The Linkielist

Linking ideas with the world

Moscow’s blockchain voting system cracked a month before election, will be fixed due to responsible disclosure, open source and bug bounties

A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election. Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system’s Read more about Moscow’s blockchain voting system cracked a month before election, will be fixed due to responsible disclosure, open source and bug bounties[…]

Google, Apple, Mozilla end Kazakhstan internet by blocking root CA

On Wednesday, Google, Apple, and Mozilla said their web browsers will block the Kazakhstan root Certificate Authority (CA) certificate – following reports that ISPs in the country have required customers to install a government-issued certificate that enables online spying. According to the University of Michigan’s Censored Planet project, the country’s snoops “recently began using a Read more about Google, Apple, Mozilla end Kazakhstan internet by blocking root CA[…]

Bug-hunter finds local privilege escalation in Steam. Valve refuses to acknowledge and so he’s dropped it on the internet.

The way Kravets tells is (Valve did not respond to a request for comment), the whole saga started earlier this month when he went to report a separate elevation of privilege flaw in Steam Client, the software gamers use to purchase and run games from the games service. Valve declined to recognize and pay out Read more about Bug-hunter finds local privilege escalation in Steam. Valve refuses to acknowledge and so he’s dropped it on the internet.[…]

Google Play Publisher account gets terminated – but Google won’t tell you why

Developer Patrick Godeau has claimed his business is under threat after his Google Play Publisher account was terminated without a specific reason given. Godeau, from France, provides apps for iOS and Android via his company Tokata. It is a small business but Godeau said in his complaint that he has achieved “millions of downloads”, most Read more about Google Play Publisher account gets terminated – but Google won’t tell you why[…]

States to launch antitrust investigation into big tech companies, reports say

The state attorneys in more than a dozen states are preparing to begin an antitrust investigation of the tech giants, The Wall Street Journal and The New York Times reported Monday, putting the spotlight on an industry that is already facing federal scrutiny. The bipartisan group of attorneys from as many as 20 states is expected Read more about States to launch antitrust investigation into big tech companies, reports say[…]

If for some reason you want an Apple Card here’s How to Easily Opt Out of Binding Arbitration

You’ll spot binding arbitration clauses in a lot of financial agreements because it helps keep banks and their business partners out of court. If you agree to binding arbitration, you can’t go to trial against a company or join a class-action lawsuit; you can only have your issue settled by a third-party mediator. If you Read more about If for some reason you want an Apple Card here’s How to Easily Opt Out of Binding Arbitration[…]

Man sued for using bogus YouTube takedowns to get address for swatting – so copyright is not only inane, it’s also physically dangerous

YouTube is suing a Nebraska man the company says has blatantly abused its copyright takedown process. The Digital Millennium Copyright Act offers online platforms like YouTube legal protections if they promptly take down content flagged by copyright holders. However, this process can be abused—and boy did defendant Christopher L. Brady abuse it, according to YouTube’s legal Read more about Man sued for using bogus YouTube takedowns to get address for swatting – so copyright is not only inane, it’s also physically dangerous[…]

Data Breach in Adult Site Luscious Compromises Privacy of All Users

Luscious is a niche pornographic image site focused primarily on animated, user-uploaded content. Based on the research carried out by our team, the site has over 1 million registered users. Each user has a profile, the details of which could be accessed through our research. Private profiles allow users to upload, share, comment on, and Read more about Data Breach in Adult Site Luscious Compromises Privacy of All Users[…]

facial recognition ‘epidemic’ across UK private sites in conjunction with the police

Facial recognition is being extensively deployed on privately owned sites across the UK, according to an investigation by civil liberties group Big Brother Watch. It found an “epidemic” of the controversial technology across major property developers, shopping centres, museums, conference centres and casinos in the UK. The investigation uncovered live facial recognition in Sheffield’s major Read more about facial recognition ‘epidemic’ across UK private sites in conjunction with the police[…]

YouTube shuts down music companies’ use of manual copyright claims to steal creator revenue, troll block videos

Going forward, copyright owners will no longer be able to monetize creator videos with very short or unintentional uses of music via YouTube’s “Manual Claiming” tool. Instead, they can choose to prevent the other party from monetizing the video or they can block the content. However, YouTube expects that by removing the option to monetize Read more about YouTube shuts down music companies’ use of manual copyright claims to steal creator revenue, troll block videos[…]

UPS Has Been Delivering Cargo in Self-Driving Trucks for Months (with 2 people on board)

The self-driving freight truck startup TuSimple has been carrying mail across the state of Arizona for several weeks. UPS announced on Thursday that its venture capital arm has made a minority investment in TuSimple. The announcement also revealed that since May TuSimple autonomous trucks have been hauling UPS loads on a 115-mile route between Phoenix Read more about UPS Has Been Delivering Cargo in Self-Driving Trucks for Months (with 2 people on board)[…]

Researchers build a heat shield just 10 atoms thick to protect electronic devices

