My Weekly RoundUp #103

Last weekly roundup before my vacation: my last respect to an iconic actor, some privacy troubles for Apple Siri and a new interesting production from Hulu.

INBOX

Regarding GDPR CLI (a command line tool for checking websites GDPR compliancy), Lucy asks:

How do I install it on Windows?

Pretty simple, Lucy: GDPR CLI is developed using NodeJs, which you need to install on your Windows system.

So, first download the windows installer, according with your system’s architecture: https://nodejs.org/it/download/

Then, start install process and take a look on options: you need to also install the package manager (NPM):

Finally, start the tool installation using NPM.


Privacy

New week, new privacy concern…

Siri recordings ‘regularly’ sent to Apple contractors for analysis, claims whistleblower

Apple has joined the dubious company of Google and Amazon in secretly sharing with contractors audio recordings of its users, confirming the practice to The Guardian after a whistleblower brought it to the outlet. The person said that Siri queries are routinely sent to human listeners for closer analysis, something not disclosed in Apple’s privacy policy.
The recordings are reportedly not associated with an Apple ID, but can be several seconds long, include content of a personal nature and are paired with other revealing data, like location, app data and contact details.
Like the other companies, Apple says this data is collected and analyzed by humans to improve its services, and that all analysis is done in a secure facility by workers bound by confidentiality agreements. And like the other companies, Apple failed to say that it does this until forced to.

https://techcrunch.com/2019/07/26/siri-recordings-regularly-sent-to-apple-contractors-for-analysis-claims-whistleblower/

Cybersecurity

A couple of interesting attack techniques…

Rare Steganography Hack Can Compromise Fully Patched Websites

Attackers are hiding PHP scripts in EXIF headers of JPEG images to hack websites, just by uploading an image.
According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP code into JPEG files’ EXIF headers in order to upload malware onto targeted websites.
Hiding malware in an image file is a well-known way to circumvent detection –many filters and gateways let image file formats pass without too much scrutiny. But the unique benefit of this specific technique is that it can be used to compromise even a fully patched, up-to-date website with no obvious vulnerabilities – just by uploading an image to a website.
“PHP provides a nice function that allows you to read out and parse EXIF data, so if you target a website that allows you to upload images and also uses PHP scripts, you can essentially upload any malware you want,” explained Karl Sigler, a security research manager at Trustwave SpiderLabs.

https://threatpost.com/rare-steganography-hack-can-compromise-fully-patched-websites/146701/

Hackers Inject Multi-Gateway Card Skimmer via Fake Google Domains

Attackers are using fake Google domains spoofed with the help of internationalized domain names (IDNs) to host and load a Magecart credit card skimmer script with support for multiple payment gateways.
The attack was detected after the owner of a website had its domain blacklisted by McAfee’s SiteAdvisor service, with the Sucuri security research discovering after taking a closer look that the culprit was a JavaScript-based payment card skimmer injected within the site.
“Our investigation revealed that the site had been infected with a credit card skimmer loading JavaScript from the malicious internationalized domain google-analytîcs[.]com (or xn--google-analytcs-xpb[.]com in ASCII),” Sucuri’s research team found

https://www.bleepingcomputer.com/news/security/hackers-inject-multi-gateway-card-skimmer-via-fake-google-domains/

Programming

Do you know IMPORTHTML() in GoogleSheets?

https://xkcd.com/2180/

SciFi

I’ve seen things you people wouldn’t believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhäuser Gate. All those moments will be lost in time, like tears in rain. Time to die.

https://en.wikipedia.org/wiki/Tears_in_rain_monologue

Rutger Hauer, genre actor and Blade Runner icon, has died at 75

Hauer starred as a leading man in Dutch TV series and films before starring alongside Sylvester Stallone in 1981’s Nighthawks. He soon became a staple of ’80s genre films, appearing in Blade Runner, Ladyhawke, and The Hitcher, among others.
Later in his career, he played a recurring role in Batman Begins, Sin City, the HBO series True Blood, and numerous lower-budget genre films such as The Scorpion King 4 and Dracula 3D. He also voiced Master Xehanort in the 2019 video game Kingdom Hearts III.
Hauer was an outspoken environmentalist and the founder of an AIDS awareness organization, to which he committed proceeds from an autobiography he wrote and published in 2007. He is survived by his spouse, a daughter, and grandchildren.

https://arstechnica.com/gaming/2019/07/rutger-hauer-genre-actor-and-blade-runner-icon-has-died-at-75/

Hauer’s agent, Steve Kenis, confirmed the news and said that Hauer’s funeral was held Wednesday.
His most cherished performance came in a film that was a resounding flop on its original release. In 1982, he portrayed the murderous yet soulful Roy Batty, leader of a gang of outlaw replicants, opposite Harrison Ford in Ridley Scott’s sci-fi noir opus “Blade Runner.” The picture became a widely influential cult favorite, and Batty proved to be Hauer’s most indelible role.

More recently, he appeared in a pair of 2005 films: as Cardinal Roark in “Sin City,” and as the corporate villain who Bruce Wayne discovers is running the Wayne Corp. in Christopher Nolan’s “Batman Begins.”

In “True Blood,” he played Niall Brigant, the king of the tribe from which the Stackhouse family is descended and the faerie grandfather to Sookie, Jason Stackhouse and Hunter Savoy. Hauer also recurred on ABC’s medieval musical comedy “Galavant” as Kingsley in 2015.

https://variety.com/2019/film/news/rutger-hauer-dead-dies-blade-runner-co-star-1203278050/

So long, and thanks for all episodes!

Hulu is developing a Hitchhiker’s Guide to the Galaxy TV series

Douglas Adams’ comedic science fiction classic The Hitchhiker’s Guide to the Galaxy is getting a new version. Deadline reports that Hulu is developing an adaptation of the radio drama and novel with Lost’s Carlton Cuse and Wonder Woman’s Jason Fuchs.
Deadline says that the series will be a “modern updating of the story,” which follows an earthling named Arthur Dent who discovers that his house is being destroyed to make way for a highway bypass and that the Earth is in the same situation. He’s rescued by an alien named Ford Prefect, a writer for a galactic encyclopedia called The Hitchhiker’s Guide to the Galaxy

https://www.theverge.com/2019/7/24/20726429/hulu-hitchhikers-guide-to-the-galaxy-tv-series-carlton-cuse-disney-douglas-adams

Related posts

Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.