Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
https://www.engadget.com/zoom-5-update-security-privacy-154453587.html
A patch from Apple is forthcoming.
A security researcher at ZecOps discovered a vulnerability in the iOS Mail app that he claims has been exploited since 2018. Apple confirmed the exploit with Reuters, and said a patch to address the issue was forthcoming.
The details: According to the researcher, the attack starts with an email made to overwhelm the Mail app. Once the email is received (iOS 13) or clicked (iOS 12), it could allow a remote hacker access to your device. The attack does not require a large email, either, according to the researcher.
Since when? The vulnerability has reportedly existed since iOS 6 and the iPhone 5, though the researcher only claims 2018 as the earliest examples found “in the wild.”
https://www.lifewire.com/security-vulnerability-discovered-in-ios-mail-app-4843022
Facebook's local servers in Vietnam were taken offline early this year, slowing local traffic to a crawl until it agreed to significantly increase the censorship of anti-state posts for local users, two sources at the company told Reuters on Tuesday.
The restrictions, which the sources said were carried out by state-owned telecommunications companies, knocked the servers offline for around seven weeks, meaning the website became unusable at times.
“We believe the action was taken to place significant pressure on us to increase our compliance with legal takedown orders when it comes to content that our users in Vietnam see,” the first of the two Facebook sources told Reuters.
In an emailed statement, Facebook confirmed it had reluctantly complied with the government's request to “restrict access to content which it has deemed to be illegal.” […]
In recent years, fewer customers have taken advantage of a Cox Email account, so we decided to modify our email service to better serve our customers. As of August 15, 2019, Cox no longer offers the ability for new and existing Cox Internet customers to create new Cox Email accounts.
Customers with Cox Email accounts created prior to 15 Aug 2019 will continue to receive support for those email accounts.
https://www.cox.com/residential/support/cox-email-creation-policy.html
Exactly how does this better serve customers?!
Commentary: https://www.edhat.com/news/cox-announces-cutback-of-email-service
Unable to film new commercials during the coronavirus pandemic, advertising agencies are turning to technologies that can seamlessly alter old footage, sometimes putting viewers in a position of doubting what they are seeing.
During Sunday's episodes of The Last Dance, <https://www.nytimes.com/2020/04/17/sports/basketball/michael-jordan-bulls-documentary.html> the ESPN documentary series about Michael Jordan and the Chicago Bulls <https://www.nytimes.com/article/the-last-dance-jordan.html>, State Farm ran a commercial <https://twitter.com/NBA/status/1251556094960234496?s=3D20> featuring expertly doctored footage of the longtime SportsCenter anchor Kenny Mayne.
In the ad, a much younger Mr. Mayne is seated at the SportsCenter desk in 1998. He reports on the Bulls' sixth championship title—before taking a turn toward the prophetic.
“This is the kind of stuff that ESPN will eventually make a documentary about. They'll call it something like The Last Dance. They'll make it a 10-part series and release it in the year 2020. It's going to be lit. You don't even know what that means yet.” As a vintage State Farm logo appears in the background, he adds, “And this clip will be used to promote the documentary in a State Farm commercial.” […] https://dnyuz.com/2020/04/22/an-espn-commercial-hints-at-advertisings-deepfake-future/
Twitter has updated its coronavirus guidelines, stating it will remove unverified claims that cause widespread panic or encourage people to act on conspiracy theories, after phone masts across the U.K. were set alight following bogus claims about 5G.
The social media platform said on Wednesday that content such as “5G causes coronavirus! Go destroy the cell towers in your neighborhood!” would violate their policy and be removed.
Tweets that also violate the policy by causing widespread panic, including content such as “The National Guard just announced that no more shipments of food will be arriving for two months! Run to the grocery store and buy everything!” will also be deleted.
However, the platform stopped short of saying it would take down coronavirus misinformation altogether.
“As we've said previously, we will not take enforcement action on every Tweet that contains incomplete or disputed information about COVID-19”, a spokesperson told TechCrunch. <https://techcrunch.com/2020/04/22/twitter-will-remove-dubious-5g-tweets-that-could-potentially-cause-harm/>
“We have broadened our guidance on unverified claims that incite people to engage in harmful activity, could lead to the destruction or damage of critical 5G infrastructure, or could lead to widespread panic, social unrest, or large-scale disorder,” Twitter TWTR said on Wednesday. <https://www.forbes.com/companies/twitter>
BIG NUMBER 2,230. That's how many tweets taken down by Twitter that contain misleading and potentially harmful content, since March 18.
https://www.engadget.com/israel-halts-phone-tracking-for-covid-19-quarantine-184622314.html
https://techcrunch.com/2020/04/22/paay-unencrypted-credit-card-data/
The failed U.S. effort to dominate global production of the lithium ion battery ” which is key to energy independence, automobile innovation and more ” holds lessons for leaders grappling with the U.S.'s reliance on China for emergency medical supplies.
Too long, but interesting.
The flights taking place in a COVID-19 hotspot in Connecticut use sensors to detect the virus' symptoms from afar.
