The Linkielist

Linking ideas with the world

For the past five years, every FBI secret spy court request to snoop on Americans has sucked, says watchdog

Posted on by Robin Edgar

Analysis The FBI has not followed internal rules when applying to spy on US citizens for at least five years, according to an extraordinary report [PDF] by the Department of Justice’s inspector general. The failure to follow so-called Woods Procedures, designed to make sure the FBI’s submissions for secret spying are correct, puts a question Read more about For the past five years, every FBI secret spy court request to snoop on Americans has sucked, says watchdog[…]

Amazon says it fired a guy for breaking pandemic rules. Same guy who organized a staff protest over a lack of coronavirus protection

Posted on by Robin Edgar

On Monday, Amazon fired Chris Smalls, a worker at its Staten Island, New York, warehouse, who had organized a protest demanding more protection for workers amid the coronavirus outbreak. Smalls, in a statement, said, “Amazon would rather fire workers than face up to its total failure to do what it should to keep us, our Read more about Amazon says it fired a guy for breaking pandemic rules. Same guy who organized a staff protest over a lack of coronavirus protection[…]

A Feature on Zoom Secretly Displayed Data From People’s LinkedIn Profiles

Posted on by Robin Edgar

But what many people may not know is that, until Thursday, a data-mining feature on Zoom allowed some participants to surreptitiously have access to LinkedIn profile data about other users — without Zoom asking for their permission during the meeting or even notifying them that someone else was snooping on them. The undisclosed data mining Read more about A Feature on Zoom Secretly Displayed Data From People’s LinkedIn Profiles[…]

A hacker has wiped, defaced more than 15,000 Elasticsearch servers

Posted on by Robin Edgar

For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame. According to security researcher John Wethington, one of the people who Read more about A hacker has wiped, defaced more than 15,000 Elasticsearch servers[…]

Zoom’s Flawed Encryption Linked to China

Posted on by Robin Edgar

Meetings on Zoom, the increasingly popular video conferencing service, are encrypted using an algorithm with serious, well-known weaknesses, and sometimes using keys issued by servers in China, even when meeting participants are all in North America, according to researchers at the University of Toronto. The researchers also found that Zoom protects video and audio content Read more about Zoom’s Flawed Encryption Linked to China[…]

Thousands of recorded Zoom Video Calls Left Exposed on Open Web

Posted on by Robin Edgar

Thousands of personal Zoom videos have been left viewable on the open Web, highlighting the privacy risks to millions of Americans as they shift many of their personal interactions to video calls in an age of social distancing. From a report: Many of the videos appear to have been recorded through Zoom’s software and saved Read more about Thousands of recorded Zoom Video Calls Left Exposed on Open Web[…]

Zoom Bombings Started Off as Pranks. Now Someone Could End Up Dead

Posted on by Robin Edgar

For those unaware, Zoom officially has a porn problem. The multibillion-dollar video messaging mainstay among employees at Johnson & Johnson and the Department of Homeland Security—not to mention a household name among currently house-bound citizens across the country—has been rocked by story after story of pranksters popping into video meetings with clips of graphic porn Read more about Zoom Bombings Started Off as Pranks. Now Someone Could End Up Dead[…]

NSO Group: Facebook tried to license our spyware to snoop on its own addicts – the same spyware it’s suing us over

Posted on by Robin Edgar

NSO Group – sued by Facebook for developing Pegasus spyware that targeted WhatsApp users – this week claimed Facebook tried to license the very same surveillance software to snoop on its own social-media addicts. The Israeli spyware maker’s CEO Shalev Hulio alleged in a statement [PDF] to a US federal district court that in 2017 Read more about NSO Group: Facebook tried to license our spyware to snoop on its own addicts – the same spyware it’s suing us over[…]

SpaceX loses its third Starship prototype during a cryogenic test

Posted on by Robin Edgar

This week, SpaceX workers in South Texas loaded the third full-scale Starship prototype—SN3—onto a test stand ​at the company’s Boca Chica launch site. On Wednesday night, they pressure-tested the vehicle at ambient temperature with nitrogen, and SN3 performed fine. On Thursday night SpaceX began cryo-testing the vehicle, which means it was loaded again with nitrogen, Read more about SpaceX loses its third Starship prototype during a cryogenic test[…]

A Hacker Found a Way to Take Over Any Apple Webcam

Posted on by Robin Edgar

Apple patched the vulnerabilities in January and March updates. But before the fixes, all a victim would have needed to do is click one malicious link and an attacker would have been able to spy on them remotely. “Safari encourages users to save their preferences for site permissions, like whether to trust Skype with microphone Read more about A Hacker Found a Way to Take Over Any Apple Webcam[…]

Pandemic Shutdowns Will Help the Economy, Too

Posted on by Robin Edgar

A study by economists Sergio Correia, Stephan Luck and Emil Verner suggests that the best way to save your economy is to save your people. The authors looked at the economic impact of the Spanish influenza pandemic of 1918 on different U.S. cities. They concluded that the earlier, more forcefully and longer cities responded, the Read more about Pandemic Shutdowns Will Help the Economy, Too[…]

Ex-NSA hacker drops new zero-day doom for Zoom

Posted on by Robin Edgar

Zoom’s troubled year just got worse. Now that a large portion of the world is working from home to ride out the coronavirus pandemic, Zoom’s popularity has rocketed, but also has led to an increased focus on the company’s security practices and privacy promises. Hot on the heels of two security researchers finding a Zoom Read more about Ex-NSA hacker drops new zero-day doom for Zoom[…]

