Archive for Security

How to delete or disable your Facebook account

Facebook will try to guilt you into staying by showing you photos of your Facebook friends, and then asking you why you want to deactivate your account.

Source: How to delete or disable your Facebook account | PCWorld

also if you are smart enough to find that screen, i’m pretty sure there is no way you “don’t understand how to facebook”

Want to see something crazy? Open this link on your phone with WiFi turned off.

But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services?—?not just federal law enforcement officials?—?who are then selling access to that data.

Given the trivial “consent” step required by these services and unlikely audit controls, it appears that these services could be used to track or de-anonymize nearly anyone with a cell phone in the United States with potentially no oversight.

Source: Want to see something crazy? Open this link on your phone with WiFi turned off.

Your Data is Being Manipulated

Google learned American racism and amplified it back at all of its users.

Source: Your Data is Being Manipulated – Data & Society: Points

Amazon suspends sales of Blu phones for including preloaded spyware, AGAIN

Spying software from Chinese company Shanghai Adups Technology was still present on certain Blu handsets. The software leaves users vulnerable to remote takeovers and having their text messages and call logs recorded, as well as other forms of discrete data collection.

Source: Amazon suspends sales of Blu phones for including preloaded spyware, again – The Verge

Seems to be the only way to make money on Android phones not from Samsung.

The “Doubleswitch” social media attack: a threat to advocates in Venezuela and worldwide – Access Now

Having gained full control of the compromised account, the hijackers exploited a feature that allows Twitter to recycle unused usernames. After changing the credentials of the accounts, the hijackers registered Twitter accounts using the original usernames, which were now freely available, and connected the accounts to a new email address.

Source: The “Doubleswitch” social media attack: a threat to advocates in Venezuela and worldwide – Access Now

Making a call to HTTPS

If you are making use of ATS or making a call to HTTPS please note that you are required to submit a year-end self classification report to the US government. Learn more

So I go to publish an app in the AppStore today and this ^ pops up, let that sink in for awhile

macOS High Sierra – Reader can now be set as default mode

Reader has mostly languished over the past few years, but in iOS 11 and MacOS High Sierra it’s back in the spotlight, and it’s gotten a wide-reaching upgrade. You can now set Reader as the default mode for “every web article that supports it,” which will potentially turn a lot of articles into something that looks more like a PDF than graphics-laden web page. (Previously, you had to first load the site and then toggle into Reader, which at least gave ads a chance to show up before you bid them adieu.)

Source: Apple Can Afford To Mess With Annoying, Snoopy Ads–And At WWDC, It Did

Social Media Screening for U.S. Visitors Is Now in Effect

As for U.S. citizens, border agents can’t bar them from entering the country even if they refuse to share social media activity or other information from their phones. But they do have the power to detail Americans in “secondary inspection” and to confiscate devices.

Source: Social Media Screening for U.S. Visitors Is Now in Effect

Google now knows when its users go to the store and buy stuff

Google has begun using billions of credit-card transaction records to prove that its online ads are prompting people to make purchases – even when they happen offline in brick-and-mortar stores

The new credit-card data enables the tech giant to connect these digital trails to real-world purchase records in a far more extensive way than was possible before. But in doing so, Google is yet again treading in territory that consumers may consider too intimate and potentially sensitive.

Privacy advocates said few people understand that their purchases are being analyzed in this way and could feel uneasy, despite assurances from Google that it has taken steps to protect the personal information of its us

Source: Google now knows when its users go to the store and buy stuff – The Washington Post

Many Android Phones Vulnerable to Attacks Over Malicious Wi-Fi Networks

The vulnerability resides in a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices. Apple patched the vulnerability with Monday’s release of iOS 10.3.1. “An attacker within range may be able to execute arbitrary code on the Wi-Fi chip,” Apple’s accompanying advisory warned. In a highly detailed blog post published Tuesday, the Google Project Zero researcher who discovered the flaw said it allowed the execution of malicious code on a fully updated 6P “by Wi-Fi proximity alone, requiring no user interaction.”

Google is in the process of releasing an update in its April security bulletin. The fix is available only to a select number of device models, and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible. Company representatives didn’t respond to an e-mail seeking comment for this post.

The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values. The values, in turn, cause the firmware running on Broadcom’s wireless system-on-chip to overflow its stack. By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks, Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode. Beniamini’s code does nothing more than write a benign value to a specific memory address. Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point.

Source: Many Android Phones Vulnerable to Attacks Over Malicious Wi-Fi Networks – Schneier on Security