"zack whittaker"

Data Breach: Millions of Instagram 'influencers,' celebrities, and brands' data found online

A massive database hosted on Amazon Web Services (AWS) for Mumbai-based internet company Chtrbox that contained contact info for millions of Instagram accounts for influencers, celebrities and brands has been discovered leaked online. Read the rest

"We take your privacy and security seriously" is the "thoughts and prayers" of data-breaches

Writing on Techcrunch, Zack Whittaker (previously) calls out the timeworn phrase "we take your privacy and security seriously," pointing out that this phrase appears routinely in company responses to horrific data-breaches, and it generally accompanied by conduct that directly contradicts it, such as stonewalling and minimizing responsibility for breaches and denying their seriousness. "We take your privacy and security seriously" is really code for "Please stop asking us to take your privacy and security seriously." Read the rest

A leaky database of SMS messages is a reminder that SMS is really, really insecure

Berlin-based security researcher Sébastien Kaul discovered that Voxox (formerly Telcentris) -- a giant, San Diego-based SMS gateway company -- had left millions of SMSes exposed on an Amazon cloud server, with an easily queried search front end that would allow attackers to watch as SMSes with one-time login codes streamed through the service. Read the rest

"Smart home" companies refuse to say whether law enforcement is using your gadgets to spy on you

Transparency reports are standard practice across the tech industry, disclosing the nature, quantity and scope of all the law enforcement requests each company receives in a given year. Read the rest

A dating website for Trump supporters leaked its customers' data ON DAY ONE

Donalddaters.com is an app for people who want to have sex with white supremacists; it launched today and promptly leaked all 1600 of its users' data: "users' names, profile pictures, device type, their private messages — and access tokens, which can be used to take over accounts." Read the rest

App that let parents spy on teens stored thousands of kids' Apple ID passwords and usernames on an unsecured server

If you're the kind of parent who wants to spy on everything your kids do, you can force them to install an app like Teensafe, which only works if your kid doesn't use two-factor authentication; you have to give it your kid's device ID and password, so if that data leaks, it would allow anyone to break into your kid's cloud and plunder all their private data. Read the rest

Online security is a disaster and the people who investigate it are being sued into silence

The only thing worse than driving a car with defective brakes is unknowingly driving a car with defective brakes -- and learning about them the hard way. Read the rest

Fedex bought a company that stored 119,000 pieces of scanned customer IDs in a public Amazon cloud server, shut the company down, left the scans online for anyone to download

Fedex acquired a company called Bongo International in 2014; Bongo specialized in helping North American companies sell overseas and after the acquisition, Fedex renamed the company FedEx Cross-Border International. Read the rest

Amazon's useless "transparency reports" won't disclose whether they're handing data from always-on Alexa mics to governments

Amazon was the last major tech company to issue a "transparency report" detailing what kinds of law-enforcement requests they'd serviced, and where; when they finally did start issuing them, they buried them on obscure webpages deep in their corporate info site and released them late on Friday afternoons. Read the rest

Ars Technica's Dan Goodin is being sued by Keeper Security over an article about a defect in its password manager

On December 15, Ars Technica ran a story by veteran security reporter Dan Goodin in which Goodin reported on a disclosure by Google researcher Tavis Ormandy, who had discovered that Keeper Security's password manager, bundled with Windows 10, was vulnerable to a password stealing bug that was very similar to a bug that had been published more than a year before. Read the rest

Facebook's security is like a "college campus," but they face threats like a "defense contractor"

A leaked recording of Facebook security chief Alex Stamos (who refused to help with an illegal NSA spying program when he was CSO for Yahoo) has him describing the company's IT culture as being "like a college campus, almost" while the company has the "threat profile of a Northrop Grumman or a Raytheon or another defense contractor." Read the rest

PWC threatens to sue security firm for disclosing embarrassing, dangerous defects in its software

ESNC, a German security research firm, discovered a critical flaw in PWC's enterprise software, which would allow attackers to hack into PWC customers' systems; when ESNC gave PWC notice of its intent to publish an advisory in 90 days, PWC promptly threatened to sue them if they did. Read the rest

Inside a multimillion dollar fake Kindle book scam

Vancouver-based engineer-turned-"entrepreneur" Valeriy Shershnyov published thousands of titles in the Kindle store, "books" of typo-riddled nonsense that he upranked with a system of bots that gamed Amazon's fraud-detection systems, allowing him to sell more than $3M worth of garbage to unsuspecting Amazon customers. Read the rest

Unprotected database exposes off-grid energy users in Guatemala, South Africa

An unprotected Kingo Solar database with the personal data and photos for thousands of off-the-grid electricity customers was accessible for months, reports Zack Whittaker at ZDnet. “Thousands of remote villagers in Guatemala and South Africa are living off the grid, but their personal information isn't,” he writes. Read the rest

How many US wiretap requests were rejected in 2015? Not a single one.

A new federal report shows that the number of surveillance requests skyrocketed in 2015, and that courts approved every single one of them. That's right, not one single wiretap request was rejected during 2015. Read the rest

Apple releases iOS 9.3, with fix for a big iMessage security flaw

As part of its big iPhone/iPad launch event today in Cupertino, Apple also released a software update that fixes a flaw which made it possible for iCloud-stored images or video sent via iMessage to be decrypted by third parties. Today's iOS update also adds a number of cool new features. Read the rest

California assemblyman joins NY legislator in proposing ban on crypto for phones

California assemblyman Jim Cooper (D-9th) has copy-pasted New York assemblyman Matthew Titone's (D-61st) insane, reality-denying bill that bans companies from selling smartphones with working crypto on them, introducing nearly identical measures in the California legislature. Read the rest

Next page

:)