Unpatched Android OS Flaw Allows Adversaries to Track User Location

Unpatched Android OS Flaw Allows Adversaries to Track User Location

CVE-2018-9489, now patched as mentioned, allows adversaries to explore and attack the local WiFi network, or identify and physically track any Android device, by exposing a range of WiFi information.

Google Internet Traffic Is Briefly Misdirected Through Russia, China

Google Internet Traffic Is Briefly Misdirected Through Russia, China

In a notice posted on Monday on its website, Google said it had resolved the issue as of 2:35 p.m. Pacific Standard Time, and that its services were operating as expected.

Hack Brief: Someone Posted Private Facebook Messages From 81,000 Accounts

Hack Brief: Someone Posted Private Facebook Messages From 81,000 Accounts

It’s not clear who’s responsible for stealing the Facebook data, but the BBC says one of the websites where the stolen information was posted appears to have been set up in Saint Petersburg, Russia.

Senators question Google's tardy disclosure of user data exposure

Senators question Google's tardy disclosure of user data exposure

WASHINGTON (Reuters) - Two U.S. senators said Alphabet Inc’s (GOOGL.O) disclosure of user data vulnerabilities at Google+ raised “serious questions” over whether it violated a 2011 consent decree with the Federal Trade Commission, potentially exposing Google to penalties.

The Next Tech Unicorns Won’t Exploit Personal Data; They’ll Have None. #PriTech

The Next Tech Unicorns Won’t Exploit Personal Data; They’ll Have None. #PriTech

But the Facebook boss spent $30 million on the properties surrounding his Palo Alto home in a desperate bid for a little privacy, while companies just like his stripped it away from their customers. Privacy law firms exist to conduct audits and help companies take remedial action, but they are just not practical for smaller firms.

Google News app bug is using up gigabytes of background data without users’ knowledge

Google News app bug is using up gigabytes of background data without users’ knowledge

Some users of Google News for Android are reporting that the app has used up excessive amounts of background data, leading to overage charges. In some extreme cases, the Google News app used up to 24GB of data, leading to overage charges of up to $385, users reported.

Popular e-card site has a bug that lets anyone access user photos

Popular e-card site has a bug that lets anyone access user photos

In its privacy policy document, Card Factory says it employs security measures to protect user information, but cannot be held responsible for "for any breach of security unless this is due to our negligence or wilful default.”

Mozilla wants to estimate Firefox's Telemetry-off population

Mozilla wants to estimate Firefox's Telemetry-off population

Firefox users who are concerned about the collection and sending of Telemetry data to Mozilla can turn off the functionality in the browser's options. The add-on is automatically installed and designed to inform Mozilla whether Telemetry is enabled in the browser.

Google+ shutting down after users' data is exposed

Google+ shutting down after users' data is exposed

Google said it would continue to offer private Google+ powered networks for businesses currently using the software. In the past, the company had been reluctant to share data on how often Google+ was used, but now, facing the fall out of exposed data, the firm appears keen to play down its importance.

Facebook bug prevented users from deleting their accounts

Facebook bug prevented users from deleting their accounts

Until just a few days ago, some Facebook users could not delete their accounts — the option to do so simply didn’t work. No matter what I tried, and regardless of which browser I used, the Facebook help page for deleting your account would not load when logged into his account:

Facebook says other apps not caught in hack

Facebook says other apps not caught in hack

Facebook has said that services which let users log in using their accounts do not appear to have been compromised in the recent security attack.

Facebook says 50m user accounts affected by security breach

Facebook says 50m user accounts affected by security breach

Facebook said attackers stole Facebook access tokens through its “view as” feature, which they could then use to take over people’s accounts. “Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” the company said in a blogpost.

Important Security Update for the Android (Beta) & iOS Apps.

Important Security Update for the Android (Beta) & iOS Apps.

We are currently reviewing our development process to adjust our methods to further maximize the probability of finding security relevant issues prior to releasing new app versions.

What The Heck, Facebook? – The Startup – Medium

What The Heck, Facebook? – The Startup – Medium

Hill ran a Facebook ad specifically targeting a single user, a computer science professor named Alan Mislove. Hill used a phone number that Mislove had never given to Facebook, so in theory they shouldn’t have that number.

Password bypass flaw in Western Digital My Cloud drives puts data at risk

Password bypass flaw in Western Digital My Cloud drives puts data at risk

A security researcher has published details of a vulnerability in a popular cloud storage drive after the company failed to issue security patches for over a year.

Google, App Developer Sued for Tracking Children Online

Google, App Developer Sued for Tracking Children Online

New Mexico’s attorney general has filed a lawsuit against a popular children’s app developer as well as Google and Twitter’s online ad platforms for allegedly violating the privacy of children under the age of 13, the New York Times has reported.

New Alpha Release: Tor Browser for Android

New Alpha Release: Tor Browser for Android

We're grateful to the Guardian Project for their work developing Orfox, a mobile browser which routes your traffic over the Tor network. With the development of Tor Browser for Android, Orfox will be sunsetted around the time of our stable release, expected in early 2019.

ZeroPhone Is “Coming Soon”: A Raspberry Pi-Based, Linux-Powered Phone For Just $50

ZeroPhone Is “Coming Soon”: A Raspberry Pi-Based, Linux-Powered Phone For Just $50

ZeroPhone is a Raspberry Pi-based, open-source, Linux-powered handset that has been launched as a project on Crowd Supply; we’ve already told you about the phone in the past. What makes ZeroPhone stand apart from the other conventionally available smartphones is the presence of a mini-HDMI port and a full-size USB 2.0 port.

Unless you upgrade to Android Pie, a vulnerability leaves your phone trackable -- and Google won't fix it

Unless you upgrade to Android Pie, a vulnerability leaves your phone trackable -- and Google won't fix it

The vulnerability (CVE-2018-9489) was revealed in a report from Nightwatch Cybersecurity which warns that it can be used to "uniquely identify and track any Android device" and also to "geolocate users".

I wish I could quit you, but cookies find a way: How to sidestep browser tracking protections

I wish I could quit you, but cookies find a way: How to sidestep browser tracking protections

Modern browsers will place cookie files in response to both first- and third-party requests and they do so in a way that's open to security risks, like cross-site request forgery and cross-site script inclusion, and to privacy abuse, like third-party tracking.

QSB #43: L1 Terminal Fault speculative side channel (XSA-273)

QSB #43: L1 Terminal Fault speculative side channel (XSA-273)

Change `smt=off` to `smt=on` in `/boot/efi/EFI/qubes/xen.cfg` in dom0. In addition, if you use any PV qubes (which is discouraged for security reasons), it is necessary to update their kernels to a version that contains L1TF mitigations.

Privacy Is Still Personal

We solved privacy in the natural world with clothing, shelter, manners and laws. All these things need to be as casual and easily understood as clothing and shelter are in the physical world today.

Google Chrome’s new Policy Ask to Disable Anti-Virus

Google Chrome’s new Policy Ask to Disable Anti-Virus

Google Chrome started showing alerts asking users to remove applications that are considered “not compatible” with the Chrome Browser as they may inject additional code into a browser’s processes.