All of the current versions of Docker have a vulnerability that can allow an attacker to get read-write access to any path on the host server. The weakness is the result of a race condition in the Docker software and while there’s a fix in the works, it has not yet been integrated. The bug Read more about Docker Bug Allows Root Access to Host File System[…]
In a series of emails seen by ZDNet that the company sent out to impacted users, Flipboard said hackers gained access to databases the company was using to store customer information. Most passwords are secure Flipboard said these databases stored information such as Flipboard usernames, hashed and uniquely salted passwords, and in some cases, emails Read more about Flipboard hacked and open for 9 months – fortunately passwords properly salted and encrypted so not much damage[…]
Physicists have confirmed predictions of Stephen Hawking’s namesake theory of black holes using a black hole they constructed in their lab, according to a new paper. This black hole isn’t like the black holes out in space, where gravity creates a region of spacetime so warped that light can’t escape. Instead, the researchers built a Read more about Laboratory Black Hole Shows Stephen Hawking Was Right, – wait they make black holes in labs now?![…]
Apple has been hit with a class-action complaint in the US accusing the iGiant of playing fast and loose with the privacy of its customers. The lawsuit [PDF], filed this month in a northern California federal district court, claims the Cupertino music giant gathers data from iTunes – including people’s music purchase history and personal Read more about Apple’s privacy schtick is just an act, say folks suing the iGiant: iTunes ‘purchase histories sold’ to highest bidders[…]
On May 25th I discovered a non password protected Elastic database that was clearly associated with dating apps based on the names of the folders. The IP address is located on a US server and a majority of the users appear to be Americans based on their user IP and geolocations. I also noticed Chinese Read more about Mysterious Chinese Dating Apps Targeting US Customers Expose 42.5 Million Records Online[…]
A newly revealed patent application filed by Amazon is raising privacy concerns over an envisaged upgrade to the company’s smart speaker systems. This change would mean that, by default, the devices end up listening to and recording everything you say in their presence. Alexa, Amazon’s virtual assistant system that runs on the company’s Echo series Read more about Newly Released Amazon Patent Shows Just How Much Creepier Alexa Can Get[…]
Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand. According to Der Spiegel this month, the Euro nation’s Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, Read more about Germany thinks about resurrecting the Stasi, getting rid of end-to-end chat app encryption and requiring decrypted plain-text.[…]
Microsoft started testing a new Microsoft Edge browser based on Chromium a little while ago. The company has been releasing new canary and dev builds for the browser over the last few weeks, and the preview is actually really great. In fact, I have been using the new Microsoft Edge Canary on my main Windows Read more about Google Now Forces Microsoft Edge Preview Users to Use Chrome for the Modern YouTube Experience – a bit like they fuck around with Firefox[…]
The first batch of satellites were launched from Cape Canaveral, Florida, and deployed to orbit by a Falcon 9 rocket on May 23. Each contains a single solar array, which both captures and bounces sunlight off the satellites and, as a result, can sometimes be seen from Earth. On May 25, as the drifting luminescent Read more about SpaceX Starlink satellites dazzle but pose big questions for astronomers – Musk thought things out well again, not.[…]
The ZenBook Pro Duo has not one, but two 4K screens. (At least if you’re counting horizontal pixels.) There’s a 15-inch 16:9 OLED panel where you’d normally find the display on a laptop, then a 32:9 IPS “ScreenPad Plus” screen directly above the keyboard that’s the same width and half the height. It’s as if Read more about The Asus ZenBook Pro Duo laptop with two 4K screens – for some reason people are comparing to Apples touch bar, but has nothing to do with that.[…]
Bose Corp spies on its wireless headphone customers by using an app that tracks the music, podcasts and other audio they listen to, and violates their privacy rights by selling the information without permission, a lawsuit charged. The complaint filed on Tuesday by Kyle Zak in federal court in Chicago seeks an injunction to stop Read more about Bose headphones spy on listeners, sell that information on without consent or knowledge: lawsuit[…]
The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction Read more about First American Financial Corp. Leaked 885 Million Title Insurance Records[…]
Engineers and researchers from Samsung’s AI Center in Moscow and Skolkovo Institute of Science and Technology have created a model that can generate realistic animated talking heads from images without relying on traditional methods, like 3D modeling. […] “Effectively, the learned model serves as a realistic avatar of a person,” said engineer Egor Zakharov in Read more about Samsung’s AI animates paintings and photos without 3D modeling[…]
