Zoom adds Choose Your Own Routing Adventure to keep chats out of China

Found on The Register on Wednesday, 15 April 2020
Browse Internet

The change means that administrators of paid Zoom users can opt in or out of traffic passing through the videoconferencing company’s data centres in United States, Canada, Europe, India, Australia, China, Latin America, and Japan/Hong Kong.

Now you have to pay to pick your poison.

Twitter Removes Privacy Option, and Shows Why We Need Strong Privacy Laws

Found on EFF on Tuesday, 14 April 2020
Browse Internet

Twitter greeted its users with a confusing notification this week. “The control you have over what information Twitter shares with its business partners has changed,” it said.

Previously, anyone in the world could opt out of Twitter’s conversion tracking (type 1), and people in GDPR-compliant regions had to opt in. Now, people outside of Europe have lost that option.

For people protected by GDPR, type-1 data sharing remains opt-in, and type 2—Twitter sharing their data with Google and Facebook—never happens at all.

That's exactly why you need strict privacy laws.

Cloudflare dumps Google's reCAPTCHA, moves to hCaptcha as free ride ends

Found on The Register on Friday, 10 April 2020
Browse Internet

Cloudflare on Wednesday said it is ditching Google's reCAPTCHA bot detector for a similar service called hCaptcha out of concerns about privacy and availability, but mostly cost.

Finally, earlier this year, Google told Cloudflare it plans to begin charging for reCAPTCHA, a service it has previously offered for free because the answers people provide improve its services and machine learning systems.

According to Prince and Isasi, hCaptcha doesn't sell personal data and made commitments to use info collected from Cloudflare only to improve the service. Also, they said the service performs well and has options for the visually impaired and those with other accessibility concerns.

reCaptcha is getting really bad. Long loading times plus countless retries to select all traffic lights, crosswalks, fire hydrants and whatever even though you selected the correct squares.

Microsoft Buys Corp.com So Bad Guys Can’t

Found on Krebs On Security on Tuesday, 07 April 2020
Browse Internet

Domain experts called corp.com dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe.

The story went on to describe how years of testing — some of which was subsidized by grants from the U.S. Department of Homeland Security — showed hundreds of thousands of Windows computers were constantly trying to send this domain information it had no business receiving, including attempts to log in to internal corporate networks and access specific file shares on those networks.

The sweet fallout of default values to keep things simple and easy.

A hacker has wiped, defaced more than 15,000 Elasticsearch servers

Found on ZD Net on Monday, 06 April 2020
Browse Internet

The attacks appear to be carried with the help of an automated script that scans the internet for ElasticSearch systems left unprotected, connects to the databases, attempts to wipe their content, and then creates a new empty index called nightlionsecurity.com.

However, these types of destructive attacks were Elasticsearch data is wiped are not the first of their kind. In the spring and summer of 2017, multiple hacker groups engaged in database ransom attacks against multiple types of database technologies, including Elasticsearch.

Three years and ongoing, and people still put unprotected systems online. The pity is limited.

Zoombombing is a crime, not a prank, prosecutors warn

Found on Ars Technica on Sunday, 05 April 2020
Browse Internet

Internet trolls and other troublemakers have responded with "Zoombombing": joining Zoom meetings uninvited and disrupting them.

"Hackers are disrupting conferences and online classrooms with pornographic and/or hate images and threatening language," wrote the US Attorney's Office for the Eastern District of Michigan. "Anyone who hacks into a teleconference can be charged with state or federal crimes."

Those are not even hackers, because security at Zoom is practically non-existant. It's just a poorly designed software, full of holes and lies.

Cloudflare Launches a DNS-Based Parental Control Service

Found on Bleeping Computer on Wednesday, 01 April 2020
Browse Internet

During the coming months, Cloudflare is also working on developing and providing users with additional configuration settings for the for Families service.

"This year, while many of us are sheltering in place, protecting our communities from COVID-19, and relying on our home networks more than ever it seemed especially important to launch for Families," Prince added.

Well, censorship is coming with the excuse of protecting the children. Who would have thought that?

From Gmail to Gfail: Google's G-Suite topples over for unlucky netizens, rights itself

Found on The Register on Sunday, 29 March 2020
Browse Internet

The outage affected Gmail, Drive, Docs, Sheets, Slides, Hangouts Chat, and Meet services. The G-Suite admin console and Classroom services were also down. Basically, Google said users reported being unable to access its platforms.

"Some of our users experienced a service disruption ... as a result of a significant router failure in one of our data centers in the South Eastern US, causing network congestion," the web giant said.

It's rather strange that a router failure would cause such an downtime, considering marketing never fails to point out how many redundancy systems are in place.

Microsoft throttles some Office 365 services to continue to meet demand

Found on ZD Net on Tuesday, 24 March 2020
Browse Internet

On March 16, Microsoft posted to Microsoft 365/Office 365 admin dashboardds a warning about "temporary feature adjustments" that it might take. That warning told customers that Microsoft was "making temporary adjustments to select non-essential capabilities."

Microsoft officials said they will continue to apprise customers of further restrictions and tweaks they will be making to their services to continue to meet demand.

In other words, "the cloud" does not scale as well as marketing always promised.

Microsoft nukes 9 million-strong Necurs botnet after unpicking domain name-generating algorithm

Found on The Register on Saturday, 14 March 2020
Browse Internet

Microsoft researchers figured out how an algorithm that generated new, unique domains for Necurs' infrastructure operated and was able to correctly guess six million domain names that would be generated over a 25-month period, it said. These domains were then reported to registrars so they could be promptly blocked.

That's actually pretty impressive. Hopefully it stays down.