Direct messages are supposed to be private, but thanks to a Twitter bug, some apps can bust open your account and start accessing them anyway. Cesar Cerrudo, a security researcher, discovered a bug that allowed third-party applications to access his DMs. Unfortunately, he didn't give the name of the app and blacked out a screenshot proving his privacy was violated. Cerrudo, chief technical officer for IOActive, wrote that he is usually reluctant to sign in to applications using his Twitter or Facebook accounts due to "security implications," but needed to in order to test the software . . .
Twitter: Beware the App Bug
From The Daily Dot:
New Mega Site Launch Hits 1 Million Users on Day One
From The Next Web:
Mega, the new file sharing service from Kim Dotcom, has passed 1 million users, according to Kim Dotcom who spoke at the launch of the service at his mansion in New Zealand today.
We’re here on the ground , where the larger than life internet mogul is set to launch his latest venture officially. Mega is now open to the public, but Dotcom doesn’t do anything without some style so we’re here to see what he’s got up his sleeves.
Facebook Graph and the Problem of Discoverability
From EFF:
Facebook's Graph Search presents the problem of discoverability. One can have a good balance of privacy and openness if information is available, but not easily discoverable. You might not mind if people specifically interested in you look at your Likes, but you may not want to have a market researcher pull the list and add it to an ad targeting profile. You might be okay if a new person you met at a conference looks you up on Facebook, but you may not want a creepy guy searching through Facebook's loose networks to find someone to stalk. All of a sudden, what people once thought was shared only to their Facebook audience—whether friends, friends of friends, or member of the public with a specific reason to look you up—is now readily available via Graph Search. This feature has rolled everyone, by default, into a dating service ("Single females in San Francisco who like Radiohead") and a marketing database ("People under 25 who like Coca-Cola").
The Coming End of the Password?
From Wired:
In the future, they’d like things to get even easier, perhaps connecting to the computer via wireless technology.
Want an easier way to log into your Gmail account? How about a quick tap on your computer with the ring on your finger?
This may be closer than you think. Google’s security team outlines this sort of ring-finger authentication in a new research paper, set to be published late this month in the engineering journal IEEE Security & Privacy Magazine. In it, Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay outline all sorts of ways they think people could wind up logging into websites in the future — and it’s about time. . . .
Thus, they’re experimenting with new ways to replace the password, including a tiny Yubico cryptographic card that — when slid into a USB (Universal Serial Bus) reader — can automatically log a web surfer into Google. They’ve had to modify Google’s web browser to work with these cards, but there’s no software download and once the browser support is there, they’re easy to use. You log into the website, plug in the USB stick and then register it with a single mouse click.
They see a future where you authenticate one device — your smartphone or something like a Yubico key — and then use that almost like a car key, to fire up your web mail and online accounts.
In the future, they’d like things to get even easier, perhaps connecting to the computer via wireless technology.
Overcriminalization and the Criminal Congress
How many crimes do you commit every day? It is probably way more than you imagine. From Overcriminalized:
“Overcriminalization” describes the trend in America – and particularly in Congress – to use the criminal law to “solve” every problem, punish every mistake (instead of making proper use of civil penalties), and coerce Americans into conforming their behavior to satisfy social engineering objectives. Criminal law is supposed to be used to redress only that conduct which society thinks deserving of the greatest punishment and moral sanction.Sound far fetched? Consider the case of the Computer Fraud and Abuse Act. From Tech News Daily:
But as a result of rampant overcriminalization, trivial conduct is now often punished as a crime. Many criminal laws make it possible for the government to convict a person even if he acted without criminal intent (i.e., mens rea). Sentences have skyrocketed, particularly at the federal level.
The CFAA is a 1986 law, section 1030 of the federal criminal code, which makes any unauthorized access into a protected network or computer a federal crime and permits harsh penalties for those convicted.
But 1986 was a long time ago. Today, any Web server can be defined as a protected computer, and almost anything can be defined as unauthorized access. Use your roommate's Netflix account to watch movies on your iPad? You're violating the CFAA. Trim the URLs of articles on the New York Times website so you can read them for free? You're breaking federal law. Check your Facebook page at work, even if your employer forbids it? Better call your lawyer. . . .
To Robert Graham, chief executive officer of Errata Security in Atlanta, the CFAA is "hopelessly out of date, and can be used to prosecute anybody for almost anything."
"The issue is 'authorization,'" Graham said. "Back in 1986, everyone had to be explicitly authorized to use a computer with an assigned username and password.Of course, these laws only apply to the people and are rarely if ever used to prosecute ruling elites. The US Congress, for instance, is a hot bed of cyber criminality. From the Guardian:
"But today, with the Web, we access computers with reckless abandon without knowing whether we are authorized or not," he added. "When you click on a URL, you are technically in violation of the law as it was designed."
Employees of the US Congress were found to be downloading a host of television shows and movies illegally on congressional computers, according to a report by anti-piracy service ScanEye.It is time to put these criminals in prison and throw away the key.
The report shared by US News and World Reports showed that since early October, congressional employees have downloaded movies and television shows including The Walking Dead, The Dark Knight Rises and 30 Rock.
The report demonstrates that even though Congress has found itself at the forefront of measures to stop piracy, including the much-maligned Stop Online Piracy Act (Sopa), its staff do not always follow the legislators' lead. . . .
The blog TorrentFreak has found that IP addresses associated with the biggest players in the anti-piracy legislative campaign are used for illegal downloading. People at Hollywood studios, major record labels and the US department of homeland security have downloaded music, film and television on their employers' networks.
As TorrentFreak noted in a 2011 blogpost, Congress was illegally downloading television shows and self-help books around the same time some members were drafting Sopa.
You Are Being Monetized
From Forbes:
With Tuesday’s announcement of Graph Search, Facebook has confirmed what we’ve known all along: we users aren’t there to enjoy content as much as we are the content. That means we’re the products it intends to monetize. . . .
We are the product on Facebook, and the platform’s very premise depends on our willingness to share our lives openly (there’s lots of theology on why we should reveal everything about ourselves online, though it’s usually written by people who do no such thing). Graph Search will eventually provide more pages for advertising, perhaps ever-better keyed to whatever it is we’re searching for. Maybe brands will be given a way to crap out the results with sponsored links, so it could get even worse than all those recommendations you get now from friends who made the mistake of clicking on something. I’d bet on ads running down the sides of every page, too. . . .
Speech Recognition Coming to Web Apps
From Tech Crunch:
Google just launched the latest beta version of its Chrome browser (version 25) for the desktop and Android and this one is chock-full of new tools for developers. The most important update – and the one that Google chose to highlight – is the inclusion of the Web Speech API in Chrome. This, says Google, will allow developers to integrate speech recognition into their web apps so that “in the near future you’ll be able to talk apps into doing all sorts of things.”
Subscribe to:
Posts (Atom)