Daily Archives: September 19, 2019

Smart TVs, smart-home devices found to be leaking sensitive user data to all kinds of companies

Posted on by

Smart-home devices, such as televisions and streaming boxes, are collecting reams of data — including sensitive information such as device locations — that is then being sent to third parties like advertisers and major tech companies, researchers said Tuesday.

As the findings show, even as privacy concerns have become a part of the discussion around consumer technology, new devices are adding to the hidden and often convoluted industry around data collection and monetization.

A team of researchers from Northeastern University and the Imperial College of London found that a variety of internet-connected devices collected and distributed data to outside companies, including smart TV and TV streaming devices from Roku and Amazon — even if a consumer did not interact with those companies.

“Nearly all TV devices in our testbeds contacts Netflix even though we never configured any TV with a Netflix account,” the Northeastern and Imperial College researchers wrote.

The researchers tested a total of 81 devices in the U.S. and U.K. in an effort to gain a broad idea of how much data is collected by smart-home devices, and where that data goes.

The research was first reported by The Financial Times.

The researchers found data sent to a variety of companies, some known to consumers including Google, Facebook and Amazon, as well as companies that operate out of the public eye such as Mixpanel.com, a company that tracks users to help companies improve their products.

Source: Smart TVs, smart-home devices found to be leaking sensitive user data, researchers find

A Moon Space Elevator Is Actually Feasible and Inexpensive: Study

Posted on by

In a paper published on the online research archive arXiv in August, Columbia astronomy students Zephyr Penoyre and Emily Sandford proposed the idea of a “lunar space elevator,” which is exactly what it sounds like—a very long elevator connecting the moon and our planet.

The concept of a moon elevator isn’t new. In the 1970s, similar ideas were floated in science fiction (Arthur C. Clarke’s The Fountains of Paradise, for example) and by academics like Jerome Pearson and Yuri Artsutanov.

But the Columbia study differs from previous proposal in an important way: instead of building the elevator from the Earth’s surface (which is impossible with today’s technology), it would be anchored on the moon and stretch some 200,000 miles toward Earth until hitting the geostationary orbit height (about 22,236 miles above sea level), at which objects move around Earth in lockstep with the planet’s own rotation.

Dangling the space elevator at this height would eliminate the need to place a large counterweight near Earth’s orbit to balance out the planet’s massive gravitational pull if the elevator were to be built from ground up. This method would also prevent any relative motion between Earth’s surface and space below the geostationary orbit area from bending or twisting the elevator.

These won’t be problems for the moon because the lunar gravitational pull is significantly smaller and the moon’s orbit is tidally locked, meaning that the moon keeps the same face turned toward Earth during its orbit, therefore no relative motion of the anchor point.

After doing the math, the researchers estimated that the simplest version of the lunar elevator would be a cable thinner than a pencil and weigh about 88,000 pounds, which is within the payload capacity of the next-generation NASA or SpaceX rocket.

The whole project may cost a few billion dollars, which is “within the whim of one particularly motivated billionaire,” said Penoyre.

Future moon travelers will still have to ride a rocket, though, to fly up to the elevator’s dangling point, and then transfer to a robotic vehicle, which would climb up the cable all the way up to the moon.

Source: A Moon Space Elevator Is Actually Feasible and Inexpensive: Study | Observer

Scotiabank slammed for ‘muppet-grade security’ after internal source code and credentials spill onto open internet

Posted on by

Scotiabank leaked online a trove of its internal source code, as well as some of its private login keys to backend systems, The Register can reveal.

Over the past 24 hours, the Canadian financial giant has torn down GitHub repositories, inadvertently left open to the public, that contained this sensitive information, after The Register raised the alarm. These repositories featured, among other things, software blueprints and access keys for a foreign exchange rate system, mobile application code, and login credentials for services and database instances: a potential gold mine of vulnerabilities for criminals and hackers to exploit.

We were tipped off to the security blunder by Jason Coulls, an IT pro based in the Great White North, who discovered the data sitting out in the open, some of which was exposed for months, we’re told. As well as Scotiabank, GitHub, and payment and card processors integrated with the bank, were also alerted prior to publication.

[…]

According to Coulls, this latest gaffe isn’t the first time Scotiabank has spilled its internal secrets online.

“In my experience, this muppet-grade security is perfectly normal for Scotiabank, as they usually leak information once every three weeks on average,” Coulls mused.

“Scotiabank had [IBM] AS/400 and DB2 instances where the credentials and connection information is public. They regularly leak source code for everything, from customer-facing mobile apps to server-side REST APIs. They also leak customer data. If they ever claimed that security is a top priority, I would dread to see how they handle low priority things.”

Source: Scotiabank slammed for ‘muppet-grade security’ after internal source code and credentials spill onto open internet • The Register