Search Results for “BetaNews”


October 19, 2019
Liam Tung / ZDNet

Liam Tung / ZDNet  
Windows 10 Cumulative Update KB4520062 Released Last Week Might Break Windows Defender Advanced Threat Protection, Organizations Advised Against Installing It

Microsoft began advising organizations running Windows 10 version 1809 PCs and Windows Server 2019 against installing the update KB4520062 released on October 15 because it is a problem for Windows Defender Advanced Threat Protection (ATP) and the security software “might stop running and might fail to send reporting data.” The software giant released the update as the second one following the October Patch Tuesday update. It is a non-security and optional update. Microsoft is investigating the issue and estimates a resolution will be available in mid-November.

September 2, 2019
Colum Murphy and Zheping Huang / Bloomberg

Colum Murphy and Zheping Huang / Bloomberg  
Viral Face-Swapping Zao Hits the Top of the App Store Charts But Sparks Massive Privacy Concerns Due to Initial User Agreement Terms

Chinese face-swap app Zao soared to the top of app store charts over the weekend, currently topping the free download chart on China’s iOS store, but sparking privacy concerns along the way because Zao’s user agreement initially stated that the app had “free, irrevocable, permanent, transferable, and relicense-able” rights to all this user-generated content.  Zao, wholly owned by Chinese hookup and live-streaming service Momo Inc., has since updated its terms and says it won’t use headshots or mini videos uploaded by users for purposes other than to improve the app or things pre-agreed by users. The China E-Commerce Research Center has nonetheless urged authorities to look into the matter.

Related: The Next Web, 9to5Mac, VentureBeat, BetaNews, Mashable, The Verge, Telecomlive.com, The Guardian, Huffington Post India, Reuters, Channel News Asia, Techerati, iAfrikan, Tech Insider, Forbes, TechNadu, Redmond Pie, NS Tech, CCN, CNN.com, CTVNews.ca, CNBC Technology, The Financial Express, SlashGear » security, Android Police, The Hacker News, Naked Security

Tweets:@AllanXia @fs0c131y @fs0c131y

The Next Web: Chinese face-swapping app goes viral, invites criticism over privacy clause
9to5Mac: Zao iOS face-swap app tops Chinese App Store rankings, raises privacy fears
VentureBeat: ZAO face-swap app goes viral, sparks privacy concerns in China
BetaNews: Privacy concerns mount over Chinese face-swap app Zao
Mashable: Chinese face-swapping app goes viral, raises privacy issues
The Verge: Another convincing deepfake app goes viral prompting immediate privacy backlash
Telecomlive.com: Chinese face-swapping app goes viral, sparks privacy concerns
The Guardian: Chinese face-swap app triggers privacy fears after going viral
Huffington Post India: Viral Chinese Face-Swapping App Nearly Crashes Servers, Sparks Privacy Concerns
Reuters: Chinese face-swapping app goes viral, sparks privacy concerns
Channel News Asia: Chinese face-swapping app goes viral, sparks privacy concerns
Techerati: Privacy concerns after ZAO face-swap app goes viral in China
iAfrikan: How to flag and detect deepfake videos
Tech Insider: Viral Chinese deepfake app Zao lets people superimpose their faces onto celebrities like Leonardo DiCaprio and it is terrifyingly convincing
Forbes: Chinese Deepfake App ZAO Goes Viral, Privacy of Millions ‘At Risk’
TechNadu: Face-Swapping App ‘ZAO’ Goes Viral While Raising Concerns About User Privacy
Redmond Pie: Chinese Deepfake App ZAO For iPhone Goes Viral Generating Serious Security And Privacy Concerns
NS Tech: How Chinese users turned against a wildly popular deepfake app
CCN: Terrifying Chinese Deepfake ZAO is the Coolest App You’ll Sell Your Privacy To
CNN.com: New Chinese ‘deepfake’ face app backpedals after privacy backlash
CTVNews.ca: Viral Chinese ‘deepfake’ app doesn’t lose users over privacy concerns
CNBC Technology: Chinese deepfake app Zao goes viral, but sparks privacy concerns
The Financial Express: Deepfake app Zao rekindles privacy outcry over face-swapping
SlashGear » security: ZAO deepfake face swapping app raises privacy concerns in China
Android Police: Viral deepfake app ZAO adds your face to famous movie scenes – if you’re not concerned with privacy
The Hacker News: Chinese Face-Swapping App ZAO Sparks Privacy Concerns After Going Crazily Viral
Naked Security: China’s new face-swapping app Zao gets whiplash-fast privacy backlash

