"zack whittaker"

Group sex dating app has "the worst security for any dating app"

One of the wonderful and terrible things about the internet is how it allows people seeking others with hard-to-find traits to find them: advertisers can find people thinking about buying a refrigerator; people who think they might be trans can find others in the same boat and make common cause; people with the same rare disease can form support groups, and Nazis can find sociopaths to march through the streets of Charlottesville carrying tiki torches and chanting "Jews will not replace us." Read the rest

Warshipping: attack a target network by shipping a cellular-enabled wifi cracker to a company's mail-room

IBM's ridiculously named X-Force Red have documented a new attack vector they've dubbed "Warshipping": they mailed a sub-$100 custom, wifi-enabled low-power PC with a cellular radio to their target's offices. Read the rest

UK ISP Association, spies, censorship organsation jointly condemn Mozilla for supporting secure DNS because it breaks UK internet censorship rules

ISPs in the UK are required to censor a wide swathe of content: what began as a strictly limited, opt-in ban on depictions of the sexual abuse of children has been steadily expanded to a mandatory ban on "extreme" pornography, "terrorist content," copyright and trademark infringement, and then there's the on-again/off-again ban on all porn sites unless they keep a record of the identity of each user and the porn they request.. Read the rest

"Massive scale" intrusion into mobile carriers' networks exposed customers' location, call data for years

The security firm Cybereason says that it has identified a likely state-sponsored attack on ten global mobile phone networks that they have attributed to "the Chinese-affiliated threat actor APT10," which has been "underway for years." Read the rest

Data Breach: Millions of Instagram 'influencers,' celebrities, and brands' data found online

A massive database hosted on Amazon Web Services (AWS) for Mumbai-based internet company Chtrbox that contained contact info for millions of Instagram accounts for influencers, celebrities and brands has been discovered leaked online. Read the rest

"We take your privacy and security seriously" is the "thoughts and prayers" of data-breaches

Writing on Techcrunch, Zack Whittaker (previously) calls out the timeworn phrase "we take your privacy and security seriously," pointing out that this phrase appears routinely in company responses to horrific data-breaches, and it generally accompanied by conduct that directly contradicts it, such as stonewalling and minimizing responsibility for breaches and denying their seriousness. "We take your privacy and security seriously" is really code for "Please stop asking us to take your privacy and security seriously." Read the rest

A leaky database of SMS messages is a reminder that SMS is really, really insecure

Berlin-based security researcher Sébastien Kaul discovered that Voxox (formerly Telcentris) -- a giant, San Diego-based SMS gateway company -- had left millions of SMSes exposed on an Amazon cloud server, with an easily queried search front end that would allow attackers to watch as SMSes with one-time login codes streamed through the service. Read the rest

"Smart home" companies refuse to say whether law enforcement is using your gadgets to spy on you

Transparency reports are standard practice across the tech industry, disclosing the nature, quantity and scope of all the law enforcement requests each company receives in a given year. Read the rest

A dating website for Trump supporters leaked its customers' data ON DAY ONE

Donalddaters.com is an app for people who want to have sex with white supremacists; it launched today and promptly leaked all 1600 of its users' data: "users' names, profile pictures, device type, their private messages — and access tokens, which can be used to take over accounts." Read the rest

App that let parents spy on teens stored thousands of kids' Apple ID passwords and usernames on an unsecured server

If you're the kind of parent who wants to spy on everything your kids do, you can force them to install an app like Teensafe, which only works if your kid doesn't use two-factor authentication; you have to give it your kid's device ID and password, so if that data leaks, it would allow anyone to break into your kid's cloud and plunder all their private data. Read the rest

Online security is a disaster and the people who investigate it are being sued into silence

The only thing worse than driving a car with defective brakes is unknowingly driving a car with defective brakes -- and learning about them the hard way. Read the rest

Fedex bought a company that stored 119,000 pieces of scanned customer IDs in a public Amazon cloud server, shut the company down, left the scans online for anyone to download

Fedex acquired a company called Bongo International in 2014; Bongo specialized in helping North American companies sell overseas and after the acquisition, Fedex renamed the company FedEx Cross-Border International. Read the rest

Amazon's useless "transparency reports" won't disclose whether they're handing data from always-on Alexa mics to governments

Amazon was the last major tech company to issue a "transparency report" detailing what kinds of law-enforcement requests they'd serviced, and where; when they finally did start issuing them, they buried them on obscure webpages deep in their corporate info site and released them late on Friday afternoons. Read the rest

Ars Technica's Dan Goodin is being sued by Keeper Security over an article about a defect in its password manager

On December 15, Ars Technica ran a story by veteran security reporter Dan Goodin in which Goodin reported on a disclosure by Google researcher Tavis Ormandy, who had discovered that Keeper Security's password manager, bundled with Windows 10, was vulnerable to a password stealing bug that was very similar to a bug that had been published more than a year before. Read the rest

Facebook's security is like a "college campus," but they face threats like a "defense contractor"

A leaked recording of Facebook security chief Alex Stamos (who refused to help with an illegal NSA spying program when he was CSO for Yahoo) has him describing the company's IT culture as being "like a college campus, almost" while the company has the "threat profile of a Northrop Grumman or a Raytheon or another defense contractor." Read the rest

PWC threatens to sue security firm for disclosing embarrassing, dangerous defects in its software

ESNC, a German security research firm, discovered a critical flaw in PWC's enterprise software, which would allow attackers to hack into PWC customers' systems; when ESNC gave PWC notice of its intent to publish an advisory in 90 days, PWC promptly threatened to sue them if they did. Read the rest

Inside a multimillion dollar fake Kindle book scam

Vancouver-based engineer-turned-"entrepreneur" Valeriy Shershnyov published thousands of titles in the Kindle store, "books" of typo-riddled nonsense that he upranked with a system of bots that gamed Amazon's fraud-detection systems, allowing him to sell more than $3M worth of garbage to unsuspecting Amazon customers. Read the rest

Next page

:)