Following on from security breaches at the 3rd-party companies all American cell phone companies were sharing real-time location data with, Verizon have announced they are ceasing all location data sharing (the other carriers have ended their relationships with some specifics companies, but not globally like this) — krebsonsecurity.com/…
GDPR Fallout & Experiences:
The Norwegian Consumer Council has issued a report detailing how the wording chosen by Facebook, Google & Microsoft (to a lesser extent) in their GDPR popups and notifications uses so-called dark-patterns to psychologically bias users towards choosing to give up their privacy. They go so far as to accuse the companies of breaching GDPR by not giving users ‘meaningful choices’ as is required — nakedsecurity.sophos.com/…
Bart: Apart from losing Instapaper, I’m seeing very little GDPR fall-out, with one exception — I’m noticing a lot of recipe websites are choosing not to comply with GDPR and instead, block Europeans 🙁
🇺🇸 The California Consumer Privacy Act of 2018 has passed the CA legislature and is expected to be signed into law by the governor soon. The law gives Californian’s more rights over their data, and could have nation-wide positive ripple-effects — www.macobserver.com/…
Google has promised to update their software to fix a location data leak found in their Chromecast dongles and Google Home smart speakers — nakedsecurity.sophos.com/… & krebsonsecurity.com/…
Developers from the OpenBSD project have removed support for hyper threading from their OS to mitigate against yet another data leak bug in Intel CPUs. This time it’s data leaking between processes sharing a physical core but running on separate logical cores that’s the problem. They dubbed the bug TLBleed, and full detailed are to be announced at an up-coming conference. Since most modern CPUs have many physical cores, the real-world performance cost for most people of losing hyper threading is very small. Also, this bug is not particularly dangerous for home users because it requires a locally running process, but its a much bigger deal for server farms or anyone running virtualisation — arstechnica.com/…
WPA3 officially launches, but expect it to be a slow rollout — www.imore.com/…
Obsolete browsers that don’t support modern versions of TLS will find themselves unable to connect to e-commerce websites after the 30th of June. Why? Because after that date e-commerce sites can’t support SSL or the early versions of TLS without violating the PCI security rules all credit card processors have to abide by – nakedsecurity.sophos.com/…
Following Let’s Encrypt’s success at moving websites to HTTPS for free, the EFF has launched a new initiative try do the same for SMTP, the protocol used to send emails between mail servers. Playing on the SMTP command for enabling encryption, they’ve named this new project STARTTLS Everywhere — nakedsecurity.sophos.com/…
Twitter have added support for hardware tokens like YubiKeys for multi-factor authentication — nakedsecurity.sophos.com/…
In case you only heard the incorrect original story, the heavily reported iPhone passcode bypass vulnerability using external keyboards proved not to be real, so don’t worry about it! — www.macobserver.com/…
The GitHub repositories for Gentoo Linux have been hacked, and all code within them should be considered compromised. Thankfully GitHub is not the primary Gentoo code repository, it’s just a mirror, so it’s still safe to use Gentoo Linux as a user — nakedsecurity.sophos.com/…
Suggested Reading
PSAs, Tips & Advice
Intego are warning of a phishing campaign that leaves scary-sounding automated voice mail messages in an attempt to trick people into handing over their iCloud logins — www.intego.com/…
A patent filing by FaceBook for some very creepy-sounding snooping technology has sparked off controversy. Facebook say they are filing the patent to block anyone from ever doing this, and that they don’t never never will use it in their products:
