aggregator

Popular Weather App AccuWeather Caught Sending User Location Data, Even When Location Sharing is Off

Slashdot - Your Rights Online - Wt, 2017-08-22 20:40
Zack Whittaker, reporting for ZDNet: Popular weather app AccuWeather has been caught sending geolocation data to a third-party data monetization firm, even when the user has switched off location sharing. AccuWeather is one of the most popular weather apps in Apple's app store, with a near perfect four-star rating and millions of downloads to its name. But what the app doesn't say is that it sends sensitive data to a firm designed to monetize user locations without users' explicit permission. Security researcher Will Strafach intercepted the traffic from an iPhone running the latest version of AccuWeather and its servers and found that even when the app didn't have permission to access the device's precise location, the app would send the Wi-Fi router name and its unique MAC address to the servers of data monetization firm Reveal Mobile every few hours. That data can be correlated with public data to reveal an approximate location of a user's device. We independently verified the findings, and were able to geolocate an AccuWeather-running iPhone in our New York office within just a few meters, using nothing more than the Wi-Fi router's MAC address and public data.

Read more of this story at Slashdot.

Sonos Says Users Must Accept New Privacy Policy Or Devices May Cease To Function

Slashdot - Your Rights Online - Wt, 2017-08-22 18:00
An anonymous reader writes: Sonos has confirmed that existing customers will not be given an option to opt out of its new privacy policy, leaving customers with sound systems that may eventually "cease to function". It comes as the home sound system maker prepares to begin collecting audio settings, error data, and other account data before the launch of its smart speaker integration in the near future. A spokesperson for the home sound system maker told ZDNet that, "if a customer chooses not to acknowledge the privacy statement, the customer will not be able to update the software on their Sonos system, and over time the functionality of the product will decrease. The customer can choose to acknowledge the policy, or can accept that over time their product may cease to function."

Read more of this story at Slashdot.

Two-Factor Authentication Fail: Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency

Slashdot - Your Rights Online - Wt, 2017-08-22 17:25
Reader Cludge shares an NYT report: Hackers have discovered that one of the most central elements of online security -- the mobile phone number -- is also one of the easiest to steal. In a growing number of online attacks, hackers have been calling up Verizon, T-Mobile U.S., Sprint and AT&T and asking them to transfer control of a victim's phone number to a device under the control of the hackers. Once they get control of the phone number, they can reset the passwords on every account that uses the phone number as a security backup -- as services like Google, Twitter and Facebook suggest. "My iPad restarted, my phone restarted and my computer restarted, and that's when I got the cold sweat and was like, 'O.K., this is really serious,'" said Chris Burniske, a virtual currency investor who lost control of his phone number late last year. A wide array of people have complained about being successfully targeted by this sort of attack, including a Black Lives Matter activist and the chief technologist of the Federal Trade Commission. The commission's own data shows that the number of so-called phone hijackings has been rising. In January 2013, there were 1,038 such incidents reported; by January 2016, that number had increased to 2,658. But a particularly concentrated wave of attacks has hit those with the most obviously valuable online accounts: virtual currency fanatics like Mr. Burniske. Within minutes of getting control of Mr. Burniske's phone, his attackers had changed the password on his virtual currency wallet and drained the contents -- some $150,000 at today's values. Most victims of these attacks in the virtual currency community have not wanted to acknowledge it publicly for fear of provoking their adversaries. But in interviews, dozens of prominent people in the industry acknowledged that they had been victimized in recent months.

Read more of this story at Slashdot.

China Relaunches World's Fastest Train

Slashdot - Your Rights Online - Wt, 2017-08-22 09:00
China has decided to relaunch the world's fastest train service following a fatal crash in 2011, where the high speed train service reduced its upper limit from its then-record holding 350 km/h (217 miles/hour) to 250-300 km/h (155-186 miles/hour). Fortune reports: Government-controlled website Thepaper.cn reported that seven pairs of bullet trains will be operating under the name "Fuxing," meaning rejuvenation, according to the South China Morning Post. The trains will once again run at 350 km/h, with a maximum speed of 400 km/h (248 mph). It is reported that the train service will boast a monitoring system that will automatically slow the trains in case of emergency. The Beijing-Shanghai line will begin operating on 21 September and will shorten the nearly 820 mile journey by an hour, to four hours thirty minutes. Nearly 600 million people use this route each year, providing a reported $1 billion in profits . Other routes include Beijing-Tianjin-Hebei, which will begin operation today.

Read more of this story at Slashdot.

iPhone 8's 3D Face Scanner Will Work In 'Millionths of a Second'

Slashdot - Your Rights Online - Wt, 2017-08-22 05:30
According to a report by the Korea Herald, Apple's upcoming iPhone 8 will ditch the fingerprint identification in favor of 3D face recognition, which will work "in the millionths of a second." PhoneArena reports: The Samsung Galaxy series were among the first mainstream devices to feature iris recognition, but the speed and accuracy of the current technology leave a lot to be desired, and maybe that is why current phones ship with an eye scanner AND a fingerprint reader. The iPhone 8, on the other hand, is expected to make a full dive into 3D scanning. Both Samsung and Apple are rumored to have tried to implement a fingerprint scanner under the display glass, but failed as the technology was not sufficiently advanced. The new iPhone will also introduce 3D sensors on both its front and back for Apple's new augmented reality (AR) platform. This latest report also reveals that Apple will not use curved edges for its iPhone 8 screen, but will instead use a flat AMOLED panel. The big benefit of using AMOLED for Apple thus is not the curve, but its thinner profile compared to an LCD screen.

