Jump to content


So long Internet... it was nice knowing you


597 replies to this topic

#581 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 32137 posts
  • LocationPennsylvania

Posted 29 January 2020 - 02:14 PM

More coverage on Amazon's distribution of Ring data.

Quote

"The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user's device," the EFF said.

"This cohesive whole represents a fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what a users is doing in their digital lives and when they re doing it."

The five companies identified as receiving information were:
  • Facebook, via its Graph API - each user's time zone, device model and screen resolution and a unique identifier
  • Branch, which describes itself as a deep-linking platform - a number of unique identifiers, as well as each user's IP address, device model and screen resolution
  • AppsFlyer, a big data company - a range of information, including sensor data related to the magnetometer, gyroscope and accelerometer on users' phones
  • MixPanel - the most information, including users' full names, email addresses, device information and app settings
  • Google-owned Crashalytics - an amount of customer data "yet to be determined"

Out of these, only MixPanel is mentioned in Ring's privacy notice, along with Google Analytics, HotJar and Optimizely.


Interesting take from an Amazon engineer.

Quote

Writing on Medium this weekend, Max Eliaser, one of Amazon's software development engineers, called for Ring to "be shut down immediately and not brought back".

"The deployment of connected home security cameras that allows footage to be queried centrally are simply not compatible with a free society," he wrote in an article seeking the views of Amazon employees on a range of issues.

" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

""The GOP ... where every accusation is also a confession." --Progressive Whisperer

#582 AnBr

    Advanced Member

  • Members
  • PipPipPip
  • 14128 posts

Posted 29 January 2020 - 07:24 PM

 LFC, on 29 January 2020 - 11:53 AM, said:

When you use something for free like Google you have to expect that

You could use DuckDuckGo instead.
“Trump’s a stupid man’s idea of a smart person, a poor man’s idea of a rich person & a weak man’s idea of a strong man.”

— Fran Lebowitz


“One of the saddest lessons of history is this: If we've been bamboozled long enough, we tend to reject any evidence of the bamboozle. We’re no longer interested in finding out the truth. The bamboozle has captured us. It's simply too painful to acknowledge, even to ourselves, that we’ve been taken. Once you give a charlatan power over you, you almost never get it back.”

— Carl Sagan


Pray for Trump: Psalm 109:8

"Science is more than a body of knowledge; it is a way of thinking. I have a foreboding of an America in my children's or grandchildren's time - when the United States is a service and information economy; when nearly all the key manufacturing industries have slipped away to other countries; when awesome technological powers arc in the hands of a very few, and no one representing the public interest can even grasp the issues; when the people have lost the ability to set their own agendas or knowledgeably question those in authority; when, clutching our crystals and nervously consulting our horoscopes, our critical faculties in decline, unable to distinguish between what feels good and what's true, we slide, almost without noticing, back into superstition and darkness.

— Carl Sagan
The Demon-Haunted World: Science as a Candle in the Dark
1995


“As democracy is perfected, the office of president represents, more and more closely, the inner soul of the people. On some great and glorious day the plain folks of the land will reach their heart's desire at last and the White House will be adorned by a downright moron.”

— H.L. Mencken
On Politics: A Carnival of Buncombe


“The test of our progress is not whether we add more to the abundance of those who have much; it is whether we provide enough for those who have too little.”

— Franklin Delano Roosevelt
Second inaugural address January, 1937

#583 D. C. Sessions

    I don't have to pretend to be an adult any more

  • Members
  • PipPipPip
  • 10507 posts
  • LocationCentral New Mexico

Posted 29 January 2020 - 09:14 PM

DuckDuckGo is all well and good, but search is hardly the only service Google provides gratis.

