|
Oh my gosh... what a surprise... who could have seen this coming when they signed up for a Facebook account and put all their information on it? 
|
#
?
Apr 4, 2018 20:54
|
|
|
|
| # ? May 19, 2024 12:32 |
|
|
i always assumed that fb would at least get paid, not robbed till the breaches of the past few years anyway
|
|
#
?
Apr 4, 2018 21:02
|
|
|
I still genuinely do not understand this controversy. You put a bunch of information on your Facebook page. You then sign up for an app on Facebook which specifically tells you it's going to access your profile. You're surprised when that app actually does access the data? Fundamentally, people are just upset in this case because the information was possibly used against them, not for them, right? e: Removed two sentences that were originally part of a larger point I was going to make, but without the context, they just become a non sequitor, as you see below. MC Fruit Stripe fucked around with this message at 21:21 on Apr 4, 2018 |
|
#
?
Apr 4, 2018 21:11
|
|
|
MC Fruit Stripe posted:I still genuinely do not understand this controversy. You put a bunch of information on your Facebook page. You then sign up for an app on Facebook which specifically tells you it's going to access your profile. You're surprised when that app actually does access the data? Yeah I think most people are taking issue with who accessed it. Which wasn't really their choice to begin with, but if it was Harvard or something scraping data to build some non-threatening worldview theorem there wouldn't be nearly the same outrage.
|
|
#
?
Apr 4, 2018 21:17
|
|
|
MC Fruit Stripe posted:I still genuinely do not understand this controversy. You put a bunch of information on your Facebook page. You then sign up for an app on Facebook which specifically tells you it's going to access your profile. You're surprised when that app actually does access the data? The controversy is more around that it accessed people's friends' data when said friends did not sign up to use that app. They signed up for/continued to use facebook with its constant erosion of privacy, but still.
|
|
#
?
Apr 4, 2018 21:22
|
|
|
astral posted:The controversy is more around that it accessed people's friends' data when said friends did not sign up to use that app.
|
|
#
?
Apr 4, 2018 21:23
|
|
|
I think in the latest cases it’s that people share information with ‘their friends’ and then those friends can install an app which then has implied permission to the original person’s profile even though they’ve never been near the app. I agree to an extent that you’ve voluntarily shared that information but being able to have your entire profile hoovered up by an app that a friend installs does cross some sort of implied line, even if the privacy policy says it’s fine. E:f,b. Also the above bit about loading your entire call history into the app.
|
|
#
?
Apr 4, 2018 21:23
|
|
|
MC Fruit Stripe posted:Fundamentally, people are just upset in this case because the information was possibly used against them, not for them, right? That seems like a great reason to be upset. Burying what companies do with your data in T&Cs and privacy notices is bullshit. Companies know people don't read them, and have relied on them to build up entire industries. The U.S. really needs something like GDPR and a shift in philosophy about who owns data, but I don't see that happening easily.
|
|
#
?
Apr 4, 2018 21:25
|
|
|
MC Fruit Stripe posted:I still genuinely do not understand this controversy. You put a bunch of information on your Facebook page. You then sign up for an app on Facebook which specifically tells you it's going to access your profile. You're surprised when that app actually does access the data? I think the point is that said app dug up and exported all your friends' available information also, not just yours. EDIT: Plural possessives suck. Samizdata fucked around with this message at 21:45 on Apr 4, 2018 |
|
#
?
Apr 4, 2018 21:30
|
|
|
anthonypants posted:And also, like, all of their Android call history. In fairness wasn't that only in Android like pre-4.1 when permissions were all fucky? That wouldn't be possible under like Nougat or later unless the app pops up and you grant the requested permission.
|
|
#
?
Apr 4, 2018 22:22
|
|
|
CLAM DOWN posted:In fairness wasn't that only in Android like pre-4.1 when permissions were all fucky? That wouldn't be possible under like Nougat or later unless the app pops up and you grant the requested permission. Yeah but not every app was forced to read the call log and then transmit it back to be stored forever just because they used the older APIs
|
|
#
?
Apr 4, 2018 22:25
|
|
|
CLAM DOWN posted:In fairness wasn't that only in Android like pre-4.1 when permissions were all fucky? That wouldn't be possible under like Nougat or later unless the app pops up and you grant the requested permission.
|
|
#
?
Apr 4, 2018 22:30
|
|
|
Samizdata posted:I think the point is that said app dug up and exported all your friends' available information also, not just yours. The 2B number is from people scraping public profile data by brute-forcing phone number search, is it not?
|
|
#
?
Apr 4, 2018 22:34
|
|
|
Subjunctive posted:The 2B number is from people scraping public profile data by brute-forcing phone number search, is it not? yeah, that’s what it looks like to me
|
|
#
?
Apr 4, 2018 23:41
|
|
|
anthonypants posted:It is absolutely Android's fault that they allowed it to happen, but people are finding out about it in 2018, which is causing controversy. Oh yeah for sure, not excusing them, I was trying to think back to the timeframe when that data collection would have been possible on my phone.
|
|
#
?
Apr 4, 2018 23:43
|
|
|
Subjunctive posted:The 2B number is from people scraping public profile data by brute-forcing phone number search, is it not? Pretty sure.
|
|
#
?