@AllanXia: In case you haven't heard, #ZAO is a Chinese app which completely blew up since Friday. Best application of 'Deepfake'-style AI facial replacement I've ever seen.Here's an example of me as DiCaprio (generated in under 8 secs from that one photo in the thumbnail) ?
@fs0c131y: It’s time for a thread about #ZAO, the new Chinese app which blew up since Friday. The app is accessible only to Chinese people for the moment but I managed to get an account ;)This "AI facial" app allows you to add your face on predefined clip.
@fs0c131y: Reminder: It’s still a bad idea to give a photo of your face to a random app


July 29, 2019
Emily Flitter and Karen Weise / New York Times

Emily Flitter and Karen Weise / New York Times  
Firewall Misconfiguration by Capital One Allowed Hacker to Steal Millions of Credit Applications, Social Security and Bank Account Numbers Affecting More Than 100 Million People in North America

In one of the largest cases of bank data theft ever, software engineer Paige Thompson hacked into a server holding customer information for Capital One, exploiting a firewall misconfiguration in the bank’s network to steal millions of credit card applications, federal prosecutors say. Thompson, who used the online handle “erratic” was the organizer of a group on Meetup, a social network, called Seattle Warez Kiddies, described as a gathering for “anybody with an appreciation for distributed systems, programming, hacking, cracking.” The F.B.I. noticed her activity on Meetup and used it to trace her other online activities, eventually linking her to posts describing the data theft on Twitter and the Slack messaging service. Thompson stole 140,000 U.S. Social Security numbers and 77,000 bank account numbers, along with one million Canadian social insurance numbers affecting more than 100 million people in the United States and Canada. A“firewall misconfiguration” by the bank had allowed Ms. Thompson to communicate with the server where Capital One was storing its information and, eventually, gain access to customer files, an FBI agent investigating the case said in court documents. Ms. Thompson worked as a systems engineer at Amazon from 2015 to 2016.

Related: CNN, Reuters, Associated Press, Axios, CNBC, NBC News, Politico, Capital One, The Register, Bloomberg, Washington Post, TechCrunch, TechCrunch, Wired, Justice.gov, Ars Technica, CNET, Wall Street Journal, The Verge, The Hill, Venture Beat, Law360, Reuters, Daily Mail,DataBreachToday.com, BGR, USATODAY, Business Insider, The Daily Swig, Newsweek, Financial Times, CRN, CRN, UPI.comDataBreaches.net, SecurityWeek, MobileSyrup.com, BetaNews, The Verge, GBHackers On Security, SlashGear » security, E-Commerce Times, CNN.com, PCMag.com, The VergeEvening Standard, EngadgetMarketWatch.com – Software Industry News, TechSpot, Digital Trends, Neowin, Fast Company, Mother Jones, New York Daily News, New on MIT Technology Review, FOX News, The Hacker News, Help Net Security, CBSNews.com, Fortune, Technology News | Boston.com, SecurityWeek, The Huffington Post, Cyberscoop, IT World Canada, ARN, The Guardian, Digital Trends, The Next Web, Android Central , GeekWire, SC Magazine, Techerati, SlashdotABC News: U.S., Graham Cluley, Japan Times,Security Affairs, Cyber Kendra, PYMNTS.com, Heavy.com, Computer Business Review, TechNadu, Silicon Republic, Infosecurity Magazine, The State of Security, DataBreaches.netGadgets Now, Courthouse News Service, BBC News – WorldBleepingComputer.comITV News, RT USA, AOL, New York Post, EJ Insight, Mercury News, TODAYonline, CBC , Deutsche Welle, Gizmodo, News : NPR, POLITICO, Gizmodo, Daily BeastGeekWire

Tweets:@zackwhittaker @briankrebs @cnbcnow @gregotto @yoda @RepKatiePorter @zackwhittaker @Wired @BleepingComputer @kimzetter @dnvolz @BleepingComputer @McGrewSecurity @weldpond @h0tdish @hacks4pancakes @RayRedacted @catcalvinla @malwarejake @somanyshrimp @TorresLuzardo

