|
Oh my gosh... what a surprise... who could have seen this coming when they signed up for a Facebook account and put all their information on it? ![]()
|
![]() |
|
![]()
|
# ? Jun 10, 2024 16:14 |
|
i always assumed that fb would at least get paid, not robbed till the breaches of the past few years anyway
|
![]() |
|
I still genuinely do not understand this controversy. You put a bunch of information on your Facebook page. You then sign up for an app on Facebook which specifically tells you it's going to access your profile. You're surprised when that app actually does access the data? Fundamentally, people are just upset in this case because the information was possibly used against them, not for them, right? e: Removed two sentences that were originally part of a larger point I was going to make, but without the context, they just become a non sequitor, as you see below. MC Fruit Stripe fucked around with this message at 21:21 on Apr 4, 2018 |
![]() |
|
MC Fruit Stripe posted:I still genuinely do not understand this controversy. You put a bunch of information on your Facebook page. You then sign up for an app on Facebook which specifically tells you it's going to access your profile. You're surprised when that app actually does access the data? Yeah I think most people are taking issue with who accessed it. Which wasn't really their choice to begin with, but if it was Harvard or something scraping data to build some non-threatening worldview theorem there wouldn't be nearly the same outrage.
|
![]() |
|
MC Fruit Stripe posted:I still genuinely do not understand this controversy. You put a bunch of information on your Facebook page. You then sign up for an app on Facebook which specifically tells you it's going to access your profile. You're surprised when that app actually does access the data? The controversy is more around that it accessed people's friends' data when said friends did not sign up to use that app. They signed up for/continued to use facebook with its constant erosion of privacy, but still.
|
![]() |
|
astral posted:The controversy is more around that it accessed people's friends' data when said friends did not sign up to use that app.
|
![]() |
|
I think in the latest cases it’s that people share information with ‘their friends’ and then those friends can install an app which then has implied permission to the original person’s profile even though they’ve never been near the app. I agree to an extent that you’ve voluntarily shared that information but being able to have your entire profile hoovered up by an app that a friend installs does cross some sort of implied line, even if the privacy policy says it’s fine. E:f,b. Also the above bit about loading your entire call history into the app.
|
![]() |
|
MC Fruit Stripe posted:Fundamentally, people are just upset in this case because the information was possibly used against them, not for them, right? That seems like a great reason to be upset. Burying what companies do with your data in T&Cs and privacy notices is bullshit. Companies know people don't read them, and have relied on them to build up entire industries. The U.S. really needs something like GDPR and a shift in philosophy about who owns data, but I don't see that happening easily.
|
![]() |
|
MC Fruit Stripe posted:I still genuinely do not understand this controversy. You put a bunch of information on your Facebook page. You then sign up for an app on Facebook which specifically tells you it's going to access your profile. You're surprised when that app actually does access the data? I think the point is that said app dug up and exported all your friends' available information also, not just yours. EDIT: Plural possessives suck. Samizdata fucked around with this message at 21:45 on Apr 4, 2018 |
![]() |
|
anthonypants posted:And also, like, all of their Android call history. In fairness wasn't that only in Android like pre-4.1 when permissions were all fucky? That wouldn't be possible under like Nougat or later unless the app pops up and you grant the requested permission.
|
![]() |
|
CLAM DOWN posted:In fairness wasn't that only in Android like pre-4.1 when permissions were all fucky? That wouldn't be possible under like Nougat or later unless the app pops up and you grant the requested permission. Yeah but not every app was forced to read the call log and then transmit it back to be stored forever just because they used the older APIs
|
![]() |
|
CLAM DOWN posted:In fairness wasn't that only in Android like pre-4.1 when permissions were all fucky? That wouldn't be possible under like Nougat or later unless the app pops up and you grant the requested permission.
|
![]() |
|
Samizdata posted:I think the point is that said app dug up and exported all your friends' available information also, not just yours. The 2B number is from people scraping public profile data by brute-forcing phone number search, is it not?
|
![]() |
|
Subjunctive posted:The 2B number is from people scraping public profile data by brute-forcing phone number search, is it not? yeah, that’s what it looks like to me
|
![]() |
|
anthonypants posted:It is absolutely Android's fault that they allowed it to happen, but people are finding out about it in 2018, which is causing controversy. Oh yeah for sure, not excusing them, I was trying to think back to the timeframe when that data collection would have been possible on my phone.
|
![]() |
|
Subjunctive posted:The 2B number is from people scraping public profile data by brute-forcing phone number search, is it not? Pretty sure.
