How safe are school records? Not very, says student security researcher

How safe are school records? Not very, says student security researcher

Among one of the more damaging issues Demirkapi found in Follett’s student information system was an improper access control vulnerability, which if exploited could have allowed an attacker to read and write to the central Aspen database and obtain any student’s data.

Twitter Leaks Private Data to Ad Partners

Twitter Leaks Private Data to Ad Partners

Twitter recently revealed to its users that their privacy settings may not have been protecting their data from Twitter’s ad partners, which constitutes a breach in privacy. Targeted advertising leads us to Twitter’s second bug; Twitter used their inference system to serve “relevant” ads to all of their users, ignoring their privacy settings.

Monzo urges 480,000 customers to change their pin numbers

Monzo urges 480,000 customers to change their pin numbers

The digital bank Monzo has urged nearly 480,000 customers to change their pins after it left banking information exposed to unauthorised staff for six months.

Google Has Been ‘Accidentally’ Storing Passwords in Plaintext Since 2005

Google Has Been ‘Accidentally’ Storing Passwords in Plaintext Since 2005

Google is facing controversy after it recently admitted that it has ‘accidentally’ been storing user passwords in plaintext. Apparently, Google has been storing passwords in plaintext due to a bug.

Google Stored G Suite Users' Passwords in Plain-Text for 14 Years

Google Stored G Suite Users' Passwords in Plain-Text for 14 Years

However, Google also says that the plain text passwords were stored not on the open Internet but on its own secure encrypted servers and that the company found no evidence of anyone's password being improperly accessed.

GitHub - realtho/PartyLoud: A simple tool to do several HTTP / HTTPS requests and simulate navigation

GitHub - realtho/PartyLoud: A simple tool to do several HTTP / HTTPS requests and simulate navigation

Internal Engine is now complete and operative cURL is now used to generate pseudo-random requests HTML response is now parsed using grep Bad URLs are now filtered using a wordlist mechanism (wordlist is located in a file named badwords) ✅ Changed. and python are now no more required to run the script disabled user-defined number of processes [0.0.2] - 2019-03-18.

How to Sweep For Bugs and Hidden Cameras

How to Sweep For Bugs and Hidden Cameras

Bugs always need a way to deliver the data they're gathering to their owners, so deep bug sweeps should go beyond regular electronics detection to scan for laser beam and microwave transmission setups.

Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext

Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext

Facebook confirmed Thursday in a blog post, prompted by a report by cybersecurity reporter Brian Krebs, that it stored “hundreds of millions” of account passwords in plaintext for years. Both companies said passwords were stored in plaintext and not scrambled.

Google browser vulnerability could have let hackers steal personal data

Google browser vulnerability could have let hackers steal personal data

The bug was briefly disclosed in Google’s patch notes from January , described only as a high-severity vulnerability with “insufficient policy enforcement.” After a new report from Positive Technologies, we now know that the bug affected Android’s WebView component, which is commonly used to display pages inside Android apps.

Google Project Zero team reveals ‘high severity’ flaw in macOS kernel, working w/ Apple on a patch

Google Project Zero team reveals ‘high severity’ flaw in macOS kernel, working w/ Apple on a patch

Most recently, the team at Google has reported and publicly disclosed a “high severity” flaw in the macOS kernel which can grant an attacker access to a users computer without their knowledge.

Google disables Android TV photo sharing for all users after account privacy issue

Google disables Android TV photo sharing for all users after account privacy issue

Until the bug is resolved, Android TV owners won’t be able to set Google Photo albums as their screensaver or view pictures with Google Assistant on their set-top devices or smart TVs, as reported by Android Police .

Once hailed as unhackable, blockchains are now getting hacked

Once hailed as unhackable, blockchains are now getting hacked

A blockchain protocol is a set of rules that dictate how the computers in the network, called nodes , should verify new transactions and add them to the database.

Stop saying, “We take your privacy and security seriously”

Stop saying, “We take your privacy and security seriously”

The truth is, most companies don’t care about the privacy or security of your data.

Those Twitter DM’s From the Account You Deleted? They Could Still be Around

Those Twitter DM’s From the Account You Deleted? They Could Still be Around

Twitter claims accounts that have been deactivated and deleted are removed from the service along with all the rest of the account’s data after 30 days.

Even years later, Twitter doesn’t delete your direct messages

Even years later, Twitter doesn’t delete your direct messages

Twitter retains direct messages for years, including messages you and others have deleted, but also data sent to and from accounts that have been deactivated and suspended, according to security researcher Karan Saini.

