Privacy – Tech

2019/04/23

Tumblr – finally – enables HTTPS for all accounts

This post is by Zack Whittaker from TechCrunch

Click here to view on the original site: Original Post

Better late than never, Tumblr has rolled out HTTPS across its entire site.

In a brief post on Tumblr’s engineering page, the company said all Tumblr sites will now have the web encryption setting enabled by default, though it admitted the move was “long-overdue.”

Tumblr, which like TechCrunch is owned by Verizon, has 464 million users and at the time of writing ranks in at 44 of the top 100 sites based on Alexa traffic data. Until the HTTPS switchover, it was the highest ranked site that didn’t enable HTTPS across its entire site.

The rollout followed an earlier effort to switch the site over to HTTPS in 2017, but required users to enable the feature.

HTTPS — the ‘s’ stands for ‘secure’ — ensures the website or app you’re using is encrypted, ensuring nobody can intercept and steal your data or modify the website. Millions of websites have

Continue reading “Tumblr – finally – enables HTTPS for all accounts”

2019/04/23

Digging into key takeaways from our 2019 Robotics+AI Sessions Event

This post is by Arman Tabatabai from TechCrunch

Click here to view on the original site: Original Post

Extra Crunch offers members the opportunity to tune into conference calls led and moderated by the TechCrunch writers you read every day. This week, TechCrunch’s Brian Heater and Lucas Matney shared their key takeaways from our Robotics+AI Sessions event at UC Berkeley last week.

The event was filled with panels, demos and intimate discussions with key robotics and deep learning founders, executives and technologists. Brian and Lucas discuss which companies excited them most, as well as which verticals have the most exciting growth prospects in the robotics world.

“This is the second [robotics event] in a row that was done at Berkeley where people really know the events; they respect it, they trust it and we’re able to get really, I would say far and away the top names in robotics. It was honestly a room full of all-stars.

I think our Disrupt events are definitely skewed towards investors and

Continue reading “Digging into key takeaways from our 2019 Robotics+AI Sessions Event”

2019/04/22

A hotspot finder app exposed 2 million Wi-Fi network passwords

This post is by Zack Whittaker from TechCrunch

Click here to view on the original site: Original Post

A popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks.

The app, downloaded by thousands of users, allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use.

But that database of more than two million network passwords, however, was left exposed and unprotected, allowing anyone to access and download the contents in bulk.

Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch.

We spent more than two weeks trying to contact the developer, believed to be based in China, to no avail. Eventually we contacted the host, DigitalOcean, which took the database down within a day of reaching out.

“We notified the user and have taken the [server]

Continue reading “A hotspot finder app exposed 2 million Wi-Fi network passwords”

2019/04/21

What you missed in cybersecurity this week

This post is by Zack Whittaker from TechCrunch

Click here to view on the original site: Original Post

It’s been a busy week — it’s tough to keep up with all the cybersecurity news. We’ve collected some of the biggest cybersecurity stories from the week — from TechCrunch and afar — to keep you up to date with the latest hacks, privacy breaches and security stories you need to know.

Facebook now says its password leak affected ‘millions’ of Instagram users

TechCrunch: As all eyes were on attorney general William Barr giving his highly anticipated summary of the Mueller report out this week, Facebook was quietly updating a blog post it had published a month earlier, revising up the number of Instagram accounts affected by a years-long bug that stored passwords in plaintext. Facebook admitted that “millions” of accounts were affected and not “hundreds of thousands” as it had first estimated. It wasn’t a coincidence; it was a perfect opportunity for Facebook to bury bad news. CNN’s

Continue reading “What you missed in cybersecurity this week”

2019/04/17

Chipotle customers are saying their accounts have been hacked

This post is by Zack Whittaker from TechCrunch

Click here to view on the original site: Original Post

A stream of Chipotle customers have said their accounts have been hacked and are reporting fraudulent orders charged to their credit cards — sometimes totaling hundreds of dollars.

Customers have posted on several Reddit threads complaining of account breaches and many more have tweeted at @ChipotleTweets to alert the fast food giant of the problem. In most cases, orders were put through under a victim’s account and delivered to addresses often not even in the victim’s state.

Many of the customers TechCrunch spoke to in the past two days said they used their Chipotle account password on other sites. Chipotle spokesperson Laurie Schalow told TechCrunch that credential stuffing was to blame. Hackers take lists of usernames and passwords from other breached sites and brute-force their way into other accounts.

