My Weekly RoundUp #99

Big changes in Apple, and some issue for the NASA

Privacy

It’s the middle of the night. Do you know who your iPhone is talking to?

Apple says, “What happens on your iPhone stays on your iPhone.” Our privacy experiment showed 5,400 hidden app trackers guzzled our data — in a single week.

https://www.washingtonpost.com/technology/2019/05/28/its-middle-night-do-you-know-who-your-iphone-is-talking/?utm_term=.59204eceb89d

Google’s new reCAPTCHA has a dark side

For many years, this has been one of the predominant ways that reCaptcha—the Google-run internet bot detector—has determined whether a user is a bot or not. But last fall, Google launched a new version of the tool, with the goal of eliminating that annoying user experience entirely. Now, when you enter a form on a website that’s using reCaptcha V3, you won’t see the “I’m not a robot” checkbox, nor will you have to prove you know what a cat looks like. Instead, you won’t see anything at all.

https://www.fastcompany.com/90369697/googles-new-recaptcha-has-a-dark-side

Facebook Must Explain What it’s Doing With Your Phone Number

Like many others, PI were alarmed at recent reports that Facebook have been making mobile phone numbers (which users believed to be) provided for the express purpose of “two-factor authentication” (2FA) both searchable, and a target for advertising by default.
One of the myriad ways Facebook displays targeted adverts to users is through so-called “Custom Audiences”. These “custom audiences” are lists of contact details, including phone numbers and email addresses, uploaded by advertisers. Facebook then matches this “custom audience” with the details they hold, to target adverts at accounts associated with this contact information.

https://privacyinternational.org/report/3025/facebook-must-explain-what-its-doing-your-phone-number-update

Technology

Jony Ive Is Leaving Apple

The man who designed the iMac, the iPod, the iPhone—and even the Apple Store—is leaving Apple. Jony Ive announced in an interview with the Financial Times on Thursday that he was departing the company after more than two decades to start LoveFrom, a creative agency that will count Apple as its first client. The transition will start later this year, and LoveFrom will formally launch in 2020.

https://www.wired.com/story/jony-ive-leaves-apple/

Programming

The Rise and Fall of Visual Basic

For programming in 1988, QuickBASIC was magical. You could write code without clunky line numbers, catch syntax errors as you type, and launch your program straight from the development environment, no command-line nonsense required.

https://medium.com/young-coder/the-rise-and-fall-of-visual-basic-f422252349a6

Cybersecurity

New Excel vulnerability puts 120 million users at risk

The vulnerability will allow hackers to use Power Query to launch a remote Dynamic Data Exchange attack into an Excel spreadsheet. Not only that, but the vulnerability will also allow hackers to launch more sophisticated attacks involving malwares that can compromise the user’s machine as soon as the spreadsheet is opened.

https://www.mimecast.com/blog/2019/06/exploit-using-microsoft-excel-power-query-for-remote-dde-execution-discovered/

Hackers Squatted on Primary NASA Networks for 10 Months, Exfiltrated Data from 23 Files

Unknown hackers used a Raspberry Pi attached without authorisation to a NASA network at its Jet Propulsion Laboratory (JPL) to infiltrate — then move laterally across —NASA networks; exfiltrating 500MB of data, unnoticed, from 23 NASA files over a 10 month period.
The news is among the bleaker revelations for NASA’s security team in an damning security audit by the NASA Office of Inspector General (OIG) published this week, which reveals that the unknown attacker went on to successfully access two of the three primary JPL networks.

https://www.cbronline.com/news/nasa-network-hackers-raspberry-pi

ENISA Transforms to European Union Agency for Cybersecurity

The EU Cybersecurity Act came into force on June 27, 2019. The temporary European Union Agency for Network and Information Security (ENISA) has been replaced by the permanently mandated European Union Agency for Cybersecurity — same people, same place, but with a new name, a budget increased from €11 million to €23 million over a period of five years, and staffing levels allowed to rise by 50%.
With additional resources comes additional requirements. Key among these is involvement in a new EU Cybersecurity Certification Framework. “ENISA will have market related tasks,” commented the agency’s executive director, Udo Helmbrecht, “notably by preparing ‘European cybersecurity certification schemes’ that will serve as the basis for certification of ICT products, processes and services.”

https://www.securityweek.com/enisa-transforms-european-union-agency-cybersecurity

Tesla 3 navigation system fooled with GPS spoofing

Cybersecurity researchers have fooled the Tesla Model 3’s automatic navigation system into rapidly braking and taking a wrong turn on the highway.
Israeli firm Regulus Cyber spoofed signals from the Global Navigation Satellite System (GNSS), fooling the Tesla vehicle into thinking it was at the wrong location. The spoofing attack caused the car to decelerate rapidly, and created rapid lane-changing suggestions. It also made the car signal unnecessarily and try to exit the highway at the wrong place, according to the company’s report.

https://nakedsecurity.sophos.com/2019/06/27/researchers-fool-tesla-3-navigation-system-with-gps-spoofing/

Related posts

Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.