Daily Archives: February 19, 2021

Why You Should Switch From LastPass to Bitward’s Password Manager

Posted on by

Whether you’re looking to make a change in your password management just because, or you’re a LastPass user annoyed with the service’s recent changes to its free tier, switching to the much-loved (and free) Bitwarden service is a good choice. Bitwarden is now the best free password manager for most people—since it works across all of your devices to add convenience and security to your logins—and setting it up is quick and easy.

To get started, head to Bitwarden’s site and create an account. It’s free to do, and all you need to worry about is giving yourself a solid master password. Make it a good one, and one that you don’t use anywhere else, because it’ll be one of the gatekeepers for all of your other passwords that you’ll store on the service. Once you’ve created your account and logged in, make sure you verify your email address using the option in the upper-right corner.

[…]

Source: Why You Should Switch From LastPass to Bitward’s Password Manager

Aussie shakedown: Facebook ‘Endangered Public Safety’ by Blocking News During Pandemic According to Australia- after forcing FB to pay for news on the site

Posted on by

Facebook has endangered public safety by blocking news on the platform in Australia during the covid-19 pandemic, according to Australia’s Treasurer Josh Frydenberg a high-ranking official in the country’s ruling Liberal Party.

Frydenberg appeared on the local TV program “Today,” on Friday morning, Australia time, and insisted the government was not going to tolerate Facebook’s “unnecessary” and “wrong” attempts to bully Australia into submission.

“He endangered public safety,” Frydenberg said of Facebook CEO Mark Zuckerberg. “In the middle of a pandemic, people weren’t able to get access to information about the vaccines.”

Facebook started blocking all news content for Australian users on Thursday in retaliation for the government’s plan to implement a new law that would force large tech companies to pay news publishers for linking to their content. Google previously threatened to block all searches in Australia over the law but has since signed agreements with several large Australian publishers.

[…]

Source: Facebook ‘Endangered Public Safety’ by Blocking News During Pandemic According to Australia

Australia facepalms as Facebook blocks bookstores, sport, health services instead of just news

Posted on by

Facebook is being flayed in Australia after its ban on sharing of links to news publications caught plenty of websites that have nothing to do with news.

The Social Network™ announced its ban with a blog post and the sudden erasure of all posts on certain Facebook pages.

Links to news outlets big and small (including The Register) are currently impossible to post to Facebook from within Australia. Australian Facebook users don’t see news links posted from outside the nation.

Which is as Facebook intended to show its displeasure with Australia’s News Media Bargaining Code, a newly legislated scheme that forces Facebook to negotiate payments with local news publishers for the privilege of linking to their content.

But when Facebook implemented its ban, an online bookstore, charities, and even a domestic violence support service saw their Facebook presences erased. Australia’s national Basketball and Rugby bodies also saw their pages sent to the sin bin.

Facebook’s actions to unfriend Australia today … were arrogant and disappointing

Facebook said that the breadth of its blocks is regrettable, but as Australia’s law “does not provide clear guidance on the definition of news content, we have taken a broad definition in order to respect the law as drafted.”

This leaves Facebook in the interesting position of telling advertisers it offers superior micro-targeting services, while telling the world it is unable to tell the difference between a newspaper and a bookshop.

Australia’s Prime Minister Scott Morrison used Facebook to say “Facebook’s actions to unfriend Australia today, cutting off essential information services on health and emergency services, were as arrogant as they were disappointing.”

While Australia facepalms at Facebook’s clumsiness, publishers and politicians around the world have expressed dismay that Facebook has banned news and, by doing so, again demonstrated its ability to shape public discourse.

That Facebook’s contribution to public conversations has so often been to infuse them with misinformation, then promise to do better by ensuring that higher-quality content such as public interest journalism becomes more prominent, has not gone unnoticed.

[…]

Source: Australia facepalms as Facebook blocks bookstores, sport, health services instead of just news • The Register

So a country tells FB to pay for news or not show it and is then suprised that stuff starts dissappearing from FB?

