https://www.bespacific.com/spyware-company-leaves-terabytes-of-selfies-text-messages-and-location-data-exposed-online/
Spyware Company Leaves ‘Terabytes’ of Selfies, Text Messages, and Location Data Exposed Online
“This story is part of When Spies Come Home, a Motherboard series about powerful surveillance software ordinary people use to spy on their loved ones. A company that markets cell phone spyware to parents and employers left the data of thousands of its customers—and the information of the people they were monitoring—unprotected online. The data exposed included selfies, text messages, audio recordings, contacts, location, hashed passwords and logins, Facebook messages, among others, according to a security researcher who asked to remain anonymous for fear of legal repercussions. Last week, the researcher found the data on an Amazon S3 bucket owned by Spyfone, one of many companies that sell software that is designed to intercept text messages, calls, emails, and track locations of a monitored device. Motherboard was able to verify that the researcher had access to Spyfone’s monitored devices’ data by creating a trial account, installing the spyware on a phone, and taking some pictures. Hours later, the researcher sent back one of those pictures…”
A modest breach they detected and stopped.
https://www.cnet.com/news/t-mobile-hack-may-have-exposed-2-million-customers-data/
T-Mobile hack may have exposed data of 2 million customers
T-Mobile has revealed that hackers may have stolen personal information on some of its customers.
The intrusion took place on Monday, and some customer data "may have been exposed" before the carrier's cybersecurity team shut off access and reported the breach to law enforcement, it said in a statement.
That information included customer names, billing zip codes, phone numbers, email addresses, account numbers and account types (prepaid or postpaid). Credit card numbers, social security numbers and passwords weren't accessed, the company noted.
Around 3 percent of T-Mobile's 77 million customers – more than 2 million people – may have been affected, a company spokesperson told Motherboard. Those people are being notified via text message.
We talked about “undo reliance” last week.
https://www.bespacific.com/how-encrypted-communications-apps-failed-to-protect-michael-cohen/
How encrypted communications apps failed to protect Michael Cohen
FastCompany: “Within the detailed federal allegations against former Trump lawyer Michael Cohen, who pleaded guilty yesterday to eight charges including campaign finance violations, are multiple references to texts sent by Cohen and even a call made “through an encrypted telephone application.” Cohen was apparently a fan of encrypted communications apps like WhatsApp and Signal, but those tools failed to keep his messages and calls out of sight from investigators. In June, prosecutors said in a court filing the FBI had obtained 731 pages of messages and call logs from those apps from Cohen’s phones. Investigators also managed to reconstruct at least 16 pages of physically shredded documents.
Prosecutors at Cohen hearing yesterday, according to transcript:
Evidence to support campaign finance charges includes “audio recordings made by Mr. Cohen,” “messages sent over encrypted applications” and Trump Organization records. pic.twitter.com/0Ciae3ra5d— Steve Reilly (@BySteveReilly) August 22, 2018Those logs, judging by the charging document, appear to have helped document at least Cohen’s communications with officials at the National Enquirer about allegations from porn actress Stormy Daniels—whom Cohen allegedly paid on behalf of Trump, violating campaign finance law. It’s unclear if the FBI actually broke through any layers of encryption to get the data. It’s possible that Cohen, who apparently at times taped conversations, stored the conversation logs in a less-than-secure way. Former Trump campaign chairman Paul Manafort, himself found guilty of eight counts of federal offenses yesterday, also saw his encrypted WhatsApp and Telegram communications brought up in court over alleged witness tampering. Those messages appeared to have been found through Manafort’s Apple iCloud account. The bottom line: People sending messages through encrypted apps should probably not hang on to copies of their messages and call logs any longer than they have to if they really want to keep those messages secret…”
A Privacy article for my Computer Security students.
https://www.theatlantic.com/technology/archive/2018/08/the-age-of-privacy-nihilism-is-here/568198/?utm_source=feed
Welcome to the Age of Privacy Nihilism
Google and Facebook are easy
scapegoats, but companies have been collecting, selling, and reusing
your personal data for decades, and now that the public has finally
noticed, it’s too late. The personal-data privacy war is long over,
and you lost.
Why so secret? Why no regular meetings?
https://www.buzzfeednews.com/article/kevincollier/tech-companies-are-gathering-for-a-secret-meeting-to
Tech Companies Are Gathering For A Secret Meeting To Prepare A 2018 Election Strategy
Representatives from a host of the biggest US tech companies, including Facebook and Twitter, have scheduled a private meeting for Friday to share their tactics in preparation for the 2018 midterm elections.
