Avast, the multibillion-dollar Czech security company, doesn’t just make money from protecting its 400 million users’ information. It also profits in part because of sales of users’ Web browsing habits and has been doing so since at least 2013.

That’s led to some labelling its tools “spyware,” the very thing Avast is supposed to be protecting users from. Both Mozilla and Opera were concerned enough to remove some Avast tools from their add-on stores earlier this month, though the anti-virus provider says it’s working with Mozilla to get its products back online.

But recently appointed chief executive Ondrej Vlcek tells Forbes there’s no privacy scandal here. All that user information that it sells cannot be traced back to individual users, he asserts.

Source: Forbes

I love the last sentence of this quote. That’s like the surveillance cameras don’t monitor you. They are just monitoring the streets.

Real-time data and analytics and machine learning and AI creates unpreparedness by corporations and Big Tech companies.

Source: cyberscoop

That’s what the bot said, and he seems smarter than the people who use him.

Players trying to launch Tron: Evolution are now met with a message telling them that the ‘serial key has expired’. This applies to the retail version as well as the Steam version which is delisted from the store. Players who previously bought the game from Steam cannot play the game.

Source: PCGamingWiki

I guess, pirates don’t face this issue.

Now guess what! On German keyboards the layout of the third and the forth row start with “asdf…” and “yxcv…”. The first row starts with “1234…”. The dash is just to reach “high” security validation. Even without the dash the password would be a valid one.

Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.
In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.

Source

Here’s the respective paper: source, local copy

2019-09-25 @ 08:06: RGB Fusion Bugs | Security | WTF

I got frustrated at Gigabyte’s RGB control stuff (I just REALLY want to turn my GPU LEDs off!) so I caved in and started reverse engineering RGB Fusion and OH GOD WHY DID I DO THAT IT IS SO HORRIBLY CURSED

Source: Graham Sutherland [Polynomial^DSS]‏

So, basically, the RGB Fusion software flashes a new firmware when you set a new LED pattern. What an unbelievable mess! What do these software developers do for their living? Ah, yes, the develop software. I see.

Why has the user land software have to take care of this? Instead the firmware should just receive a call from the software and do the necessary steps. No need to flash a firmware for that if you do it correctly.

Still, reading this causes physical pain.

The U.S. government concluded within the last two years that Israel was most likely behind the placement of cell-phone surveillance devices that were found near the White House and other sensitive locations around Washington, D.C., according to three former senior U.S. officials with knowledge of the matter.

But unlike most other occasions when flagrant incidents of foreign spying have been discovered on American soil, the Trump administration did not rebuke the Israeli government, and there were no consequences for Israel’s behavior, one of the former officials said.

The miniature surveillance devices, colloquially known as “StingRays,” mimic regular cell towers to fool cell phones into giving them their locations and identity information. Formally called international mobile subscriber identity-catchers or IMSI-catchers, they also can capture the contents of calls and data use.

The devices were likely intended to spy on President Donald Trump, one of the former officials said, as well as his top aides and closest associates — though it’s not clear whether the Israeli efforts were successful.

Source: Politico

We worry about face recognition just as we worried about databases – we worry what happens if they contain bad data and we worry what bad people might do with them.

It’s easy to point at China, but there are large grey areas where we don’t yet have a clear consensus of what ‘bad’ would actually mean, and how far we worry because this is different rather than just because it’s just new and unfamiliar.

Like much of machine learning, face recognition is quickly becoming a commodity tech that many people can and will use to build all sorts of things. ‘AI Ethics’ boards can go a certain way but can’t be a complete solution, and regulation (which will take many forms) will go further. But Chinese companies have their own ethics boards and are already exporting their products.

Source: Ben Evans

For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran’s nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant?

The first-of-its-kind virus, designed to sabotage Iran’s nuclear program, effectively launched the era of digital warfare and was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near the village of Natanz.

The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News.

An Iranian engineer recruited by the Dutch intelligence agency AIVD provided critical data that helped the U.S. developers target their code to the systems at Natanz, according to four intelligence sources. That mole then provided much-needed inside access when it came time to slip Stuxnet onto those systems using a USB flash drive.

Source: Yahoo News

Hundreds of millions of phone numbers linked to Facebook  accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam. But because the server wasn’t protected with a password, anyone could find and access the database. Each record contained a user’s unique Facebook ID and the phone number listed on the account. A user’s Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account’s username.

But phone numbers have not been public in more than a year since Facebook restricted access to users’ phone numbers. TechCrunch verified a number of records in the database by matching a known Facebook user’s phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook’s own password reset feature, which can be used to partially reveal a user’s phone number linked to their account.
Some of the records also had the user’s name, gender and location by country.

Source: TechCrunch

  • About

    We never asked for this.