Apr 5, 2018 04:15
|
|
|
CLAM DOWN posted:In fairness wasn't that only in Android like pre-4.1 when permissions were all fucky? That wouldn't be possible under like Nougat or later unless the app pops up and you grant the requested permission. I think the arstechnica article I read said even newer OS's were vulnerable to apps using the deprecated version of the API that Google still allowed until last fall? Or did I misread that.
|
|
#
?
Apr 5, 2018 04:50
|
|
|
Squibbles posted:I think the arstechnica article I read said even newer OS's were vulnerable to apps using the deprecated version of the API that Google still allowed until last fall? Or did I misread that. Oh no you're probably right, that makes sense based on my knowledge of how Android API works. It's likely partially why Google is enforcing a min API level in 9.0.
|
|
#
?
Apr 5, 2018 05:36
|
|
|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986
|
|
#
?
Apr 5, 2018 07:45
|
|
|
There's a more detailed description of the issue on the project zero tracker.
|
|
#
?
Apr 5, 2018 08:07
|
|
|
anthonypants posted:There's a more detailed description of the issue on the project zero tracker. The Register wrote a thing too: https://www.theregister.co.uk/2018/04/04/microsoft_windows_defender_rar_bug/
|
|
#
?
Apr 5, 2018 14:33
|
|
|
MC Fruit Stripe posted:I still genuinely do not understand this controversy. You put a bunch of information on your Facebook page. You then sign up for an app on Facebook which specifically tells you it's going to access your profile. You're surprised when that app actually does access the data? I signed up for Facebook way back when only university students had access. Literally every single one of my friends then had a Facebook account, and that was how people invited you to parties and so on. Yeah you could message each person individually or use whatever group chat was available back then, but when everybody has Facebook it just made sense to use Facebook to plan things. Back then I wrote a lot of status updates and posted a lot of poo poo including my personal views and such because I was under the impression that the only people who would ever see it were my fellow students and friends. That was over a decade ago and I haven’t posted anything to Facebook in years except for select pictures of usually food and poo poo. I’ve gone back and deleted a lot of the posts I made because looking at it now they were dumb posts but Facebook already has all that information. I’m fine with that, but what I’m not fine with is that friends of mine who installed CA’s apps have opened the door for CA to mine my poo poo and used it to elect the loving moron in the White House. I can’t blame my friends for not knowing better, and I can’t blame CA for using APIs that were totally available to them. So I can blame Facebook for letting it happen. I don’t know how old you are but seriously among my friends (I’m 30 now) in college everybody had a Facebook account.
|
|
#
?
Apr 6, 2018 11:33
|
|
|
Yeah same, when only students could use it and there were no apps I think people were a lot more open with the stuff they shared.
|
|
#
?
Apr 6, 2018 13:52
|
|
|
The 9.8 Cisco Security Advisory is probably old news, but I don't see anyone linking it and it's really an amazing example of how bad plug-n-play systems almost always are for security.
|
|
#
?
Apr 6, 2018 14:22
|
|
|
Thanks Ants posted:Yeah same, when only students could use it and there were no apps I think people were a lot more open with the stuff they shared.
|
|
#
?
Apr 6, 2018 19:24
|
|
|
https://twitter.com/troyhunt/status/982410361012862976?s=21 This is a hilarious twitter thread, read it before it gets deleted.
|
|
#
?
Apr 7, 2018 01:12
|
|
|
The Fool posted:https://twitter.com/troyhunt/status/982410361012862976?s=21 You have to show the context that spurred the hack session.   
|
|
#
?
Apr 7, 2018 01:38
|
|
|
|
|
#
?
Apr 7, 2018 02:11
|
|
|
Kathe is going to be receiving some extra training, at best.
|
|
#
?
Apr 7, 2018 02:23
|
|
|
That whole thread is amazing Cleartext passwords Decade old php Rhel 5, kernel 2.6 Tls 1.0 No security headers Open directories all over the place http login Apache is ancient WordPress is ancient
|
|
#
?
Apr 7, 2018 02:28
|
|
|
This week in "how big of a target can we paint on our systems"
|
|
#
?
Apr 7, 2018 02:50
|
|
|
The only reason their system hasn't been hacked to death is that several black hat groups own the whole thing and keep it going to have live access to a telco's systems.
|
|
#
?
Apr 7, 2018 03:10
|
|
|
Judge Schnoopy posted:This week in "how big of a target can we paint on our systems"
|
|
#
?
Apr 7, 2018 04:03
|
|
|
https://twitter.com/svblxyz/status/982333558525083648?s=19
|
|
#
?
Apr 7, 2018 04:20
|
|
|
haven't had a bonanza like this since learning Trump's orgs used 2003/exchange 2010
|
|
#
?
Apr 7, 2018 04:28
|
|
|
Topical:
|
|
#
?
Apr 7, 2018 04:42
|
|
|
Absurd Alhazred posted:Topical:
|
|
#
?
Apr 7, 2018 05:15
|
|
|
mllaneza posted:The only reason their system hasn't been hacked to death is that several black hat groups own the whole thing and keep it going to have live access to a telco's systems. SHUT UP
|
|
#
?
Apr 7, 2018 05:24
|
|
|
My wife knows nothing about information security, but when I explained that T-Mobile was storing all of the passwords as an unencrypted list that people could hack into and steal even she had a shocked look on her face.
|
|
#
?
Apr 7, 2018 05:27
|
|
|
|
| # ? May 19, 2024 12:32 |
|
|
Over/under on when TMobile announces a data breach? I say 3 months.
|
|
#
?
Apr 7, 2018 05:43
|
|