And to complete the shakedown by the Aussie government, read: Facebook ‘Endangered Public Safety’ by Blocking News During Pandemic According to Australia

Uber Drivers Entitled to Paid Vacation and Minimum Wage According to UK Supreme Court

Posted on by

Uber drivers in the UK should be classified as workers and entitled to both paid vacation time and the minimum wage, according to a ruling Friday by Britain’s Supreme Court. But Uber’s London office is already disputing the scope and relevance of the ruling for its British drivers, insisting that its own rules have changed dramatically since the case was first brought by 25 drivers in 2016.

The UK Supreme Court ruling notes five reasons that Uber drivers should be classified as workers rather than independent entrepreneurs. First, the court pointed out that Uber drivers have no say in the amount charged for each ride—a number set by Uber. If Uber sets the price, how are they not the driver’s real employer?

Second, Uber sets the contract terms between riders and drivers through their app. Third, Uber constrains all drivers in their ability to accept and decline rides at will. Drivers are penalized if they decline too many rides, another point of fact that would make it pretty obvious Uber is an employer who’s holding all the cards in the employment relationship.

Fourth, Uber penalizes or bans drivers who don’t maintain a sufficiently high rating, another act more consistent with an employer-employee relationship. And lastly, Uber restricts the amount of communication between drivers and riders, something that wouldn’t be normalized if Uber drivers were really just working for themselves.

From the UK Supreme Court’s press release on Friday’s ruling:

Taking these factors together, the transportation service performed by drivers and offered to passengers through the Uber app is very tightly defined and controlled by Uber. Drivers are in a position of subordination and dependency in relation to Uber such that they have little or no ability to improve their economic position through professional or entrepreneurial skill. In practice the only way in which they can increase their earnings is by working longer hours while constantly meeting Uber’s measures of performance. The Supreme Court considers that comparisons made by Uber with digital platforms which act as booking agents for hotels and other accommodation and with minicab drivers do not advance its case. The drivers were rightly found to be “workers.”

[…]

Source: Uber Drivers Entitled to Paid Vacation and Minimum Wage According to UK Supreme Court

The Apparent Hackers Behind Kia’s Ransomware Attack Are Demanding Millions in Bitcoin

Posted on by

Kia seems to be in quite a predicament. As we reported earlier today, the automaker’s online services appear to have been severed from the outside world, with customers unable to start their cars remotely via Kia’s apps or even log into the company’s financing website to pay their bills. All signs pointed to a potential cyberattack against Kia—ransomware most likely—and that’s exactly what a new report is claiming it is.A report by information security news site Bleeping Computer seems to solidify that theory, as the publication shared a screenshot of an alleged ransom note asking Kia for the hefty sum of $20,000,000 to decrypt its files.Screenshot: KiaThe infection is believed to be the work of a group called DoppelPaymer by Crowdstrike researchers in 2019. Such threat actors routinely hunt big game for large payouts, according to a security bulletin released by the FBI late last year. The note left behind mentions that the malware not only encrypted live data, but also the company’s backups, which more sophisticated attacks of this nature often do to prevent an easy restoration.To make matters worse, it also claims to have exfiltrated a large amount of data along with the hack which it says it will release within three weeks. It’s not clear what kind of data was exfiltrated by the attackers, however, the note claims that it was a “huge amount” of it, and the number of Kia’s online services that were affected does elude to the possibility of a broad net being cast into Kia’s network. In more simple terms, these alleged attackers stole a bunch of stuff out of Kia’s house and then locked the doors to some of the bedrooms inside. After reaching out to Kia multiple times, The Drive finally received an answer on the matter. A Kia spokesperson confirmed that Kia is “experiencing an extended systems outage,” though it does not mention the nature of the outage. It also downplays the ransomware attack allegations shared by Bleeping Computer.”Kia Motors America, Inc. is currently experiencing an extended systems outage,” a Kia spokesperson told The Drive via email. “Affected systems includetheKiaOwnersPortal, UVO Mobile Apps, and the Consumer Affairs Web portal. We apologize for any inconvenience to affected customers and are working to resolve the issue as quickly as possible with minimal interruption to our business.”The spokesperson added: “We are also aware of online speculation that Kia is subject to a ‘ransomware’ attack. At this time, we can confirm that we have no evidence that Kia or any Kia data is subject to a ‘ransomware’ attack.”Having said that, the report on Bleeping Computer indicates detailed notes from these purported attackers. The attackers apparently used a Protonmail email address to communicate and display a web page on Tor, an encrypted peer-to-peer network that promotes anonymity, complete with an online chat function in case they need support to pay the ransom. At the time of this writing, the hackers were requesting 404.5412 Bitcoin, which equates to roughly $20.9 million. But the message also warns that as they take longer to pay, the fee goes up, ending in 600 Bitcoin ($31 million) should the automaker not pay up within nine days.Screenshots of the actual notes have been published by Bleeping Computer and can be viewed here. It’s also worth noting that DoppelPaymer is the same malware that was responsible for exfiltrating and encrypting data from Visser, a defense contractor and parts manufacturer for both Tesla and SpaceX, just last year.

