Facebook security lapse affects millions more Instagram users than first stated

Facebook security lapse affects millions more Instagram users than first stated

At 10 am ET on Thursday, as the attorney general, William Barr, wrapped up his news conference on the release of the report of the special counsel, Robert Mueller, Facebook updated a 21 March blogpost, which revealed it had mistakenly stored the passwords of hundreds of millions of users unencrypted, to include a sentence admitting that millions more Instagram accounts had been affected.

Facebook accidentally scraped the email contacts of 1.5 million users

Facebook accidentally scraped the email contacts of 1.5 million users

"Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time," a Facebook spokesperson said an a statement to Mashable.

Protect yourself against a pure CSS data stealing attack called Exfil

Protect yourself against a pure CSS data stealing attack called Exfil

Mike Gualtieri, the researcher who discovered the vulnerability, published several proof of concept attacks designed to steal usernames, passwords, and other data on web pages it is used on. Just install the extension in a supported web browser to protect your data against attacks exploiting the issue.

South Korea spycam: hundreds of motel guests secretly filmed and live-streamed online

South Korea spycam: hundreds of motel guests secretly filmed and live-streamed online

Seoul (CNN)About 1,600 people have been secretly filmed in motel rooms in South Korea, with the footage live-streamed online for paying customers to watch, police said Wednesday.

What was that P word? Ah. Privacy. Yes, we'll think about privacy, says FCC mulling cellphone location data overhaul

What was that P word? Ah. Privacy. Yes, we'll think about privacy, says FCC mulling cellphone location data overhaul

It would be relatively easy for the FCC to closely define what is allowed to be done with the more accurate location data it is arguing for: it can specifically designate that data and put rules around it that would, for example, require mobile operators to only grant access to approved providers.

Consumer Privacy in an Age of Commercial Unmanned Aircraft Systems: The Independent Review: The Independent Institute

Consumer Privacy in an Age of Commercial Unmanned Aircraft Systems: The Independent Review: The Independent Institute

Volume 23 Number 1 • Summer 2018 Subscribe Buy Single Issues Get the App All Issues: Consumer Privacy in an Age of Commercial Unmanned Aircraft Systems By Ryan Hagemann This article appeared in the Summer 2018 issue of The Independent Review The advent of the commercial drone will bring new challenges for consumer privacy and new rules for dealing with them.

Google Project Zero team reveals ‘high severity’ flaw in macOS kernel, working w/ Apple on a patch

Google Project Zero team reveals ‘high severity’ flaw in macOS kernel, working w/ Apple on a patch

Most recently, the team at Google has reported and publicly disclosed a “high severity” flaw in the macOS kernel which can grant an attacker access to a users computer without their knowledge.

Google disables Android TV photo sharing for all users after account privacy issue

Google disables Android TV photo sharing for all users after account privacy issue

Until the bug is resolved, Android TV owners won’t be able to set Google Photo albums as their screensaver or view pictures with Google Assistant on their set-top devices or smart TVs, as reported by Android Police .

Google temporarily shuts down Android TV photo sharing after privacy bug

Google temporarily shuts down Android TV photo sharing after privacy bug

Apparently something went horribly wrong with this feature earlier, as pictures and videos show hundreds of accounts from strangers listed under "linked accounts." When I access my Vu Android TV through the @Google Home app, and check the linked accounts, it basically lists what I imagine is every single person who owns this television.

Facebook’s new 10-digit security hole

Facebook’s new 10-digit security hole

Well, the answer is because cell phone companies are run by idiots when it comes to security, so even if you leave specific instructions with your provider to not port your SIM without a PIN and photo ID, smooth-talking criminals can still convince telco employees to do it anyway, with the result that the crook obtains control of your phone number – and can receive any communications sent to it.

Three things to know about California’s data privacy fight

Three things to know about California’s data privacy fight

“I believe you guys are going to do a great job defending this bill, and making sure that when it goes into effect next year it’s a great bill for California and for the world.” The law requires that companies tell customers what information it collects about them and who they sell the data to.

Flaws in 4G and 5G can lead to spying on location and calls, researchers find

Flaws in 4G and 5G can lead to spying on location and calls, researchers find

Attack works by making several calls In the paper, the researchers outline an attack called Torpedo, which can be used to determine whether a device is in a certain location. The attack exploits an issue in how devices send “paging” information when calls or texts are received.

Surveillance firm asks Mozilla to be included in Firefox's certificate whitelist

Surveillance firm asks Mozilla to be included in Firefox's certificate whitelist

On one side Mozilla is pressured by organizations like the Electronic Frontier Foundation, Amnesty International, and The Intercept to decline DarkMatter's request, while on the other side DarkMatter claims it never abused its TLS certificate issuance powers for anything bad, hence there's no reason to treat it any differently from other CAs that have applied in the past.

Google wants to make it harder for sites to detect that you’re using Chrome’s Incognito Mode

Google wants to make it harder for sites to detect that you’re using Chrome’s Incognito Mode

For those who use Incognito this way, you may be shocked to know that Chrome has long had a flaw that can be abused by web developers to detect whether you’re using Incognito Mode.