CNN: A hacker gained access to 100 million Capital One credit card applications and accounts
Reuters: Capital One reveals 100M affected by data breach, hacker arrested
Associated Press: Capital One says hacker gained access to personal information of more than 100 million people
Axios: 100 million credit card applications stolen from Capital One
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
NBC News: Over 100 million credit card applicants at risk in Capital One breach, Seattle woman arrested
Politico: Capital One reveals historic data breach after FBI arrests Seattle suspect
Capital One: Capital One Announces Data Security Incident
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
Bloomberg: Capital One Says Breach Hit 100 Million Individuals in U.S.
Washington Post: Capital One says data breach affected 100 million credit card applications
TechCrunch: Capital One’s breach was inevitable, because we did nothing after Equifax
TechCrunch: Capital One hacked, over 100 million customers affected
Wired: THE ALLEGED CAPITAL ONE HACKER DIDN’T COVER HER TRACKS
Justice.gov: Seattle Tech Worker Arrested for Data Theft Involving Large Financial Services Company
Ars Technica: Feds: former cloud worker hacks into Capital One and takes data for 106 million people
CNET: Capital One data breach involves 100 million credit card applications
Wall Street Journal: Capital One Reports Data Breach Affecting 100 Million Customers, Applicants
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
The Hill: Woman arrested, accused of hacking 100 million Capital One records
Venture Beat : Capital One announces hack affecting 106 million U.S. and Canadian customers
Law360: Capital One Says Breach Impacted 106M As Suspect Arrested – Law360
Daily Mail : Ex-tech worker arrested for Capital One hack after stealing data from 100 million customers
DataBreachToday.com: Woman Arrested in Massive Capital One Data Breach
BGR: Hacker steals data for more than 100 million Capital One users, then brags about it and gets arrested
USATODAY: Massive data breach hits Capital One affecting more than 100 million customers
Business Insider: Capital One data breach, affecting tens of millions
The Daily Swig: Millions affected by Capital One data breach
Newsweek: Capital One Data Breach: How to Know, and What You Should Do, If Your Account Has Been Compromised
Financial Times: Capital One reports massive data breach
CRN: Capital One Breach Exposed Data From 106M Credit Card Applicants, Users
UPI.com: Capital One data breach affects 100M credit card applicants
DataBreaches.net: Capital One says data breach affected 100 million credit card applications
SecurityWeek: CapitalOne Discloses Massive Data Breach: 106 Million Impacted
MobileSyrup.com: Capital One data breach could have affected six million Canadian bank accounts
BetaNews: Personal details of 106 million Americans and Canadians stolen in huge Capital One data breach
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
GBHackers On Security: Capital One Hacked – Over 100 Million Credit Card Application Data Exposed
SlashGear » security: Capital One hack affects over 100 million people in the US and Canada
E-Commerce Times: Equifax Data Breach Settlement No Wrist Slap
CNN.com: Worried about the Capital One hack? Here’s what to do
PCMag.com: Capital One Suffers Data Breach Affecting 100 Million Customers
Evening Standard: Capital One data breach 2019: What to do if you have been affected
Engadget: Capital One data breach affected 100 million in the US
MarketWatch.com – Software Industry News: Everything you need to know about the massive Capital One hack, but were afraid to ask
TechSpot: Capital One hack exposed 100 million US customers’ personal details
Digital Trends: New Capital One data breach affects 100 million people. Here’s the very latest
Neowin: Over 100 million accounts compromised after Capital One data breach
Fast Company: Capital One data breach: what was stolen and how to find out if you are affected
Mother Jones: What’s In Your Wallet?
New York Daily News: Capital One hit with data breach affecting some 100 million U.S. customers
New on MIT Technology Review: A hacker stole the personal data of 100 million Capital One customers
FOX News: Capital One data breach exposes info of 106M customers, applicants; suspect arrested
The Hacker News: Capital One Data Breach Affects 106 Million Customers; Hacker Arrested
Help Net Security: Capital One breach: Info on 106 million customers compromised, hacker arrested
CBSNews.com: Capital One data breach hits more than 100 million people
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
Fortune: Hacker May Have Stole Info About Millions of Capital One Customers, U.S. Says
Technology News | Boston.com: Capital One target of massive data breach
SecurityWeek: Capital One Target of Massive Data Breach
The Huffington Post: Credit Card Company Reveals 100 Million People May Be Affected By Hack
Cyberscoop: Capital One announces massive data breach; lone suspect arrested in Seattle
IT World Canada: Six million Canadians impacted by Capital One data breach
ARN: Capital One: hacker gained access to personal information of over 100 million Americans
The Guardian: Capital One: hacker stole data of over 100m Americans
Ars Technica: Hacker ID’d as former Amazon employee steals data of 106 million people from Capital One
Axios: 100 million credit card applications were stolen from Capital One
The Next Web: Capital One data breach compromises 106 million customers’ personal data
Android Central : Capital One breach exposes personal details of over 100 million customers
SC Magazine: Capital One hacker who stole personal info on 100M arrested | SC Media
AP Breaking News: Capital One target of massive data breach
Techerati: Capital One breach affecting 106 million customers caused by misconfigured cloud storage
Slashdot: Capital One Says Hacker Breached Accounts of 100 Million People; Ex-Amazon Employee Arrested
ABC News: U.S.: Capital One target of massive data breach
Graham Cluley: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants
Japan Times: Hacker accesses over 100 million Capital One credit applications in massive data breach
Zero Hedge: Capital One Admits Massive Data Breach: 100 Million Americans Affected, Seattle Woman Arrested
Security Affairs: Capital One data breach: hacker accessed details of 106M customers before its arrest
Cyber Kendra: Capital One Suffered Data Breach 106 Million People Affected
PYMNTS.com: Cap One Hack Hits 100M Credit Card Applications
Heavy.com: Paige Adele Thompson: 5 Fast Facts You Need to Know
Computer Business Review: Capital One Hacker was Ex-AWS Employee
TechNadu: Capital One Reports a Major Data Breach Affecting 106 Million Individuals in the USA & Canada
Infosecurity Magazine: Capital One Breached by Cloud Insider in Major Attack
Tech Insider: Amazon’s cloud was at the heart of the big Capital One hack, even though it doesn’t seem to be at fault (AMZN, COF)
The State of Security: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants
DataBreaches.net: Capital One says data breach affected 100 million credit card applications
Gadgets Now: Capital One hacked, says information of 100 million-plus users leaked
Reuters: Capital One says information of over 100 million individuals in U.S., Canada hacked
BBC News – World: Capital One data breach: Arrest after details of 100m US individuals stolen
TIME: Capital One Information Hacked in Massive Data Breach
NDTV Gadgets360.com: Capital One Bank Targeted in Massive Data Breach
BleepingComputer.com: Capital One Data Breach Affects 106 Million People, Suspect Arrested
ITV News: 100 million applications targeted in Capital One bank data breach
RT USA: 100mn+ people’s data exposed in Capital One bank hack, thousands of SSNs & accounts leaked
AOL: Capital One: information of over 100 mln individuals in U.S., Canada hacked
New York Post: Capital One reveals 100M affected by data breach, hacker arrested
EJ Insight: Capital One data breach affects millions in US, Canada
Mercury News: Capital One: Hacker got info on 100M in the US, 6M in Canada
CBC : Hacker obtained personal information of 6 million people in Canada
Deutsche Welle: Capital One data theft: US arrests ‘erratic’ hacker
Gizmodo: Hacker Claims to Be in Possession of Personal Info on Up to 20,000 LAPD Applicants
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
POLITICO: Capital One reveals historic data breach after FBI arrests Seattle suspect
Daily Beast: Tens of Millions of Credit Card Applications Stolen in Capital One Breach
GeekWire: Seattle engineer arrested for Capital One hack that affected 100M people

