branch.io bug left '685 million' netizens open to website hacks

Found on The Register on Saturday, 13 October 2018
Browse Various

That staggering nine-figure number is because the security issue was actually within a toolkit, called branch.io, that tracks website and app users to figure out where they've come from, be it Facebook, email links, Twitter, etc.

Among the sites found to be using the vulnerable components were reviews site Yelp, cash wiring biz Western Union, Shopify, and photo-sharing site Imgur, it is claimed. Hochstadt estimated the sites together handle around 685 million user accounts.

So basically, all that happened because those websites want to analyze their visitors even more; and then they wonder why privacy addons in browsers are so popular.

Weak passwords banned in California from 2020

Found on BBC News on Friday, 05 October 2018
Browse Various

The Information Privacy: Connected Devices bill demands that electronics manufacturers equip their products with "reasonable" security features.

The bill also allows customers who suffer harm when a company ignores the law to sue for damages.

More interesting is what happens to users who pick weak passwords. Complex default passwords, or tight default security settings are welcome, but it won't stop users from weaking everything again.

MoviePass is confusing loyal and lapsed customers with new plan

Found on CNet News on Tuesday, 02 October 2018
Browse Various

Over the weekend, lapsed MoviePass subscribers who opted out of the service's three-movies-for-$10-per-month plan are discovering that doing this did not cancel their accounts after all. On the contrary; their accounts are being reactivated with a new kind of unlimited plan.

The notice was a surprise to many who thought their time with MoviePass had come to an end, several also posting complaints to Twitter about how difficult canceling the service appears to be.

That's a more than just fishy and shady approach to "get back" former customers. Better make sure to charge back every cent and threaten to sue them.

No Cash Needed At This Cafe. Students Pay The Tab With Their Personal Data

Found on NPR on Monday, 01 October 2018
Browse Various

To get the free coffee, university students must give away their names, phone numbers, email addresses and majors, or in Brown's lingo, concentrations. Students also provide dates of birth and professional interests, entering all of the information in an online form. By doing so, the students also open themselves up to receiving information from corporate sponsors who pay the cafe to reach its clientele through logos, apps, digital advertisements on screens in stores and on mobile devices, signs, surveys and even baristas.

Privacy invasion for a cup of coffee. They should make the list of students public, so future employers can check who freely gives away confidential information.

John Hancock adds fitness tracking to all policies

Found on BBC News on Thursday, 20 September 2018
Browse Various

John Hancock will now sell only "interactive" policies that collect health data through wearable devices such as a smartwatch.

John Hancock said customers would not have to log their activities to quality for coverage - but they would not benefit from the discounts if they chose not to.

Welcome to the world of Orwell. In this case there will be new chances to make money: those who work out a lot because they want to do it can offer to just wear the client's tracker too and do the workout for several people at the same time. Or, if you want a technical solution, just buy a watch winder.

Linux kernel's Torvalds: 'I am truly sorry' for 'unprofessional' rants, I need a break to get help

Found on The Register on Monday, 17 September 2018
Browse Various

Torvalds, who created the Linux operating system kernel in 1991 and has overseen its development ever since, also promised to take a breather from the project – like the sabbatical he took to create Git – and do some self-reflection to, well, be nicer to everyone.

The Finnish-born American, perhaps feeling the pressure as the single kernel chieftain responsible for all that, is an absolute stickler for quality and reliability, making his feelings bluntly known if submitted patches are, in his view, substandard.

If even Linus is aiming for politicial correctness and non-offensive speeches, the world has truly ended. Let's hope Linus won't change; for something as important as the Kernel, you need someone who does not beat around the bush and tells so-called developers how to do things the right way.

You know all those movies you bought from Apple? Um, well, think different: You didn't

Found on The Register on Wednesday, 12 September 2018
Browse Various

Biologist Anders Gonçalves da Silva was surprised this week to find three movies he had purchased through iTunes simply disappeared one day from his library.

And Apple told him it no longer had the license rights for those movies so they had been removed. To which he of course responded: Ah, but I didn't rent them, I actually bought them through your "buy" option.

At which point da Silva learnt a valuable lesson about the realities of digital purchases and modern licensing rules: While he had bought the movies, what he had actually paid for was the ability to download the movie to his hard drive.

Once again, pirates are in a better situation than those who use the legal options to get their share of entertainment. The industry really needs to rethink it's business plan if it wants to stay somewhat relevant.

make all relocate... Linux kernel dev summit shifts to Scotland – to fit Torvald's holiday plans

Found on The Register on Friday, 07 September 2018
Browse Various

After a probably-frenzied weekend discussing the snafu with the invite-only conference committee, Ts'o wrote, “ultimately there were only two choices that were workable” – go ahead without Torvalds, or move the summit.

And so it happens that everybody would rather ask the 30 or so attendees due to attend the summit to change their plans and head for Edinburgh instead of Vancouver, even though Torvalds suggested they go ahead without him.

It's not much different from your average form of religion.

New J.R.R. Tolkien book may be Lord of the Rings author's last

Found on CNet News on Sunday, 02 September 2018
Browse Various

The book tells of the founding of the Elven city of Gondolin, and is considered one of Tolkien's Lost Tales. A section in 1977's The Silmarillion was based on the Lost Tales.

At the time, many expected that book to be J.R.R. Tolkien's final published work. Christopher Tolkien even wrote in its preface that it was "(presumptively) my last book in the long series of my father's writings." But now, Entertainment Weekly reports, Christopher Tolkien has written that "The Fall of Gondolin is indubitably the last."

Hopefully it's not as lengthy and exhausting to read as the Silmarillion.

A fake billionaire is fooling people on Twitter

Found on BBC News on Tuesday, 28 August 2018
Browse Various

An account impersonating the 87-year-old American investor shot to social media fame on Saturday when it bagged almost 300,000 likes for its debut tweet.

Since then it has amassed close to two million likes for its personal, motivational, and inoffensive sound-bites.

Signs and warnings that the account is fake haven't stopped journalists and politicians from sharing the tweets.

If you're taking anything on Twitter as a fact, you should be fired.