Twitter has been storing your ‘deleted’ DMs for years

Twitter has been storing your ‘deleted’ DMs for years

Now, this isn’t the most concerning of bugs — the data appears to only be available to the user that sent or received the message, but the fact that Twitter isn’t deleting the messages when it says that it is , isn’t a great look for the company.

Tails 3.12.1 is out

Tails 3.12.1 is out

Changes Known issues Get Tails 3.12.1 What's coming up? In some cases, only BIOS (Legacy) was affected and the USB stick was not listed in the Boot Menu. To fix this issue: Reinstall your USB stick using the same installation method. Get Tails 3.12.1 What's coming up?

PoPETs

PoPETs

To benefit from the two-week deadline extension, major revisions must be submitted to one of the two issues following the decision. Major revisions submitted to later issues are treated as new submissions, due by the regular deadline and possibly assigned to new reviewers.

Researcher finds macOS bug but won’t share details with Apple

Researcher finds macOS bug but won’t share details with Apple

Yet Henze won't help Apple patch the exploit because its bug bounty program only pays out to researchers for disclosing bugs on iOS and not macOS.

The Nest in my son's room was acting weird. Here's what I did next

The Nest in my son's room was acting weird. Here's what I did next

Growing up with Alexa: A child's relationship with Amazon's voice assistant Read More "We're aware of an issue that caused a small amount of Nest cameras to incorrectly indicate they were being viewed even after the live stream was closed," a Google spokesperson said in a statement.

Walgreens, Nestlé, Coors And More Use Iris-Tracking Cameras To Spy On Shoppers

Walgreens, Nestlé, Coors And More Use Iris-Tracking Cameras To Spy On Shoppers

<span style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" data-mce-type="bookmark" class="mce_SELRES_start"></span> Walgreens Boots Alliance Inc. is testing a technology that embeds cameras, sensors and digital screens in the cooler doors in its stores, a new network of “smart” displays that marketers can use to target ads for specific types of shoppers.

ICloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret

ICloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret

Last week, Turkish security researcher Melih confirmed The Hacker News that he discovered the alleged flaw in October 2018, and then responsibly reported it to the Apple's security team with steps to reproduce the bug and a video demonstration, showing how he was able to read personal iCloud data from other Apple users without their knowledge.

Tails 3.12 is out

Tails 3.12 is out

Changes Known issues Get Tails 3.12 What's coming up? To fix this issue: Reinstall your USB stick using the same installation method.

Apple temporarily disables group FaceTime to fix a bug that lets you eavesdrop on your contacts

Apple temporarily disables group FaceTime to fix a bug that lets you eavesdrop on your contacts

CLICK IT Apple has now disabled the group FaceTime feature and said it’ll issue a fix later this week. Apple disables group facetime feature The issue was so serious that Twitter CEO Jack Dorsey, and even Andrew Cuomo, governor of the state of New York, weighed in and urged their followers to disable FaceTime.

A major privacy flaw in Apple's FaceTime lets others listen in on you before you answer the call

A major privacy flaw in Apple's FaceTime lets others listen in on you before you answer the call

A major privacy flaw in Apple's FaceTime video chat product has been discovered allowing someone to secretly eavesdrop on another user before they answer the call.

‘Right to be forgotten’ used to force Google to remove medical negligence link

‘Right to be forgotten’ used to force Google to remove medical negligence link

The ruling is thought to be the first time a search result relating to medical negligence has been removed in the almost five years since the EU first established its citizens’ “right to be forgotten.” At issue were links to a website that contains an unofficial blacklist of suspended doctors.

Call for testing: 3.12~rc1

Call for testing: 3.12~rc1

:) Changes Known issues How to test Tails 3.12~rc1? First download the USB image: Tails 3.12~rc1 USB image OpenPGP signature Tails 3.12~rc1 USB image torrent Then follow the new installation instructions. Tails 3.12~rc1 ISO image OpenPGP signature Tails 3.12~rc1 ISO image torrent What's coming up?

Twitter bug revealed some Android users’ private tweets

Twitter bug revealed some Android users’ private tweets

The company says that the issue impacted Twitter for Android users who made certain account changes while the “Protect your Tweets” option was turned on. We’ve become aware of and fixed an issue where the “Protect your Tweets” setting was disabled on Twitter for Android.

See if You're Using These Popular Android Apps That Overshare Info to Facebook

See if You're Using These Popular Android Apps That Overshare Info to Facebook

A recent Privacy International study found that 42.55% of the free apps in Google Play could share data with Facebook, and many popular apps share data with Facebook the second they’re opened. It’s also created detailed reports for all of the apps that transmit data to Facebook immediately when the app is opened.

Guardzilla Home Cameras Open to Anyone Wanting to Watch Their Footage

Guardzilla Home Cameras Open to Anyone Wanting to Watch Their Footage

The GZ501W model camera contains a shared, hard-coded Amazon S3 credential used for storing saved video data in the Amazon cloud – so all users of the Guardzilla All-In-One Video Security System have the same password, and thus can access each other’s saved home video.

$3k Bug Bounty - Twitter's OAuth Mistakes

$3k Bug Bounty - Twitter's OAuth Mistakes

For some reason, Twitter's OAuth screen says that these apps do not have access to Direct Messages. After reporting this, Twitter audited their old apps and assures me the issue is now fixed. 2018-12-06 Twitter fixed the issue and published the bounty payout.

More