But several customers we spoke to said their password was unique to Chipotle. Another customer said they didn’t have an account

Continue reading “Chipotle customers are saying their accounts have been hacked”

2019/04/17

Evernote fixes macOS app bug that allowed remote code execution

This post is by Zack Whittaker from TechCrunch

Click here to view on the original site: Original Post

Evernote has fixed a vulnerability that could have allowed an attacker to run malicious code on a victim’s computer.

Dhiraj Mishra, a security researcher based in Dubai, reported the bug to Evernote on March 17. In a blog post showing his proof-of-concept, Mishra showed TechCrunch that a user only had to click a link masked as a web address, which would open a locally stored app or file unhindered and without warning.

Evernote spokesperson Shelby Busen confirmed the bug had been fixed, and said the company “appreciates” the contributions from security researchers.

The researcher ‘popped calc’ as a way to demonstrate a remote code execution bug in Evernote (Image: supplied)

MITRE, the vulnerability database keeper, issued an advisory under CVE-2019-10038.

The bug could allow an attacker to remotely run malicious commands on any macOS computer with Evernote installed. Since the fix went into effect, Evernote now warns users

Continue reading “Evernote fixes macOS app bug that allowed remote code execution”

2019/04/16

Security flaw in EA’s Origin client exposed gamers to hackers

This post is by Zack Whittaker from TechCrunch

Click here to view on the original site: Original Post

Electronic Arts has fixed a vulnerability in its online gaming platform Origin after security researchers found they could trick an unsuspecting gamer into remotely running malicious code on their computer.

The bug affected Windows users with the Origin app installed. Tens of millions of gamers use the Origin app to buy, access and download games. To make it easier to access an individual game’s store from the web, the client has its own URL scheme that allows gamers to open the app and load a game from a web page by clicking a link with origin:// in the address.

But two security researchers, Daley Bee and Dominik Penner of Underdog Security, found that the app could be tricked into running any app on the victims computer.

“An attacker could’ve ran anything they wanted,” Bee told TechCrunch.

‘Popping calc’ to demonstrate a remote code execution bug in Origin. (Image: supplied)

Continue reading “Security flaw in EA’s Origin client exposed gamers to hackers”

2019/04/16

TikTok downloads banned on iOS and Android in India over porn and other illegal content

This post is by Ingrid Lunden from TechCrunch

Click here to view on the original site: Original Post

TikTok, the user-generated video sharing app from Chinese publisher Bytedance that has been a global runaway success, has stumbled hard in one of the world’s biggest mobile markets, India, over illicit content in its app.

Today, the country’s main digital communications regulator, the Ministry of Electronics and Information Technology, ordered both Apple and Google to remove the app from its app stores, per a request from High Court in Madras after the latter investigated and determined that the app — which has hundreds of millions of users, including minors — was encouraging pornography and other illicit content.

This is the second time in two months that TikTok’s content has been dinged by regulators, after the app was fined $5.7 million by the FTC in the US over violating child protection policies.

The order in India does not impact the 120 million users in the country who already have the

Continue reading “TikTok downloads banned on iOS and Android in India over porn and other illegal content”

2019/04/13

Spy on your smart home with this open source research tool

This post is by Natasha Lomas from TechCrunch

Click here to view on the original site: Original Post

Researchers at Princeton University have built a web app that lets you (and them) spy on your smart home devices to see what they’re up to.

The open source tool, called IoT Inspector, is available for download here. (Currently it’s Mac OS only, with a wait list for Windows or Linux.)

In a blog about the effort the researchers write that their aim is to offer a simple tool for consumers to analyze the network traffic of their Internet connected gizmos. The basic idea is to help people see whether devices such as smart speakers or wi-fi enabled robot vacuum cleaners are sharing their data with third parties. (Or indeed how much snitching their gadgets are doing.)

Testing the IoT Inspector tool in their lab the researchers say they found a Chromecast device constantly contacting Google’s servers even when not in active use.

A Geeni smart bulb was

Continue reading “Spy on your smart home with this open source research tool”

2019/04/12

Prevent Amazon From Eavesdropping On Your Alexa Conversations

This post is by Brendan Hesse from Lifehacker

Click here to view on the original site: Original Post

Fun fact: Snippets of your Alexa conversations may be heard and read by thousands of Amazon employees. According to recent reports, Amazon has an international team of employees who work to help Alexa better understand your many commands and develop new ways for the AI to interact with users. This requires them to…

Instagram bug showed Stories to the wrong people

This post is by Josh Constine from TechCrunch

Click here to view on the original site: Original Post

Today in “Facebook apps are too big to manage”, a glitch caused some users’ Instagram Stories trays to show Stories from people they don’t follow.