A series of “pandemic drones <https://www.cnet.com/topics/drones/>” is taking part in a test flight in a COVID-19 hotspot in Connecticut with the goal of monitoring social distancing efforts and detecting the virus' symptoms. <https://www.cbsnews.com/feature/coronavirus/>
Drone manufacturer Draganfly is working with the police department in Westport, Connecticut, to test the drones. Located in Fairfield County — adjacent to New York City—Westport was the first town in the state to report several coronavirus infections, according to a Wednesday press release from Draganfly. <https://www.globenewswire.com/news-release/2020/04/21/2019221/0/en/Draganfly-s-Pandemic-Drone-technology-Conducts-Initial-Flights-Near-New-York-City-to-Detect-COVID-19-Symptoms-and-Identify-Social-Distancing.html>
The drones include specialized sensor and computer vision systems that can display a person's temperature, heart and respiratory rates, as well as detect people sneezing or coughing in a crowd, the release said. The technology can accurately detect infectious conditions from 190 feet away, as well as measure social distancing efforts, according to Draganfly. […] https://www.cnet.com/news/pandemic-drone-test-flights-will-monitor-social-distancing/
Yet another DNS blocker:
https://www.cbc.ca/news/politics/free-cyber-blocker-cse-1.5542888
> The Canadian Internet Registration Authority (CIRA, the not-for-profit > agency that manages the .CA Internet domain) and the Communications > Security Establishment, Canada's foreign signals intelligence agency, > teamed up on the CIRA Canadian Shield ” a protected domain name system > (DNS) service that prevents Canadians from connecting to malicious > websites that might infect their devices and steal their personal > information.
More information about this: https://www.cira.ca/cybersecurity-services/canadian-shield
José María (Chema) Mateos
A team of scientists worked around the clock to evaluate 14 antibody tests. A few worked as advertised. Most did not.
https://www.nytimes.com/2020/04/24/health/coronavirus-antibody-tests.html
Twitter is dealing with a pandemic of bots jamming the platform with misinformation about COVID-19.
What you really want to do is forget the headline and scroll down to “Testing” part. It's worth reading.
Misuse of access to Personally Identifiable Data by police has been showing up in comp.risks for at least a quarter of a century.
https://catless.ncl.ac.uk/Risks/17/21#subj5
Delta BC Constable Steve Parker misused his access to the CPIC computer network to retrieve home addresses of cars parked near a Vancouver BC abortion clinic. The only penalty he received was being suspended with pay.
BC Information and Privacy Commissioner Dr. David Flaherty seemed frustrated about that, but speculated that if Constable Parker chose to remain as a police officer his career would be remarkably undistinguished. Parker's 20 year police career ended with him still at the rank of constable, so that seems to have happened.
Without meaningful consequences we are unlikely to see an end to this type of abuse by police, or by other trusted insiders. Regular reviews of access policy with staff are also important to reinforce staff understanding of what is appropriate access and what would be improper access.
Digital record access is easier to log and audit. A BC Medical Services Plan employee convicted of Breach of Trust in the 1970s for using BC Medical Services Plan paper account files to pull addresses for skip tracers and do on was only caught because they boasted to a relative of earning extra income doing that.
The largest Data Breach in Canadian History involved an oath sworn Revenue Canada employee who had been hired as a Junior Assessor in 1984 despite having 17 criminal convictions. His name was Andreas Hackner (not Hacker -).
https://www.orlandosentinel.com/news/os-xpm-1987-12-17-0170010297-story.html
https://archive.macleans.ca/article/1986/12/1/the-case-of-the-missing-microfiche#!&pid=30
As stated by me in RISKS-29:12, one thing that I found when I worked in telecomms was how billing for services in traditional ways is a mighty costly activity. Telecomms and other utility businesses have to sign up customers (and probably do creditworthiness checks) for a contract initially, then measure their usage, periodically compile a bill to notify them of what they owe, get the money off them, chase up late/non-payers, handle any disputes, deal with taxes if applicable, etc. as well as capturing and storing the required information, which all make a big administrative overhead. As I understand it, with e-mail the traffic goes in and out of multiple servers in various countries so there's the complication of different legislatures' taxation and accounting requirements, not forgetting data protection laws of course. Just identifying the bill payer could be problematic. Who gets the revenues? And getting agreement on doing this on a global scale…?
The idea of billing e-mail traffic has been around for a long time, but adding an insignificant charge to an existing service would likely be a not-insignificant cost.
> Would the Information Technology Community promote the idea that we should > all pay a low fee for sending each email.
I once consulted for a large organization in east Asia where they did just that.
In an effort to reduce the amount of time their workers spent on email, they somehow hacked their Exchange server to produce the following effects:
They did shadow charging for the first month, and then went live. The first month caused some real issues for opex budgets, and angst for the P&L owners!
I came in a couple of months after it went live, and email volumes were down 66% compared with the same period in the previous year. Quite remarkable.
(The same company also changed the default times for meetings to start at 5 past the hour (e.g., 10:05) and end at five to the hour (e.g., 10:55). This gave people a chance to actually get to meetings on time, and if a meeting ran over by a couple of minutes it didn't impact on the following meeting starting).
Please report problems with the web pages to the maintainer