Tracking President Trump with cellphone location data, Greta-Thunberg-themed malware, SharePoint patch, and more Here's a catch-up of security news beyond everything else we've covered. Nearly 300 million Facebook profiles scraped, dumped online Once again a huge number of Facebook users have had their details lifted from their profiles, a fact that came to light when security researchers were scanning for open databases online. …
"The case highlights the egregious way in which telcos in the US are profiting from selling off location data to almost anyone with the money. "
Did you actually read the (very interesting) article? Cause it was talking about companies like foursquare, since the telcos are bound to rules after some fiasco..
Quote: "The data reviewed by Times Opinion didn’t come from a telecom or giant tech company, nor did it come from a governmental surveillance operation. It originated from a location data company, one of dozens quietly collecting precise movements using software slipped onto mobile phone apps. You’ve probably never heard of most of the companies "
Why I understand the joke, they are probably targeting a demographic which is a more remunerative target, there's a good chance they are in the upper percentiles of wealth, and they still have $$$$$$ to steal/scam even after they got their expensive toys. Or you can get access to systems of people in higher positions within a company, from where more remunerative attacks can be launched, or more useful information gathered
Targeting Linux won't give you the same chances of getting into something valuable.
>... they are probably targeting a demographic which is a more remunerative target, there's a good chance they are in the upper percentiles of wealth
Or, targeting a demographic which is a more remunerative target, there's a good chance they are in the lower percentiles of savvyness
>access to systems of people in higher positions within a company,
There are a few people of that sort, but most who use computers use ones designed for function over form.
And the few Apple users are more likely to be easily scammed by those focussed
>remunerative attacks can be launched, or more useful information gathered
>Targeting Linux won't give you the same chances of getting into something valuable.
Because that target tends to be smarter than the average bear.
"Don't think I've heard that one before, it's usually 'Mac's don't get viruses'.
Really? I've seen the 'Get a Mac' advice frequently when normal users moan about all this malware they seem to be infected with, many of them don't care to learn the difference between malware & virus.
They just want a machine they can carry on using as they are now without fear of getting infected by <whatever>
I remember when Apple were doing their big campaign based on Macs not getting viruses. Some virus author wrote that this was because it wasn't worth writing viruses for Macs, as the market share was so small they couldn't propagate properly. If Macs do now have viruses, it appears this was true and they've been nobbled by their own success.
How can anybody nowadays say "We take your ... very seriously" with a straight face, when almost everyone knows it means the exact opposite?
"Your call is very important to us. (Please wait till the heat death of the universe.)"
"Your security/privacy are very important to us. (But we aren't sorry for selling your data or losing your credit card details, sucker.)"
"Customer satisfaction is our highest priority. (Here is the series of hoops to jump through. Some of them on fire!)"
and so on.
At least we now have firm confirmation that natural languages are about nothing in particular and most are about the opposite of the meaning of any words anyway.
With that knowledge, we can now redefine the natural language as giving meaning again, just assume the opposite and all is well. That is, until we start using the inverse of the inverse again after some time. Then we can assume that the inverse of the inverse is defined as undefined. And the opposite of undefined is, of course, [file not found]. Therefore, the world is still in balance because nobody gives a shit anyway what they were saying in the first place and all can hide behind the-computer-did-it for any and all mistakes.
That is a nice thought for the weekend...
How can anybody nowadays say "We take your ... very seriously" with a straight face
Everyone doesn't have a choice. The malware was (only) discovered in December 2019 but it was inserted in Wawa's system back in March 2019 (that's what they said).
NINE MONTHS before it was discovered.
Everyone has to say "we take <BLAH> seriously" otherwise the lawyers will come knockin'.
> The malware was (only) discovered
True, but I wasn't speaking about them specifically. That "We take your ... very seriously" is a standard phrase we've heard dozens of times in the last years, every time a big SNAFU was unveiled. It's a generic soothing mantra, not a statement about a given situation. It's of the same condescending and noncommittal family as the "Don't worry your little heads about this...".
.
> Everyone has to say "we take <BLAH> seriously"
While I admit the necessity of making a statement, I don't agree on the wording. I would simply say something along the lines of "Sorry, we messed up (or got caught with our pants down), we will try to make sure this won't happen again". Something a normal human would say. The standardized and clearly dishonest mantra about valuing the customer is really insulting.