TechCrunch first received word of the problem from Twitter user InternetRyan who was confused about seeing strangers in his Stories Tray and tagged me in to investigate. The screenshots below show people in his Stories tray who he doesn’t follow, as proven by the active Follow buttons on their profiles. TechCrunch inquired about the issue, and 22 hours later Instagram confirmed that a bug was responsible and it had been fixed.

Instagram is still looking into the cause of the bug but says it was solved within hours of being brought to its attention. Luckily, if users clicked on the profile pic of someone they didn’t follow in Stories, Instagram’s privacy controls kicked it and wouldn’t display the content. Facebook Stories wasn’t impacted. But

Continue reading “Instagram bug showed Stories to the wrong people”

2019/04/10

How to stop robocalls spamming your phone

This post is by Zack Whittaker from TechCrunch

Click here to view on the original site: Original Post

No matter what your politics, beliefs, or even your sports team, we can all agree on one thing: robocalls are the scourge of modern times.

These unsolicited auto-dialed spam calls bug you dozens of times a week — sometimes more — demanding you “pay the IRS” or pretend to be “Apple technical support.” Even the now-infamous Chinese embassy scam, recently warned about by the FBI, has gained notoriety. These robocallers spoof their phone number to peddle scams and tricks — but the calls are real. Some 26 billion calls in 2018 were robocalls — up by close to half on the previous year. And yet there’s little the government agency in charge — the Federal Communications Commission — can do to deter robocallers, even though it’s illegal. Although the FCC has fined robocallers more than $200 million in recent years but collected just $6,790 because the agency lacks

Continue reading “How to stop robocalls spamming your phone”

2019/04/09

Proposed bill would forbid big tech platforms from using dark pattern design

This post is by Taylor Hatmaker from TechCrunch

Click here to view on the original site: Original Post

A new piece of bipartisan legislation aims to protect people from one of the sketchiest practices that tech companies employ to subtly influence user behavior. Known as “dark patterns,” this dodgy design strategy often pushes users toward giving up their privacy unwittingly and allowing a company deeper access to their personal data.

To fittingly celebrate the one year anniversary of Mark Zuckerberg’s appearance before Congress, Senators Mark Warner (D-VA) and Deb Fischer (R-NE) have proposed the Deceptive Experiences To Online Users Reduction (DETOUR) Act. While the acronym is a bit of a stretch, the bill would forbid online platforms with more than 100 million users from “relying on user interfaces that intentionally impair user autonomy, decision-making, or choice.”

“Any privacy policy involving consent is weakened by the presence of dark patterns,” Senator Fischer said of the proposed bipartisan bill. “These manipulative user interfaces intentionally limit understanding

Continue reading “Proposed bill would forbid big tech platforms from using dark pattern design”

2019/04/09

Facebook agrees to clearer T&Cs in Europe

This post is by Natasha Lomas from TechCrunch

Click here to view on the original site: Original Post

Facebook has agreed to amend its terms and conditions under pressure from EU lawmakers.

The new terms will make it plain that free access to its service is contingent on users’ data being used to profile them to target with ads, the European Commission said today.

“The new terms detail what services, Facebook sells to third parties that are based on the use of their user’s data, how consumers can close their accounts and under what reasons accounts can be disabled,” it writes.

Although the exact wording of the new terms has not yet been published, and the company has until the end of June 2019 to comply — so it remains to be seen how clear is ‘clear’.

Nonetheless the Commission is couching the concession as a win for consumers, trumpeting the forthcoming changes to Facebook’s T&C in a press release in which Vera Jourová, commissioner for justice, consumers

Continue reading “Facebook agrees to clearer T&Cs in Europe”

2019/04/08

A powerful spyware app now targets iPhone owners

This post is by Zack Whittaker from TechCrunch

Click here to view on the original site: Original Post

Security researchers have discovered a powerful surveillance app first designed for Android devices can now target victims with iPhones.

The spy app, found by researchers at mobile security firm Lookout, said its developer abused their Apple-issued enterprise certificates to bypass the tech giant’s app store to infect unsuspecting victims.