Aside: a fellow grad student from Argentina was surprised today that in a meeting I distinguished software gratis from software libre. She complimented me on my (nearly nonexistent) Spanish!
The way a lot of catastrophes happen is that X doesn't occur because there are safeguards in place, therefore people assume X isn't a worry and they remove the safeguards. Then X happens.
— Nate Silver
"Robots aren't the problem. Capitalism is." -- Last words of Stephen Hawking.
These days, "libertarian" is just a euphemism for a Nazi who's afraid to commit.
"If you're not outraged, you're not paying attention." -- Heather Heyer
"I'd rather have my child, but by golly, if I gotta give her up, we're gonna make it count." -- Her mother
"Your purpose, then, plainly stated, is that you will destroy the Government, unless you be allowed to construe and enforce the Constitution as you please, on all points in dispute between you and us. You will rule or ruin in all events." -- some RINO

#584 AnBr

    Advanced Member

  • Members
  • PipPipPip
  • 14128 posts

Posted 30 January 2020 - 06:01 AM

View PostD. C. Sessions, on 29 January 2020 - 09:14 PM, said:

DuckDuckGo is all well and good, but search is hardly the only service Google provides gratis.

No, but there are alternatives for all of the other apps/services. That aside, people have wondered why I do not use my Droid for for things like banking or install all of those apps they like. I especially refuse to install the Facebook app.
“Trump’s a stupid man’s idea of a smart person, a poor man’s idea of a rich person & a weak man’s idea of a strong man.”

— Fran Lebowitz


“One of the saddest lessons of history is this: If we've been bamboozled long enough, we tend to reject any evidence of the bamboozle. We’re no longer interested in finding out the truth. The bamboozle has captured us. It's simply too painful to acknowledge, even to ourselves, that we’ve been taken. Once you give a charlatan power over you, you almost never get it back.”

— Carl Sagan


Pray for Trump: Psalm 109:8

"Science is more than a body of knowledge; it is a way of thinking. I have a foreboding of an America in my children's or grandchildren's time - when the United States is a service and information economy; when nearly all the key manufacturing industries have slipped away to other countries; when awesome technological powers arc in the hands of a very few, and no one representing the public interest can even grasp the issues; when the people have lost the ability to set their own agendas or knowledgeably question those in authority; when, clutching our crystals and nervously consulting our horoscopes, our critical faculties in decline, unable to distinguish between what feels good and what's true, we slide, almost without noticing, back into superstition and darkness.

— Carl Sagan
The Demon-Haunted World: Science as a Candle in the Dark
1995


“As democracy is perfected, the office of president represents, more and more closely, the inner soul of the people. On some great and glorious day the plain folks of the land will reach their heart's desire at last and the White House will be adorned by a downright moron.”

— H.L. Mencken
On Politics: A Carnival of Buncombe


“The test of our progress is not whether we add more to the abundance of those who have much; it is whether we provide enough for those who have too little.”

— Franklin Delano Roosevelt
Second inaugural address January, 1937

#585 D. C. Sessions

    I don't have to pretend to be an adult any more

  • Members
  • PipPipPip
  • 10507 posts
  • LocationCentral New Mexico

Posted 30 January 2020 - 07:25 AM

View PostAnBr, on 30 January 2020 - 06:01 AM, said:

No, but there are alternatives for all of the other apps/services. That aside, people have wondered why I do not use my Droid for for things like banking or install all of those apps they like. I especially refuse to install the Facebook app.

Pretty much the same here. If it's on my mobile devices, I assume it's open to the world.
The way a lot of catastrophes happen is that X doesn't occur because there are safeguards in place, therefore people assume X isn't a worry and they remove the safeguards. Then X happens.
— Nate Silver
"Robots aren't the problem. Capitalism is." -- Last words of Stephen Hawking.
These days, "libertarian" is just a euphemism for a Nazi who's afraid to commit.
"If you're not outraged, you're not paying attention." -- Heather Heyer
"I'd rather have my child, but by golly, if I gotta give her up, we're gonna make it count." -- Her mother
"Your purpose, then, plainly stated, is that you will destroy the Government, unless you be allowed to construe and enforce the Constitution as you please, on all points in dispute between you and us. You will rule or ruin in all events." -- some RINO

#586 Bact PhD

    Frustrated, Thoughtful Independent

  • Members
  • PipPipPip
  • 1986 posts
  • LocationFlorida

Posted 30 January 2020 - 09:14 AM

View PostAnBr, on 30 January 2020 - 06:01 AM, said:



No, but there are alternatives for all of the other apps/services. That aside, people have wondered why I do not use my Droid for for things like banking or install all of those apps they like. I especially refuse to install the Facebook app.

