New York attorney general’s office is investigating Facebook for harvesting the email contacts of about 1.5 million users without their consent. “Facebook has repeatedly demonstrated a lack of respect for consumers’ information while at the same time profiting from mining that data.” – New York Attorney General Letitia James The social network confirmed in April that it collected the email contacts of its users, but said it wasn’t on purpose. The attorney general’s office said in a press release that hundreds of millions of Facebook users could have been affected because users might have hundreds of email contacts stored. The attorney general’s investigation comes as other regulators and lawmakers are cracking down on Facebook for its privacy practices e.g. Ireland’s Data Protection Commission is investigating whether Facebook safeguarded its users’ passwords properly, which could show violations of GDPR. In December, the DC attorney general sued Facebook for allegedly failing to safeguard the data of its users and Canadian regulators have accused Facebook of violating local laws for mishandling user data and said they could take the company to court for its privacy mishaps. The privacy commissioner of Canada and the information and privacy commissioner for British Columbia started investigating Facebook last year after revelations surfaced that a UK political consultancy Cambridge Analyticaharvested data from about 87 million users without their permission.
Category Archives: Security
CloudBleed a Cloudflare flaw leaks customer data
Cloudbleed aka Cloudleak is a bug in Cloudflare which is a CDN service, a proxy service, and a DNS provider… well to be honest cloudflare is a LOT of things these days and provides a freemium set of services, you can run your site using their DNS, proxy / CDN service for free or pay $20-$200, to get some interesting set of goodies. According to their own homepage: “Cloudflare speeds up and protects millions of websites, APIs, SaaS services, and other properties connected to the Internet. Our Anycast technology enables our benefits to scale with every server we add to our growing footprint of data centers.” They provide these services for ~6 Million websites, and recently a researcher at google found a critical flaw in cloudflare’s inhouse parser that may have leaked passwords and authentication tokens. Tavis Ormandy a self-described “Vulnerability researcher at Google” currently working for Google’s Project Zero which is a security initiative found a bug on February 18th. He posted an issue on Feb 19th. he tweeted looking for anyone from cloudflare security to get in touch with him. https://twitter.com/taviso/status/832744397800214528 Cloudflare people got back to him right away and they worked on solving this issue ASAP. Unfortunately, the issue may be as old as September 2016. Cloudflare released a statement letting us know that the larger issue started on February 13th when a code update meant one in every 3,300,300 HTTP requests potentially resulted in memory leakage which doesn’t mean anything until you realize the massive amount of information being passed through the Cloudflare network. […]
Mooooo linux Dirty cow vulnerbility cve-2016-5195
What is Dirty Cow CVE-2016-5195 is a bug in the Copy On Write mechanism of the Kernel. Any user or user owned process can gain write access to memory mappings which should be read only for the end user. This allows them to interact with otherwise root only files. Should you worry about it? YES. you should jpatch your system(s) right away! Who found CVE-2016-5195? Who cares? ITS BAD PATCH NOW!! ok just kidding, security researcher Phil Oester was the first one to publically release info about this exploit. He found it via a http packet capture setup. Is this related to SSL / OpenSSL? No, unlike heartbleed, poodle etc this is not related to SSL. Where can I get some official info about this exploit? Not sure what you mean by official but check at mitre and Redhat How to find out if I am affected? Ubuntu / Debian type as root or with sudo uname -rv sample outputs : 4.4.13-1-pve #1 SMP Tue Jun 28 10:16:33 CEST 2016 2.6.32-openvz-042stab104.1-amd64 #1 SMP Thu Jan 29 13:06:16 MSK 2015 4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) List of kernel numbers which need to be updated. 4.8.0-26.28 for Ubuntu 16.10 4.4.0-45.66 for Ubuntu 16.04 LTS 3.13.0-100.147 for Ubuntu 14.04 LTS 3.2.0-113.155 for Ubuntu 12.04 LTS 3.16.36-1+deb8u2 for Debian 8 3.2.82-1 for Debian 7 4.7.8-1 for Debian unstable Redhat / Centos / Fedora wget the test file directly from redhat access : wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh CHmod +x rh-cve-2016-5195_1.sh bash rh-cve-2016-5195_1.sh If you are […]
virustotal api policy changes to curb one sided usage
Virustotal is a webapp that lets you upload files to check them for viruses before you install them. You can also scan a URL directly or search the VirusTotal database. The great thing about virustotal is that it checks the uploaded file against many commercial antivirus and malware detection engines not just one, and then it tells you which ones detected the file as malware. Consequently lots of people, companies, websites, & tools have started to make use of this amazing tool to bolster their virus and malware detecting capabilities. If, for example, multiple high rated engines detect a file as suspect, then we can be certain it requires a further inspection. The Issue at hand is that many companies have taken this service as granted. They use the results provided by virustotal as is or with little to no face checking and due diligence on their part. In some cases their own detection engines are so lack luster that it is actually better for everyone involved that they don’t bother. However this does cause a bit of an issue as this is rather unfair. Some companies and products are basically taking whats put on virustotal by other providers, checking results against those but not putting their own engines on virustotal so no one can benefit from that extra bit of checking. Dont get me wrong, every one of these product pays for a Virustotal API access subscription, but that subscription relies on a lot of great people and companies making their engines available to […]
Cisco Anyconnect VPN issues
I had to use cisco Anyconnect VPN client on windows 8 X64 and it was giving me errors. usually something like : “The VPN Client driver has encountered an error” when I was trying to connect. well found the fix by stalking cisco forums. Go to the Windows 8 Start Screen by pressing the Windows key. Type regedit to initiate an application search, then press Enter to launch regedit. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vpnva Locate the key DisplayName. Right-click this key and select Modify. #1 for Windows x64 and #2 for windows 32 bit : In the value data field, erase everything and replace it with Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 If you are running a 32-bit system, perform the same steps, but instead replace the entry with Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x86 Restart the Cisco AnyConnect client. The issue should now be resolved. [/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row”][et_pb_column type=”4_4″][et_pb_text admin_label=”bottom above footer” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_text][et_pb_divider admin_label=”Divider” color=”#ffffff” show_divider=”off” divider_style=”solid” divider_position=”top” hide_on_mobile=”on”] [/et_pb_divider][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]