|
![]() |
|
CLAM DOWN posted:In fairness wasn't that only in Android like pre-4.1 when permissions were all fucky? That wouldn't be possible under like Nougat or later unless the app pops up and you grant the requested permission. I think the arstechnica article I read said even newer OS's were vulnerable to apps using the deprecated version of the API that Google still allowed until last fall? Or did I misread that.
|
![]() |
|
Squibbles posted:I think the arstechnica article I read said even newer OS's were vulnerable to apps using the deprecated version of the API that Google still allowed until last fall? Or did I misread that. Oh no you're probably right, that makes sense based on my knowledge of how Android API works. It's likely partially why Google is enforcing a min API level in 9.0.
|
![]() |
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986
|
![]() |
|
There's a more detailed description of the issue on the project zero tracker.
|
![]() |
|
anthonypants posted:There's a more detailed description of the issue on the project zero tracker. The Register wrote a thing too: https://www.theregister.co.uk/2018/04/04/microsoft_windows_defender_rar_bug/
|
![]() |
|
MC Fruit Stripe posted:I still genuinely do not understand this controversy. You put a bunch of information on your Facebook page. You then sign up for an app on Facebook which specifically tells you it's going to access your profile. You're surprised when that app actually does access the data? I signed up for Facebook way back when only university students had access. Literally every single one of my friends then had a Facebook account, and that was how people invited you to parties and so on. Yeah you could message each person individually or use whatever group chat was available back then, but when everybody has Facebook it just made sense to use Facebook to plan things. Back then I wrote a lot of status updates and posted a lot of poo poo including my personal views and such because I was under the impression that the only people who would ever see it were my fellow students and friends. That was over a decade ago and I haven’t posted anything to Facebook in years except for select pictures of usually food and poo poo. I’ve gone back and deleted a lot of the posts I made because looking at it now they were dumb posts but Facebook already has all that information. I’m fine with that, but what I’m not fine with is that friends of mine who installed CA’s apps have opened the door for CA to mine my poo poo and used it to elect the loving moron in the White House. I can’t blame my friends for not knowing better, and I can’t blame CA for using APIs that were totally available to them. So I can blame Facebook for letting it happen. I don’t know how old you are but seriously among my friends (I’m 30 now) in college everybody had a Facebook account.
|
![]() |
|
Yeah same, when only students could use it and there were no apps I think people were a lot more open with the stuff they shared.
|
![]() |
The 9.8 Cisco Security Advisory is probably old news, but I don't see anyone linking it and it's really an amazing example of how bad plug-n-play systems almost always are for security.
|
|
![]() |
|
Thanks Ants posted:Yeah same, when only students could use it and there were no apps I think people were a lot more open with the stuff they shared.
|
![]() |
|
https://twitter.com/troyhunt/status/982410361012862976?s=21 This is a hilarious twitter thread, read it before it gets deleted.
|
![]() |
|
The Fool posted:https://twitter.com/troyhunt/status/982410361012862976?s=21 You have to show the context that spurred the hack session. ![]() ![]() ![]()
|
![]() |
|
![]()
|
![]() |
|
Kathe is going to be receiving some extra training, at best.
|
![]() |
|
That whole thread is amazing Cleartext passwords Decade old php Rhel 5, kernel 2.6 Tls 1.0 No security headers Open directories all over the place http login Apache is ancient WordPress is ancient
|
![]() |
|
This week in "how big of a target can we paint on our systems"
|
![]() |
|
The only reason their system hasn't been hacked to death is that several black hat groups own the whole thing and keep it going to have live access to a telco's systems.
|
![]() |
|
Judge Schnoopy posted:This week in "how big of a target can we paint on our systems"
|
![]() |
|
https://twitter.com/svblxyz/status/982333558525083648?s=19![]()
|
![]() |
|
haven't had a bonanza like this since learning Trump's orgs used 2003/exchange 2010
|
![]() |
|
Topical:![]()
|
![]() |
|
Absurd Alhazred posted:Topical:
|
![]() |
|
mllaneza posted:The only reason their system hasn't been hacked to death is that several black hat groups own the whole thing and keep it going to have live access to a telco's systems. SHUT UP
|
![]() |
|
My wife knows nothing about information security, but when I explained that T-Mobile was storing all of the passwords as an unencrypted list that people could hack into and steal even she had a shocked look on her face.
|
![]() |
|
![]()
|
# ? Jun 10, 2024 16:14 |
|
Over/under on when TMobile announces a data breach? I say 3 months.
|
![]() |