Although I use FB, I’m steadfastly “Oh, HELL no!” when it comes to the app. I’m also especially leery of installing apps for banking, investing, & other financial stuff, despite the entreaties from my various financial institutions to install them.
Politics these days is show business. Elections are Dancing with the Stars with consequences. ~Rue Bella

(About fame) Living for likes, shares and follows is a form of validation. The question is whether it is also the source of our self esteem. If it is, we’re screwed. And, culturally, it seems as if it’s become more and more our shared value. ... Meringue is no longer a sweet and pretty topping but the body itself. ~Charles Perez

"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be." --Thomas Jefferson to Charles Yancey, 1816. ME 14:384, via LFC, 12/1/2016

Competent people go in one of a few directions. But incompetence is infinite. ~David Brooks, NY Times

#587 D. C. Sessions

    I don't have to pretend to be an adult any more

  • Members
  • PipPipPip
  • 10507 posts
  • LocationCentral New Mexico

Posted 30 January 2020 - 09:34 AM

View PostBact PhD, on 30 January 2020 - 09:14 AM, said:

I’m also especially leery of installing apps for banking, investing, & other financial stuff, despite the entreaties from my various financial institutions to install them.

Ask if they'll indemnify you if the app is cracked.
The way a lot of catastrophes happen is that X doesn't occur because there are safeguards in place, therefore people assume X isn't a worry and they remove the safeguards. Then X happens.
— Nate Silver
"Robots aren't the problem. Capitalism is." -- Last words of Stephen Hawking.
These days, "libertarian" is just a euphemism for a Nazi who's afraid to commit.
"If you're not outraged, you're not paying attention." -- Heather Heyer
"I'd rather have my child, but by golly, if I gotta give her up, we're gonna make it count." -- Her mother
"Your purpose, then, plainly stated, is that you will destroy the Government, unless you be allowed to construe and enforce the Constitution as you please, on all points in dispute between you and us. You will rule or ruin in all events." -- some RINO

#588 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 32137 posts
  • LocationPennsylvania

Posted 31 January 2020 - 10:14 AM

Not really the internet but here's a great example of how a strong regulatory environment can work better for people than the "free market." Apple whined, playing the bullshit "innovation" card. Yeah, innovating ways to continue to pick our pockets while providing no value. If they hadn't hosed people for so many years then maybe two standards would have been acceptable but manufacturers changed them continually to force you to buy new chargers and cables, both of which I'm sure are VERY high markup items.

Quote

Despite criticism from Apple, EU lawmakers on Thursday voted overwhelmingly in favor for new rules to establish a common charger for all mobile device makers across Europe (via Reuters).

Quote

Members of the European Parliament voted by 582-40 for a resolution urging the European Commission, which drafts EU laws, to ensure that EU consumers are no longer obliged to buy new chargers with each new device.

The resolution said voluntary agreements in the industry had significantly reduced the number of charger types, but had not resulted in one common standard.
The Commission should adopt new rules by July, the lawmakers' resolution said, calling for "an urgent need for EU regulatory action to reduce electronic waste, empower consumers to make sustainable choices, and allow them to fully participate in an efficient and well-functioning internal market."

The proposed charging ports for portable devices include Micro-USB, USB-C, and the Lightning connector. Thursday's resolution didn't specify what the mobile charging standard should be, but non-Apple mobile devices and increasingly laptops and tablets are charged by USB-C, so the EU is highly unlikely to choose Apple's Lightning connector.

Apple last week pushed back against proposals for binding measures to make smartphones, tablets, and other portable devices use a standardized charging port such as USB-C.

In a statement, Apple said that the industry was already moving to USB-C and that regulation to force conformity would stifle innovation, harming European consumers. Apple also claimed that such a move would "create an unprecedented volume of electronic waste and greatly inconvenience users."

The European Commission, which acts as the executive for the EU, has been pushing for a common charger for more than a decade. However, the latest resolution makes legislation more likely, with the EU executive having included the common charger standard as one of the set of actions it plans for this year.

" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

""The GOP ... where every accusation is also a confession." --Progressive Whisperer

#589 Bact PhD

    Frustrated, Thoughtful Independent

  • Members
  • PipPipPip
  • 1986 posts
  • LocationFlorida

Posted 31 January 2020 - 10:19 AM

LOL!

On the basis of that AppleLogic, we would not have had one set of standards for electrical outlets. Could you see having to have specific outlets, one for this table lamp, one for that radio, yet another for the microwave?
Politics these days is show business. Elections are Dancing with the Stars with consequences. ~Rue Bella

(About fame) Living for likes, shares and follows is a form of validation. The question is whether it is also the source of our self esteem. If it is, we’re screwed. And, culturally, it seems as if it’s become more and more our shared value. ... Meringue is no longer a sweet and pretty topping but the body itself. ~Charles Perez

"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be." --Thomas Jefferson to Charles Yancey, 1816. ME 14:384, via LFC, 12/1/2016

Competent people go in one of a few directions. But incompetence is infinite. ~David Brooks, NY Times

#590 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 32137 posts
  • LocationPennsylvania

Posted 31 January 2020 - 10:49 AM

View PostBact PhD, on 31 January 2020 - 10:19 AM, said:

LOL!

On the basis of that AppleLogic, we would not have had one set of standards for electrical outlets. Could you see having to have specific outlets, one for this table lamp, one for that radio, yet another for the microwave?

Save money with do it yourself converters!

Posted Image
" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

""The GOP ... where every accusation is also a confession." --Progressive Whisperer

#591 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 32137 posts
  • LocationPennsylvania

Posted 04 February 2020 - 10:13 AM

I'm putting this here because it illustrates just how unreliable these large tech companies can be. Microsoft Teams went down yesterday because of an expired certificate. This is not a high tech problem but a failure in basic resource management. My company of roughly 1,000 people had their primary IM / meeting and secondary scheduling app go down simply because nobody had "renew certificate" on a to do list.

Quote

This morning, Microsoft Teams went down for a few hours, and it seems that a pretty rookie mistake is to blame. Microsoft apparently forgot to renew the SSL certificate, which allows a secure connection between a web browser and a web server. As a result, the app told users that it failed to establish an HTTPS connection to Microsoft's servers.

It's odd that Microsoft would forget to renew a critical authentication certificate, and it was rude timing, as so many were attempting to log in and start their week.

Almost three years old, Microsoft Teams is the company's Slack competitor. Last year, it added new features like private channels and custom video chat backgrounds, and it recently launched its first TV ad campaign. Needless to say, today's outage probably doesn't help in Microsoft's efforts to take on Slack.

" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

""The GOP ... where every accusation is also a confession." --Progressive Whisperer

#592 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 32137 posts
  • LocationPennsylvania

Posted 04 February 2020 - 11:59 AM

To paraphrase the subject line, "So long Blackberry... it was nice knowing you."

Quote

BlackBerry is quitting the phone business—again. You might recall BlackBerry quit manufacturing smartphones back in 2016, but it licensed its brand name to the Chinese smartphone corporation TCL. TCL started pumping out BlackBerry-branded devices—some of which were QWERTY equipped and some of which were shameless rebadgings of existing TCL phones. TCL's Zombie BlackBerry plan apparently wasn't working too well, though, since now that's dead, too.

Today, BlackBerry Mobile posted what amounts to an amicable breakup note on Twitter, saying that TCL's license to the BlackBerry brand would expire August 31, 2020, at which point the two companies would go their separate ways. Once the agreement expires, TCL will have "no further rights to design, manufacture, or sell any new BlackBerry mobile devices," though the company would still be on the hook for supporting existing devices until August 31, 2022. With no other manufacturers lined up, it sounds like BlackBerry-branded phones will be dead for good.

" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

""The GOP ... where every accusation is also a confession." --Progressive Whisperer

#593 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 32137 posts
  • LocationPennsylvania

Posted 05 February 2020 - 09:48 AM

The outward flow of private information continues.

