Private messages from 81,000 hacked Facebook accounts for sale

Found on BBC News on Friday, 02 November 2018
Browse Internet

The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be sceptical about that figure.

The breach first came to light in September, when a post from a user nicknamed FBSaler appeared on an English-language internet forum.

The embattled network has had a terrible year for data security and questions will be asked about whether it is proactive enough in responding to situations like this that affect large numbers of people.

It doesn't really make much of a difference if some Russians sell your private data, or if Facebook does it.

Google won't let you sign in if you disabled JavaScript in your browser

Found on ZD Net on Thursday, 01 November 2018
Browse Internet

The reason is that Google uses JavaScript to run risk assessment checks on the users accessing the login page, and if JavaScript is disabled, this allows crooks to pass through those checks undetected.

Further, Google also launched reCAPTCHA v3 this week, a new version of its reCAPTCHA technology, which uses JavaScript to compile "risk scores" on a per-user basis. If JavaScript is turned off, this effectively negates reCAPTCHA's capabilities, hence, the reason to prevent users who intentionally disable JavaScript in their browser.

It's well known that turning off Javascript has often very positive effects such as less tracking, faster loading times and less annoying ads. Some websites break with JS off, but that usually means they webmasters aren't worth a cent; and websites which want to force you to use JS, well, sure they can try, but it's easier to just move on to another site.

GitHub.com freezes up as techies race to fix dead data storage gear

Found on The Register on Monday, 22 October 2018
Browse Internet

From about 4pm US West Coast time on Sunday (2300 UTC), the website has been stuttering and spluttering. Specifically, the site is still up and serving pages – it's just intermittently serving out-of-date files, and ignoring submitted Gists, bug reports, pushes, and posts.

Right now, we're seeing scores of complaints about the site being down on Twitter – including quite a few upset coders in Japan, where at time of writing is late Monday morning. Nice start to the week.

If you store your project online, "in the cloud", your project is not important. Learn from it.

You like HTTPS. We like HTTPS. Except when a quirk of TLS can smash someone's web privacy

Found on The Register on Friday, 19 October 2018
Browse Internet

The privacy risks associated with web tracking, however, persist, and now it appears there's yet another mechanism for following people online. Blame researchers from the University of Hamburg in Germany for the latest expansion of the privacy attack surface.

They note that Facebook and Google, due to their behavioral ad businesses, specify longer session resumption ticket lifetimes than most. Facebook's lifetime hint setting of 48 hours is higher than 99.99 per cent of all session ticket hints found. Google's 28 hour value exceeds 97.13 per cent of Alexa's top million websites.

Facebook and Google track you. Facebook in the most aggressive way. Clearly they have learned absolutely nothing from the privacy scandals they went through and just keep on doing business like before.

Web browsers sharpen knives for TLS 1.0, 1.1, tell protocols to dig their own graves for 2019

Found on The Register on Tuesday, 16 October 2018
Browse Internet

The Internet Engineering Task Force has been considering when to hold the funeral of TLS 1.0, which will be 20 years old in January 2019, as well as a burial for TLS 1.1, since June this year. Its Internet-Draft on the matter is expected to formalize the 'net standards body's “die die die” recommendation later this year. When the draft progresses to standard status, the IETF will no longer fix new protocol vulnerabilities in TLS 1.0 and 1.1.

That's going to be similar to the adoption of IPv6 probably.

Internet operator challenges network tapping by German spy agency

Found on Reuters on Monday, 15 October 2018
Browse Internet

DE-CIX said it received orders from the Federal Intelligence Service (BND) to allow it to access data at its internet exchange in Frankfurt. The BND has in recent years received a mirror image of the traffic as part of its counter-terrorism and cyber-security efforts.

In Germany, the right to privacy of correspondence, posts and telecommunications is protected by Art. 10 of the constitution. This is restricted by a law that allows federal and state spy agencies to tap such communications, subject to review by a control commission on which lawmakers sit.

Pretty sad that you're more protected from being spied on if you send just a letter.

Facebook: Up to 90 million addicts' accounts slurped by hackers, no thanks to crappy code

Found on The Register on Friday, 28 September 2018
Browse Internet

Facebook confessed today that buggy code potentially exposed all of its users' accounts to hackers over the past 14 months. It reckons miscreants snooped on least 50 million people's private profiles, and perhaps as much as 90 million.

In effect, any Facebook user account was wide open to being hacked, although the Silicon Valley goliath estimated that "only" 50 million accounts were, in the words of a spokesperson, "directly affected." A further 40 million had their accounts "looked up."

Facebook spotted the hole after it noted a suspicious "spike" in user activity on Tuesday. The attack was "fairly large scale," it admitted, and when it investigated the cause, it discovered hackers were using the site's API to automate the process of grabbing users' profile information

So, harvesting the data was not noticed as long as attackers kept the volume low. The next bug will be exploited at a slower rate; just like spammers who do not try to stuff millions of spams into a hacked account for sending anymore, but keep outgoing mail at a low rate to avoid detection and use the hacked account for a longer time.

Millennials more likely to fall for scams than baby boomers

Found on Washington Examiner on Wednesday, 26 September 2018
Browse Internet

The Better Business Bureau reports that 69 percent of scam victims are under the age of 45. Young adults heading off to college are especially gullible, the group says.

This statistic is incredibly shocking, as many assume internet scams prey on the elderly. However, new technology and evolving scam methods put everyone at risk. BBB says that 78 percent of scam victims hold a college or graduate degree.

It's always fun to see how millennials claim to be the best there is when at the same times the reality shows that they aren't at all.

Google confirms it's letting third parties scan your Gmail

Found on The Inquirer on Sunday, 23 September 2018
Browse Internet

GOOGLE has admitted that, even though it has stopped scanning your Gmail accounts for ad-targeting, it still lets third-parties at them.

The news follows an earlier report that shows that third parties are allowed to scan mail for services such as Google Trips, which helps create itineraries for your travel, based on your email content.

News like this are good reminders why it is smart to host your email yourself.

Facebook wanted banks to fork over customer data passing through Messenger

Found on The Verge on Wednesday, 19 September 2018
Browse Internet

A new report from The Wall Street Journal today indicates that Facebook also saw its Messenger platform as a siphon for the sensitive financial data of its users, information it would not otherwise have access to unless a customer interacted with, say, a banking institution over chat.

In some cases, companies like PayPal and Western Union negotiated special contracts that would let them offer many detailed and useful services like money transfers, the WSJ reports. But by and large, big banks in the US have reportedly shied away from working with Facebook due to how aggressively it pushed for access to customer data.

Facebook has learned nothing at all from the past scandals. On the other hand, the question is who to blame: Facebook itself, who does all that because it can get away with it, or the userbase who does not care at all. Maybe Zucky wasn't so wrong when he called the users "dumb fucks".