Billions of years ago when the world was still young, treasure began forming deep underground. As the edges of Earth’s tectonic plates plunged down into the upper mantle, bits of carbon, some likely hailing from long-dead life forms were melted and compressed into rigid lattices. Over millions of years, those lattices grew into the most Read more about Beyond the Hype of Lab-Grown Diamonds[…]
Google admitted Tuesday its paid-for G Suite of cloudy apps aimed at businesses stored some user passwords in plaintext albeit in an encrypted form. Administrators of accounts affected by the security blunder were warned via email that, in certain circumstances, passwords had not been hashed. Hashing is a standard industry practice that protects credentials by Read more about G Suite passwords stored unhashed creds since 2005, and other passwords in plain text for 14 days for troubleshooting[…]
A new device fingerprinting technique can track Android and iOS devices across the Internet by using factory-set sensor calibration details that any app or website can obtain without special permissions. This new technique — called a calibration fingerprinting attack, or SensorID — works by using calibration details from gyroscope and magnetometer sensors on iOS; and Read more about Android and iOS devices impacted by new sensor calibration attack – it’s easy to follow your device everywhere online[…]
This week the world’s first and only digital circuit breaker was certified for commercial use. The technology, invented by Atom Power, has been listed by Underwriters Laboratories (UL), the global standard for consumer safety. This new breaker makes power easier to manage and 3000 times faster than the fastest mechanical breaker, marking the most radical Read more about How the World’s First Digital Circuit Breaker Could Completely Change Our Powered World[…]
Using data provided by BinaryEdge, our scans have found 25,617 Linksys Smart Wi-Fi routers are currently leaking sensitive information to the public internet, including: MAC address of every device that’s ever connected to it (full historical record, not just active devices) Device name (such as “TROY-PC” or “Mat’s MacBook Pro”) Operating system (such as “Windows Read more about Over 25,000 Linksys Smart Wi-Fi routers kept info on who connected to them and are now leaking this[…]
A confidential Facebook document reviewed by The Intercept shows that the social network courts carriers, along with phone makers — some 100 different companies in 50 countries — by offering the use of even more surveillance data, pulled straight from your smartphone by Facebook itself. Offered to select Facebook partners, the data includes not just Read more about Phone makers and carriers receive your location data, friends and more that Facebook pulls from your phone[…]
A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by Read more about Millions of Instagram influencers had their private contact data scraped and exposed on AWS[…]
During RTB, personal data such as what you read online, what you watch, your location, your sexual orientation, etc is sent to a whole slew of advertisers so they can select you as an object to show their adverts do. This, together with other profiling information sent, can be used to build up a long Read more about Bits of Freedom cries to halt the shocking personal data sent out to everyone using Real Time Bidding advertising[…]
Google tracks a lot of what you buy, even if you purchased it elsewhere, like in a store or from Amazon. Last week, CEO Sundar Pichai wrote a New York Times op-ed that said “privacy cannot be a luxury good.” But behind the scenes, Google is still collecting a lot of personal information from the Read more about Google Gmail tracks purchase history through gmail, puts them on https://myaccount.google.com/purchases[…]
With about $600 and a few tools, hackers could fake the radio signals used by commercial airplanes to navigate and land safely, according to new research. In a paper and demonstration from researchers at Northeastern University in Boston, a software defined radio — a non-traditional radio that uses software instead of hardware for many components Read more about Radio signals used for ILS plane landings can easily be spoofed using tools amounting to just $600[…]
Just 376 people hold a third of all Ether, the cryptocurrency that powers the Ethereum blockchain, according to new research by Chainalysis Inc. Large holders are known in the crypto market as “whales,” which Chainalysis defines as individuals who hold their assets in digital wallets and not on an exchange, Kim Grauer, a senior economist Read more about One-Third of Ether Held by 376 People – Bloomberg[…]
ASUS’ update mechanism has once again been abused to install malware that backdoors PCs, researchers from Eset reported earlier this week. The researchers, who continue to investigate the incident, said they believe the attacks are the result of router-level man-in-the-middle attacks that exploit insecure HTTP connections between end users and ASUS servers, along with incomplete Read more about Hackers abuse ASUS cloud service to install backdoor on users’ PCs – again[…]