@zackwhittaker: Wow. Capital One discloses massive data breach: 100M in US, 6M in Canada. One person in FBI custody. Credit files, applications, the lot. Hard to see this as anything other than Equifax 2.0. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@briankrebs: Nice write up. Yes, this appears to be her resume. Worked at Amazon 2015-2016
@cnbcnow: BREAKING: Capital One says data breach has “affected approximately 100M individuals in the United States & approximately 6M in Canada” but “no credit card account numbers or log-in credentials were“ taken and “99% of Social Security numbers” weren’t stolen
@gregotto: According to the FBI, a firewall misconfiguration was partly responsible for allowing Thompson to access the Capital One cloud storage
@yoda: what kind of wordsmith fuckery is this???
@RepKatiePorter: One week *to the day* after Equifax announced its settlement terms. It’s clear corporations won’t clean up their acts on their own. We need to create an enforceable federal data privacy standard, so I’m drafting that bill.
@zackwhittaker: Incredible. Capital One's data breach site is titled "Facts."And yet it also pulls this bullshit by saying that no Social Security numbers were breached... except for all the Social Security numbers that were breached.Fuck you, Capital One.
@Wired: On Monday, the FBI and Capital One disclosed a data breach of 106 million credit card applications, one of the biggest breaches of a major financial institution ever.And now someone has been arrested in connection with the crime:
@BleepingComputer: The suspect allegedly posted about her accessing of Capital One's data on GitHub. A security researcher saw her post and contacted Capital One.
@kimzetter: This Capital One breach definitely has more going on to it than the headlines suggest. Perhaps not a coordinated vuln disclosure gone wrong ?but something is def weird about it - she used Tor to access the data but then publicly posted the data to an account with her name?
@dnvolz: The arrested suspect behind the hack, Paige Thompson, is a former employee of Amazon Web Services, according to people familiar with the matter. She is accused of breaching a misconfigured Capitol One firewall to access data stored in AWS. via @nicole_hong
@BleepingComputer: This breach was discovered by a security researcher who responsibly disclosed a vulnerability to Capital One. After investigating the vulnerability, Capital One discovered that an unauthorized user accessed their systems and data between March 22 and 23, 2019.
@McGrewSecurity: Located the Capital One hacker's twitter (also thanks to those that backchanneled on the topic). Clearly they were/are in a bad state mentally/emotionally. I've deleted the earlier tweets about her. I hope they find some peace.
@weldpond: The FBI said the suspect, Paige A. Thompson, was apprehended after she “made statements on social media for evidencing the fact that she has information of Capital One, and that she recognizes that she has acted illegally,”
@h0tdish: Insider/ex employee threats and those who willingly commit crimes, creating, selling malware or stealing info via exploit/breach ARE NOT hero's & anyone who frames it that way has to explain why they're not currently launching a legal $ raiser for her but did for other criminals.
@hacks4pancakes: I feel a great disturbance in the Force, like dozens of Capital One cybersecurity analysts who were screaming futilely for into the wind for years were suddenly silenced.
@RayRedacted: I have removed all of my OSINT posts about the Capital One hacker, because it is clear that she is suffering from mental illness.Mental illness does not discriminate. It can affect anyone. I truly hope she gets the help she needs.
@catcalvinla: At this point, I’m getting like two breach notices a day. Who DOESN’T have my info?
@malwarejake: Takeaways from #CapitalOne: 1. Having a disclosure program may have saved them. I'm FAR less likely to report to an org that lacks a disclosure policy. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@somanyshrimp: Losing your personal information in a massive data breach is just a thing that happens now, like 110 degree days and regular mass shootings
@TorresLuzardo: I'm trying to come up with an analogy but there's really no topping this.No SSNs were stolen except 140,000 of them.


