Étiquette : vulnerability (Page 16 of 40)

2 juin 2020 /

StopCovid demande géolocalisation

“L’équipe derrière StopCovid se retrouve dans une position quelque peu étrange où elle doit promettre qu’elle n’utilise pas la géolocalisation, mais uniquement le Bluetooth (ce qui peut néanmoins être vérifié en analysant le code source du projet, celui-ci étant mis en ligne à des fins de transparence). Si les individus refusent cet accès, l’appli devient inutilisable. Toute la question est de savoir comment cette particularité sera reçue par le public, s’il a entendu à plusieurs reprises que la géolocalisation ne joue aucun rôle dans StopCovid, et qu’il découvre que l’application en a besoin, du fait des choix de l’équipe-projet en matière de traçage des contacts et de la manière dont a été construit Android.”

Source : StopCovid demande l’accès à la géolocalisation sur Android, mais s’engage à ne pas l’utiliser

21 avril 2020 /

“Apple and Alphabet Inc.’s Google are developing their own technology to help build contact-tracing apps. Their platform should become available to governments and public health authorities everywhere next month, according to an official in the French minister’s office. Still, the French are banking on a home-grown solution. France’s conflict with Apple is part of a broader debate about how much data such apps should collect and who should have access to it.”

Source : France Says Apple Bluetooth Policy Is Blocking Virus Tracker – Bloomberg

9 avril 2020 /

Header

“In principle, the concept of a « Corona App » involves an enormous risk due to the contact and health data that may be collected. At the same time, there is a chance for « privacy-by-design » concepts and technologies that have been developed by the crypto and privacy community over the last decades. With the help of these technologies, it is possible to unfold the epidemilogical potential of contact tracing without creating a privacy disaster. For this reason alone, all concepts that violate or even endanger privacy must be strictly rejected. In the following, we outline social and technical minimum requirements for such technologies. The CCC sees itself in an advisory and observation role in this debate. We will not recommend specific apps, concepts or procedures. We however advise against the use of apps that do not meet these requirements.”

Source : CCC | 10 requirements for the evaluation of « Contact Tracing » apps

4 avril 2020 /

“Facebook representatives approached controversial surveillance vendor NSO Group to try and buy a tool that could help Facebook better monitor a subset of its users, according to an extraordinary court filing from NSO in an ongoing lawsuit. Facebook is currently suing NSO for how the hacking firm leveraged a vulnerability in WhatsApp to help governments hack users. NSO sells a product called Pegasus, which allows operators to remotely infect cell phones and lift data from them.”

Source : Facebook Wanted NSO Spyware to Monitor Users, NSO CEO Claims – VICE

1 avril 2020 /

zoom-security-flaws

“Now that a large portion of the world is working from home to ride out the coronavirus pandemic, Zoom’s popularity has rocketed, but also has led to an increased focus on the company’s security practices and privacy promises. Hot on the heels of two security researchers finding a Zoom bug that can be abused to steal Windows passwords, another security researcher found two new bugs that can be used to take over a Zoom user’s Mac, including tapping into the webcam and microphone.”

Source : Ex-NSA hacker drops new zero-day doom for Zoom | TechCrunch

18 mars 2020 /

“We recently discovered a new strain of Android malware. The Trojan (detected as: Trojan-Spy.AndroidOS.Cookiethief) turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals’ server. This abuse technique is possible not because of a vulnerability in Facebook app or browser itself. Malware could steal cookie files of any website from other apps in the same way and achieve similar results.”

Source : Cookiethief: a cookie-stealing Trojan for Android | Securelist

11 mars 2020 /

a woman retrieving info from file catalouge

“For well over a decade, identity thieves, phishers, and other online scammers have created a black market of stolen and aggregated consumer data that they used to break into people’s accounts, steal their money, or impersonate them. In October, dark web researcher Vinny Troia found one such trove sitting exposed and easily accessible on an unsecured server, comprising 4 terabytes of personal information—about 1.2 billion records in all.”

Source : 1.2 Billion Records Found Exposed Online in a Single Server  | WIRED

11 mars 2020 /

https://no-flux.beaude.net/wp-content/uploads/2020/03/1582126936038-credit-card.jpeg

“Yodlee, the largest financial data broker in the U.S., sells data pulled from the bank and credit card transactions of tens of millions of Americans to investment and research firms, detailing where and when people shopped and how much they spent. The company claims that the data is anonymous, but a confidential Yodlee document obtained by Motherboard indicates individual users could be unmasked.”

Source : Leaked Document Shows How Big Companies Buy Credit Card Data on Millions of Americans – VICE

10 mars 2020 /

“Sensor Tower, a popular analytics platform for tech developers and investors, has been secretly collecting data from millions of people who have installed popular VPN and ad-blocking apps for Android and iOS, a BuzzFeed News investigation has found. These apps, which don’t disclose their connection to the company or reveal that they feed user data to Sensor Tower’s products, have more than 35 million downloads.”

Source : Sensor Tower Secretly Owns Ad Blocker And VPN Apps That Collect User Data

« Older posts Newer posts »

Archives

Catégories

© 2026 no-Flux

Theme by Anders NorenUp ↑