"The idea behind this work is to be able to circumvent security systems that use a person detector to generate an alarm when a person enters the view of a camera," explained Wiebe Van Ranst, a PhD researcher at KU Leuven, in an email to The Register .
Third-party services running on most hotel websites have access to guest booking information, including personal data and payment card details. "This information could allow these third-party services to log into a reservation, view personal details, and even cancel the booking altogether," Wueest says.
EFF is proud to announce its newest investigative team: the Threat Lab. Using a combination of research skills, the Threat Lab will take a deep dive into how surveillance technologies are used to target communities, activists, or individuals.
Vulnerabilities that are full-on "leaky" involve more deeply flawed encryption channels between browsers and web servers that would enable an attacker to decrypt all the traffic passing through them.
Image: Denis Andzakovic A security researcher has come up with a new method of extracting BitLocker encryption keys from a computer's Trusted Platform Module (TPM) that only requires a $27 FPGA board and some open-sourced code.
An open database in China contains the personal information of more than 1.8 million women, including their phone numbers, addresses, and something called “BreedReady” status, according to a researcher.
'Although password managers provide some utility for storing login/passwords and limit password reuse, these applications are a vulnerable target for the mass collection of this data through malicious hacking campaigns.' ISE researchers concentrated their efforts on four of the most popular password management services around: 1Password, in both legacy and current forms, Dashlane, KeePass, and LastPass.
A new website enabling users to search the image database of Russian social media site VKontakte with facial biometrics has been discovered, and then threatened with legal action, prompting it to switch off some functions, TOL.org reports.
Now, this isn’t the most concerning of bugs — the data appears to only be available to the user that sent or received the message, but the fact that Twitter isn’t deleting the messages when it says that it is , isn’t a great look for the company.
They allow companies to learn the websites that you visit and the apps that you use Researchers found that these apps track user activities by reading advertising IDs - the unique number assigned to each smartphone to personalise ads.
"I had to do some digging to understand that the Kremlin requires remote access to systems that handle financial transactions." The researcher says that after his initial finding, he later found the same "email@example.com" account on over 2,000 other MongoDB databases that had been left exposed online, all belonging to local and foreign businesses operating in Russia.
Current laws like the Genetic Information Nondiscrimination Act (GINA) prohibit employers or health insurance companies from discriminating against a person based on their genes, though that doesn’t mean it couldn’t happen.
Some of the ads asked for individuals ages 13-17 for a “paid social media research study,” while another advertised opportunities for users “Age: 13-35 (parental consent required for ages 13-17).” Facebook appears to have taken steps to obfuscate that they are behind the program, with TechCrunch reporting that some sign-up methods only mentioned its name during installation instructions.
The new study also shows that if a person leaves a social media platform--or never joined--the online posts and words of their friends still provide about 95% of the "potential predictive accuracy," the scientists write, of a person's future activities--even without any of that person's data.
The bipartisan cooperation in Congress and the Commission on Evidence-Based Policymaking deserves praise for leading the country down a path for responsible data use and improved privacy protections.
Even if you're not a user of a social media platform, it's possible to create a 95% accurate profile of you from your friends' accounts, according to new research.
Ars Technica Live View more stories Months earlier, Soltani had given similar Months earlier, Soltani had given similar testimony before a US Senate subcommittee, where he unequivocally said : "No other single company has done more to erode consumer privacy than Facebook." Earlier in 2018, Soltani also helped author the new California Consumer Privacy Act, which was signed into law last June, just a few years after being named as the chief technologist at the Federal Trade Commission.
The researcher also created a tool that lets users test if their extensions also contain vulnerable APIs that can be exploited by malicious websites. More details about Somé's work are available in a research paper entitled "EmPoWeb: Empowering Web Applications with Browser Extensions," available for download in a PDF format from here or here .
Hazel, a researcher at Vanderbilt University, studied companies ranging from popular startups like 23andMe — which offers health and ancestry information — to under-the-radar outfits such as GEDmatch, which simply houses genetic information to help people build family trees.
Bug-hunter Florian Kunushevci today told The Register the security flaw, which has been reported to Microsoft, allows the person in possession of someone's phone to receive a Skype call, answer it without unlocking the handset, and then view photos, look up contacts, send a message, and open the browser by tapping links in a sent message, all without ever unlocking the phone.
NEW YORK/SAN FRANCISCO (Reuters) - A cyber security researcher canceled a hacking conference briefing on how he said he could crack biometric facial recognition on Apple Inc (AAPL.O) iPhones, at the request of his employer, which called the work “misleading.” FILE PHOTO: An attendee uses the Face ID function on the new iPhone X during a presentation for the media in Beijing, China October 31, 2017.
Image: Widevine team A British security researcher has cracked the L3 protection level of Google's Widevine digital rights management (DRM) technology. Because of the varying security levels, which exposes the DRM-encrypted content to attacks, service providers deliver audio and video streams with varying quality levels, with L3 receiving the lowest.
North Yorkshire Police said today they're not pursuing a criminal case against the researcher who found a vulnerability in a mobile app developed by the York city council.
Security investigator KrebsOnSecurity discovered a vulnerability on USPS' website that allowed anyone to see online users' street addresses, usernames, phone number and other personal information. KrebsOnSecurity discovered a vulnerability on USPS' website that allowed anyone to see online users' street addresses, usernames, phone number and other personal information
The second skimmer, now being the only one to hold the valid credit card number, uses a special function to encode the data it exfiltrates.
EFF and McSweeney’s have teamed up to bring you The End of Trust (McSweeney’s 54). The End of Trust is available to download and read right now under a Creative Commons BY-NC-ND license.
“They suddenly had images that their family could be arrested, that they could be arrested, some people had post-traumatic stress disorder-like symptoms,” Chisholm said in a phone interview. “The fear and uncertainty generated by surveillance inhibit activity more than any action by the police,” Franco said in a phone interview.