Nominet again sends punters pushy emails to pay up

Found on The Register on Wednesday, 09 September 2020
Browse Internet

Nominet is fully aware that the .uk names it is pushing were never ordered by people in the first place. When dot-uk was opened up several years ago so that you could register things like mycompany.uk as well as mycompany.co.uk, domain registrars had a brainwave: if a customer owned, say, blablahblah.co.uk, blablahblah.uk would be registered automatically for them. Now those freebie domains are expiring, and no one's renewing them – because people didn't want them in the first place, hence this latest pressure campaign.

The idea itself sounds pretty shady. You can't just give a product to someone and have him pay for it.

Sendgrid Under Siege from Hacked Accounts

Found on Krebs on Security on Thursday, 03 September 2020
Browse Internet

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks.

To make matters worse, links included in emails sent through Sendgrid are obfuscated (mainly for tracking deliverability and other metrics), so it is not immediately clear to recipients where on the Internet they will be taken when they click.

The only good thing about services like Sendgrid is that you can send users there to keep their newsletters off your own mailservers.

Google says Australian law would put search and YouTube at risk

Found on BBC News on Wednesday, 19 August 2020
Browse Internet

In an open letter, the firm warned that its YouTube and Search features could be "dramatically worse" if new rules were brought in.

Over the past few months, the Australian government has been preparing legislation which will make Google and Facebook pay local publishers for their content.

Not much of a problem there. Nobody forces them to list the content, so they can just drop it.

Oracle enters race to buy TikTok’s US operations

Found on Ars Technica on Tuesday, 18 August 2020
Browse Internet

The tech company co-founded by Larry Ellison had held preliminary talks with TikTok's Chinese owner, ByteDance, and was seriously considering purchasing the app's operations in the US, Canada, Australia and New Zealand, the people said.

The entry of Oracle into the race provided ByteDance with a credible alternative to Microsoft's offer, said one person with direct knowledge of the matter.

Oracle, really? The same company that drops everything left and right what a user does not pay for?

Facebook begins merging Instagram and Messenger chats in new update

Found on The Verge on Monday, 17 August 2020
Browse Internet

Facebook has started flipping the switch on integrating the chat systems for Instagram and Messenger.

Facebook has made clear its plans to unify the messaging platforms of its hugely popular apps to allow cross-messaging among Messenger, Instagram, and WhatsApp. Facebook was said to be rebuilding the underlying infrastructure so users who were on only one of its apps could connect to others using different Facebook apps.

Once they promised that would never happen. Well, another FB promise got broken.

TikTok collected Android user data using tactic banned by Google

Found on Marketwatch on Sunday, 16 August 2020
Browse Internet

The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies limiting how apps track people and wasn’t disclosed to TikTok users. TikTok ended the practice in November, the Journal’s testing showed.

The identifiers collected by TikTok, called MAC addresses, are most commonly used for advertising purposes. The White House has said it is worried that users’ data could be obtained by the Chinese government and used to build detailed dossiers on individuals for blackmail or espionage.

TikTok was caught red handed (no pun intended).

Google Music shutdown starts this month, music deleted in December

Found on Ars Technica on Wednesday, 05 August 2020
Browse Internet

Google Play Music has been given the death sentence by Google, and today the company has announced a bit more detail about how its execution will be carried out. The main message from today's blog post is "back up your music now," as Google says it will wipe out all Google Music collections in December 2020.

Whichever option you choose, make sure you do something before December because, after that, there will be no way to recover your music.

So much for relying on the cloud.

Yahoo News Suspended Its Comment Section, and People Are Freaking Out

Found on Distractify on Tuesday, 28 July 2020
Browse Internet

Recently, Yahoo News announced its strategy for combating toxic comment sections: It has completely suspended commenting. That’s right, Yahoo comments are gone! And some people are not happy.

Anyone who is upset by Yahoo’s so-called “censoring of free speech” should be aware that the First Amendment does not require any outlets to provide comment sections for people to share their thoughts. If you find yourself wanting to share your opinions, you are welcome to do so in other corners of the internet, as well as offline.

Opinions don't go away because they are blocked. They are looking for other places, and that usually just helps to amplify them.

New ‘Meow’ attack has deleted almost 4,000 unsecured databases

Found on Bleepingcomputer on Monday, 27 July 2020
Browse Internet

Hundreds of unsecured databases exposed on the public web are the target of an automated 'meow' attack that destroys data without any explanation.

Diachenko told BleepingComputer that there are not many details about the attacker or the purpose of their actions. He says that the attack appears to be an automated script that “overwrites or destroys the data completely.”

Whoever is behind the 'meow' attacks is likely to keep on targeting unsecured databases, aggressively destroying them. Administrators should make sure that they expose only what needs to be exposed and make sure the assets are properly secured.

Administrators should have made sure right from the start that their databases are not reachable by the public. That's their job. If they cannot even do that, they should quit.

A Security Breach Exposed More Than One Million DNA Profiles On A Major Genealogy Database

Found on Buzzfeed News on Friday, 24 July 2020
Browse Internet

On July 19, genealogy enthusiasts who use the website GEDmatch to upload their DNA information and find relatives to fill in their family trees got an unpleasant surprise. Suddenly, more than a million DNA profiles that had been hidden from cops using the site to find partial matches to crime scene DNA were available for police to search.

A second alarm came on July 21, when MyHeritage, a genealogy website based in Israel, announced that some of its users had been subjected to a phishing attack to obtain their log-in details for the site — apparently targeting email addresses obtained in the attack on GEDmatch just two days before.

If you give your DNA profile to some website, you really do have serious issues.