I don't know, maybe there are indeed people naive enough to actually feel flattered by those cookie-cutter lies, but I'm sure the vast majority just feels made fun of, because what counts is the everyday actions, not the once-in-a-while-when-hard-pressed declarations of eternal love and commitment.
You should assume that any mobile app that you allow to access your location will be selling your location stream on.
There is already an active global market for this data and several companies offering analysis as a service on top of these streams. It is mostly aimed at ad slingers to price real world advertising space based on the type of audience that walks past etc. But this stuff is cheap and they are often happy to give out large free samples to get their clients hooked.
As pointed out in the article, these streams are trivial to de-anonymise, especially in lower density areas. I would be surprised if scumbags are not already doing this to support phishing and blackmail etc.
Think twice before tapping on “allow access to your location”...
I've learned firsthand how navigation apps are becoming a necessary evil. Ending up in the middle of nowhere in unfamiliar territory, no maps available and so on. Getting a bearing, then figuring out where someplace familiar is located, that alone is what I call useful.
I agree with the sentiment. On the other hand, getting robbed and killed is rarely a necessary part of something people want. Whereas tracking…
Even discounting the idiots who cannot find a store across the street without GPS, lots of services can only really work by identifying you, getting your location and cross-referencing it with some big database (i.e. sending it somewhere ‘to the cloud’). Often even not keeping history of locations would break them, to varying degree.
I do not use any such service (in fact do not even carry any phone most of the time), but many people do and do like them. Trying to forbid the tracking part of tracking may prove rather unpopular (read: impossible). You can forbid by law the data selling part – and it should be forbidden. But will it be enough?
The biggest problem isn't when an application honestly needs tracking to work... the problem is storing the data--especially for indefinite periods of time--and then selling this data to organizations who use it for nefarious purposes. This is what needs to be controlled.
Yes, there are other things which track your location. Security cameras, security badges, Amazon Fire devices, some laptops/tablets, e-watches, credit card use, even your car keeps a record of your movements. Again, how is this information stored and who is the information sold to?
You may be shocked to find out the biggest sellers of information isn't the telecos, it's credit companies. You apply for a loan, use a credit/debit card... almost all of the information is put into a database. What you bought, from where, etc.
Someone can find out your purchasing habits, approximate income, political affiliation, brand loyalty--on and on.
The article is well worth the read. I was left with the warm fuzzy feeling there are still journalist that care about our privacy. All may not be lost yet...
...and then I opened the web debugger and saw all the network requests to all sorts of different domains. Turns out they are contributing to this whole endless tracking habit as much as everyone else. We've build an entire economy around this, it's not going away unless we loose our addiction to 'free' content.
The Emotet malware is doing the rounds again, this time by exploiting the popularity of climate activist Greta Thunberg.
I thought GRETA *WAS* MALWARE!! Except, in HER case, the "fleshy" kind.
Given Thunberg's DOOMberg's popularity with youngsters who will have to deal with adverse climate change
NO, they will *NOT*. So-called man-made "Climate Change" is *NOT* a foregone conclusion! OT to discuss why, So I'll erase what I wrote.
Seriously, though, I "feel no pain" for anyone who downloads "the Greta malware". Serves y'all right, heh heh heh.
The best 'Greta' comic/parody/snark I've seen so far shows Mother Nature giving Greta a spanking and saying things like "It's called WEATHER" and "CO2 is good for plants". Meanwhile, while getting spanked, Greta's screaming out "HOW DARE YOU". Perfect!
(Greta is an example of what happens when children try to take on the adults, and too many people LET THEM or even ENABLE THEM. It's the job of the ADULTS to SPANK THEM when they try!!! 'Lord of the Flies' is a good example of that taken to its extreme. Children need PARENTS who say NO. And once a "child" goes in front of the UN, Congress, and the world, and ends up on magazine covers, for DOING that kind of CRAP, the gloves come OFF)
Was watching The Crown where the much respected Churchill denies the impact on London's air due to the burning of huge amounts of coal. He just calls it "Weather". Finally backs down when he realized someone close to him gets killed AND he could make political capital out of the situation.
I bet the oil companies haven't figured out how to take advantage of the climate crises; the moment they do they will be screaming 'Global Warming cause neutrons to fall apart".
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