Apple fixes iPhone bug that allowed people to eavesdrop on FaceTime calls

Apple fixes iPhone bug that allowed people to eavesdrop on FaceTime calls

SAN FRANCISCO — Apple has released an iPhone update to fix a software flaw that allowed people to eavesdrop on others while using FaceTime. WATCH: How a 14-year-old teenager discovered Apple’s FaceTime bug Help us improve GlobalNews.ca Take the survey now!

Apple releases update to prevent FaceTime eavesdropping

Apple releases update to prevent FaceTime eavesdropping

Apple has released an iPhone update to fix a FaceTime flaw that allowed people to eavesdrop on others while using its group video chat feature. (AP Photo/Brian Skoloff, File) SAN FRANCISCO (AP) — Apple has released an iPhone update to fix a software flaw that allowed people to eavesdrop on others while using FaceTime.

New Release: Tor Browser 8.5a7

New Release: Tor Browser 8.5a7

We ship our new Tor Browser logo for the first time in a release build on desktop platforms and are eager to learn about bugs and general feedback .

ICloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret

ICloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret

Last week, Turkish security researcher Melih confirmed The Hacker News that he discovered the alleged flaw in October 2018, and then responsibly reported it to the Apple's security team with steps to reproduce the bug and a video demonstration, showing how he was able to read personal iCloud data from other Apple users without their knowledge.

Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones

Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones

On Friday, Apple’s product security team encouraged Ms. Thompson, a lawyer, to set up a developer account to send a formal bug report. The company reacted after a separate developer reported the FaceTime flaw and it was written about on the Apple fan site 9to5mac.com , in an article that went viral.

Apple rushes to fix FaceTime bug that let users eavesdrop on others

Apple rushes to fix FaceTime bug that let users eavesdrop on others

Serious glitch, which can also turn on video without people’s knowledge, comes amid increasing concerns over privacy Apple has made the group functionality on its FaceTime application temporarily unavailable as it rushes to fix a glitch that allowed users to listen in on the people they were calling when they did not pick up the call.

IPhone FaceTime bug lets you eavesdrop on other people

IPhone FaceTime bug lets you eavesdrop on other people

San Francisco (CNN Business)A newly discovered bug in Apple's FaceTime software lets Apple users listen in on the people they are calling, and even see through their front-facing camera, without them picking-up the call.

Apple FaceTime bug lets you listen even if someone doesn't answer

Apple FaceTime bug lets you listen even if someone doesn't answer

There's a FaceTime bug that lets you hear through someone else's iPhone, even if they haven't answered your phone call. I tried placing a video call to my editor from my iPhone using Apple's FaceTime app.

Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up

Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up

The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call.

A major privacy flaw in Apple's FaceTime lets others listen in on you before you answer the call

A major privacy flaw in Apple's FaceTime lets others listen in on you before you answer the call

A major privacy flaw in Apple's FaceTime video chat product has been discovered allowing someone to secretly eavesdrop on another user before they answer the call.

Quality of Open Source Software: how many eyes are enough?

Quality of Open Source Software: how many eyes are enough?

A possible explanation might be expressed in what’s known as Linus’s Law : “many eyes make any bug shallow.” This ‘mantra’ of the Open Source community suggests that users should not worry about the quality of OSS if enough people look at the code.

Chrome Extension Manifest V3 could end uBlock Origin for Chrome

Chrome Extension Manifest V3 could end uBlock Origin for Chrome

Raymond Hill, known as Gorhill online, the author of the popular content blockers uBlock Origin and uMatrix, voiced his concern over some of the planned changes; these changes, if implemented as proposed currently, remove functionality that the extensions use for content blocking.

Twitter warns that private tweets were public for years

Twitter warns that private tweets were public for years

These are external links and will open in a new window These are external links and will open in a new window Image copyright Reuters Image caption Twitter said it did not know how many people had their private messages exposed Private tweets sent by users of Twitter's Android app could have been exposed publicly for years.

New WhatsApp bug may have been discovered, exposes message history in plain text

New WhatsApp bug may have been discovered, exposes message history in plain text

Well, it all started with a Tweet from an Amazon employee Abby Fuller today wherein they said after they popped in their new SIM into a new phone, and logged into WhatsApp, they could see the message history associated with the WhatsApp account of the previous owner of the number.

Can't unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass

Can't unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass

Bug-hunter Florian Kunushevci today told The Register the security flaw, which has been reported to Microsoft, allows the person in possession of someone's phone to receive a Skype call, answer it without unlocking the handset, and then view photos, look up contacts, send a message, and open the browser by tapping links in a sent message, all without ever unlocking the phone.

More