Image Credit: Fox Broadcasting
UPnP'd: The Litany Of Ports 139 and 445
Image Credit: Microsoft Corporation
Rather Than Focusing On Fixing Lame Windows Update System, Microsoft CEO Targets New Electronic Cricket Bat
Smart Move - Satya - Smart Move Now, what was it you were going to do about the October Creators Update for Windows 10 nagging problem of deleting user documents and other files en mass? Was this a redirection marketing tactic to deflect attention from the recent rash of Microsft Windows Update failures plaguing Redmond; or is it a Lack of Focus Mr. Nadella? (Update: News from Martin Brinkmann at GHacks that the file deletion issue is reportedly fixed). To be fair, an inability to service operating system updates robustly is not just a Microsoft Corporation (Nasdaq: MSFT) failure, this SNAFU is a hallmark of the so-called Android 'ecosystem' as well. Oh, and I'm a cricket fan as well. Enjoy.
Wait, What, Why? Google Takes WWW Away... →
News, via Lawrence Abrams, writing at Bleeping Computer, of the latest hare-brained scheme popping out of the roiling, hot, bubbling diverse-cultural motile known as the Chrome development teaam. Read and Weep my friends, for the Minimlization that apparently never ends.
Black Hat: The Exposed
News, via Ionut Ilascu, writing at Bleeping Computer, of an apparent Black Hat Attendee Data Leakage SNAFU. Who needs so-called Cyberthis or Cyberthat, when information security's premier event can't safeguard the attending information security professional's data? The flaw was discovered by NinjaStyle in a superb blog post: 'How I Hacked BlackHat 2018: Enumerating registered BlackHat attendees with the BCard API'. Security: Heal Thyself. H/T
Facebook+CambridgeAnalytica = Facebookery At It's Finest
via Graham Cluely's timely security blog, comes the story of Carole Cadwalladr whom, in her day job, is famous for her highly competent reportage at The Guardian. The specific reporting series is here. Detailing not-so-secret fundamental security and privacy flaws; all combined into a porridge with both blatant stupudity and greed as spices, in which, the aforementioned porridge turns out to be a not-so-tasty dish for Facebook Inc. (NASDAQ: FB) and Cambridge Analytica (now in receivership)... If you spend any time contemplating the evil that is Facebook, read Carole Cadwalladr's work and you'll experience a Silicon Valley revelation (perhaps some avocado toast will calm you down). Today's Must Read!
Facebookery: The Fourteen Million →
News, via Dan Goodin - writing at ArsTechnica - of an apparent dev team screwup at Facebook Inc. (Nasdaq: FB). In which, the crack-dev-team at the purveyor of user data managed to introduce a pernicious flaw in the Detritus (also known as the Company's 'Code', or 'Intellectual Property') that happily exposed the posts of 14 million of the company's 'Subjects'(also known as 'Users') to one and all. What happended to 'Code Review' (also known as 'Looking for Developer Screwups' or 'Application Testing' also known as 'Testing for Developer Screwups'? Nary a peep from the Facebook Security Team on this one; and in summation: Where's the Apology, Chairman Zuckerberg?
"The bug occurred as Facebook developers were creating a new way to share photos and other featured items in user profiles. In the process, the developers accidentally suggested all new posts be set to public, rather than just the featured items." - via Dan Goodin writing at ArsTechnica
Buys your location data, doesn't seek permission... Time to call your attorney!
AT&T, Verizon, T-Mobile, AT&T, Sprint: We're Selling Your Location Data To Prison Tech Company. Nothing To See Here!
via Zack Whittaker, writing at ZDNet's Zero Day, exposes the selling of mobile device location data (for all customers) to a prison technology-focused organization monikered 'Securus. Where's the consent? H/T
Microsoft Now Supports Cryptomining In Excel... →
via Graham Cluley, comes news of a highly questionable decision made by Microsoft Corporation (Nasdaq: MSFT) developers to begin offering JavaScript support in the company's flagship spreadsheet bits.
'Right now, JavaScript in Excel custom functions is only supported in the Developer Preview edition to Office 365 subscribers enrolled in the Office Insiders program. But it seems inevitable that in the not too distant future it will be available in more widely-used versions of Excel as well.' - via Graham Cluley
Starbucks Moves From Coffee Purveyor to Surveillance Company →
via Bob Sullivan, reporting for Geekwire, comes news of Starbucks Corporation (Nasdaq: SBUX) efforts to collect personal data from WiFi users. In reality, you can be certain the company has been collecting personally identifiable data (PII) for years... Soon, your caffiene mantra will be - 'I'll have a Caramel Macchiato, Venti, Skim, Extra Shot, Extra-Hot, Extra-Whip, Sugar-Free, extra PII to go'...
Blatant & Pervasive Incompetencies, Recent History of →
Recalling other crisis management fails - in the wake of Facebook's stunning (and probably feigned) ignorance of data exfiltration on their own platform: Via the obviously talented Michael Grothaus, whilst writing at Fast Company, comes this interesting recent history of crisis management at companies-of-note. You will - I am certain - notice a recurring theme of fathomless lack of intellectual capacity. Today's Must Read and filed under 'Blatant Stupidity'. Enjoy!
Arthur Dent and His Towel
Eurononsense: Hitchhikers Guide To The End Of Planet WHOIS →
Pending Evidence to the Contrary, the end of Planet WHOIS is slated for 2018/05/25 ostensibly due to nonsensical GPDR legislation, crafted by those Braniacs in Brussels. Better find that copy of Doug Adam's mantra to mankind - The Hitchhikers Guide to the Galaxy, your towel, and perhaps some stout as it shall be a bumptious ride when traveling with Arthur Dent, Esq. ICANN attempted with amusing futility to fix things rightup, but failed to acquire consensus on WHOIS usage in the Wacky Age of EU Mandated Privacy. Via the outstanding reportage of Kieren McCarthy writing at El Reg. Discombobulated? You and me both, Pal!
MoviePass Screws-the-Pooch →
Well - dammit - I was wrong... Early last week I made the error in a post on Monday 2018/03/05, in which I managed to scribble this diatribe: To Wit, "Easily the most egregiously moronic idea I've heard this month (and it's only 5 days in(!)" ...
Well, that declaration has been overshadowed in our highly-read Observed-Stupidity-In-Security-And-Privacy-News-Department by a bottom-of-the-sea-deeply-ignorant statement uttered by MoviePass CEO Mitch Lowe regarding his extraordinary pleasure at tracking users within the company's MoviePass iPhone and Android apps (see below).
'The update comes after CEO Mitch Lowe made comments at the Entertainment Finance Forum in Los Angeles last week, claiming that the company was tracking users’ locations. “We watch how you drive from home to the movies. We watch where you go afterwards,” commented Lowe, according to a report from Media Play News. - via Chaim Gartenberg, writing at The Verge
Bravado? Misplaced Confidence? Hairplugs too-tight? Too Much Campari before dinner? I think not, just simple, unmitigated and blatant stupidity...
Perhaps a leadership change is in order, eh MoviePass? At least, the company did manage to (allegedly) remove the tracking-bits from the product and resissue the apps in the apropos app stores. Of course, there is always bad news with this type of mea culpa: In a statement made to Engadget, the company claimed they are still planning to use location data marketing to enhance their revenue stream. Ah, yes, the old Give It To 'Em, Then Take It Away gambit. Oh Joy!
Stunning Stupidity To Start The Week: Selling Your DNA Via A Blockchain Controlled Marketplace →
Easily the most egregiously moronic idea I've heard this month (and it's only 5 days in(!) - stay tuned - pretty sure there will be others)... Would you sell your DNA data on the Blockchain? Enjoy!
'It is not easy putting a dollar value on the human genome, so only time will tell if these innovative, blockchain approaches to genetic data trading will pay off for individuals.' via James Levenson, writing at Bitcoinist
Intel, The Hider →
via Peter Cao - writing at 925Mac, details a Reuters screed of Intel's efforts to hide the true scope of Meltdown/Spectre from Federal investigators at US-CERT. Good to know.
Service As A Crime →
Seattles' all-a-buzz with a new and exciting Amazon service (no... it's not the new Amazon Spheres), dubbed AmazonCaaS [aka Amazon Crime as a Service]; via MG comes this terrific Medium blog post. Today's MustRead!
Quantum? Hardly. →
Mozilla Foundation: Bad marketing decisions at the highest levels of the Foundation, should be a wakeup call for a house cleaning at the non-profit organization, not to mention a reset as to expectations regarding user privacy (regardless of the Foundations' platitudes talking up privacy). Coupled with tremendously flawed architectural decisions targeting application, functionality, browser and network security behaviors adding up to anti-patterns rampant throughout the product. Just shameful, and then, there's this...
Updated: Here's Chris Hoffman's take on the de-evolution of Mozilla, for good measure... In which, the ongoing infamous browser data sharing between Mozilla Foundation and Cliqz in Germany.