August 2, 2019
Alex Hern / Guardian

Alex Hern / Guardian  
Apple Suspends Controversial Program That Allows Contractors to Listen to Siri Recordings

Apple has suspended its practice of having human contractors listen to users’ Siri recordings to “grade” them, and will not restart the program until it has conducted a thorough review of the practice following a Guardian report revealing the practice.  Apple also said it is committed to adding the ability for users to opt out of the quality assurance scheme altogether in a future software update. Contractors for Apple who conduct those reviews showed up for work on Friday in Ireland but were told to go home for the weekend. The Guardian broke the news that Apple contractors regularly hear confidential and private information while carrying out the grading process, including in-progress drug deals, medical details and people having sex.

Related: AppleInsider, iClarified, Mashable, Paul Thurrott – Thurrott.com, Tech Insider, Reuters, The Next Web, PhoneArena, ZDNet Security, The Verge, Cult of Mac, MacRumors, Axios, Techradar, BetaNews, Pocket-lint, Slashdot

Tweets:@inafried @gcluley @markwilsonwords

AppleInsider: Apple suspends Siri quality control program, will let users opt out in update
iClarified: Tim Cook Announces Apple Card Will Launch in August
Mashable: Apple suspends program that let humans listen in to Siri conversations
Paul Thurrott – Thurrott.com: Apple Suspends Siri Grading Program
Tech Insider: Three ways brands can benefit from adopting voice technology (AAPL, AMZN, GOOGL, MSFT)
Reuters: Apple halts Siri response grading program after privacy concerns
The Next Web: Apple and Google suspend monitoring of voice recordings by humans
PhoneArena: With privacy cred under fire, Apple to offer opt-out feature for Siri recordings access
ZDNet Security: Apple, Google: We’ve stopped listening to your private Siri, Assistant chat, for now
The Verge: Apple stops letting contractors listen to Siri voice recordings
Cult of Mac: Apple stops listening to users’ Siri queries
MacRumors: Apple Suspends Program That Lets Employees Listen to Siri Recordings for Quality Control, Opt Out Option Coming
Axios: Apple suspends program in which humans review users’ Siri queries
Techradar: Apple has stopped sending Siri chats to third parties… for now
BetaNews: Privacy: Google stops transcribing Assistant recordings and Apple stops listening to Siri recordings
Pocket-lint: Apple is suspending Siri quality control due to recent privacy concerns
Slashdot: Apple Stops Letting Contractors Listen To Siri Voice Recordings, Will Offer Opt-Out Later

