Daily Archives: July 8, 2019

More than 1,000 Android apps harvest data even after you deny permissions

Posted on by

Permissions on Android apps are intended to be gatekeepers for how much data your device gives up. If you don’t want a flashlight app to be able to read through your call logs, you should be able to deny that access. But even when you say no, many apps find a way around: Researchers discovered more than 1,000 apps that skirted restrictions, allowing them to gather precise geolocation data and phone identifiers behind your back.

[…]

Researchers from the International Computer Science Institute found up to 1,325 Android apps that were gathering data from devices even after people explicitly denied them permission. Serge Egelman, director of usable security and privacy research at the ICSI, presented the study in late June at the Federal Trade Commission’s PrivacyCon.

“Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it,” Egelman said at the conference. “If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless.”

[…]

Egelman said the researchers notified Google about these issues last September, as well as the FTC. Google said it would be addressing the issues in Android Q, which is expected to release this year.

The update will address the issue by hiding location information in photos from apps and requiring any apps that access Wi-Fi to also have permission for location data, according to Google.

[…]

Researchers found that Shutterfly, a photo-editing app, had been gathering GPS coordinates from photos and sending that data to its own servers, even when users declined to give the app permission to access location data.

[…]

Some apps were relying on other apps that were granted permission to look at personal data, piggybacking off their access to gather phone identifiers like your IMEI number. These apps would read through unprotected files on a device’s SD card and harvest data they didn’t have permission to access. So if you let other apps access personal data, and they stored it in a folder on the SD card, these spying apps would be able to take that information.

While there were only about 13 apps doing this, they were installed more than 17 million times, according to the researchers. This includes apps like Baidu’s Hong Kong Disneyland park app, researchers said.

Source: More than 1,000 Android apps harvest data even after you deny permissions – CNET

UK data regulator threatens British Airways with 747-sized fine for massive personal data blurt

Posted on by

The UK Information Commissioner’s Office has warned BA it faces a whopping £183.39m following the theft of million customer records from its website and mobile app servers.

The record-breaking fine – more or less the lower end of the price of one of the 747-400s in BA’s fleet – under European General Data Protection Regulation (GDPR), represents 1.5 per cent of BA’s world-wide revenue in 2017.

Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

The breach hit almost 500,000 people. The ICO statement reveals the breach is believed to have started in June 2018, previous statements from BA said it began in late August. The data watchdog described the attack as diverting user traffic from BA’s site to a fraudulent site.

ICO investigators found a variety of information was compromised including log-in details, card numbers, names, addresses and travel information.

Sophisticated card skimming group Magecart, which also hit Ticketmaster, was blamed for the data slurp. The group is believed to have exploited third party scripts, possibly modified JavaScript, running on BA’s site to gain access to the airline’s payment system.

Such scripts are often used to support marketing and data tracking functions or running external ads.

The Reg revealed that BA parent company IAG was in talks with staff to outsource cyber security to IBM just before the hack was carried out.

Source: UK data regulator threatens British Airways with 747-sized fine for massive personal data blurt • The Register

AMD Ryzen 7 3700X + Ryzen 9 3900X Offer Incredible Linux Performance – if you can get it to boot. Which newer distros seemingly can’t

Posted on by

On newer Linux distributions, there’s a hard regression either within the kernel but more likely some cross-kernel/user-space interaction issue leaving newer Linux distributions unbootable.

While Ubuntu 18.04 LTS and older Linux distributions boot Zen 2, to date I have not been able to successfully boot the likes of Ubuntu 19.04, Manjaro Linux, and Fedora Workstation 31. On all newer Linux distributions I’ve tried on two different systems built around the Ryzen 7 3700X and Ryzen 9 3900X, each time early in the boot process as soon as trying to start systemd services, all systemd services fail to start.

I’ve confirmed with AMD they do have an open issue surrounding “5.0.9” (the stock kernel of Ubuntu 19.04) but as of writing hadn’t shed any light into the issue. AMD has said their testing has been mostly focused on Ubuntu 18.04 given its LTS status. I’ve also confirmed the same behavior with some other Windows reviewers who occasionally dabble with Linux.

So unfortunately not being able to boot newer Linux distributions is a huge pain. I’ve spent days trying different BIOS versions/options, different kernel command line parameters, and other options to no avail. On some Linux distributions after roughly 20~30 minutes of waiting after all systemd services fail to start, sometimes there will be a kernel panic but that hadn’t occurred on all systems at least not within that time-frame.

Source: AMD Ryzen 7 3700X + Ryzen 9 3900X Offer Incredible Linux Performance But With A Big Caveat Review – Phoronix

Dynamic Wood Sculptures Carved to Look Like Pixelated Glitches

Posted on by

Taiwanese artist Hsu Tung Han, however, uses them for inspiration in his latest series of stunning wooden sculptures.

By carving delicate block-shaped details that separate from various parts of the sculpture, Han successfully creates the bizarre yet magnificently original illusion of pixelation in 3D form.

He applies this technique masterfully on his most recent finished product, which depicts a snorkeler underwater.

Here, the wooden ‘pixels’ seem to represent the water that surrounds and submerges the snorkeling man.

Han has been posting photos of his carved sculptures on Flickr since 2006, and has developed a unique niche for blending traditional styles of woodwork with modern artistic elements.

Source: Dynamic Wood Sculptures Carved to Look Like Pixelated Glitches – Stay Wild Moon Child

Posted in Art