Source: The Apparent Hackers Behind Kia’s Ransomware Attack Are Demanding Millions in Bitcoin

Citibank accidentally wired $500m back to lenders in user-interface super-gaffe – and judge says it can’t be undone

Posted on by

A judge has ruled that Citibank can’t claw back more than $500m (£360m) it mistakenly paid out after outsourced staff and a senior manager made a nearly billion-dollar (£700m) user-interface blunder.The error occurred on August 11 last year, when Citibank was supposed to wire $7.8m (£5.6m) in interest payments to lenders who are propping up troubled cosmetics giant Revlon. But a worker at outsourcing mega-org Wipro accidentally checked the wrong combination of on-screen boxes, leading to the repayment of not only the interest but also the $894m (£640m) principal from the bank’s funds.Citibank has a “six-eyes” policy on massive money transfers of this type. In the Revlon fiasco, a Wipro worker in India configured the transfer using software called Flexcube, his local manager approved it, and Vincent Fratta – a Citibank senior manager based in Delaware, USA – gave the final OK for the transfer of funds, all believing the settings were correct.Below is a screenshot of the transfer set up by the first Wipro worker. He should have ticked not just the principal field but also the front and fund fields, and set their values to the necessary clearing account number. By leaving those two boxes unchecked and values empty – and wrongly assuming putting the account number in the principal field was a correct move – the entire principal of the loan, which was set to mature in 2023, was handed back to 315 creditors.UIIncomplete … The Flexcube interface for the infamous transfer. Click to enlarge. Source: US courts systemIt wasn’t until the next day that staff noticed the error, and sent out emails asking for the funds be returned – and hundreds of millions of dollars were. However, a group of 10 creditors refused to hand back their share the cash, amounting to more than $500m, leading Citibank to sue them in New York to recover the dosh.This week, the US federal district court judge presiding over that lawsuit sided with the lenders, saying [PDF] they had reasonable grounds to think that the transfer was legitimate and that they had legal grounds to keep their money.angry lego minifig man turns on anxious lego minifig manBarclays Bank appeared to be using the Wayback Machine as a ‘CDN’ for some JavascriptREAD MORE”The non-returning lenders believed, and were justified in believing, that the payments were intentional,” Judge Jesse Furman ruled.”Indeed, to believe otherwise — to believe that Citibank, one of the most sophisticated financial institutions in the world, had made a mistake that had never happened before, to the tune of nearly $1bn — would have been borderline irrational.”Since the amount sent back repaid the loaned amounts to the cent and no more, the judge ruled Citibank had no right to reclaim the money.”We are extremely pleased with Judge Furman’s thoughtful, thorough and detailed decision,” Benjamin Finestone, representing two lenders, Brigade and HPS Investment Partners, told CNN.That said, the saga isn’t over yet. The disputed funds are going nowhere, and are held under a temporary restraining order, to give Citibank a chance to challenge the ruling. “We strongly disagree with this decision and intend to appeal,” the mega bank said in a statement. “We believe we are entitled to the funds and will continue to pursue a complete recovery of them.”

Source: Citibank accidentally wired $500m back to lenders in user-interface super-gaffe – and judge says it can’t be undone • The Register