@inafried: Breaking: Apple suspends program in which humans review users' Siri queries (link: https://www.axios.com/apple-suspends-program-in-which-humans-review-users-siri-queries-eb3ed834-35fb-4e96-bf66-4de3da03b1c5.html?utm_source=twitter&utm_medium=twsocialshare&utm_campaign=organic) axios.com/apple-suspends…
@gcluley: Apple suspends Siri response grading in response to privacy concerns (link: https://techcrunch.com/2019/08/01/apple-suspends-siri-response-grading-in-response-to-privacy-concerns/) techcrunch.com/2019/08/01/app…
@markwilsonwords: Privacy: Google stops transcribing Assistant recordings and Apple stops listening to Siri recordings


August 13, 2019
Lindsey O'Donnell / Threatpost

Lindsey O'Donnell / Threatpost  
Bug in British Airways E-Ticketing System Could Expose Passengers’ Personal Information, Booking Details

A security bug discovered in British Airways’ e-ticketing system has the potential to expose passengers’ data, including their flight booking details and personal information, researchers at Wandera report. Check-in links being sent by British Airways to passengers via email contain passenger details in the URL parameters that direct the passenger from the email to the British Airways website. The links are unencrypted making passengers vulnerable to an attack that could expose their booking reference numbers, phone numbers, email addresses and more. British Airways says it’s aware of the issue and is taking “action to ensure our customers remain securely protected.” The airline also says it has no evidence to suggest any customers’ information has been taken.

August 22, 2019
Gareth Corfield / The Register

Gareth Corfield / The Register  
Hacktivist Groups Are Dwindling as Members Use Simple, Outmoded Techniques That Are Easily Defeated, Recorded Future

Hacktivism as exemplified by groups such as LulzSec and CDC, the Cult of the Dead Cow, is on the decline, partially because “many members of a hacktivist organization are not skilled and are forced to rely upon simple and outdated tools and techniques that are easily defeated by competent network defenders,” Recorded Future’s Insikt Group reports. Of the 28 active hacktivist groups the security company tracked in 2016, only seven exist today. The attack methods used by these groups are outmoded in terms of effectiveness, such as DDoSing, XSSing, spearphishing, utilization of commodity spyware and brute-forcing of login creds as means of illicitly accessing targets’ IT infrastructure.

August 23, 2019
Stephen Shankland / CNET

Stephen Shankland / CNET  
Google Unveils Vision for ‘Privacy Sandbox’ to Allow Advertisers to Target User Interests While Protecting Privacy

Google’s Chrome team has outlined a vision for a “privacy sandbox” that’s designed to give users ads that publishers can target their interests but that don’t infringe upon their privacy. The privacy sandbox would restrict tracking technology in much the same way that the browser already restricts malware, offering “a secure environment for personalization that also protects user privacy.” For example, Chrome would restrict some private data to the browser until it’s shared across a large group of people using technologies called differential privacy and federated learning which uses machine learning software in the browser itself to assess people’s interests. It would also use a trust token that advertisers and publishers can use to reduce ad fraud by grouping web users into two segments, along with conversion measurement technology that’ll let advertisers figure out which ads lead to successful outcomes like people buying an advertised product. Finally, Google envisions a”privacy budget” that would limit how much personal information a website can access to prevent so-called fingerprinting.

Related: 9to5Google, EFF, Android Police, The Drum, PYMNTS.com, HotHardware.com, Vox, Techradar, Tech Insider, SC Magazine, ZDNet Security, The Mac Observer, CNET News, BGR, Digital Trends, The Register – Security, Engadget, Slashdot, Threatpost, Fortune,Tech Wire Asia, Chromium Blog, The Chromium Projects, The Keyword, NewsBytes App, BetaNews, NDTV Gadgets360.com, The Next Web, Security – Computing, Neowin, The Hacker News

