Researchers find mountains of sensitive data on totalled Teslas in junkyards

Teslas are incredibly data-hungry, storing massive troves of data about their owners, including videos of crashes, location history, contacts and calendar entries from paired phones, photos of the driver and passengers taken with interior cameras, and other data; this data is stored without encryption, and it is not always clear when Teslas are gathering data, and the only way to comprehensively switch off data-gathering also de-activates over-the-air software updates for the cars, which have historically shipped with limited or buggy features that needed the over-the-air updates to fix them. Read the rest

Dropbox has some genuinely great security reporting guidelines, but reserves the right to jail you if you disagree

Dropbox has published a set of guidelines for how companies can "encourage, support, and celebrate independent open security research" -- and they're actually pretty great, a set of reasonable commitments to take bug reports seriously and interact respectfully with researchers. Read the rest

Creepy, sketchy stalkerware vendor get hacked, announced bug-bounty program

Flexispy (previously) is the creepy, sketchy stalkerware company that makes tools that allow jealous, abusive spouses track their partners, and then hides their profits in offshore money-laundries. Read the rest