Quote

Google on Tuesday confirmed that some people recently received private videos from strangers that were uploaded to Google Photos.

Here’s what happened: Lots of people use Google Photos to back up videos and photos stored on their phones. Google offers an option for people to download a copy of their private data, called Google Takeout. But, when people used Google Takeout to download their own content, they were accidentally given, in some cases, videos uploaded by people they don’t know.

Alphabet-owned Google is now telling some users that their videos may have been downloaded by strangers.

" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

""The GOP ... where every accusation is also a confession." --Progressive Whisperer

#594 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 32137 posts
  • LocationPennsylvania

Posted 06 February 2020 - 05:01 PM

Amazon is trying to beat back the negative publicity of their loose privacy for Ring customers.

Quote

Amazon's Ring line of cloud-connected home surveillance equipment has for several months faced steep criticism not only for its nearly 900 "partnerships" with law enforcement agencies but also for lax account protections that put users' privacy at risk. Now, the company is hoping to assuage concerns from civil rights advocates, privacy advocates, lawmakers, and some users with a slate of updates.

Ring a few days ago began pushing an update to all users that creates a new "control center" in the Ring app. The control center adds several account and camera privacy settings to Ring and brings them all together into one area.
Further Reading
Wave of Ring surveillance camera hacks tied to podcast, report finds

Among the new settings is an option to check for or enable two-factor authentication on one's Ring account. Ring did not previously require users to set up two-factor authentication on setup or prompt them to do so later. The lack of heavy two-factor usage was implicated in a wave of Ring camera hacks that began late last year.

Ring now asks new users setting up an account to enable two-factor authentication by default, requiring an opt-out instead of asking users to go digging through menus to opt in. The control center also lets Ring users see a list of all devices connected to their Ring account and disconnect any of them at any time—another feature that could have ameliorated the attack spree on users' accounts, in which devices were remotely taken over.

The company is also now giving users the ability to fully opt out of receiving any requests from police for camera footage as a blanket setting rather than having to refuse police requests for data on a case-by-case basis. "While you have always had the ability to opt out of these requests after you received your first one, Control Center now ensures that you don’t have to wait for that first request—you can easily opt out from the star," the company wrote in its announcement.

These police partnerships are the backbone of Ring's current success. Several media outlets last summer published reports estimating there to be 200-300 such agreements before Ring in late August admitted there were 405 such deals and agreed to publish a list of participating agencies regularly. As of February 4, Ring's map of partnerships lists 897 police and sheriff departments.

" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

""The GOP ... where every accusation is also a confession." --Progressive Whisperer

#595 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 32137 posts
  • LocationPennsylvania

Posted 06 February 2020 - 05:06 PM

Android had two more serious app issues that made it to Google Play. There are plenty of complaints about Apple's iron fist on what software can and can't get into their app store but unfortunately that's a hard requirement nowadays. Hell, it's been a hard requirement since the 80s.

Quote

Researchers on Thursday documented two new malware campaigns targeting Android users.

The first involved nine apps that had been downloaded from Google Play more than 470,000 times. With names such as Speed Clean and Super Clean, the apps masqueraded as utilities for optimizing device performance. Behind the scenes, they connected to servers that could download as many as 3,000 different malware variants on compromised devices. Once installed, the apps could log in to users’ Facebook and Google accounts to perform ad fraud. A second, unrelated campaign used cleverly crafted phishing emails to trick users into installing one of the nastiest pieces of malware targeting the Android OS (more about that later).


Quote

The second campaign disclosed on Thursday uses a clever phishing campaign to infect Android devices with Anubis, which is arguably one of the nastiest and most resourceful pieces of malware written for the mobile OS. Anubis is a piece of Android malware that’s known for its ingenuity. In mid-2018, researchers with IBM’s X-Force group documented a variety of Google Play apps that surreptitiously installed the bank and financial fraud malware. Not long after that, researchers found an updated version of Anubis that used the motion sensors of devices to detect when it was installed on researchers’ emulators rather than on a real piece of hardware.