Tweets:@BrendanEich

9to5Google: Google announces ‘Privacy Sandbox’ initiative to build a more private web
EFF: Browsers Take a Stand Against Kazakhstan’s Invasive Internet Surveillance
Android Police: Google wants to create new ‘Privacy Sandbox’ standards for online advertising and browsers
The Drum: ‘A blow to the fight for a fairer programmatic industry’: the inside story of how KPEX fell apart
PYMNTS.com: New Google Initiative Limits Tracking Of Web Users
HotHardware.com: Google Announces Chrome Sandbox Functionality To Further Enhance User Privacy
Vox: Google says it’s making Chrome more private, but advertisers will still track you
Techradar: Android 10 release date, new features and everything you need to know
Tech Insider: Google pushed an exception through to allow US Customs and Border Protection to try a key cloud product free, even as 1,300 Google employees protest any work with the agency (GOOG, GOOGL)
SC Magazine: AhMyth –based malicious app found in Google Play | SC Media
ZDNet Security: Chrome devs propose Privacy Sandbox to balance ad targeting and user privacy
The Mac Observer: Google Privacy Sandbox Probably Won’t Protect Your Privacy
BGR: Google’s new privacy standards want to save us from creepy ad practices
Digital Trends: Google plans to increase privacy online via its new Privacy Sandbox initiative
The Register – Security: As browser rivals block third-party tracking, Google pitches ‘Privacy Sandbox’ peace plan
Engadget: Google proposes new privacy standards to protect web browsing data
Slashdot: Google Chrome Proposes ‘Privacy Sandbox’ To Reform Advertising Evils
Threatpost: Google Launches Open-Source Browser Extension for Ad Transparency
Fortune: How Google’s Plan to Increase Your Online Privacy Differs from Apple and Firefox Ideas
Tech Wire Asia: Can Google’s Privacy Sandbox protect the future of the vibrant web?
Chromium Blog: Potential uses for the Privacy Sandbox
The Chromium Projects: privacy-sandbox
The Keyword: Building a more private web
NewsBytes App: Google plans to make web browsing more private: Here’s how
BetaNews: Google seeks to make the web more private for Chromium users with Privacy Sandbox
NDTV Gadgets360.com: Google’s Privacy Sandbox Initiative to Protect Users’ Privacy on Web
The Next Web: Google follows Apple with its own anti-tracking policy for Chromium-based browsers
Security – Computing: Google proposes alternative plan to improve web privacy – while keeping the ad tech industry onside
Neowin: Google wants to help protect your privacy on the web
The Hacker News: Google Proposes ‘Privacy Sandbox’ to Develop Privacy-Focused Ads

@BrendanEich: Unlike Brave, no user revenue share! Otherwise sounds like a personal-data-leaky subset of what we do. In conjunction with obstruction of privacy work at W3C, this looks like weak sauce in a misleading "privacy matters" bottle, from a conflicted superpower that dominates the W3C.


Bart Meijer, Foo Yun Chee, Conor Humphries / Reuters

Bart Meijer, Foo Yun Chee, Conor Humphries / Reuters  
Dutch Regulators Find Microsoft Is Remotely Collecting Data From Windows Users in Possible Breach of Privacy Rules

Microsoft is remotely collecting data from users of Windows Home and Windows Pro, in a potential breach of privacy rules, the Dutch Data Protection Agency (DPA) said. The agency said that it found the practices while it was testing privacy protection changes in Windows made last year by Microsoft at the agency’s request.  The new discovery could mean that the software giant is still in violation of privacy rules. The DPA forwarded its findings to the Irish Data Protection Committee (DPC) which said it had received the information from the Dutch regulators last month. Microsoft has a headquarters in Ireland.

Related: The Hill: Cybersecurity, Silicon Republic, PogoWasRight.org, Security – Computing, Paul Thurrott – Thurrott.com, ET newsIT Pro, BetaNews


August 28, 2019
Mark Gurman / Bloomberg

Mark Gurman / Bloomberg  
Apple Apologizes for Now-Suspended Practice of Allowing Workers to Listen to Siri Recordings But Plans to Reinstate Practice After Software Tinkering

In a rare concession, Apple apologized for privacy mishaps surrounding its Siri voice assistant and said that it would no longer retain audio recordings of Siri interactions, among other changes. “As a result of our review, we realize we haven’t been fully living up to our high ideals, and for that we apologize,” Apple said in a statement. The move follows criticism of Apple and other Silicon Valley tech giants for employing humans to listen to recordings of user interactions with voice assistants in a bid to improve their products.  Apple, however, plans to reinstate the practice after making a few changes in software updates this fall that will give users more control over their privacy.