Excess heat given off by smartphones, laptops and other electronic devices can be annoying, but beyond that it contributes to malfunctions and, in extreme cases, can even cause lithium batteries to explode. To guard against such ills, engineers often insert glass, plastic or even layers of air as insulation to prevent heat-generating components like microprocessors Read more about Researchers build a heat shield just 10 atoms thick to protect electronic devices[…]

Google’s AI can be manipulated into “accidentally” deactivating targetted user accounts

Jordan B. Peterson had his gmail account deactivated and I had the opportunity to inspect the bug report as a full-time employee. What I found was that Google had a technical vulnerability that, when exploited, would take any gmail account down. Certain unknown 3rd party actors are aware of this secret vulnerability and exploit it. Read more about Google’s AI can be manipulated into “accidentally” deactivating targetted user accounts[…]

Google “open sources” LiveTranscribe – except not really: only gives away android coding examples to connect to Google’s cloud speech products

Live Transcribe is an Android application that provides real-time captioning for people who are deaf or hard of hearing. This repository contains the Android client libraries for communicating with Google’s Cloud Speech API that are used in Live Transcribe. […] The libraries provided are nearly identical to those running in the production application Live Transcribe. Read more about Google “open sources” LiveTranscribe – except not really: only gives away android coding examples to connect to Google’s cloud speech products[…]

Google  Neural net can spot breast, prostate tumors through microscope

Google Health’s so-called augmented-reality microscope has proven surprisingly accurate at detecting and diagnosing cancerous tumors in real time. The device is essentially a standard microscope decked out with two extra components: a camera, and a computer running AI software with an Nvidia Titan Xp GPU to accelerate the number crunching. The camera continuously snaps images Read more about Google  Neural net can spot breast, prostate tumors through microscope[…]

Scientists Say They’ve Found a New Organ in Skin That Processes Pain

Typically, it’s thought that we perceive harmful sensations on our skin entirely through the very sensitive endings of certain nerve cells. These nerve cells aren’t coated by a protective layer of myelin, as other types are. Nerve cells are kept alive by and connected to other cells called glia; outside of the central nervous system, Read more about Scientists Say They’ve Found a New Organ in Skin That Processes Pain[…]

Cut off your fingers: Data Breach in Biometric Security Platform Affecting Millions of Users over thousands of countries – yes unencrypted and yes, editable

Led by internet privacy researchers Noam Rotem and Ran Locar, vpnMentor’s team recently discovered a huge data breach in security platform BioStar 2.   BioStar 2 is a web-based biometric security smart lock platform. A centralized application, it allows admins to control access to secure areas of facilities, manage user permissions, integrate with 3rd party security Read more about Cut off your fingers: Data Breach in Biometric Security Platform Affecting Millions of Users over thousands of countries – yes unencrypted and yes, editable[…]

Also Facebook Admits Yes, It Was Listening To Your Private Conversations via Messenger

Facebook outsourced contractors to listen in on your audio messenger chats and transcribe them, a new report reveals. Bloomberg reports that the contractors were not told why they were listening in or why they were transcribing them. Facebook confirmed the reports but said they are no longer transcribing audio. “Much like Apple and Google, we Read more about Also Facebook Admits Yes, It Was Listening To Your Private Conversations via Messenger[…]

Ring Promised Swag to Users Who Narc on Their Neighbors

On top of turning their doorbell video feeds into a police surveillance network, Amazon’s home security subsidiary, Ring, also once tried to entice people with swag bags to snitch on their neighbors, Motherboard reported Friday. The instructions are purportedly all laid out in a 2017 company presentation the publication obtained. Entitled “Digital Neighborhood Watch,” the Read more about Ring Promised Swag to Users Who Narc on Their Neighbors[…]

Researchers accurately measure blood pressure using phone camera

A study led by University of Toronto researchers, published today in the American Heart Association journal Circulation: Cardiovascular Imaging, found that blood pressure can be measured accurately by taking a quick video selfie. Kang Lee, a professor of applied psychology and human development at the Ontario Institute for Studies in Education and Canada Research Chair in Read more about Researchers accurately measure blood pressure using phone camera[…]

Talk about unintended consequences: GDPR is an identity thief’s dream ticket to Europeans’ data

In a presentation at the Black Hat security conference in Las Vegas James Pavur, a PhD student at Oxford University who usually specialises in satellite hacking, explained how he was able to game the GDPR system to get all kinds of useful information on his fiancée, including credit card and social security numbers, passwords, and Read more about Talk about unintended consequences: GDPR is an identity thief’s dream ticket to Europeans’ data[…]

Researchers Bypass Apple FaceID Using glasses to fool liveness detection

Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim’s FaceID and log into their phone simply by putting a pair of modified glasses on their face. By merely placing tape carefully over the lenses of a pair glasses and placing them on the victim’s face the researchers Read more about Researchers Bypass Apple FaceID Using glasses to fool liveness detection[…]