The disguised carrier assistance app once installed can silently grab a victim’s contacts, audio recordings, photos, videos and other device information — including their real-time location data. It can be remotely triggered to listen in on people’s conversations, the researchers found. Although there was no data to show who might have been targeted, the researchers noted that the malicious app was served from fake sites purporting to be cell carriers in Italy and Turkmenistan.

Researchers linked the app to the makers of a previously discovered Android app, developed by the same Italian surveillance app maker Connexxa, known to be in

Continue reading “A powerful spyware app now targets iPhone owners”

2019/04/08

Europe to pilot AI ethics rules, calls for participants

This post is by Natasha Lomas from TechCrunch

Click here to view on the original site: Original Post

The European Commission has announced the launch of a pilot project intended to test draft ethical rules for developing and applying artificial intelligence technologies to ensure they can be implemented in practice.

It’s also aiming to garner feedback and encourage international consensus building for what it dubs “human-centric AI” — targeting among other talking shops the forthcoming G7 and G20 meetings for increasing discussion on the topic.

The Commission’s High Level Group on AI — a body comprised of 52 experts from across industry, academia and civic society announced last summer — published their draft ethics guidelines for trustworthy AI in December.

A revised version of the document was submitted to the Commission in March. It’s boiled the expert consultancy down to a set of seven “key requirements” for trustworthy AI, i.e. in addition to machine learning technologies needing to respect existing laws and regulations — namely:

Human agency and

Continue reading “Europe to pilot AI ethics rules, calls for participants”

2019/04/08

UK sets out safety-focused plan to regulate Internet firms

This post is by Natasha Lomas from TechCrunch

Click here to view on the original site: Original Post

The UK government has laid out proposals to regulate online and social media platforms, setting out the substance of its long-awaited White Paper on online harms today — and kicking off a public consultation.

The Online Harms White Paper is a joint proposal from the Department for Digital, Culture, Media and Sport (DCMS) and Home Office.

It follows the government announcement of a policy intent last May, and a string of domestic calls for greater regulation of the Internet as politicians have responded to rising concern about the mental health impacts of online content.

The government is now proposing to put a mandatory duty of care on platforms to take reasonable steps to protect their users from a range of harms — including but not limited to illegal material such as terrorist and child sexual exploitation and abuse which will be covered by further stringent requirements under the plan.

Continue reading “UK sets out safety-focused plan to regulate Internet firms”

2019/04/04

Startup Law A to Z: Regulatory Compliance

This post is by Daniel McKenzie from TechCrunch

Click here to view on the original site: Original Post

Startups are but one species in a complex regulatory and public policy ecosystem. This ecosystem is larger and more powerfully dynamic than many founders appreciate, with distinct yet overlapping laws at the federal, state and local/city levels, all set against a vast array of public and private interests. Where startup founders see opportunity for disruption in regulated markets, lawyers counsel prudence: regulations exist to promote certain strongly-held public policy objectives which (unlike your startup’s business model) carry the force of law.

Snapshot of the regulatory and public policy ecosystem. Image via Law Office of Daniel McKenzie

Although the canonical “ask forgiveness and not permission” approach taken by Airbnb and Uber circa 2009 might lead founders to conclude it is strategically acceptable to “move fast and break things” (including the law), don’t lose sight of the resulting lawsuits and enforcement actions. If you look closely at Airbnb and Uber today, each

Continue reading “Startup Law A to Z: Regulatory Compliance”

2019/04/04

Thousands of ‘take action’ messages to lawmakers exposed by political advocacy giant

This post is by Zack Whittaker from TechCrunch

Click here to view on the original site: Original Post

If you emailed your local or federal lawmaker in the last couple of years about legislative reform, there’s a good chance you sent your message through a form built by a little-known Washington D.C.-based political group.

VoterVoice says its “grassroots advocacy system” allows lobbying firms and groups to alert concerned citizens about hot-topic issues — as well as messaging their lawmakers as part of a coordinated campaigns. To most, it’s little more than filling out a form on a website with a prewritten statement, sign your name, and hit send. The company says to date more than 21 million people have sent 36 million messages.

But the company’s exposed storage server has exposed hundreds of thousands of email addresses and other campaign data.

Security researcher John Wethington found the exposed storage server and passed details to TechCrunch in an effort to get the data secured. Despite efforts, VoterVoice

Continue reading “Thousands of ‘take action’ messages to lawmakers exposed by political advocacy giant”