Related: Patently Apple, Financial Times, SlashGear, EFF, HotHardware.com, 9to5Mac, iClarified, The Mac Observer, Slashdot, AppleInsider, iPhone Hacks, 9to5Mac, ZDNet Security, iDownloadBlog.com, Threatpost, VentureBeat, Neowin, iMore, iMore, MacDailyNews, BetaNews, The Verge, BGR, The Verge, Pocket-lint, MacRumors, Axios, Computer Business Review, AP Breaking News, Gizmodo, iTnews – Security, NDTV Gadgets360.com, Telecompaper Headlines, fossBytes, iClarified, The Loop, channelnews, Asia One Digital, Lowyat.NET, Fortune, CCN, San Francisco Chronicle, Technology – CBSNews.com

Patently Apple: Apple Decides to Eliminate Siri Grading by ending Contracts with workers Manning the Project until this Fall
Financial Times: Apple apologises for listening to Siri conversations
SlashGear: Siri privacy upheaval: Apple apologizes with new audio policy
EFF: EFF and Mozilla Release Public Letter to Venmo
HotHardware.com: Apple Offers Rare Apology Over Siri Voice Recordings And Promises User Privacy Changes
9to5Mac: Apple publishes FAQ page addressing Siri privacy and common concerns
iClarified: Apple Apologizes for Falling Short on Siri Privacy, Outlines Changes Coming This Fall
The Mac Observer: Apple Pledges to Improve Siri Privacy, Starting by Firing 300 Contractors
Slashdot: Apple is Turning Siri Audio Clip Review Off by Default and Bringing it in House
AppleInsider: Apple announces plans to improve Siri’s privacy protections for users
iPhone Hacks: Apple Makes Major Privacy Focused Changes to Siri Grading Program
9to5Mac: Apple says Siri audio grading program will return later this fall, with privacy-focused policy changes
ZDNet Security: Apple will no longer keep Siri audio recordings by default, makes feature opt-in
iDownloadBlog.com: Apple details improved privacy protections following the recently suspended human grading of Siri requests
Threatpost: Apple Updates Privacy Policies After Siri Audio Recording Backlash
VentureBeat: Apple apologizes for Siri privacy issues, changes recording policies
Neowin: In light of recent controversy, Apple is changing the way it handles Siri recordings
iMore: Apple addresses Siri privacy and grading questions with new FAQ page
iMore: Apple apologizes for Siri recording controversy
MacDailyNews: Apple apologizes for Siri grading program, makes changes to improve Siri’s privacy protections
BetaNews: Apple apologizes for having contractors listen to Siri recordings and announces privacy changes
The Verge: Apple apologizes for Siri audio recordings, announces privacy changes going forward
BGR: Apple announces sweeping changes to its Siri review process following privacy backlash
Pocket-lint: How Apple is changing Siri in aftermath of audio recordings controversy
MacRumors: Apple Will Continue to Review Computer-Generated Siri Transcripts Regardless of Opt-In Status
Axios: Apple apologizes over Siri recordings
Computer Business Review: Apple Apologies for Default Siri Audio Retention, Software Update will Make it Opt-In
AP Breaking News: Apple apologizes for use of contractors to eavesdrop on Siri
Gizmodo: Apple Says Only In-House Employees Will Listen to Siri Recordings as 300 Contractors Are Reportedly Laid Off
iTnews – Security: Apple to stop default practice of keeping Siri recordings
NDTV Gadgets360.com: Apple Fires Hundreds of Contractors Hired to Listen to Siri Recordings: Report
Telecompaper Headlines: Apple apologises for listening into Siri, plans opt-in to ensure privacy
fossBytes: Apple’s Apology Gives Us Hope Siri Won’t Spy On Us Again
iClarified: Apple Posts New Support Document on Siri Privacy and Grading
The Loop: Siri Changes
channelnews: Apple Apologises For Siri Privacy Breach
Asia One Digital: Apple to stop default practice of keeping Siri recordings
Lowyat.NET: Apple Announces Privacy Protection Improvements In Light Of Siri Recording Program
Fortune: Apple Opts Out of Saving Siri Recordings by Default, Turning Another Controversy Into a Marketing Moment
CCN: Apple Says ‘Sorry’ for Completely Disregarding Our Privacy
San Francisco Chronicle: Apple apologizes for contractors who eavesdropped on Siri
Technology – CBSNews.com: Apple apologizing for privacy issues with Siri recordings