On December 15, Ars Technica ran a story by veteran security reporter Dan Goodin in which Goodin reported on a disclosure by Google researcher Tavis Ormandy, who had discovered that Keeper Security's password manager, bundled with Windows 10, was vulnerable to a password stealing bug that was very similar to a bug that had been published more than a year before.
A leaked recording of Facebook security chief Alex Stamos (who refused to help with an illegal NSA spying program when he was CSO for Yahoo) has him describing the company's IT culture as being "like a college campus, almost" while the company has the "threat profile of a Northrop Grumman or a Raytheon or another defense contractor."
ESNC, a German security research firm, discovered a critical flaw in PWC's enterprise software, which would allow attackers to hack into PWC customers' systems; when ESNC gave PWC notice of its intent to publish an advisory in 90 days, PWC promptly threatened to sue them if they did.
Vancouver-based engineer-turned-"entrepreneur" Valeriy Shershnyov published thousands of titles in the Kindle store, "books" of typo-riddled nonsense that he upranked with a system of bots that gamed Amazon's fraud-detection systems, allowing him to sell more than $3M worth of garbage to unsuspecting Amazon customers.
An unprotected Kingo Solar database with the personal data and photos for thousands of off-the-grid electricity customers was accessible for months, reports Zack Whittaker at ZDnet. "Thousands of remote villagers in Guatemala and South Africa are living off the grid, but their personal information isn't," he writes. — Read the rest
A new federal report shows that the number of surveillance requests skyrocketed in 2015, and that courts approved every single one of them. That's right, not one single wiretap request was rejected during 2015.
As part of its big iPhone/iPad launch event today in Cupertino, Apple also released a software update that fixes a flaw which made it possible for iCloud-stored images or video sent via iMessage to be decrypted by third parties. — Read the rest
California assemblyman Jim Cooper (D-9th) has copy-pasted New York assemblyman Matthew Titone's (D-61st) insane, reality-denying bill that bans companies from selling smartphones with working crypto on them, introducing nearly identical measures in the California legislature.
Wildly profitable companies like Neustar, Subsentio, and Yaana do the feds' dirty work for them, slurping huge amounts of unconstitutionally requisitioned data out of telcos' and ISPs' data-centers in response to secret, sealed FISA warrants — some of them publicly traded, too, making them a perfect addition to the Gulag Wealth Fund.
After months of activist agitation and a crushing disappointment from the cowards in the House of Representatives, the US senate has effectively killed CISPA, a sweeping Internet surveillance proposal. This is astoundingly great news! But CISPA died once before, and came back from the dead, and it will not likely stay dead this time around either. — Read the rest
Disclosures made by the UK Department of Work and Pensions in response Freedom of Information requests show that over 1,000 civil servants illegally snooped on private citizens' data over a 13-month period. A separate disclosure from the Department of Health showed over 150 illegal breaches in the same period. — Read the rest
From CNET's Zack Whittaker: "features in Facebook give users access to personal, private and hidden photos that would normally be hidden from view. The flaw, spotted by members of a body building forum, no less, allows Facebook users to access photos revealed by the report abuse tool."
