AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/13/2020

Instagram Faces Lawsuit Over Illegal Harvesting of Biometrics

Facebook Inc. is facing new allegations that it illegally harvests the biometric data of users, this time in a lawsuit that targets the company’s photo-sharing app Instagram. Last month, the social media company offered to pay $650 million to settle a lawsuit in which it was accused of illegally collecting biometric data through a photo-tagging tool provided to Facebook users. In the new lawsuit, filed Monday in state court in Redwood City, California, the company is accused of collecting, storing and profiting from the biometric data of more than 100 million Instagram users, without their knowledge or consent. The practice violates an Illinois privacy law that bars the unauthorized collection of biometric data, according to the lawsuit. Under the law a company can be forced to pay $1,000 per violation — or $5,000 if it’s found to have acted recklessly or intentionally.

 

Google is delaying the shutdown of Chrome apps, but you probably weren’t using them anyway

If you aren’t familiar with Chrome apps, they’re apps that you install in Chrome that work similarly to apps that you’d launch from your desktop — like this one for read-it-later app Pocket. But they aren’t widely adopted — Google said that “approximately 1 percent of users on Windows, Mac, and Linux actively use Chrome packaged apps” all the way back in August 2016 when it first announced plans to wind down support for the platform. In January, Google said Chrome apps would stop working on Windows, Mac, and Linux this year (technically, the company set a June 2020 deadline, but it doesn’t look like it actually followed through). Now, Google says Chrome apps will work on those platforms until June 2021. Organizations can extend support for Chrome apps on those platforms for an extra year, meaning they’ll work through June 2022.

 

Tor battles to fend off swarm of Bitcoin-stealing evil exit relays making up about 25% of outgoing capacity at its height

The Tor Project has confirmed someone, or some group, is in control of a large number of Bitcoin-snaffling exit nodes in its anonymizing network, and it’s battling to boot them off. One observer reckons more than 23 per cent of the entire Tor network’s exit capacity was under the command of one miscreant, or one group of miscreants, at one point in May, with the end goal being the theft of people’s cryptocurrency. Tor works by randomly routing your connections through a network of nodes spread across the world. When you use the open-source Tor software to connect to a public website, the connection is relayed between a few nodes and out to the site via one of many exit nodes. All the site sees is a connection from that particular exit node, and can’t trace you back to the IP address you used to enter the Tor network, and thus you’re kept anonymous. The network is maintained in an ad-hoc manner, with nodes joining and leaving.

 

The Secret SIMs Used By Criminals to Spoof Any Number

The unsolicited call came from France. Or at least that’s what my phone said. When I picked up, a man asked if I worked with the National Crime Agency, the UK’s version of the FBI. When I explained, no, as a journalist I don’t give information to the police, he said why he had contacted me. “There are these special SIM cards out there,” he said, referring to the small piece of hardware that slips inside a cell phone. “I’m actually ringing from one now,” he added, before later explaining he runs an underground site that sells these cards. This SIM card, the caller said, allowed him to spoof any phone number he wanted. Want to look like you’re calling from a bank in order to scam a target? Easy. Want to change it to a random series of digits so that the recipient’s phone won’t record your real number? That just takes a few seconds to set up, according to tutorials of how to use the cards available online.

 

Twitter now lets everyone limit replies to their tweets

Twitter  may describe itself as the town square, but that doesn’t mean you have to talk to everyone walking past your seat at the cafe. Today, to increase the amount of “meaningful conversations” that take place on Twitter, and to help people weed out abuse and spam in their replies, the company announced that it is rolling out a new feature where users can limit who replies to their Tweets. After a brief run in beta, the feature is rolling out globally starting today to users of the iOS and Android apps, as well as twitter.com, Suzanne Xie noted in a blog post announcing the feature. TweetDeck is not yet supported, Twitter tells me.

 

Bracing for election day, Facebook rolls out voting resources to U.S. users

Eager to avoid a repeat of its disastrous role as a super-spreader of misinformation during the 2016 election cycle, Facebook  is getting its ducks in a row. Following an announcement earlier this summer, the company is now launching a voting information hub that will centralize election resources for U.S. users and ideally inoculate at least some of them against the platform’s ongoing misinformation epidemic. The voting information center will appear in the menu on both Facebook and Instagram. As part of the same effort, Facebook will also target U.S. users with notifications based on location and age, displaying relevant information about voting in their state. The info center will help users check their state-specific vote-by-mail options, request mail-in ballots and provide voting-related deadlines.

Related Posts