The campaign disclosed on Thursday uses emails that present targets with an attachment that’s ostensibly a billing invoice. In fact, it’s an APK file, which is the format typically used to install Android apps. Devices that are allowed to install apps from sources other than Google Play will display a fake Google Protect message that asks for the two innocuous privileges.

When users click OK, the app disables Play Protect and gains 19 permissions, many of them highly sensitive. Researchers from Cofense—the security firm that documented the campaign—suspect the ruse is the result of the fake message overlaying and blocking the authentic Android dialog.

Anubis then checks infected devices to see if 263 different banking and shopping apps are installed. Once a user opens any of those apps, the malware uses an overlay screen to phish the account password for the app.

" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

""The GOP ... where every accusation is also a confession." --Progressive Whisperer

#596 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 32137 posts
  • LocationPennsylvania

Posted 08 February 2020 - 03:44 PM

Another day, another exploit.

Quote

Attackers behind one of the world’s more destructive pieces of ransomware have found a new way to defeat defenses that might otherwise prevent the attack from encrypting data: installing a buggy driver first and then hacking it to burrow deeper into the targeted computer.

The ransomware in this case is RobbinHood, known for taking down the city of Baltimore networks and systems in Greenville, North Carolina. When networks aren’t protected by robust end-point defenses, RobbinHood can easily encrypt sensitive files once a vulnerability has allowed the malware to gain a toehold. For networks that are better fortified, the ransomware has a harder time.

Now, RobbinHood has found a way to defeat those defenses. In two recent attacks, researchers from security firm Sophos said, the ransomware has used its access to a targeted machine to install a driver, from Taiwan-based motherboard manufacturer Gigabyte, that has a known vulnerability in it. Despite the vulnerability that led to the driver being deprecated, it retains the cryptographic signature required for it to run in the highly sensitive Windows region known as the Kernel.

With the benign but buggy GDRV.SYS driver from Gigabyte installed, RobbinHood exploited the vulnerability to gain the ability to read and write to virtually any memory region the attackers chose. The RobbinHood exploit changed a single byte to disable the Windows requirement that drivers be signed. With that, RobbinHood installed its own unsigned driver that used its highly privileged kernel access to kill processes and files belonging to endpoint security products. The advanced status of the driver gave it greater ability than other techniques to ensure the targeted processes are permanently stopped.


Quote

The vulnerability in the Gigabyte driver is tracked as CVE-2018-19320. After initially saying the driver was unaffected by the flaw, Gigabyte officials eventually acknowledged the flaw and discontinued the use of the driver. Despite the demise of the driver, it has remained signed and trusted by all supported versions of Windows.

Microsoft officials declined to speak on the record about their policy for revoking trust in software that’s deprecated for security reasons. On background, an employee with Microsoft’s outside PR firm said that generally, the company has certificates revoked only when the certificate itself has been compromised, which there’s no evidence happened in this case.

Revocations can result in serious collateral damage when other, non-vulnerable software is signed using the same certificate, the employee wrote in an email. The background statement also noted that to exploit the Gigabyte driver, an attacker would first have to compromise the targeted system.

" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

""The GOP ... where every accusation is also a confession." --Progressive Whisperer

#597 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 32137 posts
  • LocationPennsylvania

Posted 08 February 2020 - 03:49 PM

Big brother is now for sale to police departments everywhere. That last paragraph I quoted is pretty f***ing scary. And the more you read the sketchier the company sounds.

Quote

A secretive startup that promotes a massive international universal facial recognition database seeded from more than three billion images is facing pushback from tech firms as it tries to woo more law enforcement agencies.

The company, called Clearview AI, went from near-complete obscurity to national headlines following a report published by the New York Times in January. The Times described Clearview as a "groundbreaking" facial recognition service. A user imports a photo of a person, and then the app shows "public photos of that person, along with links to where those photos appeared," the NYT explains.

Clearview claims to have agreements with 600 law enforcement agencies for use of its services, and the company says it has a set of three billion public photos to match new images against. Those photos come from a wide array of sources, and the sources are ticked off.

