Daily Archives: June 17, 2022

Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would-Be Patients

Posted on by

Facebook is collecting ultra-sensitive personal data about abortion seekers and enabling anti-abortion organizations to use that data as a tool to target and influence people online, in violation of its own policies and promises.

In the wake of a leaked Supreme Court opinion signaling the likely end of nationwide abortion protections, privacy experts are sounding alarms about all the ways people’s data trails could be used against them if some states criminalize abortion.

A joint investigation by Reveal from The Center for Investigative Reporting and The Markup found that the world’s largest social media platform is already collecting data about people who visit the websites of hundreds of crisis pregnancy centers, which are quasi-health clinics, mostly run by religiously aligned organizations whose mission is to persuade people to choose an option other than abortion.

[…]

Reveal and The Markup have found Facebook’s code on the websites of hundreds of anti-abortion clinics. Using Blacklight, a Markup tool that detects cookies, keyloggers and other types of user-tracking technology on websites, Reveal analyzed the sites of nearly 2,500 crisis pregnancy centers – with data provided by the University of Georgia – and found that at least 294 shared visitor information with Facebook. In many cases, the information was extremely sensitive – for example, whether a person was considering abortion or looking to get a pregnancy test or emergency contraceptives.

[…]

Source: Facebook and Anti-Abortion Clinics Are Collecting Highly Sensitive Info on Would-Be Patients – Reveal

Telegram criticizes Apple for subpar web app features on iOS, crippling app

Posted on by

A week after confirming plans for Telegram Premium, the messaging platform’s CEO, Pavel Durov, is again criticizing Apple’s approach to its Safari browser for stifling the efforts of web developers.

Durov would very much like his web-based messaging platform, Telegram Web, to be delivered as a web app rather than native, but is prevented from offering users a full-fat experience on Apple’s mobile devices due to limitations in the iOS Safari browser.

There’s no option for web developers on Apple’s iPhone and iPad to use anything but Safari, and features taken for granted on other platforms have yet to make it to iOS.

“We suspect that Apple may be intentionally crippling its web apps,” claimed Durov, “to force its users to download more native apps where Apple is able to charge its 30 percent commission.”

[…]

Source: Telegram criticizes Apple for subpar web app features on iOS • The Register

Samsung accused of cheating on hardware benchmarks – again

Posted on by

[…]

The South Korean titan was said to have unfairly goosed Galaxy Note 3 phone benchmarks in 2013, and faced with similar allegations about the Galaxy S4 in 2018 settled that matter for $13.4 million.

This time Samsung has allegedly fudged the results for its televisions, specifically the S95B QD-OLED and QN95B Neo OLED LCD TVs.

These accusations were raised this month by YouTube channel HDTVTest on the S95B, and by reviews site FlatpanelsHD on the QN95B. The claims boils down to Samsung allegedly using an algorithm to detect when benchmarking software was running on the set and adjusting the color and artificially boosting luminance by up to 80 percent during the test to make the equipment look better in reviews.

According to the FlatpanelsHD report, those levels of brightness can’t be sustained during normal use without damaging the TV’s backlight panel.

An algorithm to detect and hoodwink benchmarking software is just what Samsung was accused of employing in those earlier examples.

[…]

Source: Samsung accused of cheating on hardware benchmarks – again • The Register

Time to throw out those older, vulnerable Cisco SMB routers – they’re not gonna fix critical bugs for you

Posted on by

[…]Cisco has just released fixes for seven flaws, two of which are not great.

First on the priority list should be a critical vulnerability in its enterprise security appliances, and the second concerns another critical bug in some of its outdated small business routers that it’s not going to fix. In other words, junk your kit or somehow mitigate the risk.

[…]

The first security flaw, tracked as CVE-2022-20798, is an authentication bypass vulnerability in the virtual and hardware versions of Cisco Secure Email and Web Manager, and the Cisco Email Security Appliance. It occurs when the device uses Lightweight Directory Access Protocol (LDAP) for external authentication, and the good news is that Cisco disables external authentication by default.

A remote user could exploit the flaw “by entering a specific input on the login page of the affected device,” the networking titan warned in a security advisory this week. Once the intruder has gained unauthorized access, they could perform any number of illicit actions from the web-based interface including crashing the device.

Another high-severity flaw, CVE-2022-20664, in these same virtual and hardware appliances could allow a remote, authenticated user to steal credentials from a LDAP external authentication server connected to a device. However, exploiting this bug would require valid operator-level, or higher, credentials. It received a CVSS score of 7.7, and Cisco issued a software update to fix this bug, too.

More e-waste

The second critical vulnerability exists in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers, which the vendor stopped selling [PDF] in 2019. Cisco isn’t issuing a fix for this one, and said there’s no workaround. Instead, customers should upgrade to newer hardware.

The flaw, tracked as CVE-2022-20825, also received a 9.8 CVSS score, and it’s due to insufficient user input validation of incoming HTTP packets.

“An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface,” according to Cisco’s security alert. “A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges,” and also stop and restart the device, resulting in a denial of service.

In addition to the two critical and one high-severity vulnerabilities, Cisco disclosed an additional four medium-severity flaws on Wednesday.

[…]

Source: Time to throw out those older, vulnerable Cisco SMB routers • The Register

Julian Assange Extradition to US Approved by UK Government

Posted on by

Julian Assange—founder of the whistleblowing website WikiLeaks—can now be extradited from the United Kingdom to the United States, where he will face charges of espionage.

In April, a London court filed a formal extradition order for Assange, and the UK Home Secretary approved the order today, meaning that Assange can be extradited back to the United States. According to CNBC , Assange is facing 18 charges of espionage for his involvement with WikiLeaks, the website that published hundreds of thousands of classified military documents in 2010 and 2011.

Assange has been in prison or the Ecuadorian Embassy in London for much of the last decade. He’s currently being held in a high-security prison in London. Assange has the right to appeal today’s decision within 14 days, and WikiLeaks indicated it would be doing just that in a statement posted on Twitter this morning.

“This is a dark day for press freedom and for British democracy,” WikiLeaks said. “Julian did nothing wrong. He has committed no crime and is not a criminal. He is a journalist and a publisher, and he is being punished for doing his job.”

[…]

Source: Julian Assange Extradition to US Approved by UK Government