in 2016.

Webmaster's Commentary: 

Ad the proof that this actually happened?!?

Of course, absolutely no where to be found.

May 16 06:59

Outrage after Adobe says customers using an older version of Photoshop may be SUED if they continue - even though they paid for the software

Customers who have regularly paid to use Adobe's Photoshop software have been politely threatened with litigation for using older versions.

After discontinuing older versions of the popular photo editing software, Adobe emailed customers regarding its policy towards users who don't abide the company's rules.

'We have recently discontinued certain older versions of Creative Cloud applications and and a result, under the terms of our agreement, you are no longer licensed to use them,' Adobe said in the email.

'Please be aware that should you continue to use the discontinued version(s), you may be at risk of potential claims of infringement by third parties.'

May 16 06:53

Keyloggers Injected in Web Trust Seal Supply Chain Attack

Hackers compromised the script used by Best of the Web to display their trust seal on their customers' websites and to add two key logging scripts designed to sniff keystrokes from visitors.

As Sanguine Security researcher Willem de Groot found out, "The security seal as sold by @bestoftheweb contains even 2 different keystroke loggers. One was added on Apr 24th, the other last week."

After de Groot disclosed his discovery to Best of the Web, the company confirmed that their trust seal script which was hosted on Amazon’s content delivery network (CDN) was indeed hacked.

In addition, the company stated that it took immediate action to fix the issue and all customers impacted by the compromised script were being contacted.

May 16 06:50

Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site

Hackers injected the Forbes' subscription website with a Magecart script which collects payment card data customers introduce on the checkout page and exfiltrates it to a server controlled by the attackers.

As revealed by Bad Packets Report's co-founder Troy Mursch, the script collects card numbers, expiration dates, and credit card CVV/CVC verification codes, as well as customers' names, addresses, phone numbers and emails.

While the obfuscated Magecart script can still be found on the forbesmagazine.com website, the domain used by the attackers to collect the stolen payment information has been taken down using Freenom's abuse API which makes it possible to take down malicious domains immediately.

May 15 15:11

Google is about to have a lot more ads on phones

Google announced a bunch of new ad types today that’ll start showing up throughout its mobile products, including some that interrupt the core Google search and discovery experiences.

Google searches on mobile will soon include “gallery” ads that allow advertisers to display multiple images for users to swipe through. You’ll also begin to see ads in Google’s discover feed — the feed of news stories that you find built into many Android home screens, inside the Google app, and on Google’s mobile homepage — though they’ll only appear in select locations for now.

The new ad formats are meant to make ads a lot more noticeable. In a blog post, Google ad chief Prabhakar Raghavan says that, in tests, gallery ads resulted in “up to 25 percent more interactions” than traditional search ads.

May 15 14:53

Legal bombs fall on TurboTax maker Intuit for 'hiding' free service from search engines

Intuit, the biz behind America's most popular tax-filing software, was sued this week for seemingly hiding a free version of its product from search engines.

The class-action lawsuit [PDF] from TurboTax users from across the United States was lodged in San Francisco, and joins one filed [PDF] last week by the Los Angeles City Attorney on behalf of the people of California, also against Intuit.

Both lawsuits claim that Intuit's use of HTML metatags to prevent search engines from indexing the website where the free software is available led to people being "intentionally misled and deprived of the opportunity to make an informed decision about their tax-filing service." In other words, people went straight to the paid-for system not knowing there was a free alternative.

May 15 14:33

Update your computer NOW: Intel reveals 'ZombieLoad' flaw affecting its chips could put MILLIONS of devices at risk by letting hackers steal passwords and other sensitive user data

Security researchers have discovered a new set of flaws in Intel processors that could leave users exposed to cyber-attacks akin to those caused by the Meltdown and Spectre vulnerabilities.

The attack variants include Fallout, RIDL and ZombieLoad, the last of which appears to be the most critical and operates by exploiting a design flaw in Intel chips to leak sensitive user data.

Chips made by Advanced Micro Devices and ARM Holdings are not affected by this latest vulnerability.

However, it impacts 'almost every computer' with an Intel processor going back as early as 2011, according to TechCrunch.

May 15 14:31

Buffer the Intel flayer: Chipzilla, Microsoft, Linux world, etc emit fixes for yet more data-leaking processor flaws

Intel on Tuesday plans to release a set of processor microcode fixes, in conjunction with operating system and hypervisor patches from vendors like Microsoft and those distributing Linux and BSD code, to address a novel set of side-channel attacks that allow microarchitecture data sampling (MDS).