Twitter was the first major tech firm to tell Clearview to quit it. A few days after the NYT first reported on the company, Twitter sent a letter to Clearview saying that its actions were in violation of Twitter policy. The letter included demands that Clearview stop scraping images or other data from the platform "for any reason" and delete data it had already collected.

Where Twitter went, others rapidly followed. In the days since, Google told Clearview to stop scraping YouTube, Facebook told it to stop gathering data from Facebook or Instagram, and Microsoft told it to stop scraping LinkedIn. Peer-to-peer payment service Venmo also told Clearview to stop.

When the New York Times first published its profile on Clearview, company founder and CEO Hoan Ton-That was evasive. Reporter Kashmir Hill wrote:

When I began looking into the company in November, its website was a bare page showing a nonexistent Manhattan address as its place of business. The company’s one employee listed on LinkedIn, a sales manager named “John Good,” turned out to be Mr. Ton-That, using a fake name. For a month, people affiliated with the company would not return my emails or phone calls.

Clearview, however, was clearly paying attention. When Hill asked several police officers to run a photo of her through the app, the company began contacting those law enforcement agencies asking if they had been talking to the media—apparently Clearview does, indeed, know a reporter when it sees one.

" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

""The GOP ... where every accusation is also a confession." --Progressive Whisperer

#598 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 32137 posts
  • LocationPennsylvania

Posted 11 February 2020 - 01:29 PM

California continues to lead the nation in actually caring about its residents. They now have the best data privacy law in the nation. It still has plenty of issues but it certainly sounds like a big step forward.

Quote

America’s first broad data privacy law, the California Consumer Privacy Act, went into effect Jan. 1. These days, a wild range of companies gather and sell your data, from Ford and Chipotle to Uber and Walmart. Now the CCPA gives you the power to say cut it out.

And while the law technically covers only California residents, Americans living anywhere can use the CCPA to reset their relationships with more than a dozen major businesses (and counting).

Just know that some companies are going to make you jump through hoops. To help, I’m breaking the CCPA down into bites — and collecting below a growing list of links you can use to take action.

I’ve been learning how to use the law by filing requests to more than 100 companies. To be covered by the CCPA, companies have to make more than $25 million per year or collect data on more than 50,000 people. They’re not incentivized to make it easy: Amazon hid critical links in legal gobbledygook. Marketing data company LiveRamp asked me to submit a selfie holding my own ID, kidnap-victim style. Walmart asked for my astrological sign to confirm my identity. (Really.) And one business left me a voice mail, but the message included no return number … or even the name of the company. (Please call back!)

Yet I’ve also been pleasantly surprised: Some of the biggest businesses, including Netflix, Microsoft, Starbucks and UPS, are extending CCPA rights to all Americans rather than just Californians. That makes some sense: It’s additional work for companies to try to confirm where people live. And frankly, it’s not a good look for them to claim they care about customer privacy and then discriminate against Americans who don’t live in California. Many of these companies tell me they’ll participate when Congress passes a federal data privacy law, which they know isn’t likely anytime soon.

Privacy advocates have mixed feelings about the CCPA. It’s true that it creates too much work for many people — and everyone deserves privacy, even if they’re not willing to jump through hoops.

But I’m in the camp that thinks the CCPA is an important step forward. I spent the past year following the secret life of the data on my phone, car and credit cards, often confronting a stone wall from companies. Now we all have the legal authority to demand answers about what’s happening with our data. For example, the CCPA has already revealed that Amazon keeps a record of everything you do on a Kindle, from when you start and stop reading to when you highlight a word. (Amazon CEO Jeff Bezos owns The Washington Post, but I review all tech with the same critical eye.)

The CCPA is far from a perfect privacy law, but it’s the one America has in 2020. I want to hear what you discover using it. I’m hopeful it will fuel an overdue public conversation about what kind of surveillance is okay — and what crosses the line.


I can see why Republicans have such a deep, searing hatred for the state. They keep implementing Democratic policies for the benefit of their residents and yet they stubbornly refuse to completely collapse their economy like Ayn Rand told them they're going to. Huh.
" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

""The GOP ... where every accusation is also a confession." --Progressive Whisperer





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users