Apple lets some Big Sur network traffic bypass firewalls

Apple lets some Big Sur network traffic bypass firewalls

He set Lulu and Little Snitch to block all outgoing traffic on a Mac running Big Sur and then ran a small programming script that had exploit code interact with one of the apps that Apple exempted.

MacOS Big Sur(veillance) bypasses Firewall/VPN to tell Apple what programs you run on your computer

MacOS Big Sur(veillance) bypasses Firewall/VPN to tell Apple what programs you run on your computer

Namely, the Apple App store and 50 other Apple apps are allowed to bypass user based internet routing rules which means Apple could know your real IP address even when you try to get behind a VPN on MacOS Big Sur. Additionally, this type of exemption can be exploited by malware.

Does Apple really log every app you run? A technical look

Does Apple really log every app you run? A technical look

macOS uses OCSP to make sure that the developer certificate hasn’t been revoked before an app is launched.As Jeff Johnson explains in his tweet above, if macOS cannot reach Apple’s OCSP responder it skips the check and launches the app anyway - it is basically a fail-open behaviour.

Apple's T2 Security Chip Has an Unfixable Flaw

Apple's T2 Security Chip Has an Unfixable Flaw

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access.

Andrew Yang takes lead in California data privacy measure

Andrew Yang takes lead in California data privacy measure

SAN FRANCISCO (AP) — The Fitbits on our wrists collect our health and fitness data; Apple promises privacy but lots of iPhone apps can still share our personal information; and who really knows what they’re agreeing to when a website asks, “Do You Accept All Cookies?” Most people just click “OK” and hope for the best, says former Democratic presidential candidate Andrew Yang.

USBGuard · InfoSec Handbook – information security blog

USBGuard · InfoSec Handbook – information security blog

By default, USBGuard allows all USB devices that are currently connected to your machine.In your terminal, enter usbguard list-devices to see all USB devices that are connected to the system.If you connect another USB device to the machine, USBGuard blocks it by default.

The fight over the fight for California’s privacy future

The fight over the fight for California’s privacy future

“The CCPA was a lot weaker than the [original] initiative, but at the same time it was, and still is, the strongest consumer privacy law in the nation,” she says.

Five iOS 14 and iPadOS 14 security and privacy features you need to know about

Five iOS 14 and iPadOS 14 security and privacy features you need to know about

Also, if you access Control Center, there's a notice at the top showing you recent apps that have accessed the camera or microphone.Apps requesting local network access.Another thing that you'll see after installing iOS 14/iPadOS 14 is apps requesting local network access.

Person of Interest

Person of Interest

Finch discovered that the machine sees everything, potential terrorist acts and violent crimes that involve ordinary people.Partnered with John Reese, an ex-CIA agent, the two work in secret to prevent violent crimes before they can happen.

Facebook to take board seat at Linux Foundation after signing as Platinum member

Facebook to take board seat at Linux Foundation after signing as Platinum member

As part of its membership, that the company's head of open source, Kathy Kam, will have a seat on the Foundation's board.In a blog post announcing the membership, the Linux Foundation commended a number of Facebook projects that "leverage open source to unlock the potential of open innovation".

TikTok reportedly violated Google's data collection policies by tracking the individual identifiers of Android users' smartphones

TikTok reportedly violated Google's data collection policies by tracking the individual identifiers of Android users' smartphones

Google and Apple have both banned apps from collecting MAC addresses, but researchers told The Wall Street Journal that TikTok did so until November last year by exploiting a bug.

Now-fixed exploit used Microsoft Office macros to hack macOS

Now-fixed exploit used Microsoft Office macros to hack macOS

A now-fixed exploit in the macOS version of Microsoft Office may have allowed attackers to hack a Mac user just by getting them to open a document.

US drugstore chain installed anti-shoplifter facial-recognition cameras in 200 locations – for eight years

US drugstore chain installed anti-shoplifter facial-recognition cameras in 200 locations – for eight years

Paragraphs and sentences spat out by text-generation models like OpenAI’s GPT-3 are more pervasive and difficult to detect compared to other forms of content manipulated by AI algorithms, an expert warned.

Fawkes

Fawkes

The difference, however, is that if and when someone tries to use these photos to build a facial recognition model, "cloaked" images will teach the model an highly distorted version of what makes you look like you.

How Much is Your Online Privacy Worth? - About $3.50 According to a New Study - We’re Worth Far More Than That.

How Much is Your Online Privacy Worth? - About $3.50 According to a New Study - We’re Worth Far More Than That.

In an age where your personal data is being shared with far more companies than you can imagine, the folks at Tech Policy Institute decided to take a poll.Across all of the activities covered, Americans would only demand about $3.50/month on average to have each individual piece of personal data shared.

Norway to halt COVID-19 track and trace app on data protection concerns

Norway to halt COVID-19 track and trace app on data protection concerns

OSLO (Reuters) - Norway will halt its COVID-19 track and trace app and delete all data collected so far after criticism from the Norwegian Data Protection Authority, the Norwegian Institute of Public Health (NIPH) said on Monday.