Read more of this story at Slashdot.

Third Party Trackers On Web Shops Can Identify Users Behind Bitcoin Transactions

Slashdot - Your Rights Online - Wt, 2017-08-22 02:20
An anonymous reader quotes a report from Help Net Security: More and more shopping websites accept cryptocurrencies as a method of payment, but users should be aware that these transactions can be used to deanonymize them -- even if they are using blockchain anonymity techniques such as CoinJoin. Independent researcher Dillon Reisman and Steven Goldfeder, Harry Kalodner and Arvind Narayanan from Princeton University have demonstrated that third-party online tracking provides enough information to identify a transaction on the blockchain, link it to the user's cookie and, ultimately, to the user's real identity. "Based on tracking cookies, the transaction can be linked to the user's activities across the web. And based on well-known Bitcoin address clustering techniques, it can be linked to their other Bitcoin transactions," they noted. "We show that a small amount of additional information, namely that two (or more) transactions were made by the same entity, is sufficient to undo the effect of mixing. While such auxiliary information is available to many potential entities -- merchants, other counterparties such as websites that accept donations, intermediaries such as payment processors, and potentially network eavesdroppers -- web trackers are in the ideal position to carry out this attack," they pointed out.

Read more of this story at Slashdot.

Meeting and Hotel Booking Provider's Data Found in Public Amazon S3 Bucket

Slashdot - Your Rights Online - Pn, 2017-08-21 21:20
Leaks of personal and business information from unsecured Amazon S3 buckets are piling up. From a report: The latest belongs to Groupize, a Boston-area business that sells tools to manage small group meetings as well as a booking engine that handles hotel room-block reservations. Researchers at Kromtech Security found a publicly accessible bucket containing business and personal data, including contracts and agreements between hotels, customers and Groupize, Kromtech said. The data included some credit card payment authorization forms that contained full payment card information including expiration data and CVV code. The researchers said the database stored in S3 contained numerous folders, below; one called "documents" held close to 3,000 scanned contracts and agreements, while another called all_leads had more than 3,100 spreadsheets containing critical Groupize business data including earnings. There were 37 other folders in the bucket containing tens of thousands of files, most of them storing much more benign data.

Read more of this story at Slashdot.

Supreme Court Asked To Nullify the Google Trademark

Slashdot - Your Rights Online - Pn, 2017-08-21 19:20
Is the term "google" too generic and therefore unworthy of its trademark protection? That's the question before the US Supreme Court. From a report: What's before the Supreme Court is a trademark lawsuit that Google already defeated in a lower court. The lawsuit claims that Google should no longer be trademarked because the word "google" is synonymous to the public with the term "search the Internet." "There is no single word other than google that conveys the action of searching the Internet using any search engine," according to the petition to the Supreme Court. It's perhaps one of the most consequential trademark case before the justices since they ruled in June that offensive trademarks must be allowed. The Google trademark dispute dates to 2012 when a man named Chris Gillespie registered 763 domain names that combined "google" with other words and phrase, including "googledonaldtrump.com."

Read more of this story at Slashdot.

UK.gov To Treat Online Abuse as Seriously as Hate Crime in Real Life

Slashdot - Your Rights Online - Pn, 2017-08-21 18:00
The UK's Crown Prosecution Service has pledged to tackle online abuse with the same seriousness as it does hate crimes committed in the flesh. From a report: Following public concern about the increasing amount of racist, anti-religious, homophobic and transphobic attacks on social media, the CPS has today published a new set of policy documents on hate crime. This includes revised legal guidance for prosecutors on how they should make decisions on criminal charges and handle cases in court. The rules officially put online abuse on the same level as offline hate crimes -- defined as an action motivated by hostility or prejudice -- like shouting abuse at someone face-to-face. They commit the CPS to prosecuting complaints about online material "with the same robust and proactive approach used with online offending." Prosecutors are told to consider the effect on the wider community and whether to identify both the originators and the "amplifiers or disseminators."

Read more of this story at Slashdot.

The Windows App Store is Full of Pirate Streaming Apps

Slashdot - Your Rights Online - Pn, 2017-08-21 16:00
Ernesto Van der Sar, reporting for TorrentFreak: When we were browsing through the "top free" apps in the Windows Store, our attention was drawn to several applications that promoted "free movies" including various Hollywood blockbusters such as "Wonder Woman," "Spider-Man: Homecoming," and "The Mummy." Initially, we assumed that a pirate app may have slipped past Microsoft's screening process. However, the 'problem' doesn't appear to be isolated. There are dozens of similar apps in the official store that promise potential users free movies, most with rave reviews. Most of the applications work on multiple platforms including PC, mobile, and the Xbox. They are pretty easy to use and rely on the familiar grid-based streaming interface most sites and services use. Pick a movie or TV-show, click the play button, and off you go. The sheer number of piracy apps in the Windows Store, using names such as "Free Movies HD," "Free Movies Online 2020," and "FreeFlix HQ," came as a surprise to us. In particular, because the developers make no attempt to hide their activities, quite the opposite.

Read more of this story at Slashdot.