Hackers Hid Backdoor In CCleaner Security App With 2 Billion Downloads

Found on Forbes on Monday, 18 September 2017
Browse Software

Users of Avast-owned security application CCleaner for Windows have been advised to update their software immediately, after researchers discovered criminal hackers had installed a backdoor in the tool.

It's unclear just who was behind the attacks. Yung said the company wouldn't speculate on how the attack happened or possible perpetrators. For now, any concerned users should head to the Piriform website to download the latest software.

If the operating system itself would allow good cleanups, software like this would not even be needed.

WordPress to ditch React library over Facebook patent clause risk

Found on Techcrunch on Sunday, 17 September 2017
Browse Software

Mullenweg said his concerns have not been assuaged. And he writes that he cannot, in good conscience, require users of the very widely used open source WordPress software to inherit the patent clause and associated legal risk. So he’s made the decision to ditch React.

Companies, especially those with large patent portfolios, may well have concerns if they are using open source software which incorporates Facebook’s React framework — even if Automattic feels comfortable on its own account.

Some of the fiercest critics of the patent clause have dubbed React a “‘Trojan horse’ into the open source community”.

Sorry FB, that's not how open source works.

8,500 Verizon customers disconnected because of “substantial” data use

Found on Ars Technica on Saturday, 16 September 2017
Browse Internet

"These customers live outside of areas where Verizon operates our own network," Verizon said. "Many of the affected consumer lines use a substantial amount of data while roaming on other providers’ networks and the roaming costs generated by these lines exceed what these consumers pay us each month."

One customer, who contacted Ars this week about being disconnected, said her family never used more than 50GB of data across four lines despite having an "unlimited" data plan.

"The only good news? Verizon wants to disconnect customers so badly, they are willing to forgive the remaining owed balances for any devices financed through Verizon."

That brings up the question how the product was advertised: if a limit was mentioned in the contract, Verizon could simply enforce it by throttling accounts once they get close to it. If it was called "unlimited", then it clearly was false advertising.

Facebook Enabled Advertisers to Reach ‘Jew Haters’

Found on Pro Publica on Friday, 15 September 2017
Browse Various

Until this week, when we asked Facebook about it, the world’s largest social network enabled advertisers to direct their pitches to the news feeds of almost 2,300 people who expressed interest in the topics of “Jew hater,” “How to burn jews,” or, “History of ‘why jews ruin the world.’”

Facebook’s automated system suggested “Second Amendment” as an additional category that would boost our audience size to 119,000 people, presumably because its system had correlated gun enthusiasts with anti-Semites.

While Facebook blames the algorithm for all this, it claims at the same time that algorithms can successfully stop hate speech online. It's not very reassuring.

Every Major Advertising Group Is Blasting Apple for Blocking Cookies in the Safari Browser

Found on Adweek on Thursday, 14 September 2017
Browse Internet

The biggest advertising organizations say Apple will “sabotage” the current economic model of the internet with plans to integrate cookie-blocking technology into the new version of Safari.

The groups say the feature also hurts user experience by making advertising more “generic and less timely and useful.”

Î never ever ran into any advertising that was even remotely useful. If advertisers would not be so invasive and aggressive, maybe users would think different about it; but getting tracked and bombed with ads is a pretty effective method to annoy the possible customers. Besides, about every browser allows blocking third party cookies, what should be the default setting. Plus cookie controls, so you can wipe them except for those you really need.

Equifax had 'admin' as login and password in Argentina

Found on BBC News on Wednesday, 13 September 2017
Browse Various

"We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cyber-security event that occurred in the United States last week," an Equifax spokeswoman told the BBC.

"[It] was wide open, protected by perhaps the most easy-to-guess password combination ever: admin/admin," wrote Mr Krebs.

That shows non-existant basic security features which would have prevented this.

Photographer settles 'monkey selfie' legal fight

Found on BBC News on Tuesday, 12 September 2017
Browse Legal-Issues

A photographer has settled a two-year legal fight against an animal rights group over a "monkey selfie" picture.

"Peta's groundbreaking case sparked a massive international discussion about the need to extend fundamental rights to animals for their own sake, not in relation to how they can be exploited by humans," said Peta lawyer Jeff Kerr.

This "groundbreaking case" only showed that some people have way too much time at their hands if they honestly believe a monkey could claim a copyright.

This admin helped music pirates pilfer 1 billion copyrighted tracks

Found on Ars Technica on Monday, 11 September 2017
Browse Filesharing

The admin for a prolific file-sharing site that helped pirates score more than 1 billion tracks now faces five years in prison after pleading guilty to a single count of criminal copyright infringement.

"Through ShareBeast and other related sites, this defendant profited by illegally distributing copyrighted music and albums on a massive scale," Atlanta US Attorney John Horn said. "The collective work of the FBI and our international law enforcement partners have shut down the ShareBeast websites and prevented further economic losses by scores of musicians and artists."

Funny that more and more artists begin to realize that sharing their work is a new way to attract fans so they can profit from other methods to generate income, like advertising or concerts. The bis industries keep on telling workers to be flexible, but still cling to their old business models.

Apple suffers 'major iPhone X leak'

Found on BBC News on Monday, 11 September 2017
Browse Software

"As best I've been able to ascertain, these builds were available to download by anyone, but they were obscured by long, unguessable URLs [web addresses]," wrote John Gruber, a blogger known for his coverage of Apple.

One company watcher said that the scale of the leak meant Tuesday's launch had lost some of its power to surprise.

So Apple is incompetent enough to protect the core of its business with something as simple as a password? Not to mention it could have kept the software in an internal network only. It sounds like a leak, but is has the smell of being "a leak" (as in, planned).

Equifax mega-leak: Security wonks smack firm over breach notification plan

Found on The Register on Saturday, 09 September 2017
Browse Various

Equifax had weeks to prepare for its breach notification, so its decision to do so via a basic Wordpress site (oh, err) using a free shared CloudFlare SSL cert is somewhat puzzling. “For some reason Equifax used the 6 weeks to set up a new domain asking for SSN numbers, with anonymous Whois on Cloudflare,” said security consultant Kevin Beaumont.

The whole approach already seems to have gone awry, with OpenDNS flagging up the site as a potential phishing locale in an apparent false positive.

You could not make this up even if you tried.