...

Intel's patch dump coincides with the expected release of research papers by computer scientists – summarized at cpu.fail and zombieloadattack.com – detailing how the vulnerabilities arise from speculative execution – a shortcut taken by modern processors to execute software instructions before they're needed that has opened new avenues of attack. The vulnerabilities appear to be limited to Intel hardware; the researchers say they were unable to replicate any of their attack primitives on Arm or AMD-designed processors.

May 15 14:30

RIP Hyper-Threading? ChromeOS axes key Intel CPU feature over data-leak flaws – Microsoft, Apple suggest snub

In conjunction with Intel's coordinated disclosure today about a family of security vulnerabilities discovered in millions of its processors, Google has turned off Hyper-Threading in Chrome OS to fully protect its users.

Meanwhile, Apple, Microsoft, IBM's Red Hat, QubesOS, and Xen advised customers that they may wish to take similar steps.

The family of flaws are dubbed microarchitecture data sampling (MDS), and Chipzilla's official advisory is here, along with the necessary microcode updates to mitigate the data-leaking vulnerabilities and list of affected products. Installing these fixes and disabling Intel's Hyper-Threading feature is a sure fire way to kill off the bugs, though there may be a performance hit as a result.

May 15 14:22

Microsoft rolls out patch for older Windows systems to stop the spread of malware like the WannaCry blackmail attack that crippled computers in 74 countries

Microsoft has issued a patch for some of its older systems to fix a vulnerability that could allow malware to spread in a similar way to the 2017 WannaCry attack.

...

The fix is one of a range of patches issued by the computing giant to repair systems it has since stopped supporting, such as Windows 7 and XP.

May 15 14:16

Radio signals used to guide planes during landing can easily be FAKED to throw them off course by hackers using tools amounting to just $600, researchers warn

With about $600 and a few tools, hackers could fake the radio signals used by commercial airplanes to navigate and land safely, according to new research.

In a paper and demonstration from researchers at Northeastern University in Boston, a software defined radio -- a non-traditional radio that uses software instead of hardware for many components -- successfully tricks a simulated plane into thinking that the aircraft is traveling off-course.

Through a process called 'spoofing' -- a term also applied to scam and robo-callers who fake their numbers -- researchers are able to deceive an aircraft's course deviation indicator into thinking the plane is off-center.

This causes it to misalign or falsely 'correct' its trajectory and land adjacent to the runway.

May 15 11:28

Twitter Bans Official AOC Account After Mistaking It For Satire

The social network had banned several popular parody accounts of the congresswoman. The company then deployed an algorithm to identify and automatically ban accounts that satirized Ocasio-Cortez or her allies in Congress. Unfortunately, the algorithm got "a little too aggressive," and banned Ocasio-Cortez herself.

The AOC parody accounts are so spot-on, that Twitter can't tell the difference.

May 15 10:24

Israel spyware firm linked to Khashoggi case used to hack WhatsApp

Software created by an Israeli spyware firm with links to the murder of Saudi journalist Jamal Khashoggi has been used to hack messaging app WhatsApp.

WhatsApp discovered earlier this month that potential attackers had been able to install malicious surveillance software on to both iPhones and Android phones by ringing targets using the app’s phone call function, the Financial Times (FT) reported yesterday. The FT added that the software “could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs”.

May 15 10:18

WhatsApp Users Targeted By Spyware -- Here's What You Need To Know

WhatsApp has patched a vulnerability that allowed attackers to inject spyware onto people’s phones. This was confirmed by both WhatsApp and a spyware technology dealer to the Financial Times, which broke the news.

Discovered at the start of May, the vulnerability would have allowed adversaries to install surveillance software on phones by calling a user via the app’s phone call function. The attack could be performed even if the person didn’t answer their phone, while the calls would often disappear from logs, according to the spyware dealer.

The malicious code was allegedly developed by Israeli company NSO Group, which aims its products at Middle Eastern and Western intelligence agencies. NSO’s flagship product is dubbed Pegasus: a program that can turn on your phone’s microphone and camera, search emails and messages and collect location data.