Zoom User Warning: This Is How Attackers Could Steal Windows Passwords

Posted on by Robin Edgar

Today, news of a Zoom issue affecting Microsoft Windows users. The Zoom Windows client is at risk from a flaw in the chat feature that could allow attackers to steal the logins of people who click on a link, according to tech site Bleeping Computer. When using Zoom, it’s possible for people to communicate with each Read more about Zoom User Warning: This Is How Attackers Could Steal Windows Passwords[…]

Zoom Users Beware: Here’s How A Flaw Allows Attackers To Take Over Your Mac Microphone And Webcam

Posted on by Robin Edgar

Every day, a new Zoom security or privacy issue emerges. At least, that’s the way it seems during the COVID-19 crisis as an increasing number of people use the Zoom video conferencing app while working from home. Soon after a security problem was disclosed that could allow attackers to steal Windows passwords, another researcher has identified Read more about Zoom Users Beware: Here’s How A Flaw Allows Attackers To Take Over Your Mac Microphone And Webcam[…]

Report reveals ‘massive plastic pollution footprint’ of drinks firms

Posted on by Robin Edgar

Four global drinks giants are responsible for more than half a million tonnes of plastic pollution in six developing countries each year, enough to cover 83 football pitches every day, according to a report. The NGO Tearfund has calculated the greenhouse gas emissions from the open burning of plastic bottles, sachets and cartons produced by Read more about Report reveals ‘massive plastic pollution footprint’ of drinks firms[…]

Apple’s latest macOS Catalina update mysteriously borks SSH for some unlucky fans. What could be the cause?

Posted on by Robin Edgar

Apple’s latest update to macOS Catalina appears to have broken SSH for some users. Developer Tyler Hall published a blog post on Monday detailing the issue, but removed it after his writeup got noticed. The issue is that under Apple’s macOS 10.15.4 update, released on March 24, trying to open a SSH connection to a Read more about Apple’s latest macOS Catalina update mysteriously borks SSH for some unlucky fans. What could be the cause?[…]

OpenWRT code-execution bug found – update!

Posted on by Robin Edgar

For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital signature verifications are easy to bypass, a researcher said. OpenWRT has a loyal base of users who use the freely Read more about OpenWRT code-execution bug found – update![…]

Yes! Honda Follows Mazda By Ditching Some Touchscreen Controls For Not Being ‘Intuitive’

Posted on by Robin Edgar

It seemed like a bit of a risk when Mazda decided to not offer a touchscreen in the new Mazda 3. But Mazda may have just been ahead of the trend, as Honda has also abandoned some reliance on the new Honda Jazz’s touch controls because they just aren’t “intuitive.” Despite nearly a decade of Read more about Yes! Honda Follows Mazda By Ditching Some Touchscreen Controls For Not Being ‘Intuitive’[…]

Ubisoft offers free games to encourage you to stay at home

Posted on by Robin Edgar

Ubisoft thinks it has a simple way to encourage people to stay at home and wait out the COVID-19 pandemic: shower them with games. It’s running a month-long campaign that will give away free games, trials, discounts and other offers to give you something to do while you’re cooped up. It’s starting things off by Read more about Ubisoft offers free games to encourage you to stay at home[…]

Marriott Hotels hacked AGAIN: Two compromised employee logins abused to siphon off guests’ personal info

Posted on by Robin Edgar

Marriott Hotels has suffered its second data spillage in as many years after an “unexpected amount” of guests’ data was accessed through two compromised employee logins, the under-fire chain has confirmed. The size of the latest data exposure has not been disclosed, though Marriott admitted it seemed to have started in January 2020 and was Read more about Marriott Hotels hacked AGAIN: Two compromised employee logins abused to siphon off guests’ personal info[…]

Zoom is Leaking Peoples’ Email Addresses and Photos to Strangers

Posted on by Robin Edgar

Popular video-conferencing Zoom is leaking personal information of at least thousands of users, including their email address and photo, and giving strangers the ability to attempt to start a video call with them through Zoom. The issue lies in Zoom’s “Company Directory” setting, which automatically adds other people to a user’s lists of contacts if Read more about Zoom is Leaking Peoples’ Email Addresses and Photos to Strangers[…]

Zoom: how you were able to join random meetings due to incredibly poor security design

Posted on by Robin Edgar

In this publication we describe a technique which would have allowed a threat actor to potentially identify and join active meetings. All the details discussed in this publication were responsibly disclosed to Zoom Video Communications, Inc. In response, Zoom introduced a number of mitigations, so this attack is no longer possible. The Problem If you Read more about Zoom: how you were able to join random meetings due to incredibly poor security design[…]

FBI Issues Warning, NY Attorney General Makes Inquiry After Wave of Zoom Hijackings

Posted on by Robin Edgar

The FBI has issued a warning about video messaging service Zoom, and New York Attorney General’s office has made an inquiry into its cybersecurity practices, after a string of disturbing incidents involving takeovers of teleconferences. Per Agence France-Presse, malicious individuals have been taking advantage of lax security and the surge in teleconferencing during the coronavirus Read more about FBI Issues Warning, NY Attorney General Makes Inquiry After Wave of Zoom Hijackings[…]

Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing. Also, they mine your data with vampire teeth.

Posted on by Robin Edgar

Zoom, the video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio Read more about Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing. Also, they mine your data with vampire teeth.[…]

Hacker hijacks all Microsoft and CCC YouTube accounts to broadcast crypto Ponzi scam

Posted on by Robin Edgar

A hacker has hijacked all of Microsoft’s official YouTube accounts and is broadcasting a cryptocurrency Ponzi scam to the company’s subscribers, ZDNet has learned from one of our readers. The hacks appear to have occurred about 13 hours ago, according to our source. The hijacked accounts are still streaming at the time of writing, despite Read more about Hacker hijacks all Microsoft and CCC YouTube accounts to broadcast crypto Ponzi scam[…]