We don’t track you. Nothing, zero, zilch.

We don’t track you. Nothing, zero, zilch.

Apps often monitor users, create profiles, and sell data to advertisers for profit.For a while we’ve been relying on a unique user counting request stored on your computer.So, we’ve baked a tracker blocker right into the browser.

Coronavirus Concerns: More People Working from Home Means More Employer Tracking

Coronavirus Concerns: More People Working from Home Means More Employer Tracking

On Employer-provided assets, such as laptops, desktops, servers, etc, I’m 100% fine withinstalling NARCwarez.Now, if/when your boss requests you install their NARCware, install it in your newly converted virtual machine.

Mozilla installs Scheduled Telemetry Task on Windows with Firefox 75

Mozilla installs Scheduled Telemetry Task on Windows with Firefox 75

Mozilla installs Scheduled Telemetry Task on Windows with Firefox 75.Observant Firefox users on Windows who have updated the web browser to Firefox 75 may have noticed that the upgrade brought along with it a new scheduled tasks.

TSA Sued for Asking Child to Remove Pants to “Feel” Her Genitals

TSA Sued for Asking Child to Remove Pants to “Feel” Her Genitals

The reason is that Jamii is transgender — she was born male and now lives as a young woman — and the TSA screener operating a body scanner must press a “Male” or “Female” button for each passenger.

American schools enter the age of the electronic self-contained automated protective environment (ESCAPE)

American schools enter the age of the electronic self-contained automated protective environment (ESCAPE)

Evolv Technology, the company behind South Carolina schools' new weapons screening and threat protection system, was co-founded in 2013 by Mike Ellenbogen, a physicist and entrepreneur with a long career helping to shape the explosives detection industry.

Feds probing how personal Medicare info gets to marketers

Feds probing how personal Medicare info gets to marketers

A government watchdog tells The Associated Press it will launch a nationwide audit that may shed light on how seniors’ personal Medicare information is getting to telemarketers, raising concerns about fraud and waste.

Firefox gets patch for critical 0-day that’s being actively exploited

Firefox gets patch for critical 0-day that’s being actively exploited

Mozilla has released a new version of Firefox that fixes an actively exploited zero-day that could allow attackers to take control of users' computers.In an advisory, Mozilla rated the vulnerability critical and said it was "aware of targeted attacks in the wild abusing this flaw."

Privacy for Sale: How to Target Cancer Sufferers with Facebook Ads for $99 a Month

Privacy for Sale: How to Target Cancer Sufferers with Facebook Ads for $99 a Month

One lesser-known option is the ability to target people who are members of specific groups, or who like specific Facebook pages.LeadEnforce offers advertisers the ability to pick specific Facebook groups or pages whose fans they want to target.

FAA proposes nationwide real-time tracking system for all drones

FAA proposes nationwide real-time tracking system for all drones

The Federal Aviation Administration (FAA) is looking to launch a nationwide system to track drones in the sky in real-time, as well as connected pilot IDs. The proposed tracking network, unveiled in a draft document released by the FAA this week, would cover everything from small consumer drones to larger unmanned aerial systems (UAS) operated for commercial purposes, Bloomberg reported on Thursday.

Are.na Blog  -  Reimagining Privacy Online Through A Spectrum of Intimacy

Are.na Blog - Reimagining Privacy Online Through A Spectrum of Intimacy

This essay uses physical structures as metaphors to describe the spectrum of privacy and intimacy in digital spaces, and it explores how users’ thoughts and conversations play out in communication apps and social networks.

Google reveals ‘Project Nightingale’ after being accused of secretly gathering personal health records

Google reveals ‘Project Nightingale’ after being accused of secretly gathering personal health records

The Wall Street Journal’s Rob Copeland wrote that the data amassed in the program includes “lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, complete with patient names and dates of birth,” and that as many as 150 Google employees may have had access to the data.

Opinion: 50 years ago, I helped invent the internet. How did it go so wrong?

Opinion: 50 years ago, I helped invent the internet. How did it go so wrong?

Later that decade, the Advanced Research Projects Agency — a research funding arm of the Department of Defense created in response to Sputnik — determined they needed a network based on my theory so that their computer research centers could share work remotely.

How to remove location data from photos you share

How to remove location data from photos you share

Unlike on the Mac, where there’s a setting to remove location data from any photos you share, on iOS you must do it manually.The simplest way to avoid sending your location data in an iMessage is to use the Messages app to take the photo.

Malware That Spits Cash Out of ATMs Has Spread World Wide

Malware That Spits Cash Out of ATMs Has Spread World Wide

“In general, we do not comment on dedicated, single cases,” Bernd Redecker, director of corporate security and fraud management at Diebold Nixdorf, said in a phone call.So far across the different states of Germany, 82 cases of ATM cash out is recorded.