May 15 10:16

ZombieLoad: New critical flaw affects most Intel processors, exposes keys, browsing history & more

Researchers have found another security flaw in the Intel processor chips that power most of the world’s computers, one that can compromise users’ private data – and that can’t be fixed without a major performance drop.
The exploit, dubbed ZombieLoad, is embedded in Intel’s processor chips themselves, meaning even the best-designed software patches can only go part of the way toward plugging the hole without reducing the chips’ performance. The vulnerability may allow attackers to ‘resurrect’ critical data processed by the chip – from browser history and passwords to disk encryption keys and other system-level sensitive data.

Its reach isn’t even limited to the end-user’s computer, according to researchers Michael Schwarz, Moritz Lipp, and Daniel Gruss from Graz University of Technology and Jo Van Bulck from KU Leuven: it “can also be exploited in the cloud.”

May 15 10:12

Victory! EFF Wins National Security Letter Transparency Lawsuit

Source: Electronic Frontier Foundation

A federal district court in San Francisco has ruled strongly in favor of our Freedom of Information Act lawsuit seeking records of how and when the FBI lifts gag orders issued with National Security Letters (NSLs). These records will provide a window into the FBI’s use of a highly secretive investigative tool that has been historically misused. They will also provide insight into the effectiveness of the USA Freedom Act, the national security reform law passed by Congress in 2015.

NSLs are a form of administrative subpoena that allows the government to obtain basic information about customers of communications providers, banks and credit agencies, and a range of other companies. The defining feature of NSLs, however, is that the FBI can issue a blanket gag order with its information request, preventing recipients from saying anything about them, including the very fact that they have received an NSL.

Webmaster's Commentary: 

Congrats, EFF, well-done!!

May 15 10:08

WhatsApp fixes Israeli spyware breach

Users of the messaging service WhatsApp are being urged to immediately update to the latest version of the app.

WhatsApp, which is owned by Facebook, released the update to fix a critical vulnerability that allowed Israeli spyware to be installed on a user’s smartphone simply by ringing it up.

“The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs,” according to the Financial Times.

May 15 10:05

Intel CPUs impacted by new Zombieload side-channel attack

Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU.

The leading attack in this new vulnerability class is a security flaw named Zombieload, which is another side-channel attack in the same category as Meltdown, Spectre, and Foreshadow.

May 15 09:10

ZombieLoad: New critical flaw affects most Intel processors, exposes keys, browsing history & more

Researchers have found another security flaw in the Intel processor chips that power most of the world’s computers, one that can compromise users’ private data – and that can’t be fixed without a major performance drop.

The exploit, dubbed ZombieLoad, is embedded in Intel’s processor chips themselves, meaning even the best-designed software patches can only go part of the way toward plugging the hole without reducing the chips’ performance. The vulnerability may allow attackers to ‘resurrect’ critical data processed by the chip – from browser history and passwords to disk encryption keys and other system-level sensitive data.

Its reach isn’t even limited to the end-user’s computer, according to researchers Michael Schwarz, Moritz Lipp, and Daniel Gruss from Graz University of Technology and Jo Van Bulck from KU Leuven: it “can also be exploited in the cloud.”

Webmaster's Commentary: 

Intel.... just fix the darned flaw, please!!!

This has got to be annoying to the execs here; but I think there are two words which, at this point in time, in the computer industry's existence, need to come about; those words are: product liability.

Because those creating the computers we all rely upon, have been, for far too many years, costing us business, and costing us money, sometimes, big-time.

That has to stop, and right the heck now.

May 15 08:22

WhatsApp: Malicious Spyware Has All The Markings Of “Government Sponsored Surveillance”

WhatsApp has asked users to update their systems after a malicious attack. The cyber attack is complete with all the hallmarks of a “government-sponsored surveillance” attempt.

The messaging and audio app owned by Facebook said Monday that malicious hackers were able to install spyware on Android smartphones and Apple iPhones and is asking users to make sure their security is up to date. But more alarming, is that this looks like the government wants to spy on its own people who use the WhatsApp app. “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” a WhatsApp spokesperson told MarketWatch.

Webmaster's Commentary: 

This... is more than a little scary.

May 14 16:50

'Hard-to-fix' Cisco flaw puts work email at risk

Security researchers have discovered serious vulnerabilities affecting dozens of Cisco devices.

The flaws allow hackers to deceive the part of the product hardware that checks whether software updates come from legitimate sources.

Experts believe this could put emails sent within an organisation at risk as they may use compromised routers.

Messages sent externally constitute less of a risk, however, as they tend to be encrypted.

The California-based firm said it is working on "software fixes" for all affected hardware.

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA