Smart Move - Satya - Smart Move Now, what was it you were going to do about the October Creators Update for Windows 10 nagging problem of deleting user documents and other files en mass? Was this a redirection marketing tactic to deflect attention from the recent rash of Microsft Windows Update failures plaguing Redmond; or is it a Lack of Focus Mr. Nadella? (Update: News from Martin Brinkmann at GHacks that the file deletion issue is reportedly fixed). To be fair, an inability to service operating system updates robustly is not just a Microsoft Corporation (Nasdaq: MSFT) failure, this SNAFU is a hallmark of the so-called Android 'ecosystem' as well. Oh, and I'm a cricket fan as well. Enjoy.
News, via Ionut Ilascu, writing at Bleeping Computer, of an apparent Black Hat Attendee Data Leakage SNAFU. Who needs so-called Cyberthis or Cyberthat, when information security's premier event can't safeguard the attending information security professional's data? The flaw was discovered by NinjaStyle in a superb blog post: 'How I Hacked BlackHat 2018: Enumerating registered BlackHat attendees with the BCard API'. Security: Heal Thyself. H/T
via Graham Cluely's timely security blog, comes the story of Carole Cadwalladr whom, in her day job, is famous for her highly competent reportage at The Guardian. The specific reporting series is here. Detailing not-so-secret fundamental security and privacy flaws; all combined into a porridge with both blatant stupudity and greed as spices, in which, the aforementioned porridge turns out to be a not-so-tasty dish for Facebook Inc. (NASDAQ: FB) and Cambridge Analytica (now in receivership)... If you spend any time contemplating the evil that is Facebook, read Carole Cadwalladr's work and you'll experience a Silicon Valley revelation (perhaps some avocado toast will calm you down). Today's Must Read!
News, via Dan Goodin - writing at ArsTechnica - of an apparent dev team screwup at Facebook Inc. (Nasdaq: FB). In which, the crack-dev-team at the purveyor of user data managed to introduce a pernicious flaw in the Detritus (also known as the Company's 'Code', or 'Intellectual Property') that happily exposed the posts of 14 million of the company's 'Subjects'(also known as 'Users') to one and all. What happended to 'Code Review' (also known as 'Looking for Developer Screwups' or 'Application Testing' also known as 'Testing for Developer Screwups'? Nary a peep from the Facebook Security Team on this one; and in summation: Where's the Apology, Chairman Zuckerberg?
"The bug occurred as Facebook developers were creating a new way to share photos and other featured items in user profiles. In the process, the developers accidentally suggested all new posts be set to public, rather than just the featured items." - via Dan Goodin writing at ArsTechnica
via Bob Sullivan, reporting for Geekwire, comes news of Starbucks Corporation (Nasdaq: SBUX) efforts to collect personal data from WiFi users. In reality, you can be certain the company has been collecting personally identifiable data (PII) for years... Soon, your caffiene mantra will be - 'I'll have a Caramel Macchiato, Venti, Skim, Extra Shot, Extra-Hot, Extra-Whip, Sugar-Free, extra PII to go'...
Recalling other crisis management fails - in the wake of Facebook's stunning (and probably feigned) ignorance of data exfiltration on their own platform: Via the obviously talented Michael Grothaus, whilst writing at Fast Company, comes this interesting recent history of crisis management at companies-of-note. You will - I am certain - notice a recurring theme of fathomless lack of intellectual capacity. Today's Must Read and filed under 'Blatant Stupidity'. Enjoy!
Pending Evidence to the Contrary, the end of Planet WHOIS is slated for 2018/05/25 ostensibly due to nonsensical GPDR legislation, crafted by those Braniacs in Brussels. Better find that copy of Doug Adam's mantra to mankind - The Hitchhikers Guide to the Galaxy, your towel, and perhaps some stout as it shall be a bumptious ride when traveling with Arthur Dent, Esq. ICANN attempted with amusing futility to fix things rightup, but failed to acquire consensus on WHOIS usage in the Wacky Age of EU Mandated Privacy. Via the outstanding reportage of Kieren McCarthy writing at El Reg. Discombobulated? You and me both, Pal!
Well - dammit - I was wrong... Early last week I made the error in a post on Monday 2018/03/05, in which I managed to scribble this diatribe: To Wit, "Easily the most egregiously moronic idea I've heard this month (and it's only 5 days in(!)" ...
Well, that declaration has been overshadowed in our highly-read Observed-Stupidity-In-Security-And-Privacy-News-Department by a bottom-of-the-sea-deeply-ignorant statement uttered by MoviePass CEO Mitch Lowe regarding his extraordinary pleasure at tracking users within the company's MoviePass iPhone and Android apps (see below).
'The update comes after CEO Mitch Lowe made comments at the Entertainment Finance Forum in Los Angeles last week, claiming that the company was tracking users’ locations. “We watch how you drive from home to the movies. We watch where you go afterwards,” commented Lowe, according to a report from Media Play News. - via Chaim Gartenberg, writing at The Verge
Bravado? Misplaced Confidence? Hairplugs too-tight? Too Much Campari before dinner? I think not, just simple, unmitigated and blatant stupidity...
Perhaps a leadership change is in order, eh MoviePass? At least, the company did manage to (allegedly) remove the tracking-bits from the product and resissue the apps in the apropos app stores. Of course, there is always bad news with this type of mea culpa: In a statement made to Engadget, the company claimed they are still planning to use location data marketing to enhance their revenue stream. Ah, yes, the old Give It To 'Em, Then Take It Away gambit. Oh Joy!
Easily the most egregiously moronic idea I've heard this month (and it's only 5 days in(!) - stay tuned - pretty sure there will be others)... Would you sell your DNA data on the Blockchain? Enjoy!
'It is not easy putting a dollar value on the human genome, so only time will tell if these innovative, blockchain approaches to genetic data trading will pay off for individuals.' via James Levenson, writing at Bitcoinist
Mozilla Foundation: Bad marketing decisions at the highest levels of the Foundation, should be a wakeup call for a house cleaning at the non-profit organization, not to mention a reset as to expectations regarding user privacy (regardless of the Foundations' platitudes talking up privacy). Coupled with tremendously flawed architectural decisions targeting application, functionality, browser and network security behaviors adding up to anti-patterns rampant throughout the product. Just shameful, and then, there's this...
Like a compromised sewage conduit, Coinhive's morally questionable Monero-mining scripted architecture (as evidenced by the successful DNS attack on the organization's site) is now poisoning the body politic with (both) the inherent evil of their product, and their apparent collective security stupidity. Witness the groups latest DNS breach explanatory blog post. Astounding... Where is Dr. Evil when we need him?