Last week, Facebook’s head of cybersecurity policy, Nathaniel Gleicher, invited employees from a dozen companies, including Google, Microsoft, and Snapchat, to gather at Twitter’s headquarters in downtown San Francisco, according to an email obtained by BuzzFeed News.
… The meeting, the Facebook official wrote, will have a three-part agenda: each company will present the work they’ve been doing to counter information operations; there will be a discussion period for problems each company faces; and a talk about whether such a meeting should become a regular occurrence.
In May, nine of those companies met at Facebook to discuss similar problems, alongside two US government representatives, Department of Homeland Security Under Secretary Chris Krebs and Mike Burham from the FBI’s Foreign Influence Task Force, created in November. Attendees left the meeting discouraged that they received little information from the government.
How to follow the interesting ones…
https://www.bespacific.com/announcing-pacer-docket-alerts-for-journalists-lawyers-researchers-and-the-public/
Announcing PACER Docket Alerts for Journalists, Lawyers, Researchers, and the Public
Free Law Project: “Today we are thrilled to announce the general availability of PACER Docket Alerts on CourtListener.com. Once enabled, a docket alert will send you an email whenever there is a new filing in a case in PACER. We started CourtListener in 2010 as a circuit court monitoring tool, and we could not be more excited to continue expanding on those roots with this powerful new tool.
The best way to get started with Docket Alerts is to just make one. Try loading a popular case like U.S. v. Manafort or The District of Columbia v. Trump. Once the case is open, just press the “Get Alerts” button near the top. Then, just wait for your first alert.
We believe PACER Docket Alerts will be a valuable resource to journalists, researchers, lawyers, and the public as they grapple with staying up to date with the latest PACER filings. Our goal with docket alerts is to make them as simple as possible to use. Once you have found a case you are interested in, a single click is all it takes to turn on an alert for that docket. From then on, we will send you an email as soon as we detect a new filing in that case. For more details on how to use docket alerts, please see our help page…
A forensic tool?
https://thenextweb.com/insider/2018/08/21/surfsafe-offers-a-browser-based-solution-to-fake-news/
SurfSafe offers a browser-based solution to fake news
… Faked images aren’t the only hurdle in stopping the spread of misinformation, but they have, in recent years, become a key vehicle in facilitating the spread of misinformation. For anyone looking for a technological fix, stopping the spread of false imagery is obviously a great place to start. While we focus on the YouTube‘s and Facebook‘s of the world, each of which are floundering in their fight against the spread of fake news, maybe it’s third parties we should be looking to for an answer.
Ash Bhat and Rohan Phadte, two UC Berkeley undergrads, think they have that answer, at least for spotting fake images. The duo recently developed a plugin, SurfSafe, that instantly checks photos against more than 100 trusted news sites and fact-checking organizations. The goal, of course, is to spot the fakes before internet users share them.
… The more people who use the plugin, the smarter it will get. Bhat says the average internet user often sees hundreds of thousands of images a day. The plugin saves the signature of all of these images, looking for subtle variations to the fingerprint, or hash, that accompany even minor edits.
If it’s able to attract a few hundred thousand users in its first year, its creators expect the database to contain more than 100 billion fingerprints.
It’s not a perfect solution, Bhat acknowledges this much, but it’s a good start.
SurfSafe launches today. Chrome users can get it here.
For my Math students.
How to Solve Complex Math Equations With Bing
… The Microsoft Bing Search app has a Math Mode which uses Bing’s Camera Intelligent search on iOS. It not only gives you the answer but also shows the method. This intelligent search meshes Microsoft’s AI with Visual Search technology to analyze the photo of the math problem and arrive at the answer. You can either snap a photo or use one in your phone’s media library.
-
Launch the Bing app for iOS on your iPhone or iPad.
-
Tap the camera icon and on the screen again select the setting for Math (between Auto and Barcode).
-
Focus the camera on the math equation that may be on paper or on the whiteboard. The app can scan printed, typed, or handwritten equations.
-
Bing detects the equation and calculates the answer. Swipe
down past the solution, and the app will display how it arrived at
the answer step by step. Sometimes, the answer will be supported by
a calculator or 2D graph.
Perspective. Everyone is jumping into the electric car market. Will this have enough range to be a weekend rover on only good for trips to the supermarket?
Jaguar confirms production of all-electric version of the E-type with I-Pace technology
Jaguar announced today that it is bringing to production an EV conversion project based on the E-type Zero concept unveiled last year.
The British automaker plans to sell the all-electric E-type and offer EV conversions to existing owners.
No comments:
Post a Comment